Privacy Policy

The following are some key terms used in this privacy notice and an explanation of what those key terms mean:

Under data protection law, a data controller determines the purpose and means of the processing of your personal data. If you are an individual customer or a representative of a customer, you may engage with 4Com Network, Midshires, Eastern or Reach. The relevant 4Com company you engage with will be a data controller of your personal data. If you are a prospective individual customer or a representative of a prospective customer, you may engage with Pioneer (trading as Harvey Communications, Ripple Communications or Rubix Business Systems), Midshires, Eastern, SBC or Reach. The relevant 4Com company you engage with will be a data controller of your personal data. If you are a representative of a supplier, you may engage directly with any of the Group companies. The relevant Group company you engage with will be a data controller of your personal data. For marketing purposes, 4Com Group, Pioneer, 4Com Network, Midshires, Eastern or Reach may be a data controller of your personal data. For personal data collected via the www.4com.co.uk website (except for personal data collected in relation to the reporting of faults), 4Com Group will be a data controller of your personal data. For personal data collected via the www.pioneercomms.co.uk, www.ripplecomms.co.uk, www.rubixcommunications.co.uk and www.harveycomunications.co.uk websites, Pioneer will be a data controller of your personal data. For personal data collected via the www.midshiretelecom.co.uk website, Midshires will be a data controller of your personal data. For personal data collected via the www.hihi.co.uk website, HiHi will be a data controller of your personal data. For personal data collected via the www.easternvoicedata.co.uk website, Eastern will be a data controller of your personal data. For personal data collected via the www.sbcltd.co.uk website, SBC will be a data controller of your personal data. For personal data collected via the www.reachdigitaltelecoms.co.uk website, Reach will be a data controller of your personal data. If the business you represent requires contract funding and this is obtained through Campfire, then Campfire will be a data controller of your personal data. For personal data collected via the www.4com.co.uk website in relation to the reporting of faults and from the mi4com.co.uk website, 4Com Network will be a data controller of your personal data. Please see below: [‘What we use your personal data for’] for further information about the purposes for which the Group uses your personal data.

The data controller of your personal data is 4Com Technologies Ltd(“we”, “us”, or “our”). We can be contacted at [email protected] One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE; 0330 444 4444 This Policy applies to you if you use our services (“our Services”), and if you contact us or we contact you about our Services. It also applies to visitors to our websites (“our Websites”): https://www.4com.co.uk/ We are committed to protecting your privacy. We will only use the information that we collect about you lawfully and in accordance with the current Data Protection Act 2018.

The type of information we will collect about you includes (but is not limited to):

• your name
• address
• phone number
• email address
• your business type
• payment information such as bank details, direct debit, debit or credit card details that you provide us
• information about financial associates in the case of partnerships
• information about how you use our Services (including but not limited to call traffic and location data and billing information)
• your activity on our Websites when you log in as a user
• phone records including the numbers you call and send messages to and receive calls and messages from, the date, time length and cost of these communications including the broad location at the time of these communications; call recordings
• roaming information (such as the country you were in and the network used including dates and times)
• your communications with us
• information you give to us when entering customer surveys
• when you shop online on one of our Websites, information about your online purchases (for example, what you have bought, when and where you bought it)
• information about your online browsing behaviour on our Websites and information about when you click on one of our adverts
• your activity on our Websites when you log in as a user
• such information as you provide on your CV when applying for a position with 4Com

Please see below: “Visitors to our Websites” For our customers, this personal data is required to provide our Services to you. If you do not provide the personal data information we ask for, it may delay or prevent us from providing our Services to you. How your personal data is collected We collect personal data:-

1. Directly from you (for our customers, this is when you enquire about a product or service, when you make a purchase or during the subsequent processing stages of an order)
2. Indirectly through the usage of our Services e.g. when you make calls

Visitors to our Websites We may use technology to track the patterns of behaviour of visitors to our Websites. This can include using a “cookie” which would be stored on your browser. You can usually modify your browser to prevent this happening. The information collected in this way can be used to identify you unless you modify your browser settings. We also track click-through links in emails sent as part of our e-bulletin subscription service. For further information about our use of cookies, please refer to our cookies policy

Information we receive from third-parties

Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

“Digital Marketing Service Providers: We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include: (i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their Privacy Policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: [email protected].”

Identity and Contact Data: contact data that is made available to us from data brokers or aggregators such as Leadsift Inc. and Hunter Web Services, Inc., based outside the EU;

Social Media: publicly available information through social media sites, such as Facebook, LinkedIn, Twitter and Google, including where you have responded to a promotional item or offer from us through social media facilities;

Publicly Available Information: we may collect personal information about you from other publicly available sources. This can include your name, address and other publicly available information. As far as passible, we ensure that where any third-parties are involved in suppling such information, that they are compliant to do so. This may include credit reference agencies such as Experian, public registers such as the Companies House registry or the Electoral Register.

