Smartnumbers respects your privacy and is committed to protecting the personal information that is shared with us. This privacy notice is intended to be transparent about how we collect and use Personal Data and be clear about the rights of data subjects with respect to their Personal Data.

This notice applies to information that relates to the data subject as an identifiable person, which Smartnumbers collects when the subject interacts with us or our services, website and employees.

The types of data subjects this Notice is directed to are (i) those who contact us via our website or other means of communication (ii) prospective employees (iii) prospective customers, resellers, agents and contractual customers who avail of our services (iv) the end users who utilise our services via such contractual customers.

This notice does not apply to any third-party services that may be integrated into our services. Those parties are subject to their own notices and policies and we recommend that you read those as well. You can obtain a list of these by contacting Privacy@smartnumbers.com

Information We Collect

Information you provide directly to us

Direct Contact

We may receive information from you when you leave us your contact details via the website, download our eBooks or request marketing information, contact our sales or customer support teams, or send us your CV as a job applicant. This might include name, username (or similar identifier), title and role, phone number, phone number alias, email address, curriculum vitae details, and postal address. 

Service Data and Other Customer Data

We may receive information from you when you contact us during the establishment or life cycle of a Service Contract. This may include support tickets, data capture forms and other information relating to service details, client requests and enquiries, feedback and survey responses, including the contents of those communications or messages.

Account Information

When an organisation establishes an account and adopts our service(s) we will require that such organisation provides us with certain data including contact names, corporate email addresses, authentication details, billing details etc.

Information we collect automatically

Usage Data

When you use our Services we collect data about how you use the service and interact with it. Examples of those activities include channel usage, number usage, services provided, and services used.

Log Data

Some of your data is logged when you visit our website or use our services. This data includes IP addresses, access details, anonymised user IDs, user behaviour and activity (which links you choose to click, how much time you spend on pages, what you do and don’t like etc). 

Cookies and similar technologies

We use cookies to control what information is presented to a visitor, trying to make your browsing easier. More information on our use of cookies can be found on our Smartnumbers Cookie Policy. We use cookies and other technologies to collect data on your behaviour and your device’s IP address (which is captured and stored in an anonymized form), device screen size, device type (unique device identifiers), browser information, geographic country, and your preferred language used on our website. All of this data is stored in a pseudonymized user profile. 

Caller Identification Data

When you place a call through our platform (directly or indirectly via one of our Customers) we will collect call metadata comprising the phone number of the caller (as well as the dialled number), timestamp of the start of a call, call duration, unique identifier of the record, call connection result, ingress route, egress route, identification of the appliance that generated the record, and additional data such as signalling data and results of risk evaluation and confirmed fraudulent number reports. We may also receive pseudonymised User IDs from our Customers which are then associated with such calls coming through our platform.

Information we receive from third parties

Job Applications

When you send us your CV we may collect and process data about you from third parties, such as references obtained from former employers and background checks, as applicable. 

Reseller and Customer Partnerships

When an organisation establishes a service account with us we will use such customer data according to the customer’s instructions and our Service Contract. Customers are able to provide us with access to their call history, including data from the calls into their organisation. We use this data for the effective delivery of the purchased service and in accordance with our Service Contract. We process this information in a way which does not identify you.

How We Use Your Information

We use your data in the following ways:

• To respond to your direct contact (which might be to answer or deal with a service related query, issue you with requested marketing or collateral, response to a job application or sales query);
• To provide and maintain our services in accordance with our Service Contracts and Service Descriptions;
• To analyse and improve our services;
• To support and manage our Service Contract with you including the provision of user support and service requests;
• To comply with our legal obligations we may also disclose personal data to third parties where required to do so by law, for example to the police, regulatory authorities, government agencies or judicial or administrative bodies in connection with law enforcement requests;
• In order to establish that a call to one of our customers is genuine, we will examine the signalling details of the call as it passes through our network  to ensure the validity of the call. We will also record and process data relevant to the call (including fraudulent risk markers, scores and status);
• In order to provide our mobile and compliance services – we will process data relating to user device type, user contact lists, user details (name, company, personal and business phone number) incoming and outgoing calls, call records and encrypted media (SMS text messages, audio recordings). Access to this data is restricted to the Customer.
• For other purposes with your consent.

