We are committed to protecting your privacy. We will never sell or pass on your details to any other organisation without your permission.
All personal information collected by us is kept in the strictest confidence. We will not share, or sell any personal information to any third party unless required to do so by law.
From time to time, if we request more specific information in the form of surveys, this is voluntary, and is to help us improve our software products and customer services.
To protect customer privacy, access to information by employees is restricted. If any information with which you have provided us becomes inaccurate or out of date, or if you have any queries about this privacy statement, please contact us.
Data Protection Act registration
Tell Only Your Best Friends is registered with the Information Commissioners Office as a data controller under reference Z2806178.
We may use a “cookie” in order to track website usage. This cookies does not collect personal information, but records the time of visit, date, “referring” page, and the IP address. This anonymous information is used by us to create a better user experience.
Our webserver automatically collects some information that does not identify you personally. For example, IP address, type of browser and operating system, the date and time you access our Site, etc.
If you make a purchase online with a credit card, a third party commerce service is used to verify credit card details. This company is sent the total price of the purchase, the card number and expiration date, and the cardholders name and billing address. All information transmitted to this third party is sent using SSL (Secure Socket Layer) encryption. Using this method of encryption further ensures the privacy and security of all our customers. This information is used only to verify the account and clear the transaction.
Protecting your Data
From May 2018 the General Data Protection Regulation (GDPR) will apply to all data we hold about our customers.
We take our responsibility for management of customers data seriously, and have reviewed all our systems and suppliers to ensure that where we store your data, it is held only for legitimate reasons, and is carefully looked after.
We have ensured that our staff, management and board understand the scope and impact of the GDPR. Where appropriate we will be introducing changes to processes and procedures to ensure we fully comply with GDPR.
Data storage and processing
We store service usage data, such as call records, for billing purposes and also for network management and diagnostic purposes. This data contains individual phone numbers but is not processed by us in a way that personally identifies a subscriber. Some of our cloud services, such as call analytics and call recording, also provide customers with access to their subscriber call data. We may analyse this data in an anonymised or aggregated way to identify ways to improve our network or our services, but this does not allow individual records to be identified. We do not process this data for any other purposes.
We store customer contact information, such as email address and phone number, for marketing purposes only when you have contacted us to enquire about our services, this is in our legitimate interest. When we use third party marketing or advertising services we have ensured that these suppliers are in compliance with GDPR. We do not profile our customer data for marketing or advertising purposes, nor pass on any customer data to third parties for such purposes.
Any data that we store is held securely within the EU and is processed only for the purpose for which it is collected. We follow the principle of Privacy by Design.
Customers and subscribers have clear rights under GDPR which we are fully prepared for:
• The right to be informed about the personal data that is being held and processed
• The right of access to personal data via a Subject Access Request
• The right to rectification of personal data if inaccurate, incomplete, or out of date
• The right to erasure of data where there is no lawful reason for its continued processing
• The right to restrict processing of data where information is inaccurate or there is an objection to the lawfulness of the processing
• The right to portability of personal data to reuse elsewhere
• The right to object if no legitimate reason exists for the processing of data
• The right to check or challenge automated decision making and profiling
Please refer to the GDPR regulation or ico.org.uk for full details of these items and the conditions under which it may be appropriate to contact us or make an access request.
Personal data and Subject access requests
Customers can exercise these rights for themselves or their subscribers by making a request in writing to our Data Protection team using our Data Protection Request Form available to all customers on our Support Portal.
Customers can also update data themselves, or delegate this to their subscribers, using our self-management control panels.
Data security and data breaches
We take all aspects of information security seriously, and are a Cyber Essentials certified organisation. We store all data carefully and apply access controls around all our systems.
Should we have a data breach or be made aware of such in our supply chain we will notify this to the ICO within the prescribed timescales of the GDPR.
Data protection officer
If you require further information regarding data protection, please contact our Data Protection Officer via our contact form.
V1.0 Published April 2018