We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the UK data protection authority (the Information Commissioner’s Office or the ICO) in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).
This privacy notice covers the following 4Com companies:
- 4Com Group Limited
- Pioneer Business Systems Limited
- HiHi Ltd
- Campfire Equipment Rentals Limited
- 4Com Network Services Limited
- Midshires Business (Communications) Limited
- Eastern Telephones Limited t/a Eastern Voice and Data
- Reach Digital Telecoms Limited
- Southern Business Communications Limited
This privacy notice is in a layered format so you can click through to the specific areas set out below which you would like to know more about. Alternatively, you can download a pdf version of the privacy notice here: [Please insert link].
It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This privacy notice supplements such other privacy notices and is not intended to override them.
Our Websites (as defined below) are not intended for children and we do not knowingly collect data relating to children.If we plan to use personal data for a new purpose, we will update our privacy information and communicate the changes to the individuals concerned before starting any new processing.
The following are some key terms used in this privacy notice and an explanation of what those key terms mean:
Under data protection law, a data controller determines the purpose and means of the processing of your personal data. If you are an individual customer or a representative of a customer, you may engage with 4Com Network, Midshires, Eastern or Reach. The relevant 4Com company you engage with will be a data controller of your personal data. If you are a prospective individual customer or a representative of a prospective customer, you may engage with Pioneer (trading as Harvey Communications, Ripple Communications or Rubix Business Systems), Midshires, Eastern, SBC or Reach. The relevant 4Com company you engage with will be a data controller of your personal data. If you are a representative of a supplier, you may engage directly with any of the Group companies. The relevant Group company you engage with will be a data controller of your personal data. For marketing purposes, 4Com Group, Pioneer, 4Com Network, Midshires, Eastern or Reach may be a data controller of your personal data. For personal data collected via the www.4com.co.uk website (except for personal data collected in relation to the reporting of faults), 4Com Group will be a data controller of your personal data. For personal data collected via the www.pioneercomms.co.uk, www.ripplecomms.co.uk, www.rubixcommunications.co.uk and www.harveycomunications.co.uk websites, Pioneer will be a data controller of your personal data. For personal data collected via the www.midshiretelecom.co.uk website, Midshires will be a data controller of your personal data. For personal data collected via the www.hihi.co.uk website, HiHi will be a data controller of your personal data. For personal data collected via the www.easternvoicedata.co.uk website, Eastern will be a data controller of your personal data. For personal data collected via the www.sbcltd.co.uk website, SBC will be a data controller of your personal data. For personal data collected via the www.reachdigitaltelecoms.co.uk website, Reach will be a data controller of your personal data. If the business you represent requires contract funding and this is obtained through Campfire, then Campfire will be a data controller of your personal data. For personal data collected via the www.4com.co.uk website in relation to the reporting of faults and from the mi4com.co.uk website, 4Com Network will be a data controller of your personal data. Please see below: [‘What we use your personal data for’] for further information about the purposes for which the Group uses your personal data.
The data controller of your personal data is 4Com Technologies Ltd(“we”, “us”, or “our”). We can be contacted at [email protected] One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE; 0330 444 4444 This Policy applies to you if you use our services (“our Services”), and if you contact us or we contact you about our Services. It also applies to visitors to our websites (“our Websites”): https://www.4com.co.uk/ We are committed to protecting your privacy. We will only use the information that we collect about you lawfully and in accordance with the current Data Protection Act 2018.
The type of information we will collect about you includes (but is not limited to):
- your name
- phone number
- email address
- your business type
- payment information such as bank details, direct debit, debit or credit card details that you provide us
- information about financial associates in the case of partnerships
- information about how you use our Services (including but not limited to call traffic and location data and billing information)
- your activity on our Websites when you log in as a user
- phone records including the numbers you call and send messages to and receive calls and messages from, the date, time length and cost of these communications including the broad location at the time of these communications; call recordings
- roaming information (such as the country you were in and the network used including dates and times)
- your communications with us
- information you give to us when entering customer surveys
- when you shop online on one of our Websites, information about your online purchases (for example, what you have bought, when and where you bought it)
- information about your online browsing behaviour on our Websites and information about when you click on one of our adverts
- your activity on our Websites when you log in as a user
- such information as you provide on your CV when applying for a position with 4Com
- Directly from you (for our customers, this is when you enquire about a product or service, when you make a purchase or during the subsequent processing stages of an order)
- Indirectly through the usage of our Services e.g. when you make calls
Information we receive from third-parties
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Identity and Contact Data: contact data that is made available to us from data brokers or aggregators such as Leadsift Inc. and Hunter Web Services, Inc., based outside the EU;
Social Media: publicly available information through social media sites, such as Facebook, LinkedIn, Twitter and Google, including where you have responded to a promotional item or offer from us through social media facilities;
Publicly Available Information: we may collect personal information about you from other publicly available sources. This can include your name, address and other publicly available information. As far as passible, we ensure that where any third-parties are involved in suppling such information, that they are compliant to do so. This may include credit reference agencies such as Experian, public registers such as the Companies House registry or the Electoral Register.
