1) Who we are (Controller)
- Controller: VoIPTelco
- Registered office: Leicester, UK
- Company number: [Company No.] (registered in [jurisdiction])
- Email: privacy@voiptelco.co.uk
Data roles. We act as:
- Controller for website data, account/billing information, service analytics and traffic data we must keep to run our network.
- Processor for customer-controlled content such as call recordings, contacts and integrations where we process strictly on your (the customer’s) documented instructions. If applicable, our Data Processing Addendum forms part of your contract.
2) What data we collect
We only collect what we need for the purposes set out below.
a) Identity & contact – name, job title, company, email, phone, postal/billing addresses.
b) Account & configuration – user IDs, role/permissions, call flows, IVRs, queues, device provisioning, Teams/CRM integration settings.
c) Service usage & network/traffic data – call detail records (CDRs: numbers dialled/received, timestamps, duration, routing, quality metrics), SIP signalling logs, IP addresses, device/user agent, connection diagnostics, voicemail metadata.
d) Call recordings & transcripts (optional) – if you enable recording and/or speech-to-text. You control retention and access.
e) Numbering & porting – Letters of Authority, current provider details, numbers requested/ported, address validation.
f) Support communications – emails, chat transcripts, tickets, diagnostic files.
g) Billing & payments – invoice history, payment method references, VAT details (we do not store full card numbers on our systems).
h) Marketing preferences – newsletter/updates consent status, unsubscribe logs.
i) Website & cookies – pages viewed, approximate location, referrer, and cookie IDs; see /cookie-policy/.
We do not intentionally collect special-category data. Please avoid sending such data unless necessary and agreed.
Sources. We collect data from you, your employer (if you use the service on their behalf), our carriers/numbering partners, public records, and from the devices/apps you use to access our services.
3) Why we use your data (purposes & lawful bases)
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide and operate the services | Set up users, numbers and routes; enable calls; deliver features (IVR, queues, recording, analytics); provision devices | Contract |
| Customer care & troubleshooting | Diagnose call quality, investigate faults, handle tickets | Contract / Legitimate interests |
| Port numbers & regulatory duties | Process LOAs, liaise with carriers, comply with Ofcom/UK law | Legal obligation / Contract |
| Billing & account management | Invoicing, payments, credit control, service notices | Contract / Legal obligation |
| Security & fraud prevention | Detect abuse/spam/fraud; secure accounts and network | Legitimate interests / Legal obligation |
| Improve our services | Quality monitoring, capacity planning, product analytics (aggregated/psuedonymised where possible) | Legitimate interests |
| Marketing (B2B) | Emails about updates, offers and events; customer stories | Consent (where required) / Legitimate interests under PECR |
| Legal claims & compliance | Record keeping, responding to lawful requests | Legal obligation / Legitimate interests |
Call recordings & transcripts. If you enable recording, we process recordings and metadata to provide playback, search and compliance features, strictly per your configuration. You are responsible for informing callers/agents and setting retention.
Cookies & analytics. We use necessary cookies to run the site and, with consent, analytics/advertising cookies. See /cookie-policy/.
4) Sharing your data
We never sell your personal data. We share it only with trusted recipients for the purposes above:
- Telecoms carriers & numbering partners – to provision/port numbers and route calls.
- Hosting & cloud providers – secure infrastructure and storage.
- Support, CRM & ticketing platforms – to manage your requests.
- Payment processors & accounting tools – to take payments and keep records.
- Integration partners (optional) – e.g., Microsoft Teams, CRM systems you connect.
- Professional advisers & insurers – legal, compliance and audit.
- Regulators & law enforcement – where required by law or to protect rights/safety.
- Corporate transactions – if we undergo a merger, acquisition or reorganisation.
We ensure appropriate contracts are in place with our processors.
5) International transfers
Some providers may process data outside the UK/EEA. Where this happens we use approved safeguards (e.g., UK IDTA or EU Standard Contractual Clauses plus UK Addendum) and assess the destination’s laws and practices.
6) How long we keep data (retention)
We retain data only as long as necessary for the purpose collected or to meet legal obligations.
| Data category | Typical retention |
|---|---|
| Account, contract & billing records | 6 years after the end of contract (tax/records limitation) |
| Support tickets & diagnostics | up to 3 years after closure |
| Call detail records (CDRs) | 12 months by default (may vary for fraud/abuse or legal holds) |
| Call recordings & transcripts | Per your settings (you control retention/purge) |
| Device/signalling logs | 90–365 days depending on log type |
| Marketing contacts | Until you unsubscribe or after 24 months of inactivity |
| Cookie consent logs | 6–12 months |
If you need a different retention profile for compliance, let us know and we’ll document it in your agreement.
7) Security
We apply appropriate technical and organisational measures, including: encrypted transport (TLS), segmented networks, role-based access with MFA, least-privilege controls, hashing of credentials, audit logging/monitoring, backups, and employee training. No system is 100% secure; you also play a role by using strong passwords, MFA, and keeping devices updated.
8) Your rights (UK GDPR)
You have the right to access, rectify, erase, restrict or object to processing, and to data portability. Where we rely on consent, you may withdraw it at any time. We will respond within one month (extendable in complex cases). We may request proof of identity.
- To exercise rights: email privacy@[your-domain].
- For recordings/contacts we process as processor, please contact your employer/admin first so we can act on their instruction.
Complaints. You can complain to the Information Commissioner’s Office (ICO):
ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
9) Children
Our services are for organisations and professionals. We do not knowingly collect data from children.
10) Marketing & preferences (PECR)
We send B2B marketing only where permitted or with your consent. You can unsubscribe via any email or by contacting us. Non-marketing communications (service/ billing/ security notices) will still be sent.
11) Cookies and similar technologies
See /cookie-policy/ for full details and to manage your preferences. You can change settings at any time via the site’s cookie banner or your browser controls.
12) Automated decision-making
We do not conduct automated decisions that produce legal or similarly significant effects. Limited automated checks (e.g., fraud/abuse detection, rate-limit rules) may run to protect our network.
13) Third-party links
Our site may link to other websites/apps. We are not responsible for their privacy practices. Review their policies before providing data.
14) Changes to this policy
We may update this notice from time to time. We will post the new date at the top and, if changes are material, notify account contacts.
15) Contact us
Questions, requests or complaints about privacy?
Email: privacy@voiptelco.co.uk