We regularly review and, where necessary, update our privacy information and post changes on our website. If we plan to use personal data for a new purpose, we will update our privacy information and communicate the changes to the individuals concerned before starting any new processing.
Who we are
The data controller of your personal data is 4com Plc (“we”, “us”, or “our”). We can be contacted at email@example.com; One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE; 0330 444 4444
This policy applies to you if you use our services (“our Services”), and if you contact us or we contact you about our Services. It also applies to visitors to our website (“our Website”): https://www.4com.co.uk/
We are committed to protecting your privacy. We will only use the information that we collect about you lawfully and in accordance with the current Data Protection Act 2018.
Collecting your Personal Data
The type of information we will collect about you includes (but is not limited to):
- your name
- phone number
- email address
- your business type
- payment information such as bank details, direct debit, debit or credit card details that you provide us
- information about financial associates in the case of partnerships
- information about how you use our Services (including but not limited to call traffic and location data and billing information)
- your activity on our Website when you log in as a user
- phone records including the numbers you call and send messages to and receive calls and messages from, the date, time length and cost of these communications including the broad location at the time of these communications; call recordings
- roaming information (such as the country you were in and the network used including dates and times)
- your communications with us
- information you give to us when entering customer surveys
- when you shop online on our Website, information about your online purchases (for example, what you have bought, when and where you bought it)
- information about your online browsing behavior on our Website and information about when you click on one of our adverts
- your activity on our Website when you log in as a user
- such information as you provide on your CV when applying for a position with 4Com
Please see below: “Visitors to our Website”
For our customers, this personal data is required to provide our Services to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing our Services to you.
How your personal data is collected
We collect personal data:-
- Directly from you (for our customers, this is when you enquire about a product or service, when you make a purchase or during the subsequent processing stages of an order)
- Indirectly through the usage of our Services e.g. when you make calls
Visitors to our Website
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party;
- to comply with our legal obligations; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so.
What we use your personal data for
Our lawful basis for processing your personal data
|To provide our Services to our customers including checking your eligibility for our Services, managing your account, applications and orders||Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract|
|For billing and payment purposes, financial or management forecasts and to collect debt||Necessary for our legitimate interests or those of a third party e.g. in the event that we are forced to pass your information to a debt recovery service|
|To verify your identity or to perform any other authentication that we need||Necessary to comply with our legal obligations|
|To find and stop criminal activity misuse of or damage to our Services or network and other assets. Also to defend our rights or property and protect the rights and interests of our customers and website users||Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us|
|To carry out credit checks||Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract|
|To tell you about the products and services you use and to let you know if we make changes to them (please note that you will not be able to opt out of receiving essential service communications)||Necessary for the performance of our contract with our customers – to take steps to advise customers of new products that could have a material bearing on the performance of their telephony solutions|
|To market and advertise our products and services to you – if you have chosen to receive these||Necessary for our legitimate interests or those of a third party i.e. to ensure that customers are being offered the latest technology, or information about end of life of a product which could detrimentally affect their business|
|For internal purposes such as management, research, analytics, corporate reporting, credit scoring and to improve business efficiencies||Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|To analyse trends in call types, phone usage and undertake industry specific research||Necessary for our legitimate interests or those of a third party i.e. to be in a position to offer better tariffs, products and services to customers|
|To provide effective security and technical support of our products and services and help maintain service quality (this also means that we may monitor or record calls to our customer services for authentication, security, quality and training purpose)||Necessary for the performance of our contract with our customers – to take steps to alert customers to breaks in service usually from third party suppliers|
|For other individuals representing organisations with whom we have contracts e.g. suppliers, for corresponding with those individuals and for taking steps under the contract||Necessary for our legitimate interests or those of a third party e.g. to take steps under the contract|
|Other processing necessary to comply with legal and regulatory obligations that apply to our business e.g. under health and safety regulations||Necessary to comply with our legal obligations|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies||Necessary to comply with our legal obligations|
|Ensuring business policies are adhered to e.g. policies covering security and internet use||Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training and quality control||Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service for you at the best price|
|Ensuring the confidentiality of commercially sensitive information||Necessary for our legitimate interests or those of a third party i.e. to protect trade secrets and other commercially valuable information
Necessary to comply with our legal obligations
|Preventing unauthorised access and modifications to systems||Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you
Necessary to comply with our legal obligations
|Updating and maintaining customer records||Updating and maintaining customer records Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract
Necessary to comply with our legal obligations
Necessary for our legitimate interests or those of a third party e.g. making sure that we can keep in touch with our customers about existing orders and new products
|Statutory returns||Necessary to comply with our legal obligations|
|Ensuring safe working practices, staff administration and assessments||Necessary to comply with our legal obligations
Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
|The audit of our accounts||Necessary to comply with our legal obligations|
|To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Necessary to comply with our legal obligations
Necessary for our legitimate interests e.g. for running our business, provision of administration and IT services and networking security
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy|
|To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences||Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy|
Automated decision making
4Com shares customer personal data with third party financiers where a customer requests funding to lease a telephone system.
