Who we are
Digital Phone Company Ltd is part of the Digital Phone Company Group, which includes Digital Phone Company Ltd (DPC), Digital Phone Holdings Ltd, Online Mobiles Ltd t/a Hypermobile and Cedaro Ltd.
DPC also operates various Exchange Mobile Centers throughout the UK.
At Digital Phone Company Ltd (DPC, referred to in this policy as “us” or “we” or “our”) we take privacy seriously and want you to be fully aware of the personal data we collect, why we collect it and who we share it with. The following Privacy Notice sets out to achieve this.
If you wish to contact us regarding privacy or anything on this document please write to; Data Protection Officer, Digital Phone Company Ltd, 16 Southgates Road, Great Yarmouth, Norfolk, NR30 3LJ. Alternatively, you can email firstname.lastname@example.org or call 01493 855000. If our response is not to your satisfaction or you believe we are not using your personal data correctly, you have the right to complain to the Information Commissioner @ https://ico.org.uk/
- How we collect your personal information, why and what for.
- Why we process your personal information
- When and why we disclose your personal information to other organisations.
- Your personal information; along with your rights and choices
- The steps we take to ensure your information is kept secure and confidential.
- How long we will hold your information for.
- How to contact us.
Collection of personal information
The specific data that we collect is set out within our contract with the 3rd party.
Your personal data is collected directly from you when you enter into an agreement with the chosen network/supplier. This is taken verbally in-store or online via our website. Various checks take place to ensure accuracy and validity of the information provided. The type of information we collect will vary depending on the service you sign up to. For example, if signing into a mobile phone agreement with a third party, we will collect your name, DOB, address, contact details and bank details; other providers may require different information. Should you wish to find out the exact information we hold please e-mail email@example.com.
We also use your personal data to prevent fraud, inform you of our latest offers, to assist you with account queries/customer service and to send you service messages relating to your account. We may also share your data within the Digital Phone Company Group.
All our High Street stores have CCTV to protect our staff and customers. Footage is retained for 3-4 weeks and automatically removed when storage becomes low. Footage may sometimes be kept for a longer period of time; this happens when an incident takes place and the footage may need to be viewed by the Police (in the case of a crime), or for use internally by DPC. Exported footage is only retained until it is no longer needed for the purpose it was downloaded.
As an existing customer we may send you offers on products or services similar to those which you have previously purchased from us. You can opt out of this at the point you initially give us your personal information or by following the instructions in any future communication from us. Due to their nature, service messages may not contain opt-out instructions.
How we disclose your personal information
We will only disclose your personal information to companies or providers whom you have chosen to enter into an agreement with, for example; Sky, Vodafone, Pier Insurance (FoneSure). Your personal information is entered directly into the third party’s internal system; therefore, no data is transmitted via unsecure methods. Disclosure of this information will take place during the agreement setup in store or online. Third-party providers may also request to see documents that you have previously presented to us for the purpose of fraud prevention and data security.
Lawful basis for processing
There are 6 lawful bases for processing personal information:
- Legal Obligation
- Legitimate Interest
- Vital Interest
- Public Task
Only two of these are used by DPC.
This basis is used when we process your information for the purpose of taking out a contract with any third-party providers.
2. Legitimate Interest
Legitimate Interest is used for all other purposes where the Contract basis is not suitable. For example: processing customer information for marketing purposes or backing up data for the ability to recover from a system failure.
Legitimate Interest is used when we have a genuine, lawful need to process your information to achieve a business objective and our interest is not over-ridden by your own interests, rights or freedoms.
Your rights and choices
Right of Access
Should you wish to see the data that is being processed on you by DPC, you can request this in-store or via emailing firstname.lastname@example.org. Data will be provided free of charge unless the request is unfounded, excessive or repetitive; in which case a fee relative to the administrative cost of such a request will be charged. Information will be provided without delay and within 28 days of receipt of request. To provide you with a copy of the data we hold we will need to prove your identity using reasonable means.
Right to Rectification
You have the right to have inaccurate personal data rectified; you can request this verbally or in writing. DPC will take reasonable steps to ensure that the data is accurate and to rectify the data if necessary, within 28 days. Rectification will be free of charge unless the request is unfounded or excessive, at which point a reasonable fee may be requested. All processing on the person in question will be put on hold whilst DPC take steps to ensure the accuracy of the data. DPC will request the individual requesting rectification prove their identity before complying with the request.
Right to Erasure
The right to erasure, also known as the right to be forgotten, allows you to request any of your personal data be deleted. This right is not absolute and only applies in certain circumstances; for instance, if the personal data is no longer necessary for the purpose it was initially collected, or if we gained the data with your consent, and you withdraw that consent. We will respond within 28 days of receiving your request. We will request proof of ID to verify your identity before we act on the request.
Right to restrict processing
You have the right to request the restriction or suppression of your personal data, this is not an absolute right and will only apply in some circumstances. Should you request to restrict, verbally or in writing, we will only store the data and not use it. We will ensure this is done without undue delay and within 28 days of your request; we will request ID to prove your identity.
Right to data portability
The right to request that we move, copy or transfer your personal information that was originally given to DPC during the contract process. Data will be supplied in a structured, commonly used and machine-readable format (usually .csv). We will act upon the request without undue delay and within 28 days of receipt; we will require ID to prove your identity.
Right to object
If our lawful basis is legitimate interest, you have the right to object, in certain circumstances, to the use of processing your personal data. We will respond without undue delay and within 28 days of receipt of your request.
You have absolute right to object to the use of your personal data for direct marketing. We will stop sending you direct marketing at the earliest opportunity once the request is received. To object to direct marketing contact us in-store, or by emailing email@example.com.
Cookies are small pieces of data stored on your computer’s hard drive and browser which allow us to recognise your computer.
- To distinguish you from other users of our site and to track patterns of behaviour of visitors to our site.
- To enhance the functionality of our site which helps to provide you with a good user experience.
- For marketing purposes and to collect website traffic data and anonymous profiling.
- To identify your device and IP address to provide benefits to you including preventing the need to re-enter items you place in a shopping cart if you do not finish a transaction in a single visit.
- To reduce fraudulent activity via identification of your IP address and any prior activity relating to it.
- If we believe an order has been placed fraudulently, or our online system has been abused, we may share that information with third parties including the Police, credit card companies and any other organisation that may help to track and/or prevent future occurrences of fraud or abuse.
- Cookies are stored on your browser and you can choose to modify your browser to prevent this from happening. Please understand that if cookies are turned off, you may not be able to view certain parts of our sites that are designed to enhance your visit.
We take steps to keep the personal data we possess accurate and up-to-date and to delete out of date or otherwise incorrect or unnecessary personal data. Please remember that it is your responsibility to provide us with correct details as well as to update the personal data you have provided us with in case of any changes.
We will take reasonable steps to ensure your data is appropriately secured; this can include such technologies as firewalls, encryption, secured servers, implementing proper access rights management and maintaining strict procedures and processes.
We regularly back up our customer records to ensure we can recover from a system failure or natural disaster.
How long we hold your information for
The length of time we retain your information is dependent on what we are holding and why we are holding it. We will not keep your information for longer than is necessary for our business or legal requirements.
As a data processor we will hold your information for as long as the network and or supplier request us to, this is mainly for fraud prevention and data security along with contractual purposes.
As a data controller, we need your data to carry out legal obligations arising from any contracts entered between you and us. We may process personal data for up to 7 years if you are a prospective customer and for the length of your contract plus 7 years if you become a customer. This is in keeping with our legitimate interests and contractual obligations.
We may also store personal data for up to 7 years for any of the following reasons:
- Respond to any questions or complaints
- To show that we treated you fairly\
- To maintain records to comply with legal and regulatory rules that apply to us
- In keeping with our legitimate interests and contractual obligations
We may store your personal data in paper or electronic formats, both of which are stored securely. If we delete your personal information it may persist on back-up or archival media for legal, tax or regulatory purposes. Where data is deleted, we have processes in place to securely dispose of data we no longer require.
If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at firstname.lastname@example.org or write to us at Data Protection Officer, Digital Phone Company Ltd, 16 Southgates Road, Great Yarmouth, Norfolk, NR30 3LJ.