Privacy Policy - External

1. Introduction

1.1 We are Vorboss Limited a company incorporated and registered in England and Wales with the company number 05678571 and registered office at 10 Exchange Square, London, United Kingdom, EC2A 2BR (‘Vorboss’, ‘we’, ‘our’ or ‘us’). For information about Vorboss see www.vorboss.com. We are the data controller of personal data collected via our website, any of our web-based administration portals, apps and personal data collected through the purchase of our products and services. This means we are the organisation legally responsible for deciding how and for what purposes your data is used.

1.2 We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website, any of our web-based administration portals, apps, the purchase of our products and or services. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

1.3 We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and Privacy and Electronic Communications Regulations (PECR) when providing direct marketing.

1.4 Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website, please let us know so that we can delete that data. Please see our contact details set out at ‘How to contact us’ below.

2. What This Policy Applies To

2.1 This privacy policy relates to users of our website/applications or any of our web-based administration portals, products and services, customer contacts, supplier contacts and the following situations:

• when you contact us by telephone, email or post about our websites/apps, products and/or services;
• information provided when you register with us;
• when you log into and/or enter information into portals or web applications that we provide to you in relation to our products and/or services;
• when you use our products and/or services;
• information we receive from other sources;
• visiting our websites and/or apps; and
• when we occasionally use third-party services such as credit checking agencies.

2.2 Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. Those third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third-party websites, please consult their privacy policies as appropriate.

2.3 This policy does not apply to data we hold about our employees, and other organisations’ websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our websites/or apps, we encourage you to read the privacy policies and/or notices of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.

3. Who we share your personal data with

3.1 We routinely share your personal data with:

• our employees to use your information as set out below;
• after aggregating and anonymising information, to partners to assist us in understanding our users and improve providing or marketing our products and services;
• to credit rating agencies, for the reasons set out above;
• to third-party companies that we use to provide aspects of our services;
• with your express consent; and
• where required by law.

3.2 Where we share your personal data we impose contractual obligations on those we share your data with to ensure they can only use your personal data to provide services to us and to you.

4. Personal Data We Collect About You

4.1 We may collect, store and use the following personal data about you:

• your name, address and contact information, including email address and telephone number, job title and company details;
• information provided by you which allows us to facilitate the purchase of our products and or services, this would include but is not limited to, verification of identity information, billing information and banking details;
• details of any information, feedback or other matters you give to us by phone, email, post or via social media;
• your account details, such as username and login details;
• information provided when you register with us;
• information you may provide to our sales representatives, third party service providers and customer service team;
• basic information (i.e., name, address telephone number, email address) for residents and landlords who have entered into wayleave access agreements with Vorboss and their wayleave access documentation;
• your contact history, purchase history and saved items;
• information about the device used to access our websites and how you use our website and technology systems; and
• your responses to surveys, competitions and promotions.

4.2 If you do not provide personal data we ask for where it is indicated to be required at the point it is requested it may delay or prevent us from providing our products and services to you as explained in the relevant forms on which such data is collected.

4.3 We do not collect any Special Categories of Personal Data about you (such as race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and bio-metric data).

4.4 We collect, use and store the above information through consent from individuals or for legitimate business purposes in line with UK GDPR, Data Protection Act 2018 and PECR legislation or any other applicable legislation.

4.5 We may monitor, record, store and use any telephone, email or other communication with you (i) for training and quality purposes, (ii) to help us to meet our Regulatory requirements, (iii) to help us to maintain evidence of business transactions, and (iv) for the prevention and detection of crime or fraud.

4.6 We use Hotjar, which is a technology service that helps us better understand our website users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like). Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

5. When Your Personal Data is Collected

5.1 We collect personal data from you:

• directly, when you enter or send us information, such as when you purchase our products and services on behalf of an organisation or create an account with us to administer aspects of our services; and
• indirectly, such as when you visit the Vorboss websites or any of our web-based administration portals, and apps, we will collect information about your use of our website/apps indirectly using the technologies explained in the section on ‘Cookies’ and our ‘Cookies Policy’.

5.2 For a more detailed analysis of why we use your personal data and our legal reasoning please see Table 1 below.

5.3 A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

5.4 If you are the individual who administers your organisation’s relationship with us, we will use your information:

• To contact you about the products and services you have ordered (or has asked for information about ordering) on your organisation’s behalf;
• To deliver the products and services to your company; and
• To provide you with access to administrative portals and similar support.

5.5 You will need to designate another individual as the administrator of the account if you no longer wish for us to use your information for these purposes. Where you as an administrator provide us with Personal Data for another individual as part of us performing our contract with your organisation (for example, setting the user up with an account on our systems), you confirm that you have obtained that individual’s consent to provide that Personal Data to us.

