Vorboss Limited sells its services to business customers. There are times when you, as an individual representing a potential or existing business customer, will share data with us, for example your name and contact details. This policy covers how we deal with any Personal Data (information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier) we receive and collect about you – Your Personal Data.
Vorboss will be the Data Controller of Your Personal Data. We set out below more detail about the kinds of information that we collect, when and why we collect it, how we use it and how we protect it.
This policy may change from time to time, so please come back and review it now and again. If we make any significant changes and we have your contact details, we will let you know.
What information we collect and when
When we collect information
We collect information about you in the following situations:
- when you contact us by telephone, email or post about products or services;
- when you log into and/or enter information into portals or web applications that we provide to you in relation to products or services we provide;
- when you use our products or services;
- visit our website; and
- when we occasionally use third-party services such as credit checking agencies.
What we collect
We aim to only collect the information from you that is reasonably necessary for the purposes we outline below (in the “How we use your information” section). The following sets out specific types of information that we collect:
When you apply for our services or administer them
When you apply for our products and services on behalf of an organisation, or create an account with us to administer aspects of the services, we may request the following information:
- your name;
- your email address; and
- your telephone number(s).
We may also use your mobile telephone number as part of a two-factor authentication process.
When you visit our website
When you visit the Vorboss website or any of our web-based administration portals, we will collect information about your use of our website. This can include your IP address, browser, operating system and, if you clicked a link to one of our sites on another website, the address of that webpage.
When you use our services
We collect the following information when you use our services, such as our network connectivity, cloud and voice services:
- usage information (e.g. duration, frequency, data usage and byte counters);
- billing information (e.g. your invoices and the components of those);
- for voice services, extension details, call data (inbound and outbound call information and usage information) and any dial plans or similar; and
- names or labels that you have assigned your services in our systems, such as voice extension names or virtual machine labels.
Data from third parties
Vorboss may occasionally acquire Personal Data from third parties such as market research or marketing agencies (such as contact details) so that we can contact you about our services or special offers. In such cases we make sure that you agreed for us to do so.
We may also obtain information about you from credit agencies, corporate due diligence services, public agencies or similar.
How we use the information that we collect
We use the information from you in the following ways:
Where it is necessary to perform our contract with your organisation
If you are the individual who administers your organisation’s relationship with us, we will use your information:
- to contact you about the products and services you have ordered (or has asked for information about ordering) on your organisation’s behalf;
- to deliver the products and services to your company; and
- to provide you with access to administrative portals and similar.
You will need to designate another individual as the administrator of the account if you no longer wish for us to use your information for these purposes. Where you as an administrator provide us with Personal Data for another individual as part of us performing our contract with your organisation (for example, setting the user up with an account on our systems), you confirm that you have obtained that individual’s consent to provide that Personal Data to us.
Where you have given us consent
- to give you access to support systems or provide you with support related to our products and services;
- to deliver products and services directly to you;
- to provide you with more convenient access to information about or access to the services we provide to your organisation; or
Where you have specifically opted in to service notifications or newsletters about our products and services.
You may withdraw this consent at any time by filing a support case or contacting us through the details below.
Where we have a legitimate interest and your rights are not unduly prejudiced
- to prevent fraud;
- to check you or your organisation’s credit-worthiness to offer credit terms for our products and services;
- to analyse and improve the products and services that we offer.
When we may disclose your information to third parties
We may disclose your information in the following situations:
- to our employees to use your information as set out above;
- after aggregating and anonymising information, to partners to assist us in understanding our users and better providing or marketing our products and services;
- to credit rating agencies, for the reasons set out above;
- to third-party companies that we use to provide aspects of our services, for example providing contact details for you as a site contact to contractors doing fibre works on your building;
- with your express consent; and
- where required by law.
How we protect your data
Vorboss takes security extremely seriously and maintains security policies and procedures that are assessed and regularly audited against ISO 27001 and covering all areas related to processing data.
Physical Access Control
All Customer Data storage locations are staffed 24x7, monitored with CCTV and physical access controlled through a restricted list of named individuals.
Data and Administrative Access
Authentication, credential management, and privilege control systems restrict administrative access to systems to a limited number of authorised personnel.
Specific security policies
Vorboss further has specific policies, within scope of its ISO 27001 certification, addressing the following areas:
- Removable Devices Policy defining requirements, encryption standards and limitations on use.
- Disposal of Media and Equipment Policy detailing the process for securely wiping, degaussing and physically destroying (as applicable) media and equipment after use.
- Use of Cryptographic Controls Policy setting out encryption usage, PKI, and transport encryption.
- Password Policy governing the generation, strength, storage and rotation of passwords, PINs and cryptographic private keys.
- Backup and Antivirus Policy dictating the usage of antivirus and anti-malware protection and detailing backup policy.
- Information Security Events, Reporting and Investigation Procedure detailing the process to be followed upon discovery of any actual or perceived system weaknesses or breaches.
Deleting your information
We retain your information as long as is necessary to fulfil the purpose for which it was collected.
In determining the appropriate retention period, we consider the following points:
- the original purpose for which the data was collected;
- whether we need to keep a record of the relationship once our relationship with you has ended;
- whether we need to keep the information to defend ourselves against potential legal claims;
- any legal or regulatory requirements;
- industry standards and guidelines; and
- in all cases balancing these concerns against the impact of retention on your privacy.
We periodically review the information we hold, and erase or anonymise it when we no longer need it.
Ordinarily we will delete information relating to a contract 6 years after the contract has ceased and keep financial information for 7 years.
Your rights in relation to Your Personal Data
We recommend that you refer to the Information Commissioner’s Office guidance on your rights in relation to Your Personal Data, such as the information set out at https://ico.org.uk/your-data-matters/
These rights include the following:
- a right to be informed when we use Your Personal Data;
- a right to obtain copies of Your Personal Data;
- a right to correct Your Personal Data - please let us know if any personal information that we hold about you appears to be out of date so that we can correct/update this;
- a right to have Your Personal Data deleted; and
- your right to raise any concerns with us about how we use Your Personal Data.
Updates to this policy
We may update this policy from time to time by republishing a new version on our website. We may notify you of changes to the policy, but in any case you should review this page regularly to ensure that you have seen the latest version and are comfortable with any changes that we have made.
To ask any questions about this policy, please contact us by telephone on +44 (0) 20 3582 8500 or email us at email@example.com
To exercise any legal rights in relation to Your Personal Data, please email us at firstname.lastname@example.org
Registration with ICO
We are registered as a data controller with the UK Information Commissioner’s Office. Our registration number is CSN6097359.