How we use data
We provide our services to businesses customers and the we consider the respective business entity to be our customer. Data is maintained to operate an account with us and used by our team to support our customers.
Every customer account is expected to provide at least one person for the roles of Primary, Technical and Billing contacts. These roles only used for the essential operations of the account. These contacts are required to receive communications from us that are needed to deliver the service.
Our management software includes an Admin role for our customers to manage their service with us. It is expected that every account has at least one user with the Admin role to ensure the correct day to day operations for the account. Furthermore, the Admin role has the ability to manage the data stored on the account.
We store data on an account relating to the contracts and the people involved in agreeing or those that are signatories. When an account is closed we remove all data stored on an account in our applications. We maintain contract information whilst a contract is still operational.
Our service requires some data to operate and generates data as part of normal operations. The majority of this data is considered to be the customers data except where it is used for regulatory purposes and retention is required by law.
Since we are operating our service on behalf of a business entity, we would expect that all email addresses and telephone numbers that your company and team members use to communicate with us are owned by the company. We cannot know that any particular email address or telephone number given to us is personal and we would expect that wherever possible only company owned contact data is used to communicate with us.
More detail is provided in the rest of this document about what data is stored and how we use it to deliver our service to you.
Billing and Payment Information
For an operational account we store invoices and the items information that provides a breakdown of what was included in the invoice. We maintain full invoice history during the lifetime of the account. After an account has been closed we maintain the invoice data for a period of up to 6 years.
We operate a Direct Debit facility for customers and maintain Direct Debit mandates for each account for the lifetime of the direct debit agreement. We work with Bottomline Technologies to operate our Direct Debit facility and HSBC our sponsoring bank. Only the data given to us on the Direct Debit Mandate is stored and used to operate the Direct Debit facility.
Call Detail Records (CDRs)
We are classed as a communications service provide (CSP) and as such have specific data retention obligations. Our telephone services generate CDRs for all calls received and placed to the PSTN. These are stored and maintained for billing, audit and regulatory purposes.
We will retain all CDRs for a period of 12 months. After 12 months we will delete them from our online service and retain them in an anonymised format as an offline archive. The anonymised format for telephone number data will only include the number prefix digits with the last set of digits removed.
Application and Service Data
User accounts are created for your service and are used only for the purpose of identifying your team members as part of your service operations. The user data is considered to be owned by you, is for your service only and as such is never shared or used for any purpose other than delivering your service. You can add and remove users from your service and you are responsible for maintaining your user data.
As part of your phone service operational data the user account details requires the following personal data to operate.
This data is used to identify users in our applications and for use with internal caller IDs that are displayed on the phone when extension to extension calls are made. In cases where a customer uses our internal directory services, the users name data might appear in that directory. This data is only used internally or for our teams to provide support.
Address data is used by our company for deliveries, for providing Internet connectivity and as part of our emergency services obligations.
Address data for emergency services is submitted to the Emergency Handling Authority (EHA) and is used by the EHA when customers make 999 calls.
For company office locations, the name of your company and the address is shared with the EHA. For home locations, the name of the resident and the address is shared with the EHA.
Address data is stored for all locations that a customer uses our service as we are obligated to provide 999 services. Customers are responsible for ensuring that all locations where our service is used are registered on their account. Due to the flexibility of our services in regard to location we rely on customers to maintain this data and to inform us when our service is being used at a new location or when a location needs to be removed from our records.
Address data is used for deliveries and shared with our delivery partners when we ship phones or other hardware to customers. This data is stored with our delivery partners for a period of three months before being removed from their database.
Instant Messaging and SMS Storage
Our XMPP based Instant messaging service does not record, archive or store conversational history. The XMPP server does operate an offline message store that temporarily queues messages whilst users are offline and are then delivered when the user is back online.
End user XMPP clients do store instant messaging history and in most cases are enabled by default to do so. Customers are expected to manage their own storage policies using the feature of their XMPP clients.
SMS messages are not permanently stored on our servers but are temporarily held before delivery in some delivery situations where recipients are offline.
For services that have call recording enabled, recordings are made available to customers for downloading and removal from our servers. When recordings are downloaded with our downloader they are removed from our storage and a copy is quarantined for 7 days before it is fully removed. This is as a failsafe to give time for customers to verify recordings or to allow for unexpected errors with the process of downloading.
The voicemail service has the option of either storing voicemail for retrieval by telephone, sent via email or both stored and sent via email. When the voicemail is stored these can be accessed, listened to and deleted using the phone keypad. When voicemails are delivered to you by email only they are not stored on our service.
Customers are expected to define their operational policies for voicemail and set their service settings accordingly.
We supply International numbers to our customers and these are under the conditions of use for the country that the numbers operate in. Some of the conditions of usage include regulatory requirements such as proof of residence in that country. For countries requiring documentary proof of residence or other proofs of trade we are required to share the corresponding documents with our suppliers. At the time of us providing the service we will inform you of any documents you need to supply. These will only be used for the explicit purpose of acquiring the International number(s). Once the process of issuing the numbers has successfully completed, we destroy all copies of the from our storage. The documents will be stored with our International number supplier for the duration of the service of a number.
When a number is returned to us or ported away, we remove the documents and address data from our International number supplier database.
Phones and Directories
Many of the office desk phones and portables DECT handsets used on our service have directories and call lists for placed and received calls. The data stored in the phones needs to be managed by whoever is using the phone. This means that it is your responsibility to remove contacts details from the directories or call lists should you need to do so.
Voxhub Service Communications
During our sales process we only make contact with potential customers using the contact details supplied to us by them or their nominated partners. This information will only be used to fulfil any requests from the potential customer.
We do not use contact details for the purposes of direct marketing and these details will not be shared with third parties.
As providers of a business service we would expect that any contact information provided by customers would be their business details.
When we receive enquiries relating to a customer?s service we will use the contact details provided to keep in touch with customer until the issue is resolved. The contact details we use will be the email address or telephone number used to make initial contact with us and any other contact details supplied by the customer in the process of issue resolution.
From time to time we will also be required to contact customers proactively to inform customers of issues that we have identified through service monitoring. In these situations, we may contact the either the listed Technical Contact, Primary Contact, any supplied Business Continuity numbers or any of the Admin users listed on the customers service.
Our mailing lists are managed as part of our user database. Users can subscribe to a mailing list and remove themselves whenever they want. By default, users are never automatically subscribed to any of our mailing lists. When a user is removed from our service their mailing list subscriptions are automatically removed.