Simwood eSMS Limited — which we’ll just call “Simwood” from here on in — is committed to protecting your right to privacy. In this policy we explain what information we collect, and how we use that information and why. We also set out your rights, and how to contact us.
We review this policy regularly, and may update it from time to time. The latest version will always be available at https://simwood.com/privacy-policy
THE DATA WE COLLECT AND HOW WE USE IT
The personal data we process depends on how you interact with Simwood, and your relationship with us.
You are not required to provide any data to us. However, if you do not do so, you may not be able to make full use of our services.
This section applies to our customers and, where relevant, prospective customers.
To provide you with services. We will use your personal data you provide to us in order to provide you with services. This applies whenever you have an account with Simwood. We will:
- Use your contact details and other information to confirm your identity. This includes details such as your name, address, telephone number, eMail address, passwords and other security credentials, payment and financial information. For your security, we do not retain credit card details;
- Retain any correspondence with us including eMail and telephone calls;
- Retain personal data (such as your eMail address) to enable you to access the Simwood Portal and Simwood Support Centre; Contact you for legitimate purposes relating to your account such as Invoices, Service Announcements, and Alerts that you have requested to receive;
- Provide your information to partners or other communication providers where necessary to provide services to you.
We use this information to perform our obligations under contract to provide services to you.
To market relevant products to you. We will use your personal data to send you marketing that may be of interest to you. We will do this if you have consented only, and you have the right to withdraw this consent at any time. We will:
- Use your contact details – including your name, address, phone number, and eMail address – to effectively communicate with you. We may also use information from publicly available sources such as business directories.
- Use information about how you use our services to tailor the communications we send to you based on information held; and recommend other products or services that may be appropriate to you
- In each marketing message we send, we provide the means to opt-out from that type of message, or all further communication for marketing purposes. You may also do this at any time by contacting us.
To prevent fraud. We will use personal data for the legitimate interest of detection and prevention of fraud. We will:
- Retain any information submitted in an account application including your name, address, telephone number, eMail address, IP address etc, even where that application for an account is unsuccessful;
- Where appropriate, disclose information identified as fraudulent to fraud prevention, law enforcement agencies, and other industry bodies.
To recover debt. If you do not pay your invoices on time, we may instruct our solicitors or debt recovery agencies to recover what is owed. We will provide them with your personal data necessary to effect this. This processing is for the legitimate interest of running our business.
Visitors to Simwood
Simwood welcomes customers and others to Simwood House in Bristol. We use CCTV and Access Control at this location for the legitimate interests of securing our facilities and for the prevention and detection of crime. We will:
- Record CCTV footage around the exterior and within the public areas of the building;
- Record your vehicle registration if using our car park;
- Issue visitors with an Access Control keycard or keyfob which is associated with your name for the duration of your visit, use of which is logged by our Access Control system
End Users of Simwood Services
Simwood is a wholesale provider of telecommunications services, and our customers are other communications providers. However, to provide our services, we inevitably process personal data relating to our customer’s end users. If you are an end user as well as a customer, the following will apply to you too.
Because we have a legitimate interest. We will process personal data if it is in our legitimate interests to do so. We will:
- Retain Call Data Records (CDRs) detailing calls made by or to an end user, including telephone numbers, which may be considered personal data. More information on CDRs is available below;
- Use End User information for the purposes of detection and prevention of fraud and to protect our network.
- Create aggregated and anonymised information for analysing the use made of our services and networks to inform business decisions and strategy.
To comply with regulatory obligations. For example, we may:
- Retain contact details (name, address, telephone number) of end users to provide data to the BT EHA (Emergency Handling Authority) in the event of a call to 112 or 999 in accordance with General Condition 4;
- Use personal data to provide number portability services in accordance with General Condition 18; and
- as otherwise necessary to meet our requirements within the General Conditions of Entitlement, The Communications Act 2003, and other relevant legislation.
We do not use end user information for marketing purposes.
Other Personal Data
As a communications provider, we process personal data about those who are neither a customer nor end user of Simwood services.
