PiPcall End-User Privacy Policy

1. INTRODUCTION

Assuract Limited, trading as PiPcall (“Assuract”, “we“, “us” or “our”) is a provider of telecommunications services and solutions. For more information about Assuract, please visit our website: www.pipcall.com (“Website”).

We have developed the PiPcall mobile application (the “App”) which is available for download from the App Store and a desktop application (“Desktop System”), which allows a user to make and receive calls once installed on the user’s mobile or desktop device, as applicable. We have also developed a web portal that allows customer administrators to manage the users, numbers, extensions and licences for their Associated Business (the “PiPcall Portal”). The App, the Desktop System, and the PiPcall Portal together being the “Services”. The Services include a number of features such as managing contacts, providing caller identity details when receiving a call, voicemail services, SMS messaging, turning on a

‘do not disturb’ setting and accessing the history of calls made through the System (the “Services”); more information about the features offered via the App can be found in the terms and conditions available here: www.pipcall.com/policies/endusertermsandconditions/. The Services available to you in the App may be limited or restricted by your employer or the organisation with which you are

associated who has authorised your use of the App (“Associated Business”) or by the settings you have

enabled or disabled within the App.

References to “you” or “your” in this privacy policy means the user of the Services. The Services are only available to “Business Users”, which means an individual who is authorised to use the Systems and Services on behalf of its Associated Business, provided that such Associated Business has entered into an agreement with us and has agreed to pay the charges for the individual’s use of the Services.

We are committed to protecting and respecting the privacy of our Business Users and the privacy of the contacts that you store in the App (“Contacts”). This privacy policy (“Privacy Policy”) sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will use your personal data. For the purpose of data protection legislation in the UK, we are the controller of personal data.

2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, AND HOW DO WE USE IT?

When you use the Services, you may provide us with certain personal data, or we may collect personal data about you from your Associated Business. Under data protection law, we can only use your personal data if we have a legal basis for doing so, e.g., where you have given your consent; to comply with our legal and regulatory obligations; for the performance of a contract with you; or for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

When we collect and process such personal data, we will do so in accordance within this Privacy Policy and for the following purposes:

Registering an account

If you are a Business User, you have been authorised by your Associated Business to use the Services to carry out the duties required of you by your Associated Business. You will be required to register an account with us:

(1) If you are using the Desktop System you will be required to provide us with your name, the name of your Associated Business, your work email address; and

(2) If you are using the App, you will be required to enter your mobile number when registering for the App. You will then be sent an authentication code to your Device which will enable you to setup the App and you will be allocated a PiP Number (as explained further below),

(together “Account Data”).

For App users, a “PiP Number” will also be allocated to you to enable you to make and receive calls via the App to the mobile device registered to your account. You may share your PiP Number with your Contacts to enable your Contacts to make a call to your PiP Number. In some circumstances your Associated Business may choose to override your PiP Number and allow you to use your Associated Business phone number instead. In this situation your Associated Business will provide us with details of your Associated Business phone number so that the system can be configured appropriately to enable you to receive the Services via your Associated Business phone number.

We process your Account Data in order to set up your account and enable you to receive the Services from us. We process your PiP Number and your Associated Business phone number for the purposes of facilitating your calls using the App, which is further explained below.

We process your Account Data, your PiP Number and your Associated Business phone number to pursue the legitimate interests of your Associated Business, who has engaged us to provide the Services to it and its Business Users. Your Associated Business intends for you to use the App to carry out the duties required of you by your Associated Business and therefore requires you to have an account with us via which we provide the Services to you.

Creating contacts in, and transferring contacts to, the App:

You may create a Contact in the App for the purposes of making calls to, or receiving calls from, such Contact. When you create a Contact, you may provide us with the Contact’s first name, last name, company name, email address(es) and phone number(s) for their contact telephone number (“Contact Data”). As a minimum you will be required to provide us with a phone number of the contact.

