Our commitment to your privacy
We recognise the importance of respecting and protecting your personal data (information) and yet in order to be able to continue to provide you with the level of service you have come to expect from us we need to collect, process and share a certain amount of information about you. In this document, we explain what information we’re likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the ICO in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.
ComXo Holdings Limited and ComXo Limited (ComXo) is the data controller of your information. This means that we exercise some judgment in determining how and why to process the information you share with us. If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us at GDPR@comxo.com. This policy applies to all your information however captured, including through our website or via our office.
What information we collect and how it’s used
Here we summarise the information we collect, why and how we use it and who we share it with. We will keep your data secure and won’t sell your personal data to third parties – ever. We only use your personal data to help us provide you with a great service, and tailor the information we share with you to help make it relevant, useful and timely. We will only share your personal data with organisations involved in fulfilling our role as your supplier of switchboard or telecoms support services.
All your information falls into one or more of the following categories:
|Why||What||From Whom||Lawful Basis||With Whom|
|To respond to your enquiries and/or sign you up to one or more of our services or respond to your application for employment||Your name, phone number and email address||From you||The contract between us||The people at our office HQ|
|To supply your services and to keep a proper record of those transactions||Your name, billing address, telephone number, email address and service and transaction history||From you and our records or your previous transactions with us||The contract between us||The people at our office HQ and the communications services we use e.g. email and text messaging|
|To process your payments, refunds and to prevent fraud||Your bank details, or credit card details name and billing address||From you directly||The contract between us to process your payments||Only those people at our office HQ who need to process your payments and those other trusted organisations, including your bank and other card payment service providers, who process payments on our behalf|
|Financial management, invoicing, accounting and credit control||Details of invoices issued and payments made or owed||From you or from our records of your transactions||Our legitimate interests||The people at our office HQ including our finance team|
|To analyse your use of our website, emails and services||your IP address, geographical location, browser type, device type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use||From our analytics packages (including, but not limited to Google Analytics) and email services providers||Our legitimate interests, namely to monitor and improve our website and the services we provide to you||The people at our office HQ, our website developers and those we have engaged to support our marketing activities.|
|To contact you about your service, relevant information and messages||your name, email address, postal address, phone number||From you and from our records of your transactions, and from publicly available information||The contract between us for the services we provide to you; our legitimate interests for direct marketing communications.||The people at our office HQ, our website developers and those we have engaged to support our marketing efforts.|
|To provide clarification, resolve issues or market relevant goods and/or services to you||your name, email address, postal address or phone number||From you and from our records of your transactions and interests, and from publicly available information||The contract between us and to ensure that we respond to your enquiry appropriately||The people at our office HQ|
|To carry out relevant security, credit checks or to gather references||Your name, email, address, postal address, phone number, IP, credit card details||From you and from our records of your transactions||The contract between us or in relation to an offer of employment||The people at our office HQ and those we have engaged to process those checks|
|To improve our digital marketing||Your name, email address, corporate address, phone number, user ID of any social platforms you have connected with us on||From you, from our records of your transactions and from social platform analytics data||Our legitimate interests, namely providing better services and enhancing our customer base||The people at our office HQ and those we have engaged to support our marketing efforts|
We may process any of your information identified in this policy where necessary for the establishment, exercise or defence of legal claims,whether in court proceedings or in an administrative or out-of-court procedure.The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal datawith law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court or not.
We may also process any of your information where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Transferring your personal information outside of the European Economic Area (“EEA”)
We have ensured that the information you share with us is stored and hosted in the European Economic Area (EEA) and we will not knowingly transfer your information outside the EEA unless you have authorised or requested us to.
How long we hold on to your information
We only hold on to information for as long as we need to. How long will depend on the kind of information it is and why we need it.
Whilst you are an active customer (which means you have taken at least one service from us) we will hold on to your information for as long as needed to give you the best possible customer service; financial information we will hold for 7 years.
In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
|Access||You have the right to request a copy of the personal data we hold about you, but we will not include anything that compromise another person’s confidentiality or intellectual property. We’ll aim to send this to you within 1 month of your request. If we can’t do this, we’ll let you know within the 1 month|
|Rectification||You have the right to ask us to correct any mistakes in your personal data|
|To be forgotten||You have the right to require us to delete your personal data in certain situations|
|Restriction of processing||You have the right to require us to restrict processing of your personal data in certain circumstances for example, if you don’t think it’s accurate|
|Data portability||You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations|
|To object||The right to object: At any time to your personal data being processed for direct marketing (including profiling) by emailing GDPR@comxo.com, In certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests|
|Automated decision-making||You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
To the extent that the legal basis for our processing of your personal informationis consent, you have the right to withdraw that consent at any time. You can also amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers at any time. You can do this by emailing firstname.lastname@example.org
Right to complain
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at GDPR@comxo.com and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information in fringes data protection laws, you have a legal right to complain to a supervisory authority which in the UK is the Information Commissioner’s Office.You can contact them on https://ico.org.uk/.
Securing your information
At ComXo, most of the information we hold is stored on our own secure servers located in the UK or in the cloud. The key solutions we use are well- known, global businesses that are GDPR compliant and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by the GDPR and obligations of confidentiality.
We have an information security policy in place to ensure that everyone does their bit to keep all data – not just personal data, secure and confidential. Despite this, nothing can be 100% secure and we will notify you and the ICO of a suspected data security breach where we are legally required to do so.
This privacy notice was published on  september 2018.
We may change this privacy notice from time to time. Where these changes are substantial or have an impact to your rights, we will let you know. You should check this page occasionally to ensure that you are happy with any changes to this policy.