Handling Personal Data
Our clients' privacy and data are important and we handle it legally and fairly at all times. Direct VoIP is fully compliant with the terms of the GDPR and details of what data we collect and how we store and use it are shown below.
The Information We Collect
We collect the information you gave us when you signed up this includes name, address, telephone number, email address, etc. Most of this information can be changed in your online portal or upon request by raising a support ticket.
We collect and store details of any payments made to us, we only store transactions numbers, dates and amounts.
When you call us or we call you, our systems create a call detail record that stores our number, your number, the time and date of the call and duration.
If a call goes through to voicemail, we store a record of the time and date of the call, your number and the audio content of the message you left.
When you make or receive a call using one of our product platforms, our billing systems create a call detail record that stores your IP address, the number you called, your number, the time and date of the call and duration.
If you are using our PBX services, we may store voicemail greetings, music on hold and IVR prompts that we have either created for you or you have supplied us with.
We store any emails we have sent or received from you and we also store the contents of any support tickets raised with us.
When you have SIP devices that use our services, we store the IP addresses and type of device in order to provide the service.
The Information We Do Not Collect
We do not collect any credit/debit card information whatsoever. All payments are processed through secure third parties, this includes direct debit.
We do not record the content of your calls to or from us.
Where We Store Your Data
All of your personal data is stored and backed up within secure datacenters inside the EU. We never transfer any client data outside of the EU.
How We Use Your Personal Information
The GDPR allows us to use and share your personal data only when we have a proper reason for doing so.
The permitted legal reasons for processing your data are set out in article 6 of the GDPR. At least one of these must apply whenever we process your personal data.
The rules are:
- Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, marketing)
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone's life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
Below is a list of the ways we use your personal information and the legal basis outlined above for each of the use cases.
|Business Function||Why we use your personal information||Legal Basis|
|SIP Trunks||To supply a voip service||Contract|
|Hosted PBX||To supply a voip service||Contract|
|Private PBX||To supply a voip service||Contract|
|Numbering||To supply a voip service||Contract|
|Number Porting||To supply a voip service||Contract|
|Emergency Services Data||To provide contact data to 999 services||Legal Obligation and Vital Interests|
|Customer Services||To provide support to clients||Legitimate Interest|
|Website Analytics||To obtain statistics on website usage||Legitimate Interest|
Who Do We Share Your Information With and Why
Only essential data is supplied to trusted third parties in order to provide our services to you, they are:
- Telecoms carriers - in order to send and receive calls.
- Payment processors - in order to process payments.
- Emergency services - in order to assist the emergency services when you dial 999.
- Website analytics - in order to assess the performance of our webiste. (Google Analytics)
Because of legal obligations we may have to share data in response to official requests from:
- Regulatory bodies such as Ofcom and the Information Commissioner's Office.
- Law enforcement agencies - for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
How Long We Keep Your Personal Data For
We must retain account details, payment history and contact details for 7 years.
We are legally obliged to retain call detail records for 12 months.
Hosted PBX Data Retention
Call detail records will be kept for a year by default.
Voicemails will be kept for a month by default.
Call recordings will be kept for three months by default.
You can delete all of these at any time.
Private PBX Data Retention
Defaults are set the same as for the hosted PBX but can be changed by raising a support ticket.
Direct VoIP is a Data Controller, registered with the Information Commissioner's Office under registration no. ZA362673 as DC VoIP Solutions Limited
You have the right to lodge a complaint with the Information Commisioner's Office. Further information, including contact details, is available at https://ico.org.uk
Changes To This Privacy Notice
Our privacy notice in under regular review.
This privacy notice was last updated on 29nd May 2018.