1. Who we are
Established in 2011, VENNCOMM (a data processor) are a high-spec, app development company specialising in the Enterprise Mobility Management/MDM space.
Our registered address is:
Wells & Associates
10 Lonsdale Gardens
VENNCOMMs Data Privacy Advisor is Michael Connell
If you have any questions about how we process personal data, or would like to exercise your data subject rights, please email us at email@example.com
2. Collection of personal data
We collect personal data from you for one or more of the following purposes:
a. To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;
b. To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of services;
c. To fulfil a contract that we entered into with you or with the entity that you represent;
d. To manage any communication between you and us.
The table below provides more information about the data we collect for each of these purposes, the lawful basis for doing so and the period for which each type of data will be retained.
In addition, and in order to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
a. Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
b. Your browser type and version and time zone settings;
c. Operating system and platform;
d. Information about your visit, including the Uniform Resource Location (URL) clickstream to, through, and from our site.
3. Lawful basis for the processing of personal data
The table below describes the various forms of personal data we collect and the lawful basis for processing this data. VENNCOMM has processes in place to ensure that only appropriate employees with the correct rights within our organisation can access your data. A number of data elements are collected for multiple purposes, as the table below shows. Some data may be shared with third parties and where this happens, this is also identified below.
|How we collect your information||Data Collected||What we do with your information||Who we share this information with||Retention period||Lawful basis for processing|
|We may record calls with our customers||Voice recordings that may include; names, business addresses, phone number, location, email address and business sector||For training and accuracy purposes||Internally only||Up-to 8 years||Contractual,
|We collect information from our customers when they enter competitions and promotions or complete surveys for us||names, business addresses, phone number, location, email address and business sector||Promotional and marketing purposes||Internally only||1 Year||Consensual|
|We collect bank account information over the phone or in person when customers purchase VENNCOMM services||Direct debit account details, names, business address, location, email address, phone number||To fulfil orders||Internally and with third-party payment processing organisations||Maximum of 8 years from the data of performance of contract.
8 Years for VAT records from the performance of the contract
|We collect information via email when provisioning VENNCOMM services||Names, email addresses, phone numbers, phone type, home country||To provision App users||Internally and with third party telecoms providers, number provisioning organisations, and data compliance service providers||1 year from the termination of contract||Contractual,
Consensual (proof of concept)
|We may collect some information in the interests of data security||Security information||To protect our services from cyber-attack or other threats and to report any illegal acts||Internally and with third-party information security specialists that may be contracted to investigate||Relevant statutes of limitation||Legitimate interest|
|We collect information stored on your mobile device||Phone make, model, operating system||To provide full functionality of the VENNCOMM TALK app and provide analysis for cost efficiencies||Internally only||1 Year from termination of contract||Contractual|
4. Storage of personal data
VENNCOMM is a UK-domiciled organisation whose primary offices are in the UK.
• VENNCOMM TALK conferencing services are hosted within the UK and are accessed only by EU-based staff.
• Our cloud document storage provider hosts our data in the UK.
• VENNCOMM is the data controller for all data stored within our cloud service providers.
• Our payment processing services are all based in the UK.
• In partnership, VENNCOMM may provide additional services that are based outside of the EEA. These services have been vetted to ensure that meet the requirements of General Data Protection Regulation and applicable UK law.
VENNCOMM's information security management system (ISMS) is certified to ISO/IEC 27001:2013. VENNCOMM is also Cyber Essentials certified.
Although we believe we have appropriate security controls in place to protect personal data, we do not have any control between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your information. We accept no liability in respect to breaches that occur beyond our sphere of control.
6. Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.
In many cases a data subject utilising our services will be employed by an organisation that then contracts the services with VENNCOMM. In these cases the end user (you) are the Data Subject, the organisation is the Data Controller and VENNCOMM is the Data Processor.
When VENNCOMM is acting as a data processor on behalf of an organisation you should direct your request to the data controller. VENNCOMM will then work directly with the data controller to provide you this information.
Your rights are as follows:
The right to be informed
The right of access
You may request a copy of personal data we hold about your free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information.
a) The purposes of the processing
b) The categories of personal data concerned
c) The recipient to whom the personal data has been disclosed
d) The retention period or envision retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
If there are exceptional circumstances that mean VENNCOMM can refuse to provide the information, VENNCOMM will explain them to you. If requests are frivolous or vexatious, VENNCOMM reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), VENNCOMM will inform you.
The right to rectification
When you believe VENNCOMM hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used in conjunction with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure
Where no overriding legal basis of legitimate reason continues to exist for processing personal data, you may request that VENNCOMM delete your personal data. This includes personal data that may have been unlawfully processed. VENNCOMM will take all reasonable steps to ensure erasure.
The right to data portability
You may request your personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
Your right to object
You have the right to object to our processing of your data where:
• Processing is based on legitimate interest;
• Processing is for the purpose of direct marketing;
• Processing involved automated decision-making and profiling.
7. Contact us
Alternatively, you can contact us at our UK offices:
1 Fore Street
Tel. 03450 582 313
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about the processing of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the Information Commissioner's Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us
This policy was last updated on 22/05/2018