Customer Data: Through our Services, our customers may collect, store and process personal data about you. We have requested that no Special Categories of Personal Data are collected through the Services, but otherwise we do not control our customers’ use or processing of personal data through the Services.
B2B Customer Data: We acquire business contact information from our third party partners for the purposes of sending marketing communications to individuals who we believe may be interested in our products or services. We use Leadsift Inc buyer intent tools to identify companies showing an interest in our products and services, this information is derived from publicly available data sources. Leadsift and Hunter.io are used to acquire business email addresses and other relevant contact information on the relevant person from within these organisations. We never acquire personal email data and verify to the best of our ability the accuracy of this data before we send email marketing messages. Individuals receiving such communications will always have the option to opt out of such communication using the opt out link on all emails. We also acquire and supply this type of data to our customers for the purposes of carrying out their own marketing communications. Where a data subject objects to the processing of their data we take steps to remove their data from our systems.
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party;
- to comply with our legal obligations; or
- where you have given consent.
|What we use your personal data for||Our lawful basis for processing your personal data|
|To provide our Services to our customers including checking your eligibility for our Services, managing your account, applications and orders||Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract|
|For billing and payment purposes, financial or management forecasts and to collect debt||Necessary for our legitimate interests or those of a third party i.e. In the event that we are forced to pass your information to a debt recovery service|
|To verify your identity or to perform any other authentication that we need||Necessary to comply with our legal obligations|
|To find and stop criminal activity, misuse of, or damage to, our Services or network and other assets. Also to defend our rights or property and protect the rights and interests of our customers and website users||Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you|
|To carry out credit checks||Necessary for the performance of our contract with our customers or to take steps at our customers’ request before entering into a contract|
|To tell you about the products and services you use and to let you know if we make changes to them (please note that you will not be able to opt out of receiving essential service communications)||Necessary for the performance of our contract with our customers or to take steps to advise customers of new products that could have a material bearing on the performance of their telephony solutions|
|To market and advertise our products and services to you – if you have chosen to receive these||Necessary for our legitimate interests or those of a third party i.e. To ensure that customers are being offered the latest technology; or information about end of life of a product which could detrimentally affect their business|
|For internal purposes such as management, research, analytics, corporate reporting, credit scoring and to improve business efficiencies||Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|To analyse trends in call types, phone usage and undertake industry specific research||Necessary for our legitimate interests or those of a third party i.e. to be in a position to offer better tariffs, products and services to customers|
|To provide effective security and technical support of our products and services and help maintain service quality (this also means that we may monitor or record calls to our customer services for authentication, security, quality and training purpose)||Necessary for the performance of our contract with our customers or to take steps to alert customer to breaks in service usually from third party suppliers|
|Other processing necessary to comply with legal and regulatory obligations that apply to our business e.g. under health and safety regulations||Necessary to comply with our legal obligations|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies||Necessary to comply with our legal obligations|
|Ensuring business policies are adhered to e.g. policies covering security and internet use||Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training and quality control||Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service for you at the best price|
|Ensuring the confidentiality of commercially sensitive information||Necessary for our legitimate interests or those of a third party i.e. to protect trade secrets and other commercially valuable information Necessary to comply with our legal obligations|
|Preventing unauthorised access and modifications to systems||Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you Necessary to comply with our legal obligations|
|Updating and maintaining customer records||Necessary for the performance of our contract with you or to take steps at your request before entering into a contract Necessary to comply with our legal obligations Necessary for our legitimate interests or those of a third party e.g. making sure that we can keep in touch with our customers about existing orders and new products|
|Statutory returns||Necessary to comply with our legal obligations|
|Ensuring safe working practices, staff administration and assessments||Necessary to comply with our legal and regulatory obligations Necessary for our legitimate interests or those of a third party e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you|
|The audit of our accounts||Necessary to comply with our legal obligations|
|To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Necessary to comply with our legal obligations Necessary for our legitimate interests e.g. for running our business, provision of administration and IT services and networking security|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy|
|To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences||Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy|
4Com shares customer personal data with third party financiers where a customer requests funding to lease a telephone system. Customer personal data may be used by 4Com Technologies Ltd or third-party financiers for credit, fraud and anti-money laundering checks in accordance with the lawful bases set out in the above table. You have the right to contest any decision based solely on automated decision making that produces legal effects concerning you or similarly significantly affects you – see below: ‘Your rights’ for information about how you can exercise this right.