Customer Data: Through our Services, our customers may collect, store and process personal data about you. We have requested that no Special Categories of Personal Data are collected through the Services, but otherwise we do not control our customers’ use or processing of personal data through the Services.

B2B Customer Data: We acquire business contact information from our third party partners for the purposes of sending marketing communications to individuals who we believe may be interested in our products or services. We use Leadsift Inc buyer intent tools to identify companies showing an interest in our products and services, this information is derived from publicly available data sources. Leadsift and Hunter.io are used to acquire business email addresses and other relevant contact information on the relevant person from within these organisations. We never acquire personal email data and verify to the best of our ability the accuracy of this data before we send email marketing messages. Individuals receiving such communications will always have the option to opt out of such communication using the opt out link on all emails. We also acquire and supply this type of data to our customers for the purposes of carrying out their own marketing communications. Where a data subject objects to the processing of their data we take steps to remove their data from our systems.

Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party;
• to comply with our legal obligations; or
• where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. The table below explains what we use your personal data for and our lawful basis for doing so.

What we use your personal data for	Our lawful basis for processing your personal data
To provide our Services to our customers including checking your eligibility for our Services, managing your account, applications and orders	Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract
For billing and payment purposes, financial or management forecasts and to collect debt	Necessary for our legitimate interests or those of a third party i.e. In the event that we are forced to pass your information to a debt recovery service
To verify your identity or to perform any other authentication that we need	Necessary to comply with our legal obligations
To find and stop criminal activity, misuse of, or damage to, our Services or network and other assets. Also to defend our rights or property and protect the rights and interests of our customers and website users	Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you
To carry out credit checks	Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract
To tell you about the products and services you use and to let you know if we make changes to them (please note that you will not be able to opt out of receiving essential service communications)	Necessary for the performance of our contract with our customers or to take steps to advise customers of new products that could have a material bearing on the performance of their telephony solutions
To market and advertise our products and services to you – if you have chosen to receive these	Necessary for our legitimate interests or those of a third party i.e. To ensure that customers are being offered the latest technology; or information about end of life of a product which could detrimentally affect their business
For internal purposes such as management, research, analytics, corporate reporting, credit scoring and to improve business efficiencies	Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
To analyse trends in call types, phone usage and undertake industry specific research	Necessary for our legitimate interests or those of a third party i.e. to be in a position to offer better tariffs, products and services to customers
To provide effective security and technical support of our products and services and help maintain service quality (this also means that we may monitor or record calls to our customer services for authentication, security, quality and training purpose)	Necessary for the performance of our contract with our customers or to take steps to alert customer to breaks in service usually from third party suppliers
Other processing necessary to comply with legal and regulatory obligations that apply to our business e.g. under health and safety regulations	Necessary to comply with our legal obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies	Necessary to comply with our legal obligations
Ensuring business policies are adhered to e.g. policies covering security and internet use	Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control	Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information	Necessary for our legitimate interests or those of a third party i.e. to protect trade secrets and other commercially valuable information Necessary to comply with our legal obligations
Preventing unauthorised access and modifications to systems	Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you Necessary to comply with our legal obligations
Updating and maintaining customer records	Necessary for the performance of our contract with you or to take steps at your request before entering into a contract Necessary to comply with our legal obligations Necessary for our legitimate interests or those of a third party e.g. making sure that we can keep in touch with our customers about existing orders and new products
Statutory returns	Necessary to comply with our legal obligations
Ensuring safe working practices, staff administration and assessments	Necessary to comply with our legal and regulatory obligations Necessary for our legitimate interests or those of a third party e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
The audit of our accounts	Necessary to comply with our legal obligations
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Necessary to comply with our legal obligations Necessary for our legitimate interests e.g. for running our business, provision of administration and IT services and networking security
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences	Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy

4Com shares customer personal data with third party financiers where a customer requests funding to lease a telephone system. Customer personal data may be used by 4Com Technologies Ltd or third-party financiers for credit, fraud and anti-money laundering checks in accordance with the lawful bases set out in the above table. You have the right to contest any decision based solely on automated decision making that produces legal effects concerning you or similarly significantly affects you – see below: ‘Your rights’ for information about how you can exercise this right.

