Date last revised: 25/05/18
We are FIDELITY GROUP LIMITED (we/us/our). Protection of your personal data is at the forefront of our business operations. We recognise that personal data does not belong to us and we have a duty to protect it.
Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you (set out below or in our agreement with you) or in the way you ask us to, and we will give it back to you at any time.
1. This policy
1.1 This policy sets out how we will process your personal data. It will apply together with any terms and conditions or other documents we provide to you at any time during our business relationship with you.
1.2 This policy will apply to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
1.3 By visiting our website at www.fidelity-group.co.uk (our Website), or by providing your personal data to us during our business relationship with you, you understand, accept and consent to the practices described in this policy.
1.4 Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
1.5 For more information relating to your rights under this policy, please see section 3.
1.6 If you have any queries relating to this policy, please contact us at email@example.com in the first instance.
2. Who we are
2.1 We provide telecommunications and other related services to businesses and their staff and are one of the largest growing businesses in this industry in the UK. We are a UK registered company (06765669) and our registered offices are for the care of our appointed solicitors at 37-41 Bedford Row, London WC1R 4JH.
2.2 For the purposes of the Act, we are a data controller in relation to all data we process through our centralised billing and CRM platform, which we host from within the UK. We are registered with the ICO to process your data in this way and our registration number is Z2099463.
3. Your rights
3.1 You may not be aware that we provide you/your employer with your/their device(s) and telecommunications services. As a result, we host your personal data in relation to the business devices you use for your daily workplace duties. In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
3.1.1 not to process your personal data for marketing purposes;
3.1.2 to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
3.1.3 to amend any inaccurate data we hold about you;
3.1.4 to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
3.1.5 to only process your personal data in limited circumstances, for limited purposes.
3.2 We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
3.3 If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
3.4 Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.
3.5 If you wish to contact us in relation to the personal data that we may access about you, you may contact us at firstname.lastname@example.org.
4. What data do we use
4.1 Our services are provided to business customers. To the extent that any of the following enables us to identify a living individual (as opposed to a business only), we need (or provide)
– full names;
– mobile and landline telephone numbers;
– email addresses;
– IP addresses and router details; and
– bank account details.
4.2 Whilst a lot of the above listed information either relates solely to businesses, or is already in the public domain, we recognise we have a duty to protect it.
4.3 Where we, or our appointed suppliers, provide technical support to any user at any time, they may have access to, and automatically process, technical information relating to the IP address, router and device details through which the support request is logged.
4.4 Whenever data is used to generate financial or statistical reports in relation to any customer or partner, such reports will contain limited amounts of personal data. Specific reports are generated in such detail so that a user can receive detailed line-by-line records of their usage in any period, each of which amounts to personal data. Other reports contain aggregated and anonymised information for corporate reporting, research and analytical purposes only, which we provide to our customers and partners (as appropriate).
4.5 If your personal data changes, or becomes inaccurate at any time, you must let us know to avoid any errors or delays in our services, and to allow us to update our records.
5. Who can access your data
5.1 The vast majority of the personal data we obtain is processed through our centralised, operational, provisional and billing platform (which we host from the UK), known as “Anvil”. This is accessed by our staff with different levels of access clearance, all of whom are restricted by terms and conditions of use, and are trained on how to use Anvil to service your account and protect your data.
5.2 Personal data will be shared with our suppliers and service providers who need access to such data in order to provide their telecommunications services and other service to our customers. These include a range of leading network providers, such as BT Plc, Vodafone and O2. Details of your specific provider may be provided to you or your employer.
5.3 Our technical support functions are supplied by multiple suppliers, some of which may sub-process or outsource to third parties outside of the EEA.
5.4 We connect with our customers directly or through a series of appointed partners (dealers, wholesalers, and billing services providers) and those customers that ‘white label’ our services. Each partner will, therefore, have limited access to Anvil in relation to the personal data about them and their customers for billing and account management purposes only. All users with such access, do so on the terms and conditions of Anvil, and receive appropriate training. All account usage is regularly monitored.
5.5 All users of Anvil are trained and made aware that they cannot release customer details to anyone unless they can first accurately verify their identity. All passwords are held securely and any access to back-end servers requires this as well as user-based authentication.
6. Your consent
6.1 We process personal data to pursue our legitimate business interests or to perform the contract we have with our customers and end-users to provide our services. To do this, we need to process certain categories of personal data. If you can’t, or are unwilling, to provide this to us, it is unlikely that we can perform our contract with you.