If you transfer a Contact from your mobile device to the App the following data about the Contact is copied to the App: first name, surname, employer or organisation associated with, source (e.g. if the data originates from the mobile device, or webmail or other application), phone number(s), phone number(s) label (e.g. office, home or mobile), email address(es) and email address label(s) (e.g. work or personal) (“Transferred Contact Data”).

We process the Contact Data and Transferred Contact Data for the purposes of displaying the identity of callers who make calls to you via the App. We also store the Contact Data and Transferred Contact Data in a database and display this to you as a list of Contacts that you may wish to make a call to via the App. You may designate a Contact as a favourite, which will be listed as one of your favourites within this

feature of the App, so that you can make calls to your favourite Contacts without searching through the entire list of your Contacts.

We process the Contact Data and Transferred Contact Data of your Contacts to pursue your legitimate interests to improve the usability of the App and enable you to use the App most effectively. You can efficiently identify Contacts by name when using the App (including when making and receiving calls, accessing your call history and designating Contacts as favourites) and efficiently interact with your Contacts through various mediums (as a result of storing additional contact information, such as email addresses). As a result of us processing the Contact Data and Transferred Contact Data, you see more than a list of phone numbers within the App.

Making and receiving calls:

We process call details when you make and receive calls via the Services, and such records contain the date and time of when a call begins and ends, whether the call was an incoming or outgoing call, and the phone number of the person you make a call to or received a call from. Where your Associated Business has purchased call recording technology as part of the Services we provide, we will also record the content of your call and pass such recordings to your Associated Business as instructed by them in accordance with any additional terms provided with the PiPcall Corporate Customer Contract. Further information relating to call recordings should be provided to you by your Associated Businesses (either in their privacy policy or associated policy and procedure documents). Together, the information referred to in this paragraph is collectively “Call Data”.

We process your Call Data to provide our call service to you and enable you to make and receive calls via the App.

We process your Call Data to pursue the legitimate interests of your Associated Business, who has engaged us to provide the Services to it and its Business Users. Your Associated Business intends for you to use the App to make and receive calls, and we are required to facilitate such calls and comply with our obligations of providing the Services to you pursuant to the contract we have with your Associated Business.

Accessing your call history:

We process some of your Call Data to enable you to see your call history, which includes the date and time of when the call was made or received, the duration of the call, whether the call was an incoming or outgoing call, the phone number of the person you made a call to, or received a call from, the phone number you used to make or receive the call, which may be your personal phone number or work phone number (via your PiP Number), and if you have created or transferred such person as a Contact to the App (which means their Contact Data or Transferred Contact Data is in the App), their name will also be displayed (collectively “Call History Data”).

We process your Call History Data to provide you with access to an itemised history of the calls made and received via the App.

We process your Call History Data to pursue your legitimate interests to enable you to use the App most effectively. You can efficiently identify records of Contacts that you have made calls to, or received calls from, when using the App.

Accessing your voicemail service:

You may record a voicemail greeting which may be played to those making a call to you if you are unable

to receive the call (“Pre-Recorded Voicemail Data”).

We process voicemail records which contain the recording of the caller’s message, phone number of the

caller, date and time of when the message was recorded (“Recorded Voicemail Data”).

We process your Pre-Recorded Voicemail Data and Recorded Voicemail Data for the purposes of notifying you when you have missed a call and enabling callers to leave you a message in such event.

If you record a voicemail greeting, we process your Pre-Recorded Voicemail Data to pursue your legitimate interests by enabling you to provide a personalised message to callers if you are unable to take the caller’s call. If the caller records a voicemail message, we process the Recorded Voicemail Data to pursue your legitimate interests by enabling the caller to leave a message which you may respond to later.

It is not a mandatory requirement of using the App that you record a voicemail greeting (unless your Associated Business requires otherwise) or that a caller leaves a voicemail in the event you miss the caller’s call.