If you click on one of the social share buttons on our Website, personal information will be transmitted to the relevant social media provider. By clicking on a social share button, the provider will receive information that your browser has accessed a specific page on our Website. This occurs even if you do not have an account with the provider or are currently not logged into your account with the provider. This information will be directly transmitted by your browser to the provider’s server (which may be located in countries such as the US) and stored there. If you are logged into an account with the provider, they can directly assign your visit to our Website to your account. If you interact with the share dialogue window (e.g. by leaving a comment), this information will also be directly transmitted to the provider’s server and stored there. This information will also be published on the provider’s page and shown to your contacts. If you do not want the provider to assign the data collected during your visit to our Website to your user account, you must first log out of your account before using the plug-in. To find out more about how the social media providers collect, process and use personal data, as well as how to protect your privacy, please refer to the providers’ privacy policies. Below is a list of the providers whose social share buttons are on our Website with a link to their privacy policies: Twitter Facebook YouTube LinkedIn Google Instagram
We may use your personal data to send you periodic communications (by email or direct mail) about future product launches
We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you information about features, products, services, events and special offers. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving marketing communications at any time by:
emailing [email protected] or writing to us at One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE (for the attention of the compliance team) or calling us on 0330 444 4444 or
using the ‘unsubscribe’ link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Third party marketing
We will get your express opt-in consent before we share your personal data with any other company for marketing purposes.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We have a specialist security team who constantly review and improve our measures to protect your personal data.
We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Communications over the internet (such as emails) are not secure unless they have been encrypted. We are not able to accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Depending on the circumstances, we may share your personal data with:
- companies within our Group;- Located in the UK.
- third parties we use to help deliver our Services e.g. Lease companies- (providing 3rd party leasing solutions to customer)- Located in the UK
- other third parties we use to help run our business e.g. website hosts, search engine providers that assist us in the improvement and optimisation of our Websites (located in the UK)
- mobile telephone companies, providing telephone services (located in the UK)
- finance companies (if you are applying for third party funding for the leasing of a telephone system) (located in the UK)
- our insurers and professional advisers; providing risk analysis, business continuity plans and insurance (located in the UK)
- external auditors e.g. in relation to the audit of our accounts; (located in the UK)
- our bank(s) (located in the UK)
If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal data, we will make sure they have appropriate security measures and only process your personal data in the way that we have authorised them to. These organisations will not be entitled to use your personal data for their own purposes. If necessary, our security teams will check them to make sure they meet the security requirements we have set.
We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies so that they can detect and stop crime, prosecute offenders and protect national security. We may also need to disclose information to regulatory bodies to comply with our legal and regulatory obligations and as necessary to comply with the law (e.g. in response to a court order).
We may also need to share some personal data with other third parties to whom we sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We will keep your personal data while we are providing our Services to you or, using the personal data for the purpose for which it was collected. Thereafter, we will keep your personal data for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
We will then securely destroy your personal data. We will not retain your personal data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal data.
Personal data supplied and used for the purpose of entering into a contract for goods or service will be deleted 3 years after you cease to have any relationship with 4Com Technologies Ltd or one of its subsidiaries.
Personal Data supplied during the recruitment process will be deleted 6 months after an unsuccessful application. Within the first 12 months following cessation of employment with 4Com Technologies Ltd, an employee’s personal data will be minimized as much as possible & anonymized, but will be kept for a further 6 years, in order to comply with auditory requirements.