If you click on one of the social share buttons on our Website, personal information will be transmitted to the relevant social media provider. By clicking on a social share button, the provider will receive information that your browser has accessed a specific page on our Website. This occurs even if you do not have an account with the provider or are currently not logged into your account with the provider. This information will be directly transmitted by your browser to the provider’s server (which may be located in countries such as the US) and stored there. If you are logged into an account with the provider, they can directly assign your visit to our Website to your account. If you interact with the share dialogue window (e.g. by leaving a comment), this information will also be directly transmitted to the provider’s server and stored there. This information will also be published on the provider’s page and shown to your contacts. If you do not want the provider to assign the data collected during your visit to our Website to your user account, you must first log out of your account before using the plug-in. To find out more about how the social media providers collect, process and use personal data, as well as how to protect your privacy, please refer to the providers’ privacy policies. Below is a list of the providers whose social share buttons are on our Website with a link to their privacy policies: Twitter Facebook YouTube LinkedIn Google Instagram

We may use your personal data to send you periodic communications (by email or direct mail) about future product launches

We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you information about features, products, services, events and special offers. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

You have the right to opt out of receiving marketing communications at any time by:

emailing [email protected] or writing to us at One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE (for the attention of the compliance team) or calling us on 0330 444 4444 or 

using the ‘unsubscribe’ link in our emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Third party marketing

 

 We will get your express opt-in consent before we share your personal data with any other company for marketing purposes. 

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We have a specialist security team who constantly review and improve our measures to protect your personal data.

We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Communications over the internet (such as emails) are not secure unless they have been encrypted. We are not able to accept responsibility for any unauthorised access or loss of personal data that is beyond our control.

Our Websites may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Depending on the circumstances, we may share your personal data with:

• companies within our Group;- Located in the UK.
• third parties we use to help deliver our Services e.g. Lease companies- (providing 3rd party leasing solutions to customer)- Located in the UK
• other third parties we use to help run our business e.g. website hosts, search engine providers that assist us in the improvement and optimisation of our Websites (located in the UK)
• mobile telephone companies, providing telephone services (located in the UK)
• finance companies (if you are applying for third party funding for the leasing of a telephone system) (located in the UK)
• our insurers and professional advisers; providing risk analysis, business continuity plans and insurance (located in the UK)
• external auditors e.g. in relation to the audit of our accounts; (located in the UK)
• our bank(s) (located in the UK)

If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal data, we will make sure they have appropriate security measures and only process your personal data in the way that we have authorised them to. These organisations will not be entitled to use your personal data for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we have set.

We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies so that they can detect and stop crime, prosecute offenders and protect national security. We may also need to disclose information to regulatory bodies to comply with our legal and regulatory obligations and as necessary to comply with the law (e.g. in response to a court order).

We may also need to share some personal data with other third parties to whom we sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We will keep your personal data while we are providing our Services to you or, using the personal data for the purpose for which it was collected. Thereafter, we will keep your personal data for as long as is necessary:

1. to respond to any questions, complaints or claims made by you or on your behalf;
2. to show that we treated you fairly;
3. to keep records required by law.

We will then securely destroy your personal data. We will not retain your personal data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal data.

Personal data supplied and used for the purpose of entering into a contract for goods or service will be deleted 3 years after you cease to have any relationship with 4Com Technologies Ltd or one of its subsidiaries.

Personal Data supplied during the recruitment process will be deleted 6 months after an unsuccessful application. Within the first 12 months following cessation of employment with 4Com Technologies Ltd, an employee’s personal data will be minimized as much as possible & anonymized, but will be kept for a further 6 years, in order to comply with auditory requirements.

We will never collect sensitive personal data about you (e.g. data about your health), or sell, rent or trade your personal data to third parties for marketing purposes without your consent.

The personal data which we hold will be held securely in accordance with our internal security policy and the law.

It is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) e.g.

•       with your and our service providers located outside the EEA; or

•       if you are based outside the EEA;

These transfers are subject to special rules under European and UK data protection law.

Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other safeguards set out in data protection law) applies:

• your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
• the transfer is necessary for the performance of the contract between you and us;
• the transfer is necessary to establish, exercise or defend legal claims;
• there are adequate safeguards in place between us and the organisation receiving it (e.g. by the use of European Commission approved contractual terms); or
• you have provided explicit consent to the proposed transfer after being informed of any potential risks.

 

You have the following rights, which you can exercise free of charge:

Access	The right to be provided with a copy of your personal data
Rectification	The right to require us to correct any mistakes in your personal data
To be forgotten	In certain situations, the right to require us to delete your personal data
Restriction of processing	In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
Data portability	In certain situations, the right to ask us to transfer any  personal data you provided to us to another organisation
To object	The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision-making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation.

