Effective 25th May 2018

Overview

This privacy policy explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.

The most important fact is that it’s your personal data. We have complete respect for your rights and we will only use it where necessary to deliver, protect and improve our services, to keep you up to date about developments in our products, and to fulfil any legal or regulatory obligations we may have.

We review this policy regularly and may update it from time to time. The latest version will always be available at https://www.nimvelo.com/about/terms-and-policies/privacy-policy/.

 

About the data controller

The data controller for the purpose of this policy is Sipcentric Limited (t/a Nimvelo), Faraday Wharf, Holt Street, Birmingham, B7 4BB. Our company number is 7365592 and our registration number with the Information Commissioner’s Office is ZA234403.

If you want to contact us about any of the points on this policy, or just generally about how we protect your privacy, please email us at privacy@nimvelo.com.

If you’re someone who doesn’t have a direct relationship with us, but believe that a Nimvelo customer or partner has entered your personal data into our websites or services, you’ll need to contact that customer or partner regarding any questions you have about your personal data (including where you want to access, correct, amend, or request that your personal data be deleted). See “Information for End Users” below for more information.

 

Whose information we collect

We collect information from three types of individuals:

  • Customers are individuals and businesses who have signed up or requested to use one of our services directly.
  • Partners are individuals and businesses who use our white-label platform for onward-provision of the services, under their own brand and terms, to their own customers.
  • End users are individuals and businesses that interact with our services but do not have a contractual relationship with us. This could be, for example, our Customers’ employees, or our Partners’ customers and their employees.

You are not required to provide any data to us. However, if you do not do so, you may not be able to make full use of our services.

 

Purpose and lawful basis for processing your personal data

The personal data we process depends on how you interact with Nimvelo, and your relationship with us (see above).

Customers / Partners

  • To provide you with services. We need to use your personal data in order to perform our obligations under contract to provide the services to you. We will:
    • Use your contact details and other information to confirm your identity. This could include details such as your name, address, telephone number, email address, passwords, and payment/financial information. For your security, we do not store credit card  or bank details on our own systems;
    • Store personal data to enable you to access the services;
    • Contact you for legitimate account-related purposes such as sending invoices, service announcements and other alerts such as low-credit warnings, voicemail notifications etc;
    • Provide your information to other communication providers where necessary to provide services to you.
  • To comply with regulatory obligations. Where we have a legal duty, we may:
    • Retain contact details (name, address, telephone number) to provide data to the BT EHA (Emergency Handling Authority) in the event of a call to 112 or 999 in accordance with General Condition 4;
    • Use personal data to provide number portability services in accordance with General Condition 18; and
    • as otherwise necessary to meet our requirements within the General Conditions of Entitlement, The Communications Act 2003, and other relevant legislation.
  • To market relevant products to you. We may use your personal data to send you marketing information that may be of interest to you, but only if you have consented. If this is the case, we will:
    • Use your contact details including your name, address, phone number, and email address, to communicate with you;
    • Use information about how you use our services to tailor the communications we send to you;
    • Recommend other products or services that may be appropriate to you;
    • In each marketing message we send, provide the means to opt-out from that type of message, or all further communication for marketing purposes.
  • To prevent fraud. We will use personal data for the legitimate interest of detection and prevention of fraud. We will:
    • Retain any information submitted in an account application including your name, address, telephone number, email address, IP address etc, even where that application for an account is unsuccessful;
    • Where appropriate, disclose information identified as fraudulent to fraud prevention, law enforcement agencies, and other industry bodies.
  • To recover debt. If you do not pay your invoices on time, we may instruct our solicitors or debt recovery agencies to recover what is owed. We will provide them with your personal data necessary to effect this. This processing is for the legitimate interest of running our business.

End Users

  • Where we have a legitimate interest. We will process personal data if it is in our legitimate interests to do so. We will:
    • Retain records of calls made by or to an End User using our service, including telephone numbers, which may be considered personal data;
    • Use End User information for the purposes of detection and prevention of fraud and to protect our network.
    • Create aggregated and anonymised information for analysing the use made of our services and networks to inform business decisions and strategy.
  • To comply with regulatory obligations. Where we have a legal duty, we may:
    • Retain contact details (name, address, telephone number) to provide data to the BT EHA (Emergency Handling Authority) in the event of a call to 112 or 999 in accordance with General Condition 4;
    • Use personal data to provide number portability services in accordance with General Condition 18; and
    • as otherwise necessary to meet our requirements within the General Conditions of Entitlement, The Communications Act 2003, and other relevant legislation.

