1.0 OUR USER PRIVACY AND DATA PROTECTION
- We take user privacy and data protection very seriously
- We understand we have a duty of care to the people within our data
- We only collect and process data when absolutely necessary
- We will never spam you
- We will never sell, rent or otherwise distribute or make public your personal information
- This privacy notice will let you know what happens to any personal data you give us or that any we might collect from or about you.
2.0 RELEVANT LEGISLATION
Eze Talk complies with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1998 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
Specifically, our website, internal business and IT systems comply to said legislation.
3.0 PERSONAL INFORMATION THAT WE COLLECT AND PROCESS
- Personal details, contact details: Title, full name, date of birth, mother’s maiden name, bank details, contact details including address, mobile and landline.
- Products and services you hold with us, as well as have been interested in and associated payment methods used.
- The usage of our products and services, including landline and mobile numbers you have called with associated minutes.
- Product and service information, including any current and previous packages.
- Personal information obtained from Credit Reference agencies, including public (including defaults and CCJs) and shared credit history, financial situation and financial history.
- Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK.
- Call recordings, between you and Eze Talk staff for training and quality purposes.
4.0 THE SOURCE OF YOUR PERSONAL INFORMATION
Personal information is collected from the following sources:
- From you directly.
- Information generated about you when you use our products and services.
- We buy information from third parties including name, address, landline and mobile number.
- Data that is provided by verified third party call centres, who are GDPR compliant.
5.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
5.1 Google Analytics
5.2 Contact Forms and email links
If you wish to contact us via our contact us page, your data will not be held on this website or be passed to any third party data processors. The data will be collated into an email and sent to us over the SMTP. The email content is then decrypted by our local computers and devices.
5.3 Email newsletter
If you sign up to our newsletter, the email address you provide will be forwarded to MailChimp who provide us with email marketing services. MailChimp are a third party data processor. The email address supplied will not be stored within our website’s database or on any internal computer system.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing and if this changes we will inform you. You can also specifically request removal from the list by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. Please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you must obtain parental consent before joining our email newsletter. You will receive periodic newsletter emails from us, approximately once a year.
6.0 ABOUT THIS WEBSITE’S SERVER
This website is hosted by GSD®. GSD® are technical partners with Sunday Times top 100 Company Rackspace™, with them they operate a bank of dedicated servers and cloud solutions for their client base including Eze Talk. All sites are hosted within the UK in a London based data centre. They proactively manage infrastructure and data security by working closely with a team of Rackspace engineers and consultants to ensure maximum efficiency, robustness and security for the platform.
The managed service includes OS patching and hardware upgrades as required. The service also includes bi-monthly scheduled server penetration tests and vulnerability scans.
All servers are firewall protected using IP tables (authorised access only) with ‘who’ has access regularly reviewed.
7.0 OUR THIRD PARTY DATA PROCESSORS
This website uses third parties to process personal data on our behalf. All of them comply with the legislation. The following third parties are based in the USA and are EU-U.S Privacy Shield compliant:
8.0 WHAT DO WE USE YOUR PERSONAL DATA FOR?
- For assessing and processing your application including the consideration about whether or not to offer the product or service and associated credit, the price, risk of doing so, availability of payment method and terms.
- Providing the service including collecting direct debit payments, provisioning your line, notifying Openreach engineers and you if an engineer visit is deemed necessary.
- Ensuring your records are kept up to date, tracing your whereabouts and recovering debt.
- To offer you an improved package or service in the future should one become available.
- Managing all aspects of your service.
- To perform and test the performance of your service.
- To improve the operation of our business and business partners.
- To record calls between you and our staff for quality assessments and training purposes.
- For direct marketing communications to help us offer you relevant messages regarding our services or information about the business. We may send you a limited amount of marketing messages to you via SMS, email, phone, post and social media channels.
- To process any donations, where relevant, to any of our chosen charities.
9.0 WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION?
If you have ordered or take a service from us, we are entitled to process your information so we can provide you with a service and bill you for this. Our lawful grounds for processing your data is that it is necessary for entering or performing a contract with you, the data subject.
- For assessing your application for our services including whether to offer you the requested service and associated credit.
- Updating your records, tracing your whereabouts and recovering debt if relevant. In some instances, this information will be passed to a third party debt collection agency.
- Managing all aspects of delivering the service to you as detailed in your contract including sharing your information with business partners to be able to service your account.
- To perform and to test our services that we provide to you.
- To carry out credit checks using a third party Credit Reference Agency.
Secondly, if we want to collect and use your information for other purposes, this will be with your consent:
- For some direct marketing messages, either service related or information about the business.
- Consent will be collected using a positive action from you, such as ticking a box, in a clear and unambiguous way. You are also free to remove your permission at any time.
Thirdly, it may be that contacting you falls within a legitimate interest. This may occur for example, that we have met you at an event and exchanged business cards.
10.0 WHEN DO WE SHARE YOUR PERSONAL INFORMATION WITH OTHER ORGANISATIONS?
We share information with companies mentioned above including:
- Debt collection agencies
- Business Partners (including telecoms suppliers, financial institutions)
- Back up and server hosting providers, IT software and maintenance providers
- Credit reference agencies
- External billing providers
- Government and regulatory bodies such as HMRC, Ofcom, The Ombudsman, CICAS.
- External human resource and employment law providers
11.0 CALL RECORDINGS
Call recordings are kept in a secure and encrypted file that is password protected and only accessed by the IT Manager (who is also our Data Protection Officer). Should another Manager require access, a unique password is provided for that file.
Where calls are held on behalf of our business customers and we are acting as a data processor, the call recordings are downloaded onto a secure FTP site. Only the IT Manager (DPO) and Tech Manager have access to these. The customer is provided with a unique password and after they have downloaded their call recordings, they are deleted immediately.
12.0 HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT?
Where we’re relying upon your consent to process personal data you can withdraw this at any time by contacting us using the following email address: DataProtectionOfficer@eze-talk.com
13.0 DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. We have a full internal data breach process which is available upon request.
14.0 KEEPING PERSONAL DATA UP TO DATE
If your personal details change, you should tell us as soon as possible, either by emailing DataProtectionOfficer@eze-talk.com or calling 0333 200 0801 or using the contact us form on our website www.eze-talk.com. We will do our upmost to keep our personal records up to date and may contact you to ensure your details are correct.
15.0 DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?
It is not possible to deliver or services to you if certain information is not provided. If there are instances where providing information is optional, we will make this clear in our marketing preferences.
16.0 FOR HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?
- Your personal information is held for as long as it reasonable takes us to fulfil our business commitment to you.
- Once the contract has come to an end, we will keep your data as long as someone could reasonably bring a claim against us.
- Retention periods in line with legal and regulatory requirements or guidance.
- Using one of our products or services paid for by someone else.
- Taking part in a survey or trial.
- Entering a prize promotion.
- Calling our help desk.
- Enquiring about our product or service.
19.0 DATA CONTROLLER
The data controller of this website is: Eze Talk Group Ltd, a UK Private Limited Company with company number: 4122939
Whose registered and operating office is:
Contact details: DataProtectionOfficer@eze-talk.com