Privacy policy.

Privacy policy | Last updated August 2022.

This is the privacy policy of MSP PHONES Limited, a company registered in England and Wales.

Your privacy is important to us. This policy sets out information on the personal data we collect about you, and your rights in respect of this data. This policy applies whether you visit our digital platforms known as ‘MSP PHONES’, available at www.mspphones.co.uk, portal.mspphones.co.uk (“platform).

Our platform may contain links to third-party websites that are not covered by this policy. We, therefore, ask you to review the privacy statements of other websites and applications to understand their information practices.

 This policy contains the following information:

  • Information about usInformation on what we may collect

  • How we store your personal data

  • How we disclose your information

  • When you interact with our platform - Information on cookies

  • Your rights regarding your personal data

  • What happens when we link to other websites?

  • The changes we may make to this policy.

Information about us

We respect your right to privacy and will only process personal information about you in accordance with applicable data protection laws. We comply with the EU law retained version of the General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 (the “Data Protection Legislation”). If any of these laws are replaced or superseded, we will also comply with that. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

What we may collect

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you when you engage with us. Whenever we collect personal data about you, we must have a legal ground (lawful basis) to do so. 

When using our VoIP platform we collect information about calls, numbers, length of calls and can at your request also record calls. We collect call information as required for legal reasons, billing and quality of service.

Type of data

Purpose and Lawful Basis

Identity and contact information when you contact us, or you purchase our services (Personal Data)

Includes:

  • Name

  • Email address

  • Telephone number

  • Any other personal information you choose to share during the services

The purpose of collecting this information is so that we can respond to your correspondence and provide you with the services. If you contact us with a customer service issue, we may use your name and email address to send you information about your matter or issue raised and we may also provide you with updates on changes to this policy or security information.

The lawful basis for collection of this information is that it is needed to perform our contract with you (i.e., provide you with the services), it’s in our legitimate interest and that you have consented (i.e., by contacting us or purchasing the services).

 Information you provide to us when making payment (Payment Details)

 Includes:

  • Debit/credit card number

  • Name on the card

  • Expiry date

  • CVV number

  • Address

The purpose of collecting this information is so that we can collect payment of our fees. The lawful basis for collection of this information is that it is needed to perform our contract with you (i.e., provide you with the services). All payments are taken by a third-party processor, currently Stripe. We do not ever see or keep a copy of your card details. Identity and contact information when you sign up to receive our marketing or promotional materials (Marketing and Communications Data)

Includes:

  • Name

  • Email address

The purpose is to provide you with marketing and promotional material. The lawful basis for this is that you have provided your consent and it is in our legitimate interest to present relevant content, products, and services to you. You can withdraw your consent at any time by contacting us using the contact form.

Technical Data

Includes:

  • Internet protocol (IP) address

  • Your login data, browser type and version

  • Time zone setting and location

  • Browser plug-in types and versions

  • Operating system and platform

  • Other technology on the devices you use to access our platform.

  • Numbers called and call duration

  • Statistics on the network performance to help us idenitfy and resolve issues.

The purpose is to enable your access to our platform. The lawful basis is this is necessary for us to perform our contract with you (i.e., to give you access to the service our platform provides).

Cookies Data

Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our platform. Please refer to the "Information on cookies" section below for information about cookies and how we use them and what kind.

Cookies are small text files placed on your device when you visit our platform and are used to make the users’ experience more efficient. 

The lawful basis is this is necessary for us to perform our contract with you (i.e., to give you access to the service our platform provides).

We also need this information to study how you use our platform, in order to improve and develop the services we provide, and better inform our marketing strategies.

Marketing and Communications Data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

The purpose is to enable direct marketing.

The lawful basis is that it is necessary for our legitimate interest to present relevant content, products, and services to you (only where you have provided your consent that we do so).

Analytics

Includes third-party analytics services (such as Google Analytics) to evaluate your use of our platform, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to the platform and internet usage. These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the platform, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this policy.

The purpose is to enable direct marketing.

The lawful basis is that is it necessary for our legitimate interest to present relevant content, products, and services to you. 

When you interact with our platform - Information on cookies 

We use cookies in accordance with the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Legislation 2018.

Cookies are small text files placed on your device when you visit our platform and are used to make the users’ experience more efficient. We are able to store cookies on your computer where they are necessary for the operation of our platform however, for non-essential cookies we need your permission.

We use cookies to distinguish users and to improve our platform. We analyse how you use our platform, and we look at aggregate statistics about your usage, and how others use our platform. We collect certain information from these cookies, and this includes information about your IP address, your location when you access our platform, the date and time you access our platform, the language you use and the type of browser you use.

