Smartnumbers respects your privacy and is committed to protecting the personal information that is shared with us. This privacy notice is intended to be transparent about how we collect and use Personal Data and be clear about the rights of data subjects with respect to their Personal Data.
This notice applies to information that relates to the data subject as an identifiable person, which Smartnumbers collects when the subject interacts with us or our services, website and employees.
The types of data subjects this Notice is directed to are (i) those who contact us via our website or other means of communication (ii) prospective employees (iii) prospective customers, resellers, agents and contractual customers who avail of our services (iv) the end users who utilise our services via such contractual customers.
This notice does not apply to any third-party services that may be integrated into our services. Those parties are subject to their own notices and policies and we recommend that you read those as well. You can obtain a list of these by contacting Privacy@smartnumbers.com
Information We Collect
Information you provide directly to us
We may receive information from you when you leave us your contact details via the website, download our eBooks or request marketing information, contact our sales or customer support teams, or send us your CV as a job applicant. This might include name, username (or similar identifier), title and role, phone number, phone number alias, email address, curriculum vitae details, and postal address.
Service Data and Other Customer Data
We may receive information from you when you contact us during the establishment or life cycle of a Service Contract. This may include support tickets, data capture forms and other information relating to service details, client requests and enquiries, feedback and survey responses, including the contents of those communications or messages.
When an organisation establishes an account and adopts our service(s) we will require that such organisation provides us with certain data including contact names, corporate email addresses, authentication details, billing details etc.
Information we collect automatically
When you use our Services we collect data about how you use the service and interact with it. Examples of those activities include channel usage, number usage, services provided, and services used.
Some of your data is logged when you visit our website or use our services. This data includes IP addresses, access details, anonymised user IDs, user behaviour and activity (which links you choose to click, how much time you spend on pages, what you do and don’t like etc).
Cookies and similar technologies
Caller Identification Data
When you place a call through our platform (directly or indirectly via one of our Customers) we will collect call metadata comprising the phone number of the caller (as well as the dialled number), timestamp of the start of a call, call duration, unique identifier of the record, call connection result, ingress route, egress route, identification of the appliance that generated the record, and additional data such as signalling data and results of risk evaluation and confirmed fraudulent number reports.
Information we receive from third parties
When you send us your CV we may collect and process data about you from third parties, such as references obtained from former employers and background checks, as applicable.
Reseller and Customer Partnerships
When an organisation establishes a service account with us we will use such customer data according to the customer’s instructions and our Service Contract. Customers are able to provide us with access to their call history, including data from the calls into their organisation. We use this data for the effective delivery of the purchased service and in accordance with our Service Contract. We process this information in a way which does not identify you.
How We Use Your Information
We use your data in the following ways:
- To respond to your direct contact (which might be to answer or deal with a service related query, issue you with requested marketing or collateral, response to a job application or sales query);
- To provide and maintain our services in accordance with our Service Contracts and Service Descriptions;
- To analyse and improve our services;
- To support and manage our Service Contract with you including the provision of user support and service requests;
- To comply with our legal obligations we may also disclose personal data to third parties where required to do so by law, for example to the police, regulatory authorities, government agencies or judicial or administrative bodies in connection with law enforcement requests;
- In order to establish that a call to one of our customers is genuine, we will examine the signalling details of the call as it passes through our network to ensure the validity of the call. We will also record and process data relevant to the call (including fraudulent risk markers, scores and status);
- In order to provide our mobile and compliance services – we will process data relating to user device type, user contact lists, user details (name, company, personal and business phone number) incoming and outgoing calls, call records and encrypted media (SMS text messages, audio recordings). Access to this data is restricted to the Customer.
- For other purposes with your consent.
How We Share Your Information
Third Parties and Sub-Processors
We share information with our service providers and some third-parties so that they can help us deliver our services and carry out our business functions. Depending on the service you use, we can share with you the tailored information about which parties your data is shared with. You can request this by emailing us at Privacy@smartnumbers.com.
We may also disclose personal data to third parties where required to do so by law, for example to the police, regulatory authorities, government agencies or judicial or administrative bodies in connection with law enforcement requests
A number of our customers have chosen to share their telephony fraud activity with one another for the purposes of defending the telephony channel from fraud. We act as the data controller facilitating and regulating this sharing of data.
How We Protect Your Information
We have a strict ISMS framework and we are accredited with ISO27001, ISO 9001 and Cyber Essentials Plus. This demonstrates our commitment to keeping Personal Data secure and protected.
- All data is encrypted in transit and at rest and adheres to UK and EU data protection laws.
- All data is subject to access control measures and our staff are screened before accessing any data.
- All data is encrypted in transit using TLS 1.2+
- All recorded data – including voice files, text messages and metadata – is encrypted at rest using AES256 and is never shared with third parties.
You can access our full information security policy by contacting us at Privacy@smartnumbers.com
We will only retain personal data that we collect for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
Our service(s) have built-in retention practices.
In accordance with our internal data retention policies, to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, contractual obligations, or other requirements.
Where we act as the Controller of Your Data
We act as a controller when we process personal data:
- to develop, analyse and improve our services, including when we: (i) use personal data such as phone numbers to train our machine learning analytics system in order to enhance the performance and functionality of our services ; (ii) collect Client and End User feedback and survey responses; and (iii) monitor our service quality; and
- for the purposes of Client relationship and service management, for example to correspond and deal with support tickets and Client requests and enquiries, to issue Client invoices and to keep a record of our services rendered.
- for the purposes of agreed customer data sharing; in particular to share member telephony fraud data with other members.
- For the purposes of recruitment and the fulfilment of job applications.
In order to deliver our service we process and store data in the UK, EU and US territories.
We perform data transfers in accordance with all applicable data protection laws. Transfers originating from the UK and EEA to the United States and other non UK or EEA jurisdictions are subject to the implementation of approved Standard Contractual Clauses.
You can obtain more information about where your data is transferred by contacting us at Privacy@smartnumbers.com.
We will only use your data when the law allows us to do so – under the control of Contractual Necessity, Legitimate Interest, Legal Obligation and, in some cases, Consent. Where consent is used we will always provide provisions for you to revoke such consent.
You have certain rights to request access, rectification, deletion, objection, or other actions regarding your Personal Data with respect to applicable law.
- Access – you may request access to your data
- Rectification – you may request your data is corrected
- Deletion – you may request your data is erased
- Restriction – you may request that you data is restricted
- Portability – you have the right to receive your data in a form which allows you to transfer it to another person or organisation
- Objection – you may object to your data being processed
- Withdrawing Consent – you may withdraw consent if consent is the basis for your personal data being processed
If you’d like to contact us about exercising your rights please use the contact information in the section below. If you’d like to access your personal data our Subject Access Request form can be found here.
If you have any questions about this document or our privacy practices in general, please write directly to our Data Protection Officer firstname.lastname@example.org or at our address below:
FAO: Data Protection Officer
25-27 Shaftesbury Avenue
Data Protection Authority
As a UK-based company, our lead supervisory authority is ICO. If you believe that we have not complied with applicable data protection laws you have a right to lodge a complaint.
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)