If you would like to exercise any of those rights, please email, write or telephone our compliance team —see below: ‘How to contact us’ and let us have enough information to identify you e.g. your full name, address and customer reference number as well as what right you want to exercise and the personal data to which your request relates.

 

We hope that we can resolve any query or concern you may raise about our use of your personal data.  If you want to complain about how we have used your personal data, please email or write to our compliance team – see below: ‘How to contact us’. However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk. 

The EU General Data Protection Regulation also gives you the right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.

How to contact us

Please contact us by email, post or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

Our contact details
[email protected] 4Com Technologies Ltd One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE Phone: 0330 444 4444

Do you need extra help?

If you would like this notice in another format (for example large print) please contact us (see ‘How to contact us’ above).

This privacy policy was last updated on 3/3/2021

 

The recording and keeping of calls from individuals is covered by 3 main laws in the UK. These are: –

1. Regulations of Investigatory Powers Act 2000 (RIPA)
2. Data Protection Act 1998 (DPA) / GDPR
3. Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000

1.      RIPA – which regulates the interception of calls, allows for calls to be collected if the business has obtained the customer’s consent. – Consent can only be given, if the customer is asked/ informed, or if it falls within one of the exceptions of the Lawful Business Regulations. 2.      DPA- regulates personal data capture, usage & storage, which also requires consent to be given by the end user. 3.      Lawful Business regulations does allow for calls to be recorded without consent for a number of situations-

However- if the information within the call can be determined in any way to be personal, the Data Protection Act would come into force and customers would need to be informed.

So, in short, businesses should be informing end customers that their calls are recorded to allow the end customer to make an informed choice if they wish to carry on the conversation. If end customers carry on the conversation they are deemed to have given consent. It should however be noted that; If businesses are unsure about their obligations under this legislation and the ability to record calls they should obtain independent legal advice.

We use cookies to collect and store basic user data to assist us to deliver the right content via the website. We use some standard cookies from Google (standard visitor traffic tracking) WordPress (content tracking) and Act On (email marketing tracking).

Cookies for follow up purposes

One of the cookies we use allows us to find out your company name if you have a static IP address.  We may use this information to follow up with you after your website visit to see if their is any further assistance we can provide you.

Cookies for Remarketing purposes

Another of the cookies we use allows us to display advertising to you on a select number of websites via Google’s Remarketing Platform.

Cookies for Improvement purposes

We also use cookies to monitor how our visitors are using the website, including those provided by Google and Hotjar.

Name	Provider	Purpose	Expiry	Type
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP Cookie
_gid	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP Cookie
_gat	Google	Used by Google Analytics to throttle request rate	1 day	HTTP Cookie
_fbp	facebook	Cookie used to measure and visualise the effectiveness on Facebook advertising	3 months	HTTP Cookie
vwo_uuid	vwo, uuid2	These are cookies from the multivariate testing tool, Visual Website Optimiser. They allow us to create different versions of our websites and landing pages, so that we can monitor which our customers prefer.	10 years	HTTP Cookie
_racnt _racplx0 _racplx1 _racplx2 _racplx3 _rafm _rasel0 _rasel1 _rasel2 _rasel3 _rasesh _ratel0 _ratel1 _ratel2 _ratel3 _rasesh	ruleranalytics	To improve functionality and to help measure the amount of page visits and traffic sources our site receives, we use a monitoring service provided by Ruler Analytics.	1060 days	HTTP Cookie
_drift_aid _drift_campaign_refresh drift_aid	drift	These cookies enable us to run Drift’s Live Chat software and provide a responsive experience, For example, they help us to not re-serve the chat option if a user declines it.	2 Years	HTTP Cookie
_anj	AppNexus	The anj cookie contains advertising interest segments provided by clients and other third parties. Clients use those segments to select advertisements for delivery on the Platform.	90 Days	HTTP Cookie
_csrf	Stonly Necessary	Stonly’s web application sets a cookie containing a random token that remains the same for the whole web session.	Session	HTTP Cookie
lang	Linkedin	Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings.	Session	HTTP Cookie
AnalyticsSyncHistory	Linkedin	Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries	1 Month	HTTP Cookie
UserMatchHistory	Linkedin	Used to sync LinkedIn Ads IDs	1 Month	HTTP Cookie
bcookie	Linkedin	Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.	2Years	HTTP Cookie
li_gc	Linkedin	Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made. Used to ensure that user-inputted content is immediately available to the submitting user upon submission.	2 years	HTTP Cookie
li_dc	Linkedin	To facilitate data center selection	1 day	HTTP Cookie