In May 2018 the new EU regulation GDPR (General Data Protection Regulation) begins to apply. The purpose is to strengthen and simplify your possibilities to control how your data is submitted and processed when you contact us or use our services. In this section we will let you know how we process your data and the measures we take to protect it.
Connectel welcomes this change, therefor we are updating our terms and agreements to complement the information regarding how we process your data and our responsibilities.
Data we collect is to improve your experience when using our services, increase the quality, maintain the service and for invoicing.
The kind of data we collect
|Customer & Invoice data||Data that is connected to the service we are providing, example name, address, e-mail and telephone number. We use this information to connect you to the services you have, invoicing and agreements. We also use this information when you contact us to improve your experience when in contact with us.|
|Traffic data||Data that is being obtained when you use our services. Traffic data is used for the purpose to transmit electronic data when you use your services, for an example receiving or making a phone call, sending an SMS, e-mail and invoicing. We’re also obliged by local law regulations as a telecommunication operator to store information on electronic communication regarding participants of communication, time of communication and length of the communication. The content of the communication is not stored unless A) consent has been given by both parties or B) we are required by a local prosecutor to comply with law regulations.|
|Service specific data||Service data is collected to maintain and deliver the service to the customer. The data collected in this regard are the following: agent name, agent number, customer number, customer e-mail address, e-mail conversations, recorded calls, electronic communication conversations, mac-addresses, call statistics & quality measures. Of the above data objects some may be subject to explicit consent.|
How we collect it
We record and store data in the following scenarios:
How we use the data
For us to process data, there must be support in the data protection regulation. Meaning that for us to process your data in line with regulations it must meet one of the following requirements:
For us to deliver and maintain the services we provide we need to process your data. The following examples will present on what purpose we process your data:
|Maintaining the service||
We process this data to identify you as a customer in your communication with us and to deliver services in line with the signed agreement with you. We process this data to invoice the services we are providing, to aid in service disruptions or other technical tasks requiring assistance. Analysis of data may also be performed in order to improve the service.
Legal basis: Maintaining the service and fulfillment of agreement.
For us to maintain and improve the services we provide we may collect traffic data, user and usage statistics for analysis.
Legal basis: Legitimate interest and consent
|Communication with us||
We process data when you are in communication with us. For an example when you call our technical support the call may be monitored and recording for quality assurance. When sending an e-mail or initiating a chat with us, data may be processed for quality assurance and for us to follow up on your enquires. We use this data to improve on our communication towards our customers.
Legal basis: Legitimate interest and consent
For us to protect our services and our customers when using services provided by Connectel, we may collect traffic data for analysis. We also monitor services to discover and stop abuse in our services. For an example: system hijack, password leaks, virus attacks, frauds etc.
Legal basis: Fulfillment of agreement and legal obligation
|Local law compliance||
We process data to comply with local law regulations.
Legal basis: Legal obligation
How long the data is stored
We strive to never store data longer than necessary and some data may be subject to termination instantly while other types of data is required for maintaining the service or for legal regulations.
To whom do we share our data with
We may share your data to the following parties:
The sub-processors used in your service is dependent on what services we provide you with. If you wish for a list of the sub-processors that manage and process your data you may contact us.
|Entity Name||Purpose||Entity Country|
|Amazon Web Services, Inc.||Cloud Service Provider||Germany, United States, Canada|
|Microsoft Corporation (Office 365)||Cloud Service Provider||Europe|
|Google Inc.||Cloud Service Provider||Europe, United States|
|interactive digital media GmbH||Cloud-based SMS Notification Services||Germany|
|Twilio, Inc.||Cloud-based SMS Notification Services||United States|
|Zendesk||Connectel Helpdesk||United States, Europe|
|Eviexa||Cloud-based Communication Services||United States, Europe|
Organizational and technical security measures
Apart from the above protection, service implementations also follow physical access protection, strict firewall rules and encrypted communication when transmitting data. Access by technical personnel is limited only to members of the Operations team who need access for maintaining the security and availability of the service.
Physical access control
All our infrastructure runs in colocation facilities.
|Employee data center access||Only authorized and approved employees are allowed access to the facilities. All employees who need data center access must apply for access and provide a valid business justification. Requests are reviewed and approved by authorized personnel and are revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their access request.|
|Govcloud access (US Only)||Physical access to data centers in the US region is restricted to employees who have been validated as being US citizens.|
|Surveillance||Physical access points to server rooms are recorded by CCTV. Images are retained according to legal and compliance requirements. Physical access is controlled at building ingress points by professional security staff utilizing surveillance, detection and other electronic means.|
Access control for systems
As an organization, we are committed to ensuring that your private data is never accessed by unauthorized personnel or for unauthorized reasons.
Access by technical personnel is limited only to members of the Operations team who need access for maintaining the security and availability of the service.
The following methods are in use to protect the system from unauthorized access:
Access control for personal data
Physical access is guarded by the means explained in section (Physical access control)
Soft access is based on organizational security levels. An audit of these is performed 2 times per year. Once personnel ends employment or for any reason changes security level/clearance, access rights are revoked and/or adjusted.
Access control during transfers
The following measures are implemented upon transferring of data:
In addition to the above rules, communication which may include personal data use encrypted electronic transportation.
|Site selection||Datacenter locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather and seismic activity.|
|Power||Datacenters electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day. We ensure that data centers are equipped with back-up power supply to ensure power is available to maintain operations.|
|Climate and temperature||Datacenters use mechanisms to control climate and maintain an appropriate operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages. Personnel and systems monitor and control temperature and humidity at appropriate levels.|
|Fire detection and suppression||Datacenters are equipped with automatic fire detection and suppression equipment.|
|Leakage detection||Datacenters are equipment and functionality to detect the presence of water. If water is detected, mechanisms are in place to remove water to prevent any additional water damage.|
|Data||Software backup are performed on data vital for the contingency of the service. This data is stored within our data centers and following the previous protection mechanisms. Data is normally stored for 90 days until being terminated.|
Some data we store can only be stored if you have given us your consent, while some data is required to fulfill our agreement with you. You can any time withdraw your consent by contacting us. If you decide to withdraw your consent, we may no longer we able to fulfill our agreement and deliver our services to you.
You can without any fee or cost require from us a register of what data we have of you. We shall reply to your request within a month.
It’s our responsibility that the data we process is correct. You as a customer have the rights to complete and adjust information/data that is missing or invalid. If you notice incorrect or faulty data connected to you, you have the right to demand it being corrected.
You have the right to be deleted from our systems if any of the following scenarios is true:
Right to object
You have the right to object to the data stored about you that we process in our balance of interests. If we decide that such processing is required, we must present to you the reason and our interests in doing so.
Right to limitation
You have the right to a temporarily limitation of processing your data. It can only be limited if the following scenarios:
When you have requested a limitation of data processing, we can continue to process your data until our investigation has ended. Such investigation cannot exceed 10 days.
Right to data portability
You have the right to request and receive the data stored about you if you wish to use the data for another purpose. For an example move your information to another operator or service.
This only apply if you have given your consent for data processing or if the processing is required for us to maintain and fulfill our agreement. You do not have the right to move any information or data if we process data due to local law requirements and/or our balance of interest.
If you feel that we have incorrectly processed your data, you may have the right to seek damages from us or bring an action for damages in court. Such a request must be made in writing to us.