Legal & policies

Here you will find all our legal documents & policies which affect how you use our services.

Privacy policy

Last updated May 2018

Dial 9 Communications Ltd ("we", "us", "our") is a UK Limited company (registration number 7740921) registered at Unit 9 Winchester Place, North Street, Poole, Dorset, BH15 1NX.

This privacy policy covers how we will use, collect and process any personal information provided to us.

Summary

  • We are Dial 9 Communications Ltd, and you can contact us at support@dial9.co.uk
  • We process your data to provide our services to you, to meet our legal obligations, andfor our legitimate interests
  • We only process your data for as long as we need to, and then we delete it
  • We do not sell or share your data with others unless they are providing a service to us (such as payment service providers), or unless you ask us to share your data
  • We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time
  • We take security seriously, and host our services on our own servers in UK data centres

You’ve got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact us: support@dial9.co.uk.

How we process your data

Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below for your information:

Records of the calls you make and receive

When you make or receive calls using our service, we process data about them for the purposes of routing the traffic, billing you, calculating what we owe our suppliers, and to attempt to detect and prevent fraud. These are all necessary to provide our service to you.We may also retain these records where we are required by law to do so.

Retention: we retain these records for until such time as you delete the data yourselves, unless we are required by law to retain them for a longer period.

Call recordings and voicemail

If you have configured call recordings and voicemail, we operate these services on your behalf.

Retention: Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases

IP Addresses

When you access any of our websites or servers we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our system team to ensure the integrity of our services.

Retention: This information is stored in rotating logs, which are kept for a minimum of 6 months

Authorisation & session data

Whenever you login to one of our websites we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.

The browser_id cookie is a permanent cookie that uniquely identifies your browser to us and allows us to ensure that previous sessions from that browser are invalidated when logging in again. This is only used for the purposes of invalidating these sessions as well as allowing us to notify you when new sessions are created in new browsers. It is not used for any tracking whatsoever.

The user_session cookie is, initially, a session-only cookie that contains a unique token that identifies your specific session. This data is not stored on our end and is only stored in a hashed form. If you choose to persist your login session, this cookie will be converted to a more permanent cookie with an expiry time at some point in the future. The actual time will depend on the service you are using.

In addition to these cookies, we also store an IP addresses & user agent with your backend session. This allows us to look for anomalies in its use to help us protect your account and our systems.

Retention: This data is stored until such time as the associated user account is deleted.

Your name

We will store the names of individuals who are authorised to access a Dial 9 account. Your name may be shared with other contacts on the same account. This is necessary to provide our service to you.

Retention: Your name will be retained until your user account is deleted.

E-mail addresses

We will store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your Dial 9 account or services. This information is required in order to ensure you are informed aboutyour account and can take appropriate actions in various situations. This is necessary to provide our service to you.

We may also use your e-mail address to send you messages about our services which may include notifications about newly launched features & tools, improvements to existing services, upcoming maintenance as well as information about our services that you we believe you'll find useful. If you would rather not receive these messages, please let us know or click the unsubscribe link in any of these e-mails

We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website or our portal. When you do this, you will be consenting with us to use your email address for this purpose. You maywithdraw this consent at any time by unsubscribing from the messages or contacting us.

Outgoing e-mails

If we send you transaction e-mails (for example: invoice notifications, payment confirmations/ receipts , balance warnings etc...), these will be passed through our internal mail server and stored for a period of time to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations.

The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.

Retention: The contents of messages are stored for a period of 30 days from the date the message is received by our mail system. The meta data for any messages is kept for 60 days from this date.

Mobile numbers

If you enable two step authentication, wemay ask for your mobile number which will be used to allow you to restore access to your account in the event that you lose access to your account. This is necessary to provide our service to you.

Retention: Your mobile number will be kept until you disable two step authentication or your user account is deleted.

Company name & your postal address

We require your postal address in order to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years.

If you order products from us (such as phones), we will use your address to post the items to you. This is necessary to fulfil our contract with you.

Payment cards

We do not store full payment card details on our own servers. We work with an external PCI compliant payment processor who handles this.

We may store the last 4 digits of your card and the card type of our systems so that you can identify which card was used for your payments.

Note about PayPal: If you pay for our services using PayPal, we do not control the data that you provide to PayPal in order to make your payment. PayPal share minimal information with us regarding your payment. You should refer to their privacy notices for details on how they manage this information.

Bank account details

We do not store your full bank account details on our own servers. We work with a third party, GoCardless,to provide our direct debit services. When you cancel your account we will cancel any direct debit mandates that you have with us once any final payments have been collected.

Your personal data stored with us

When you use our services, you have some options that will allow you to upload personal data that you control. For example, you may add contacts or may use personal data in extension configuration.

In addition to data that is uploaded, you will also be generating personal data in the form of call logs & recordings.

You are the data controller in respect of these personal data, and you are responsible for ensuring that you are compliant with appropriate laws & regulations (for example the General Data Protection Regulation) for all personal data that is stored within any of your Dial 9 services or accounts.

Retention: Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases.