We do not use End User information for marketing purposes.

 

Who we share your personal data with

Data processors

We use a number of different service providers (acting as “data processors”) to enable us to operate our business and the services we provide. For example, your personal data may be transferred to (and stored by) a third party data processor in order for us to:

  • Provide customer services, such as support ticket tracking and in-app communication;
  • Provide marketing services, such as our newsletter or other direct marketing;
  • Process payments, such as credit cards and Direct Debits;
  • Keep you informed regarding issues or planned maintenance on our network, via our status page;
  • Identify and prevent crime and/or fraudulent transactions;
  • Maintain off-site backups for the purpose of disaster recovery.

For security reasons (to reduce the risk of phishing attacks to our customers) we do not name all our service providers in this privacy policy. However, the types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us at privacy@nimvelo.com if you want further information on specific data processors or the types of personal data they process for us.

Other circumstances in which we may share personal data with third parties

We may also share your personal data with the following third parties in certain circumstances:

  • Law enforcement or other authorities (such as tax authorities) if required by applicable law;
  • Third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy;
  • With professional advisors such as lawyers, accountants or auditors in order for them to provide legal, accounting or auditing services to us.

We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes other than our own marketing activity.

 

International transfers of personal data, and the measures in place to protect it

Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Some of the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA.

In each case we and/or our processors use one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:

Please contact us at privacy@nimvelo.com if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.

 

Your personal data rights

The personal data we hold about you is your data, so you have certain rights over them. This section summarises your rights. You can exercise any or all these rights when you choose, and the easiest way is by dropping us an email at privacy@nimvelo.com.

Where we are processing your data based on your consent (e.g. for marketing purposes) you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.

You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. You also have the right to require us to correct any records that are wrong.

You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above. We also retain the right to keep data that is needed to establish, exercise or defend a legal claim.

Where we process your data based on a “legitimate interest” you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests.

Finally, you may have the right to have your personal data transferred to another organisation, and we’re obliged to provide it to you in a clear and reasonable format.

 

Your right to lodge a complaint with the Regulator

At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.

Of course, we hope that we can resolve your issue quickly and fairly – you can contact us at privacy@nimvelo.com.

 

Updating information

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

 

Information for End Users

Where our services are used by companies or organisations, the company or organisation (“the administrator”) is responsible for your use of the services and any questions with regard to your own data privacy should be addressed to that administrator, which will have its own data security and privacy policies. We have no control over any decision by any such administrator to, for example, access your account, change the nature of your account access (including termination, suspension or restriction) and/or amend your information (such as your profile or e-mail address).

For the purposes of this section, an administrator may mean a company or organisation who provides you with your email address and owns the associated domain (such as an employer) who asserts control over your account or (in which case you will be advised) at some later date.

 

Data retention

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it – for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements.

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s securely deleted or anonymised.

 

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised

access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

All of our methods meet the GDPR compliance requirement.

 

Our use of cookies and tracking

Essential cookies

We use cookies to make interactions with our website easy and meaningful. We use cookies (and similar technologies, like HTML5 local storage) to keep you logged in, remember your preferences, and provide information for future development of our services.

A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting our website; however, a cookie may store a unique identifier for each logged-in user. Some of the cookies we set are essential for the operation of our website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you may not be able to log in or use our services.

Analytics

Where we have your consent – which we will ask for on your first visit – we use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect personal information. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use our services. This helps us to compile statistical reports on activity; and improve our content and website performance.

Google Analytics gathers certain simple, non-personally identifying information over time, such as your browser type, which site you were referred by, entry and exit pages, timestamp, and similar data about your use of our site. We do not link this information to any of your personal information such as your username.

Other cookies

Certain pages on our site may set other third-party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimise these third party cookies, we can’t always control what cookies this third-party content sets.

 

Consent

We process some personal data on the basis of consent. We obtain this consent by opt-in means only at the time of creating your account, subscribing to one or more of our mailing lists, or by specific request.

You may withdraw this consent at any time.

 

How to contact us

If you have any questions, concerns or just want some more information about our privacy management, drop us a line at privacy@nimvelo.com.