Fraud monitoring:

We may monitor call activity (which includes the call duration and destination of the call) on your account using your Call Data for the purposes of checking for unusual activity which may be the result of fraudulent activity.

In order to be able to investigate fraudulent activity, we process your Call Data to pursue the legitimate interests of your Associated Business to protect against unauthorised use and spending activity on your account.

We are required to impose spending limits if you have a pay-as-you-go subscription service, and we monitor your spending activity for the purposes of complying with our legal and regulatory obligations to impose such spending limits in these circumstances.

Providing you with support:

You may require our assistance from time to time. If you contact us for help, we will raise a ticket and need certain information from you, which may include: details of the Service you are using (such as the version number you have installed), the nature of the problem you are experiencing and any alternative contact details we can use to reach you in the event your telephone number or registered email address is not working (“Support Data”).

We will process your Support Data to pursue the legitimate interests of your Associated Business, who has engaged us to provide the Services to it and its Business Users. We have an obligation to provide you with support as a Business User of our App.

Complying with legal and regulatory requirements:

We are required to comply with certain legal and regulatory requirements and may process your personal data for compliance with such legal or regulatory obligation, to which we or regulators or law enforcement agencies are subject.

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

By using the App, we may need to disclose your personal data to selected third parties in the following limited circumstances:

1. Third party user authentication provider: your email address, mobile phone number and password are held securely by our third-party user authentication provider to enable you to securely login and use the Service. This service provider allows you to manage or change your password for the App at any time.

2. Third party contact database provider: Contacts you create and manage in the App are stored securely in a database provided by our third-party contact database provider. By maintaining a copy of the database of your Contacts outside of your phone we can retrieve the database of your Contacts should your phone be damaged, lost or stolen and your Contacts can be maintained centrally and synchronized across each device you install the App on.

3. Third party infrastructure providers: your personal data is held and processed securely by us on the dedicated systems supplied, monitored and maintained by our third-party infrastructure providers.

4. Your Associated Business: we share your Call Data and Call History Data with your Associated Business for the purposes of billing your Associated Business for the calls made and received via the App to and from your work phone number (via your PiP Number). Your Associated Business will act as a data controller of your personal data and their use and processing of your personal data shall be in accordance with their own privacy policy.

5. Third party telecommunications providers of call services: in order for us to connect a call you are making, or a call you are receiving, we transfer your PiP Number, or your Associated Business phone number if your account has been configured to override your PiP Number (which we configure following instructions we receive from your Associated Business), to a third-party telecommunications provider that owns or leases the network over which we

transmit your call. We also transfer the phone number of the destination or individual which you are calling.

6. To comply with legal or regulatory requests: if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, we may share your personal data with a regulator or law enforcement agency.

7. We use a third-party payment provider to process payments from our customers for their use of our Services. We do not receive any personal financial data in order to process payments from our customers.

8. Third party service providers: from time to time, we engage third party service providers to help us run our business, such as external marketing agencies and use of back-office functions (e.g., CRM tools).

9. We may also need to share your personal data with external auditors in relation to our regulatory requirements, accreditations and for the auditing of our accounts.

10. Corporate restructure or sale: In the event that our business goes through a corporate restructure or there are third parties interesting in purchase all or part of our business, we may

also need to share some of your personal data with the potential buyers and their advisors. Usually, personal data will be anonymised, but this is not always possible, however, the recipient will be bound by confidentiality obligations.

Aggregating and anonymising data

We may aggregate and anonymise your personal data that we have collected for one of the purposes identified above. We use such aggregated and anonymised data to identify ways we can improve our services. Once such data is anonymised and aggregated, we will retain such data for as long as we require. Such data is not capable of being used to identify you as an individual.

4. TRANSFERS OF YOUR PERSONAL DATA

We will not transfer your personal data outside of the EU or the UK, except to selected third parties that we have instructed to help us provide the Services to you, including in particular that we use Microsoft’s Azure cloud services, Auth0’s cloud authentication services and Realm.io’s cloud database and synchronization services, and such third parties may process and store your personal data in any one of their geographically distributed data centres as part of its cloud platform.