5.6 Vorboss may occasionally acquire Personal Data from third parties such as market research or marketing agencies (such as contact details) so that we can contact you about our services or special offers. In such cases we make sure that you agreed for us to do so.

5.7 When delivering our services, such as our network connectivity, cloud and voices services we collect the following information:

• usage information (e.g., duration, frequency, data usage, connections, metadata and byte counters);
• billing information (e.g., your invoices and the components of those);
• for voice services, extension details, call data (inbound and outbound call information and usage information) and any dial plans or similar information; and
• names or labels that you have assigned your services in our systems, such as voice extension names or virtual machine labels.

5.8 We may also obtain information about you from credit agencies, corporate due diligence services, public agencies or similar organisations.

6. Why, we use your personal data

6.1 Under data protection law, we can only use your personal data if we have a proper reason. Here are some of the situations where we use your personal data:

• where you have given consent;
• to comply with our legal and regulatory obligations (Art 6(1)(f));
• for the performance of a contract or to take steps at your request before entering a contract;
• to notify you about changes to our products and services;
• Marketing;
• to ensure the security of our websites, apps, systems and assets are maintained and facilitate the investigation of illegal or prohibited activities;
• when you apply for our services or administer them; and
• for our legitimate interests or those of a third party.

7. How Long Your Personal Data Will Be Kept

7.1 We will not keep your personal data for longer than we need it for the purpose for which it is used.

7.2 We periodically review the information we hold, and erase or anonymise it when we no longer need it.

7.3 Ordinarily we will delete information relating to a contract 6 years after the contract has ceased and keep financial information for 7 years. This may be extended if required by law to do so.

8. Keeping Your Personal Data Secure

8.1 Vorboss takes security extremely seriously, we are ISO 27001 certified and maintain security policies and information that are assessed and regularly edited covering all areas related to processing data. We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

8.2 We also have procedures in place to deal with any suspected data security breach. We will notify you and the Information Commissioners office of a suspected data security breach where we are legally required to do so.

9. Transferring your personal data out of the UK

9.1 We may share or store your Personal Information with our third-party service providers based outside the European Economic Area (“EEA”) who we engage to help us, amongst other things, fulfil your order, process your payment details and the provision of support services. Countries outside the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

9.2 In the event it is necessary for us to transfer your personal data to countries outside the UK we will comply with applicable laws designed to ensure the privacy of your personal data.

9.3 Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) by using an appropriately safeguarded contract for transfers of personal data approved by the European Commission and the Information Commissioners Office. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism (i.e., your consent) or exception provided by UK data protection law.

9.4 Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally it will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.

9.5 If you would like further information about data transferred outside the UK, please contact us (see ‘How to contact us’ below).

10. Marketing

10.1 Where you have specifically given, us consent by opting into service notifications or newsletters about our products and services we will use your personal data to send you services notifications or newsletters by email, text message, telephone or post about our products and or services.

10.2 You have the right to opt out of receiving marketing communications at any time by:

• contacting us at reply@vorboss.com;
• using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts, or

10.3 We may ask you to confirm or update your marketing preferences if you ask us to provide further products and or services in the future, or if there are changes in the law, regulation, or the structure of our business.

10.4 We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside the Octopus group for marketing purposes.

10.5 For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

11. Cookies

11.1 A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or another electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

11.2 For further information on cookies and our use of cookies, when we will request your consent before placing them and how to disable them, please see our Cookies Policy.

12. Your Rights

12.1 You generally have the following rights under UK GDPR (Art 12-22), which you can usually exercise free of charge:

• right to a copy of your personal data;
• right to correction, erasure, restriction of use and/or to withdraw consent;
• right to data portability;
• right to object to use of personal data; and
• right to not be subject to fully autonomous decisions without human involvement.

12.2 If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:

• provide enough information to identify yourself (e.g., your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you; and
• let us know which right(s) you want to exercise and the information to which your request relates.

13. How to contact us/ make a complaint

13.1 Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.

13.2 You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

13.3 Our contact details are shown below:

13.4 You also have the right to lodge a complaint with the Information Commissioners Office.

13.5 We are registered as a data controller with the UK Information Commissioners office. Our ICO registration number is ZA242141. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

14. Changes To This Privacy Policy

14.1 We may update this policy from time to time by republishing a new version on our website. We may notify you of changes to the policy, but in any case, you should review this page regularly to ensure that you have seen the latest version and are comfortable with any changes that we have made.

‍