Because we have a legitimate interest. We will process personal data if it is in our legitimate interests to do so. We will;
- Retain Call Data Records (CDRs) detailing calls to Simwood customers, including the originating telephone numbers, which may be considered personal data. More information on CDRs is available below;
- Create aggregated and anonymised information to analyse the use made of our services and networks to inform business decisions and strategy;
- Monitor traffic on our network and trace nuisance or malicious calls; and
- Monitor our systems and services to detect and prevent unauthorised usage.
For prevention and detection of crime. We have a legitimate interest to protect our business, network, and infrastructure from attacks and prevention of crime and fraud. We also share information with other organisations (such as other Communications Providers and industry bodies) to effect this.
CALL DATA RECORDS (CDRS)
As with all communications providers, we process call data records (“CDRs”). These are the metadata of communications to and from our customers’ end users.
CDRs contain the following information about each phone call:
- The calling party’s telephone number(s);
- The dialled telephone number;
- Any telephone number(s) involved in diverting the call;
- The date and time of the call;
- The duration of the call;
- The carrier that the call originated from
CDRs are not call recordings, and convey no information about the nature of the call beyond the number of the called and calling parties.
RECIPIENTS OF PERSONAL DATA
We share your personal information with other service providers to help provide our services, including to:
- Provide transit services, to keep us connected to some hard-to-reach parts of the Internet
- Provide customer services, such as support ticket tracking;
- Provide marketing services, such as our newsletter or other direct marketing;
- Process payments, such as credit cards and Direct Debits;
- Keep you informed regarding issues or planned maintenance on our network, via our Status Page
- Analyse the information we hold.
We may disclose customer, end user, or any other personal data, to third parties as may be required to comply with our legal obligations, or for the purposes of fraud prevention, and the prevention and detection of crime.
TRANSFERS OUTSIDE THE EEA
We may transfer your data to providers in the USA. They are all self-certified under the EU/US Privacy Shield.
We will keep your data for no longer than is necessary for the purposes for which the data are processed.
If you have any concerns how long specific information is held for, please don’t hesitate to contact us for clarification.
We will keep;
- Customer contact details for a period of six years after your account is closed.
- Details relating to any dispute for a period of six years after it is closed.
- CDRs in their full form for a period of six months, except where these are the subject of, or likely to become subject of, a dispute or as otherwise required.
- CDRs in anonymised form for a period of up to six years.
- Copies of correspondence as long as you are a customer, and then six years thereafter.
- Copies of your Invoices for as long as you are a customer, and then six years thereafter.
- End Users data (such as EHA address information) for a period of three months after termination of the End User’s service or one year after the termination of the Customer’s service with us.
- CCTV recordings for a period of up to 14 days, except where these are required for purposes of investigation or as evidence or we are notified they are likely to be required for such purposes.
- Building access logs are retained for a period of 90 days unless otherwise required
In other cases we’ll store personal data only for the period required, or longer if required by law. Otherwise personal data will be deleted or anonymised.
COOKIES AND OTHER INFORMATION GATHERING TECHNOLOGIES
We may use information tracking and gathering technologies that record and store information about users of the Website automatically. This can include using a “cookie” which would be stored on your browser. This information does not identify you personally.
We use this information to help us identify click stream patterns, to improve our Websites and to learn about the number of visitors to our Website and the types of technology our visitors use.
If you do not wish to receive cookies, there are a number of things you can do, including adjusting your computer’s settings to block cookies, or to accept them only on confirmation from you.
Your browser’s ‘help’ option will tell you how to adjust your cookie settings. However, please be aware that if you choose to delete or restrict cookies, some features of our website(s) may not work. You can also visit www.allaboutcookies.org, for more information about cookies and how to manage them.
You have the following rights in relation to your personal information: (i) the right to be informed about how your personal information is being used; (ii) the right to access the personal information we hold about you; (iii) the right to opt-out of receiving direct marketing messages; (iv) the right to request the correction of inaccurate personal information we hold about you; (v) the right to request the blocking or deletion of your personal information in some circumstances and; (vi) the right to request that we port elements of your data either to you or another service provider.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us.
If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
We process some personal data on the basis of consent, such as for marketing purposes.
We obtain this consent by opt-in means only at the time of creating your account, subscribing to one or more of our mailing lists, or by specific request.
You may withdraw this consent at any time.
In the event of any privacy-related query or complaint, or to exercise your rights, please send an e-mail to email@example.com.