In the case of transfers of your personal data outside of the EU or the UK, where the transfers are not to countries that provide an adequate level of protection and have been granted an adequacy decision by the European Commission or Information Commissioners Office (as applicable), we will put in place appropriate safeguards to cover transfers of your personal data which may include, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission or Information Commissioners Office (as applicable), or such other transfer mechanisms as are permitted by the applicable data protection laws from time to time.

If there are any other circumstances which would require us to transfer your personal data outside of the EU or the UK, we will, where applicable, put appropriate safeguards in place to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission or Information Commissioners Office (as applicable), or such other transfer mechanisms as are permitted by the applicable data protection laws from time to time.

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:

· you have explicitly consented to the proposed transfer after having been informed of the possible risks.

· the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request.

· the transfer is necessary for a contract in your interests, between us and another person; or

· the transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers, and we will provide relevant information if and when we seek to transfer your personal data on this ground. If you would like further information, please contact us via email at data.protection.officer@pipcall.com.

5. COOKIES

We use cookies within our Website and some Services. For information about the cookies that we use, please see our Cookie Policy available here: https://www.pipcall.com/policies/cookiepolicy/.

6. OUR WEBSITE AND THIRD-PARTY WEBSITES

Our App and Services may contain links to our website and third-party websites. If you follow a link to a third-party website, please note that this Privacy Policy does not apply to those websites. We are not responsible or liable for the privacy policies or practices of those websites, so please check their respective policies before you submit any personal data to those websites.

7. MARKETING

Unless you are also an administrator of your business account, we will not use your personal data for marketing purposes. If you are also an administrator of your business’s account, please see our Customer Privacy Policy available at: http://pipcall.com/policies/customerprivacypolicy/.

We will always treat your personal data with the utmost respect and never share or sell it to other third- party organisations for marketing purposes.

8. DATA RETENTION

We store your personal data in line with legal, regulatory, financial and good-practice requirements, and unless otherwise required by law, on the following basis:

· Account Data is deleted 12 months after an account is terminated.

· Support Data is deleted 12 months after an account is terminated.

· Contact Data and Transferred Contact Data is deleted 1 month after an account is terminated.

· Call Data and Call History Data is deleted84 months after an account is terminated to enable us to deal with any account related and billing queries from your Associated Business.

· Pre-Recorded Voicemail Data is deleted 1 month after an account is terminated

· Recorded Voicemail Data saved by the user is deleted 1 month after an account is terminated.

Where you have participated in a free trial of our services, we will retain your email address and telephone number for a period of 1 year in order to ensure that you do not obtain further free trials where you are not permitted to do so.

When it is no longer necessary to keep your personal data, we will delete or anonymise it.

9. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS

As a result of us collecting and processing your personal data, you have the following legal rights:

· to access personal data held about you.

· to request us to make any changes to your personal data if it is inaccurate or incomplete.

· to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances – for example, we may be required to retain your personal data to comply with our own legal obligations, in which case we may not be able to comply with your request.

· to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means.

· to object to, or restrict, our processing of your personal data in certain circumstances.

· if we use your personal data for direct marketing, you can ask us to stop, and we will comply with your request.

· if we use your personal data on the basis of having a legitimate interest, you can object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection.

· to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and

· to lodge a complaint with a data protection supervisory body.

To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at data.protection.officer@pipcall.com.

You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

10. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA

If you have any questions, comments and requests about this Privacy Policy or your personal data, please email us at: data.protection.officer@pipcall.com.

Please notify us by email with any changes to your personal data at any time during your use of the App.

11. CHANGES TO OUR PRIVACY POLICY

Any changes we may make to this Privacy Policy in the future will made available to you on our website or displayed within our App and, where appropriate, notified to you by email.

This Privacy Policy was last updated on 27 August 2021

Menu