We do not track individual users or use cookies to identify individuals. We use cookies to recognise you and your preferences, improve our platform's performance and collect analytical information for ourselves and our business partners. Without the knowledge gained we would not be able to provide the service we do.

These are the types of cookies we use:

  • 'Session cookies' allow us to track your actions during a single browsing session, but they do not remain on your device afterwards; and

  • 'Persistent cookies' remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our platform.

Session and Persistent cookies can be either first or third party cookies. A first-party cookie is set by the website being visited; a third-party cookie is set by a different website. Both types of cookies may be used by us or our business partners.

The third-party cookies we use are:

  • Google Analytics – this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use our platform and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information;

  • Facebook Ads (the Facebook pixel, including Instagram) – these cookies collect information about how visitors use our platform. This data is collected anonymously and is used to help improve our platform’s functionality; an

  • Google Ads – these cookies collect information about how visitors use our platform. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our platform’s functionality.

 

All of our cookies are categorised by the role they fulfil on our platform:

a)    Strictly Necessary: these are essential to enable you to move around our platform and use features such as secure services. Without these cookies such services could not be provided;

b)    Functionality: allow our platform to remember your choices and to personalise certain features. These cookies may be anonymised and cannot track your browsing activity on other websites; and

c)     Performance: collect information as to how users use our platform. These cookies do not collect information that identifies a visitor. The information collected is aggregated and used to improve our platform.

d)    None of the cookies employed are classified as Behavioural Targeting.

We will always ask for your consent to use non-essential cookies. You are free to withhold consent to this, but it means that we might not be able to provide the full website experience to you, including some elements of video advertising.

If at any time you wish to disable cookies, you may do so through the settings on your browser, or whenever the pop-up appears on our platform (each time you access our platform).

We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject to. Your data will only be processed if processing the data to comply with such obligation is a reasonable and appropriate way of achieving compliance. 

We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.

Indirect End User Phone Contact Information (Personal Identifiable Information)

We act as a data processor with regard to indirect end user personal identifiable information and our Clients act as the data controller of such data. In the course of processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Specifically, only when enabled via system permission on MSPAnywhere Android and MSPAnywhere iOS, MSP Phones shows personal contacts within the respective application. When the user sends an SMS message to one of his/her phone contacts, or when the user initiates a call to one of his/her phone contacts, the phone number is sent securely through our API. MSP Phones does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; MSP Phones stores only the phone number and pertinent metadata to be compliant with all applicable laws and MSP Phones does not share this data with any advertisers or third parties under any circumstances. A user can revoke phone contact access on his/her mobile device at any time, and his/her app experience is not hindered or interrupted.

MSPAnywhere Android and iOS also uses Gravatar, only when enabled via Settings and UIConfigs, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. As with phone contacts, a user can revoke Gravatar access at any time in Settings or via UIConfig, and his/her app experience is not hindered or interrupted.

How we store your personal data

We store all of your personal data on our cloud servers within the United Kingdom.

We may transfer your collected data to storage outside the European Economic Area (EEA) or the United Kingdom. It may be processed outside the EEA or the United Kingdom so that you may receive the services our platform provides. If we do store or transfer data outside the EEA or the United Kingdom, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA or the United Kingdom. This means that sometimes we may need to use legally binding contractual terms between us and any third parties we engage with and the use of the EU-approved Model Contractual Arrangements. 

Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data collected through our platform. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We will still be responsible for the protection of your personal data, even where we have transferred it outside the EEA or the United Kingdom. We regularly review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.

How we disclose your information

We may disclose your information in the following cases:

  • If we want to sell our business or our company, we can disclose it to the potential buyer;

  • We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006;

  • We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety, or rights; or

  • We can exchange information with others to protect against fraud or credit risks.

We may contract with third parties/subcontractors to supply our services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing our services to you.

Your rights 

When you provide us with personal data, you have certain legal rights, and these include:

  • To request access to, deletion of or correction of your personal data held by us at no cost to you;

  • To request that your personal data be transferred to another person (data portability);

  • To be informed of what data processing is taking place;

  • To restrict processing;

  • To object to the processing of your personal data; and

  • To complain to a supervisory authority.

If you wish to access, rectify, erase, or transfer your personal data, please contact us.

What happens when we link to other websites?

This policy only relates to our platform and our coaching. We might have links on/within our platform to other websites, and these websites will have their own terms and conditions and privacy policies. You should check those privacy policies before providing your personal data to those websites. 

Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our platform. We have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

The changes we may make to this policy

We can update this policy from time to time as laws change or as our platform changes. If we make material changes to this policy, and we need your consent to those changes, we will contact you by email to do so.