Remote Assistance          Service Status          Ticket Management          Knowledge Base          Login

GDPR and how it affects you

In May 2018 the new EU regulation GDPR (General Data Protection Regulation) begins to apply. The purpose is to strengthen and simplify your possibilities to control how your data is submitted and processed when you contact us or use our services. In this section we will let you know how we process your data and the measures we take to protect it.

Connectel welcomes this change, therefor we are updating our terms and agreements to complement the information regarding how we process your data and our responsibilities.




Data & how we use it

Data we collect is to improve your experience when using our services, increase the quality, maintain the service and for invoicing.


The kind of data we collect

Customer & Invoice data Data that is connected to the service we are providing, example name, address, e-mail and telephone number. We use this information to connect you to the services you have, invoicing and agreements. We also use this information when you contact us to improve your experience when in contact with us.
Traffic data Data that is being obtained when you use our services. Traffic data is used for the purpose to transmit electronic data when you use your services, for an example receiving or making a phone call, sending an SMS, e-mail and invoicing. We’re also obliged by local law regulations as a telecommunication operator to store information on electronic communication regarding participants of communication, time of communication and length of the communication. The content of the communication is not stored unless A) consent has been given by both parties or B) we are required by a local prosecutor to comply with law regulations.
Service specific data Service data is collected to maintain and deliver the service to the customer. The data collected in this regard are the following: agent name, agent number, customer number, customer e-mail address, e-mail conversations, recorded calls, electronic communication conversations, mac-addresses, call statistics & quality measures. Of the above data objects some may be subject to explicit consent.


How we collect it

We record and store data in the following scenarios:

  • Data you submit to us when you obtain a service and sign an agreement with us.
  • Data when you contact us for various purposes. For an example e-mail address or telephone number.
  • Data is automatically created when you use our services. For an example when you visit our homepage, call, sending an SMS using our services or logging into our services.


How we use the data

For us to process data, there must be support in the data protection regulation. Meaning that for us to process your data in line with regulations it must meet one of the following requirements:

  • To maintain and operate the service according to the signed agreement.
  • To comply with local regulations and law enforcement demands.
  • After a balance of interest.
  • After the customer has given consent for the given processing.

For us to deliver and maintain the services we provide we need to process your data. The following examples will present on what purpose we process your data:


Maintaining the service We process this data to identify you as a customer in your communication with us and to deliver services in line with the signed agreement with you. We process this data to invoice the services we are providing, to aid in service disruptions or other technical tasks requiring assistance. Analysis of data may also be performed in order to improve the service.

Legal basis: Maintaining the service and fulfillment of agreement.
Development For us to maintain and improve the services we provide we may collect traffic data, user and usage statistics for analysis.

Legal basis: Legitimate interest and consent
Communication with us We process data when you are in communication with us. For an example when you call our technical support the call may be monitored and recording for quality assurance. When sending an e-mail or initiating a chat with us, data may be processed for quality assurance and for us to follow up on your enquires. We use this data to improve on our communication towards our customers.

Legal basis: Legitimate interest and consent
Information security For us to protect our services and our customers when using services provided by Connectel, we may collect traffic data for analysis. We also monitor services to discover and stop abuse in our services. For an example: system hijack, password leaks, virus attacks, frauds etc.

Legal basis: Fulfillment of agreement and legal obligation
Local law compliance We process data to comply with local law regulations.

Legal basis: Legal obligation


How long the data is stored

We strive to never store data longer than necessary and some data may be subject to termination instantly while other types of data is required for maintaining the service or for legal regulations.


  • Data that is submitted and recorded when you sign an agreement with us remains stored if the agreement is in use and then stored an additional 12 months. Accounting may be stored for longer periods due to local law regulations.
  • Traffic data is stored for invoicing. For unpaid invoices these are stored for the duration until the invoice has been payed. As a tele-communication operator, we are also obliged by law to store traffic information for a minimum of 6 months and a maximum timeframe 24 months.
  • Service specific data is stored depending on the data object. Data is generally stored until there is no legal interest to store it any more. Some data may remain to comply with local law regulations. Data which is no longer needed in its original format is anonymized after a given time defined by the customer.
  • To protect our services against hijacking and fraud attempts, logs may store authentication requests and other system related data such as traffic data. Authentication requests containing sensitive information such as passwords are never stored without encryption. This data is stored for up to 7 days on a system level and until anonymized on a service level. Anonymization timeframe is defined by the customer of our services.
  • Calls recorded by our Helpdesk is stored for 30 days unless an explicit requirement to remove a specific file has been received from the customer.
  • E-mail & chat conversations towards our Helpdesk is stored until anonymized after 90 days.


To whom do we share our data with

We may share your data to the following parties:


  • Government agencies to comply with local law regulations, emergency services.
  • Sub-contractors or subsidiaries within the Connectel branch may receive and process data you have shared with us. However, they are only entitled the data requirement to fulfill and/or maintain any service we are providing you with.
  • Other telecommunication operators may receive and process data on our behalf for us to fulfill agreement and deliver our services. For an example when you perform a telephone call to an operator outside of our network.
  • Right holders according to law regulations of copyright material. This data would only be shared after a court of law has obliged us to do so.
  • Other parties may receive and process data if you have given us consent to share your data to other parties.