How We Share Your Information

Third Parties and Sub-Processors

We share information with our service providers and some third-parties so that they can help us deliver our services and carry out our business functions. Depending on the service you use, we can share with you the tailored information about which parties your data is shared with. You can request this by emailing us at Privacy@smartnumbers.com.

Legal Authorities

We may also disclose personal data to third parties where required to do so by law, for example to the police, regulatory authorities, government agencies or judicial or administrative bodies in connection with law enforcement requests

Customers

A number of our customers have chosen to share their telephony fraud activity with one another for the purposes of defending the telephony channel from fraud. We act as the data controller facilitating and regulating this sharing of data.

How We Protect Your Information

We have a strict ISMS framework and we are accredited with ISO27001, ISO 9001 and Cyber Essentials Plus. This demonstrates our commitment to keeping Personal Data secure and protected.

• All data is encrypted in transit and at rest and adheres to UK and EU data protection laws.
• All data is subject to access control measures and our staff are screened before accessing any data.
• All data is encrypted in transit using TLS 1.2+
• All recorded data – including voice files, text messages and metadata – is encrypted at rest using AES256 and is never shared with third parties.

You can access our full information security policy by contacting us at Privacy@smartnumbers.com

Data Retention

We will only retain personal data that we collect for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

Our service(s) have built-in retention practices.

In accordance with our internal data retention policies, to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, contractual obligations, or other requirements.

Where we act as the Controller of Your Data

We act as a controller when we process personal data:

• to develop, analyse and improve our services, including when we: (i) use personal data such as phone numbers to train our machine learning analytics system in order to enhance the performance and functionality of our services ; (ii) collect Client and End User feedback and survey responses; and (iii) monitor our service quality; and
• for the purposes of Client relationship and service management, for example to correspond and deal with support tickets and Client requests and enquiries, to issue Client invoices and to keep a record of our services rendered. 
• for the purposes of agreed customer data sharing; in particular to share member telephony fraud data with other members.
• For the purposes of recruitment and the fulfilment of job applications.

Data Transfers

In order to deliver our service we process and store data in the UK, EU and US territories.

We perform data transfers in accordance with all applicable data protection laws. Transfers originating from the UK and EEA to the United States and other non UK or EEA jurisdictions are subject to the implementation of approved Standard Contractual Clauses.

You can obtain more information about where your data is transferred by contacting us at Privacy@smartnumbers.com.

Your Rights

We will only use your data when the law allows us to do so – under the control of Contractual Necessity, Legitimate Interest, Legal Obligation and, in some cases, Consent. Where consent is used we will always provide provisions for you to revoke such consent.

You have certain rights to request access, rectification, deletion, objection, or other actions regarding your Personal Data with respect to applicable law.

• Access – you may request access to your data
• Rectification – you may request your data is corrected
• Deletion – you may request your data is erased
• Restriction – you may request that you data is restricted
• Portability – you have the right to receive your data in a form which allows you to transfer it to another person or organisation
• Objection – you may object to your data being processed
• Withdrawing Consent – you may withdraw consent if consent is the basis for your personal data being processed

If you’d like to contact us about exercising your rights please use the contact information in the section below. If you’d like to access your personal data our Subject Access Request form can be found here.

Contact Details

If you have any questions about this document or our privacy practices in general, please write directly to our Data Protection Officer dpo@smartnumbers.com or at our address below:

FAO: Data Protection Officer
Smartnumbers
25-27 Shaftesbury Avenue
London
W1D 7EQ

Data Protection Authority

As a UK-based company, our lead supervisory authority is ICO. If you believe that we have not complied with applicable data protection laws you have a right to lodge a complaint.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.