6.2 Data that is uploaded to Anvil is for the purposes of allowing us to administer our business relationship and provide our services to customers. We do not, therefore, ordinarily rely on a data subject’s consent to process that data. We consider that all data stored on Anvil is reasonable and necessary for these purposes.
7. How we collect your data
The categories of personal data listed in section 4 are collected in the following ways:
7.1 When you provide it to us
– When you correspond with us by phone or e-mail as part of our business with you (whether for customer support, billing, upgrades or otherwise), any of your personal data contained in that correspondence will be retained by us. All of our calls are recorded for training and monitoring purposes;
– When we enter into a contract with you (whether directly or via one of our appointed “partners”), any personal data contained in that contract (or related correspondence) will be retained by us;
7.2 When we collect it from you
– When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings
– We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website
7.3 When we receive it from others. A lot of personal data is referred to us, indirectly, through our partner network and/or your employer.
7.4 So that we can provide our services to you, and can verify your identity and your ability to continue to make payments to us, we will use recognised third party credit rating/reference agencies to carry out credit checks on you. Any information in that credit report that allows us to identify a natural person will be retained by us for the purposes of providing our services.
7.5 We receive a lot of our personal data and basic contact details from our existing partners, dealers and suppliers who may refer your data to us if they reasonably consider that you may be interested in our services. They only do so on the terms of a written agreement with us and are under legal and contractual obligations to notify you that they are referring your details to us, for specified purposes. So that we can monitor their compliance, please notify us immediately if you were not aware that your personal data had been transferred to us.
8. What we use it for
8.1 Your personal data is primarily required to enable us to supply you with the relevant services and support you have requested from us, and to contact you in relation to any enquiries or requests you raise with us.
8.2 We also use your personal data to send you information by email about us, our services and any recent market updates that are similar to those you have already purchased or enquired about. We only do this where you have given us permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
8.3 Technical information we collect about your visit to our Website is used to enable us to:
– personalise and improve its functionality and security (to keep it safe and secure);
– administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
– ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary.
8.4 From time to time we also use your email address or telephone number to contact you for account review or market research purposes (where you have given us permission to do so).
8.5 Once collected, your personal data will be retained by us for as long as is necessary for us to provide you with the relevant services, to market our services to you (where requested) and to enable us to improve our Website. After this point, the data will be securely deleted in accordance with the typical retention periods set out in section 10 and we will not contact you unless you ask us to.
9. How and why we disclose your data
We disclose your name and email address to The Rocket Science Group LLC d/b/a Mailchimp®, a company registered in the USA (Georgia) to distribute our marketing content to you (where we have your consent to do so). They store our marketing distribution lists on their secure servers located in the USA.
10. Data retention and security
10.1 The personal data we store and process is held by us in more than one place, by multiple hosting solution and software providers. Whilst we use the following third parties to host the personal data we process, all IT support is primarily managed by us, internally.
– Our CRM systems for new business leads and acquisitions are hosted (in part) by a platform operated by Insightly, Inc., (Insightly) a company incorporated in the USA (California). Insightly’s servers are located in the USA and Insightly complies with international data protection laws regarding transfers of customer data across borders and is certified to EU-U.S. Privacy Shield Framework regarding the processing of information transferred outside of the EU to the US. More information can be found at Insightly;
– Our calls are recorded and stored on Google Drive®, a storage solution hosted by Google LLC (Google) who are based in the USA (California);
– any personal data you provide, or that is contained within, any email correspondence you have with us, is stored in Microsoft Office®365, to which all staff have separate, secure access (and all IT support have administrator-level access).
10.2 All data relating to any of our customers, end-users or partners is retained for the duration of the relationship and for up to 6 years following termination to satisfy any legal, accounting or reporting requirements. After this time, the data is automatically quarantined and the key holding the data is encrypted or otherwise anonymised to prevent unauthorised access to it.
10.3 Details relating to any dispute are retained for up to 6 years after the dispute has been resolved.
10.4 All of our staff who process your personal data have received data protection training in relation to your rights and their obligations under the Regulation. Our staff are also internally regulated by our data protection, retention and security policies.
11. Contact us
Details on how to reach us are at the top of this policy. Please don’t hesitate to get in touch with any related queries.
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include: