Privacy Notice For The Sure Group Of Companies
The Sure group of companies operates in a number of jurisdictions worldwide and are required to provide you this information.
The following are the Sure data controllers in the Channel Islands and Isle of Man:
Sure (Jersey) Limited
Sure (Guernsey) Limited
Isle of Man
Sure (Isle of Man) Limited
Data Protection Officer
Because Sure takes the security of your information seriously we have a designated Data Protection Officer, their contact details are as follows:
The Data Protection Officer
Types of Personal Data we Process
• Contact details including name, installation address, phone numbers and email addresses, proof of identity and billing address.
• Information about the services you contract for with Sure including your use of such services;
• Financial information such as payment related information,
• Details of your use of our services and billing information
• Details of visitors to our premises and meeting attended, including CCTV footage.
• Recordings of phone calls to our Customer Service Centre as well as other communications such as email.
• Information regarding the employees and agents of our Enterprise customers, their roles and contact details.
• Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.
[We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Purpose and Legal Basis for Processing
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
||LAWFUL BASIS FOR PROCESSING
|To provide your contracted services, and to provide customer services support on these services, including service calls to our call centre;
||The legitimate interest of Sure Group as a provider of telecommunication and technology services is to process personal data for the purpose of providing these services.
To fulfil contacted services with individuals who are the customers of Sure.
|To provide you updates regarding our services;
||The legitimate interest of Sure is to ensure its customers are informed regarding changes to the services it provides.
|To allow us to review, develop and improve our products and services;
||The legitimate interest of Sure is to ensure that it’s business is carried out effectively with the intention of enhancing customer service.
|To occasionally carry out market research
||The legitimate interest of Sure Group is to provide services that are required by its customers ad to assess demand for new and changing services in addition to understanding its customers view of existing services.
|To send you details of products and services we think will be of interest to you. However, you have the option to choose not to receive this information
||The legitimate interests of Sure Group as a provider of telecommunications and technology baser services is to process personal data to communicate with persons on topics that may be of interest to those individuals.
Individuals may withdraw their consent to receive this information by informing our Customer Service Centre or other Sure representative.
|To ensure the security of Sure staff, systems and premises including client equipment hosted by Sure. (CCTV and door access logs)
||It is a legitimate interest of Sure to protect its staff and systems as well as client equipment it is contracted to host.
|To meet legal, regulatory and ethical obligations applicable to Sure Group.
||In order to meet our legal obligations, in certain circumstances this may require us to provide your information to law enforcement agencies or other public bodies.
|For purposes of internal training
||The legitimate interest of Sure to improve the customer service it delivers through training, this may involve processing of your data to identify training needs.
|Debt collection, fraud prevention and credit checks
||It is in the legitimate interest of Sure to minimise the bad debts it incurs through the provision of its contracted services. We may therefore process your data in order to perform a credit check prior to entering into a contract with you, or when a material change in our relationship occurs. Sure does not utilise automated decision making in its processing of your data. Where an overdue debt is owed to Sure, it is in our legitimate interest to recover the funds owed to us, this may involve processing your data; sharing details of the dept with debt collection services, lawyer or the courts.
|Prevent and detect crime
It is in the legitimate interest of Sure to prevent and detect crime against itself and its customers. This may involve the sharing of your image captured on our CCTV, door access data from our systems, or log information regarding your use or interactions with our telecommunications infrastructure including any misuse of our networks.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sources and Recipients of Personal Data
Transfers of Personal Data to Third Countries
As Sure is part of an international group of companies operating globally we may store your personal data in your home country and/or we may transfer your personal data to other Sure group companies and carefully selected business partners and third party suppliers in other countries around the world where it has your consent or where it is necessary to do so because it is relevant to Sure’s dealings with you. In all cases we will ensure the surety of the transfer of your data.
These may include:
• Suppliers who support our services to you such as billing and directory services.
• Suppliers who support the security of our telecommunications infrastructure and services we provide to you
• Our parent company • Audit firms and certification bodies working for ourselves and / or our parent company.
• Debt collection services,
• Third parties to whom you have authorised your data to be disclosed.
In the event that a third party is outside the European Union and where the data being transferred include personal data we will ensure that the relevant requirements of applicable data protection laws are met.
Period Data Will be Stored
Sure Group only keeps data for as long as necessary to fulfil the purpose it was collected including for the purposes of satisfying any legal, accounting, or reporting requirements. In most cases no personal data will be held on an individual who is no longer a Sure customer after 10 years. There may be limited exceptions where some information is required to be kept longer. Any requests for further information in relation to the continued processing of specific data, or requests for destruction of data should be made to the Sure Data Protection Officer.
Rights of Data Subjects
Data subjects in the European Union or jurisdictions with equivalent data protection laws (to The European Data Protection Regulation) have certain rights in respect to their personal data. These rights include:
• to withdraw consent to processing previously given,
• to access to your data (Subject Access Requests,
• to have your data corrected, or updated,
• to have your data deleted,
• to have access to your data restricted,
• to have your data provided to a third party,
• to object to any particular processing.
Any request to relating to the above rights should be addressed in the first instance to the Sure Data Protection Officer at email@example.com
Exercising of the above rights may result in Sure being unable to provide you some or all of the services you have requested from Sure.
Subject Access Requests
Under relevant data protection laws, you have the right to access your personal data held by Sure. This is known as a Subject Access Request (SAR). The process you should follow to do this is set out below.
You can make a SAR to receive your own personal data. Or a third party can make a SAR for you, with proof they have your permission.
If you’re a Sure customer you may be able to access your bills online, or you can request copies through our customer service team.
Only information considered to be your personal data will be released under a SAR. We won't be able to provide information that may also relate to other data subjects such as:
• Content of any communications including text messages, calls or voicemail;
• Information about your incoming and/or outgoing calls or texts (unless provided in your standard bill);
• Any data held on your phone e.g. photos, contacts.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We aim to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional information and offers from us
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You may receive marketing communications from us if you have requested information from us or purchased goods or services from us [or if you provided us with your details when you entered a competition or registered for a promotion] and, in each case, you have will have opted in to receiving marketing material.
We do not share your personal data with any company outside the Sure group for the purpose of marketing their products to you.
You can ask us to stop sending you marketing messages at any time by contacting us by calling our call centre, e-mailing firstname.lastname@example.org or writing to our data protection officer at the address above at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
Version 0.5 June 2019