We will never collect sensitive personal data about you (e.g. data about your health), or sell, rent or trade your personal data to third parties for marketing purposes without your consent.
The personal data which we hold will be held securely in accordance with our internal security policy and the law.
It is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) e.g.
• with your and our service providers located outside the EEA; or
• if you are based outside the EEA;These transfers are subject to special rules under European and UK data protection law.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other safeguards set out in data protection law) applies:
- your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- the transfer is necessary for the performance of the contract between you and us;
- the transfer is necessary to establish, exercise or defend legal claims;
- there are adequate safeguards in place between us and the organisation receiving it (e.g. by the use of European Commission approved contractual terms); or
- you have provided explicit consent to the proposed transfer after being informed of any potential risks.
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
In certain situations, the right to require us to delete your personal data
Restriction of processing
In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation.
If you would like to exercise any of those rights, please email, write or telephone our compliance team —see below: ‘How to contact us’ and let us have enough information to identify you e.g. your full name, address and customer reference number as well as what right you want to exercise and the personal data to which your request relates.
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to our compliance team – see below: ‘How to contact us’. However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
The EU General Data Protection Regulation also gives you the right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.
How to contact us
Our contact details are shown below:
Our contact details
4Com Technologies Ltd
One Lansdowne Plaza, 24 Christchurch Road, Bournemouth, BH1 3NE
Do you need extra help?
If you would like this notice in another format (for example large print) please contact us (see ‘How to contact us’ above).
The recording and keeping of calls from individuals is covered by 3 main laws in the UK. These are: –
- Regulations of Investigatory Powers Act 2000 (RIPA)
- Data Protection Act 1998 (DPA) / GDPR
- Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000
However- if the information within the call can be determined in any way to be personal, the Data Protection Act would come into force and customers would need to be informed.So, in short, businesses should be informing end customers that their calls are recorded to allow the end customer to make an informed choice if they wish to carry on the conversation. If end customers carry on the conversation they are deemed to have given consent. It should however be noted that; If businesses are unsure about their obligations under this legislation and the ability to record calls they should obtain independent legal advice.
Cookies for follow up purposes
One of the cookies we use allows us to find out your company name if you have a static IP address. We may use this information to follow up with you after your website visit to see if their is any further assistance we can provide you.
Cookies for Remarketing purposes
Another of the cookies we use allows us to display advertising to you on a select number of websites via Google’s Remarketing Platform.
Cookies for Improvement purposes
|_ga||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years||HTTP Cookie|
|_gid||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 day||HTTP Cookie|
|_gat||Used by Google Analytics to throttle request rate||1 day||HTTP Cookie|
|_fbp||Cookie used to measure and visualise the effectiveness on Facebook advertising||3 months||HTTP Cookie|
|vwo_uuid||vwo, uuid2||These are cookies from the multivariate testing tool, Visual Website Optimiser. They allow us to create different versions of our websites and landing pages, so that we can monitor which our customers prefer.||10 years||HTTP Cookie|
|_racnt _racplx0 _racplx1
_rafm _rasel0 _rasel1
_rasel3 _rasesh _ratel0 _ratel1
|ruleranalytics||To improve functionality and to help measure the amount of page visits and traffic sources our site receives, we use a monitoring service provided by Ruler Analytics.||1060 days||HTTP Cookie|
|drift||These cookies enable us to run Drift’s Live Chat software and provide a responsive experience, For example, they help us to not re-serve the chat option if a user declines it.||2 Years||HTTP Cookie|
|_anj||AppNexus||The anj cookie contains advertising interest segments provided by clients and other third parties. Clients use those segments to select advertisements for delivery on the Platform.||90 Days||HTTP Cookie|
|Stonly’s web application sets a cookie containing a random token that remains the same for the whole web session.||Session||HTTP Cookie|
|lang||Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings.||Session||HTTP Cookie|
|AnalyticsSyncHistory||Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries||1 Month||HTTP Cookie|
|UserMatchHistory||Used to sync LinkedIn Ads IDs||1 Month||HTTP Cookie|
|bcookie||Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.||2Years||HTTP Cookie|
|li_gc||Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made. Used to ensure that user-inputted content is immediately available to the submitting user upon submission.||2 years||HTTP Cookie|
|li_dc||To facilitate data center selection||1 day||HTTP Cookie|