Sharing data with the emergency services

When you acquire an incoming phonenumber from us we will ask you to provide a name & address (known as "Subscriber Information"). We will share this information with BT so they may share it with the emergency services in the event that it is required. If you do not provide subscriber information, we may also disclose other contact details we store on your account in the event that it is requested by the emergency service operator. This is necessary to comply with our legal obligations.

Website analytics

We use Google Analytics to help us track the details of visitors browsing our public websites. We do not use Google Analytics on any URLs once you have been authenticated. We do not send any personal data to Google's services through Google Analytics and we configure our tracking codes to anonymise any IP addresses. This is necessary for our legitimate interests of understanding the use made of our websites.

Support by e-mail

If you contact us by e-mail or through one of our websites, you will be sharing your contact details (e-mail addressand/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.

Retention: We retain all support requests (including the name & contact details of the recipient) that we receive for the purposes of auditing and training of staff.

Support by live chat

If you chat with us on our live chat service, you will be sharing your e-mail address with us for the purposes of sending you a transcript as well as identifying yourself to our support team. This is necessary to provide our service to you.

We also use records of live chats for staff training, to make sure we can offer you the best possible service.

In addition to this information, our live chat system will place a cookie in your browser (named natterlySession) which will persist until you quit your browser. This is required to ensure that your live chat can continue between separate page requests to our website.

Retention: We retain transcripts of all live chats (including the name & contact details of the website visitor) for the purposes of auditing and training of staff.

E-mails directly to/from our team

If you communicate with our employees directly by e-mail (i.e. notusing our normal support channels), we may retain your name & e-mail address in the mailboxes of the employee(s) that you communicate with. This is necessary to provide our service to you.

Retention Employee e-mails are kept indefinitely. Any e-mails that contain sensitive data that are delivered by accident will be removed immediately.

Call logs & recordings

If you choose to phone us, we will store a log of your call which may include your telephone number if it was sent to us.

We also record calls for the purposes of auditing any requests that might be made by you to us over the phone. Call recordings are retained as a legitimate interest to ensure that we can verify any requests in the future.

Retention: We retain call recordings for 60 days from the date of the call. Call log records are kept for a minimum period of 1 year.

Push notifications to mobile devices

If you use one of our mobile applications that send push notifications to your phone (including our Phone apps), we will store a unique token which identifies your mobile device and allows us to address push notifications to your phone. This is necessary to provide our service to you.

We may also store the content of push notifications for the purposes of debugging.

Retention: The device token is stored until such time as you disable push notifications within our application (note: disabling notifications on your phone alone will not remove the token from our service). Historical push notification content is stored for a period of 3 days from the date it was sent.

Job applications

If you apply for a job with us, we will store the personal data that you submit for the purposes of considering your application. This is necessary to take steps to enter into a contract with you.

Retention: Job application data will only be kept until the position has been filled unless you ask us to keep your information on record for considering for a future position..

Transfer of data to group companies

Dial 9 Communications Limited is part of a group. We may share and/or transfer your data with other companies within our group for the legitimate interestsof administration, business operations & company structuring.

Third party processors

In some cases, we may use third parties to provide services and we need to share data with them. We maintain a list of all third parties where data is shared and data is only shared on a need-to-have basis.

Category Personal Data
Professional Services We may share your details with processional service companies such as accountants or accounting software.
Payment service providers We may share your details with company who provide us with payment services for taking payments from credit/debit cards.
Technical service providers We may share your details with providers we use to provide computing services.
E-mail marketing software We may share your details with e-mail marketing software providers to allow us to send e-mails to customers.
Communication services We may share your details with companies who provide us with communication services such as a live chat or e-mail providers.
Telecoms providers We may share phone numbers with other telecoms providers that we work with in order to provide your service and allow you to make & receive calls. We may also share phone number address & subscriber information with them for the purposes of providing your details to the emergency services

Some of our services allow users to configure integrations with third party services. When using any of these integrations, youshare your data with the organisations who operate these services. You should review their own privacy information with regard to how they will treat this information once it has been provided.

Cancellation of accounts

When your Dial 9 account is cancelled, we will store your account details for a period of 1 month before they are fully removed from our systems.

Correcting your personal data

It is important to us that the information we store is up to date and accurate. You may update your details at any time through our website or by contacting us.

Removal of your personal data

In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our website. In other cases, though, please feel free to contact us.

Your rights

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

Notification of data breaches

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.

Electronic storage of data

No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.

Use of our services by persons under the age of 16

We do not allow anyone under the age of 16 to signup, use or store any personal data with us on any of our services. If we discover or are notified about the presence of a user under this age, we will remove their data from our systems without notice.

Transferring your personal data internationally

Like many other organisations, we use third parties in other countries to help us run our business.This includes countries outside the European Economic Area. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. If we transfer personal data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will useamechanism which covers the requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses.

Changes to our privacy policy

We may need to make changes to this privacy policy from time to time. All changes will be published to our websites and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within our customer portal.

Our lawful basis for data processing

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data in our legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.

Where our processing is based on consent, you may withdraw consent at any time.

Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.

Disclosure of information to law enforcement agencies

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

Data protection authority

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner's Office (ICO) in the United Kingdom (our authority).

The ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.org.uk.

Contacting us

If you have any questions about our privacy policy or any other aspects of our services, you may contact us by e-mail on support@dial9.co.uk.