Customer personal data may be used by 4Com plc or third-party financiers for credit, fraud and anti-money laundering checks in accordance with the lawful bases set out in the above table. You have the right to contest any decision based solely on automated decision making that produces legal effects concerning you or similarly significantly affects you – see below: ‘Your rights’ for information about how you can exercise this right.
We may use your personal data to send you periodic communications (by email or direct mail) about future product launches.
We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you information about features, products, services, events and special offers. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving marketing communications at any time by:
- emailing firstname.lastname@example.org or writing to us at One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE (for the attention of the compliance team) or calling us on 0330 444 4444; or
- using the ‘unsubscribe’ link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Third party marketing
We will get your express opt-in consent before we share your personal data with any other company for marketing purposes.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We have a specialist security team who constantly review and improve our measures to protect your personal data.
We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Communications over the internet (such as emails) are not secure unless they have been encrypted. We are not able to accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Sharing your personal information
Depending on the circumstances, we may share your personal data with:
- companies within our Group;- Located in the UK.
- third parties we use to help deliver our Services e.g. Lease companies- (providing 3rd party leasing solutions to customer)- Located in the UK
- other third parties we use to help run our business e.g. website hosts, search engine providers that assist us in the improvement and optimisation of our Websites (located in the UK)
- mobile telephone companies, providing telephone services (located in the UK)
- finance companies (if you are applying for third party funding for the leasing of a telephone system) (located in the UK)
- our insurers and professional advisers; providing risk analysis, business continuity plans and insurance (located in the UK)
- external auditors e.g. in relation to the audit of our accounts; (located in the UK)
- our bank(s) (located in the UK)
If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal data, we will make sure they have appropriate security measures and only process your personal data in the way that we have authorised them to. These organisations will not be entitled to use your personal data for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we have set.
We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies so that they can detect and stop crime, prosecute offenders and protect national security. We may also need to disclose information to regulatory bodies to comply with our legal and regulatory obligations and as necessary to comply with the law (e.g. in response to a court order).
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible.
How long will we keep your data for
We will keep your personal data while we are providing our Services to you or, using the personal data for the purpose for which it was collected. Thereafter, we will keep your personal data for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
We will then securely destroy your personal data. We will not retain your personal data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal data.
Personal data supplied and used for the purpose of entering into a contract for goods or service will be deleted 3 years after you cease to have any relationship with 4Com plc or one of its subsidiaries.
Personal Data supplied during the recruitment process will be deleted 6 months after an unsuccessful application. Within the first 12 months following cessation of employment with 4Com plc, an employee’s personal data will be minimized as much as possible & anonymized, but will be kept for a further 6 years, in order to comply with auditory requirements.
We will never collect sensitive personal data about you (e.g. data about your health), or sell, rent or trade your personal data to third parties for marketing purposes without your consent.
The personal data which we hold will be held securely in accordance with our internal security policy and the law.
Transferring your personal data out of the EEA
It is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) e.g.
- with your and our service providers located outside the EEA; or
- if you are based outside the EEA;
These transfers are subject to special rules under European and UK data protection law.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other safeguards set out in data protection law) applies:
- your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- the transfer is necessary for the performance of the contract between you and us;
- the transfer is necessary to establish, exercise or defend legal claims;
- there are adequate safeguards in place between us and the organisation receiving it (e.g. by the use of European Commission approved contractual terms); or
- you have provided explicit consent to the proposed transfer after being informed of any potential risks.
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
In certain situations, the right to require us to delete your personal data
Restriction of processing
In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, write or telephone our compliance team —see below: ‘How to contact us’ and let us have enough information to identify you e.g. your full name, address and customer reference number as well as what right you want to exercise and the personal data to which your request relates.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to our compliance team – see below: ‘How to contact us’. However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
The EU General Data Protection Regulation also gives you the right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.
How to contact us
Our contact details are shown below:
Our contact details
One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE
Do you need extra help?
If you would like this notice in another format (for example large print) please contact us (see ‘How to contact us’ above).