Sub-processors

The sub-processors used in your service is dependent on what services we provide you with. If you wish for a list of the sub-processors that manage and process your data you may contact us.

Entity Name Purpose Entity Country
Amazon Web Services, Inc. Cloud Service Provider Germany, United States, Canada
Microsoft Corporation (Office 365) Cloud Service Provider Europe
Google Inc. Cloud Service Provider Europe, United States
interactive digital media GmbH Cloud-based SMS Notification Services Germany
Twilio, Inc. Cloud-based SMS Notification Services United States
Zendesk Connectel Helpdesk United States, Europe
Eviexa Cloud-based Communication Services United States, Europe



How we protect your data



Organizational and technical security measures

  • Data isolation: Customer sensitive information stored within Connectel services are isolated from each other. Ensuring access protection.
  • Application isolation: Customer application access is controlled network isolation (See Network isolation).
  • Network isolation: Data and application are stored on separate networks with separate and customer tailored firewall rules. Ensuring only authorized access.

Apart from the above protection, service implementations also follow physical access protection, strict firewall rules and encrypted communication when transmitting data. Access by technical personnel is limited only to members of the Operations team who need access for maintaining the security and availability of the service.



Physical access control

All our infrastructure runs in colocation facilities.

Employee data center access Only authorized and approved employees are allowed access to the facilities. All employees who need data center access must apply for access and provide a valid business justification. Requests are reviewed and approved by authorized personnel and are revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their access request.
Govcloud access (US Only) Physical access to data centers in the US region is restricted to employees who have been validated as being US citizens.
Surveillance Physical access points to server rooms are recorded by CCTV. Images are retained according to legal and compliance requirements. Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection and other electronic means.


Access control for systems

As an organization, we are committed to ensuring that your private data is never accessed by unauthorized personnel or for unauthorized reasons.
Access by technical personnel is limited only to members of the Operations team who need access for maintaining the security and availability of the service.

The following methods are in use to protect the system from unauthorized access:


  • Network isolation
  • Data isolation
  • Application isolation
  • Encryption of access communication
  • Personal keys for authentication
  • Physical protection


Access control for personal data

Physical access is guarded by the means explained in section (Physical access control)

Soft access is based on organizational security levels. An audit of these is performed 2 times per year. Once personnel ends employment or for any reason changes security level/clearance, access rights are revoked and/or adjusted.



Access control during transfers

The following measures are implemented upon transferring of data:

  • Firewall rules
  • Personal authentication keys
  • System separation

In addition to the above rules, communication which may include personal data use encrypted electronic transportation.



Accessibility/Site protection

Site selection Datacenter locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather and seismic activity.
Power Datacenters electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day. We ensure that data centers are equipped with back-up power supply to ensure power is available to maintain operations.
Climate and temperature Datacenters use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Fire detection and suppression Datacenters are equipped with automatic fire detection and suppression equipment.
Leakage detection Datacenters are equipment and functionality to detect the presence of water. If water is detected, mechanisms are in place to remove water to prevent any additional water damage.
Data Software backup are performed on data vital for the contingency of the service. This data is stored within our data centers and following the previous protection mechanisms. Data is normally stored for 90 days until being terminated.



Your rights

Some data we store can only be stored if you have given us your consent, while some data is required to fulfill our agreement with you. You can any time withdraw your consent by contacting us. If you decide to withdraw your consent, we may no longer we able to fulfill our agreement and deliver our services to you.



Access

You can without any fee or cost require from us a register of what data we have of you. We shall reply to your request within a month.



Correction

It’s our responsibility that the data we process is correct. You as a customer have the rights to complete and adjust information/data that is missing or invalid. If you notice incorrect or faulty data connected to you, you have the right to demand it being corrected.



Deletion

You have the right to be deleted from our systems if any of the following scenarios is true:

  • The data is no longer needed for its purpose.
  • If the data is based on your consent and you withdraw your consent.
  • If there is no longer in your interest for us to store this data. This can only be applied if your interest does not interfere with any of our legal obligations or the requested data for deletion is not needed for us to deliver and maintaining our service in accord to your agreement.
  • If the data has not been processed in according to the GDPR regulation.
  • If termination of data is required by local regulation and/or requirement from court.


Right to object

You have the right to object to the data stored about you that we process in our balance of interests. If we decide that such processing is required, we must present to you the reason and our interests in doing so.



Right to limitation

You have the right to a temporarily limitation of processing your data. It can only be limited if the following scenarios:

  • When you believe your data is not correct and have required a correction from us. You can request that your data processing is stopped for the duration of the investigation.
  • When the data processing is not in line with the regulations and/or local law.
  • When you need your data in legal errands.

When you have requested a limitation of data processing, we can continue to process your data until our investigation has ended. Such investigation cannot exceed 10 days.



Right to data portability

You have the right to request and receive the data stored about you if you wish to use the data for another purpose. For an example move your information to another operator or service.

This only apply if you have given your consent for data processing or if the processing is required for us to maintain and fulfill our agreement. You do not have the right to move any information or data if we process data due to local law requirements and/or our balance of interest.



Damages

If you feel that we have incorrectly processed your data, you may have the right to seek damages from us or bring an action for damages in court. Such a request must be made in writing to us.

Vill du veta mer? Vi kontaktar dig!

Tack för din fråga, vi kontaktar dig så snart som möjligt.