Cordless is a cloud telephony provider. This policy applies to your use of the site/service(s) (the "platform") owned and operated by us.
Under GDPR, there is a distinction between a “controller” and “processor” of personal data.
Where a Customer shares personal information with us, we are the processor of personal data and the Customer is the data controller.
In some circumstances, we may be the controller of personal information, for example in relation to usage information on our platform.
This policy explains what information we collect when you access our platform, how the information is used, and how you can control the processing, correction and/or deletion of such information.1. What data we process
This policy covers the personal data we process in relation to individuals who either i. access our website; or ii. are authorised to use our software/service (as "Authorised Users") under the terms of the SaaS Agreement, entered into by a Customer with us.2. Personal data we collect
Cordless collects personal data about you when you provide it to us, or when personal data about you is automatically collected in connection with your use of the platform. We collect the following personal data in connection with your use of the platform:
- Usage Data: information related to transactions you conduct on the platform, for example the functionality you use and the links clicked on our platform.
- User Account Information: information that identifies you to the platform, such as your name, email address and password. For example, we use this information to authenticate you when you log in to the platform.
- Log Data: information automatically recorded by the platform about how a person uses our platform, such as device and browser type, operating system, the pages or features of our platform to which a user browsed, the time spent on those pages or features, the frequency with which the platform is used by a user, search terms used by a user, the links on the platform that a user clicked on or used, and other statistics.
- Marketing and Communications: information we collect to identify or contact you such as your name and email address as well as your marketing and communication preferences.
We also collect and use statistical data derived from personal data, but which is not considered personal data in law as this data will not directly or indirectly reveal the individual identity ("Aggregated Data"). For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on our platform.3. How we collect personal data
We collect personal data when a user (i) creates an account (a "User Account"); (ii) logs into the platform; (iii) interacts with the platform; (iv) communicates with us; and (v) responds to a communication or interaction from us. Some of the methods and tools we use to collect personal data are:
Unique Identifiers: We use unique identifiers such as cookies, e-mail or your pseudonymised customer ID to track individual usage behaviour on our platform, such as the length of time spent on a particular page and the pages viewed during a particular log-in period.Cookies
: Like many websites and mobile application operators, we collect certain information through the use of "cookies" - small text files (made up of letters and numbers) that are saved by your browser when you access our service. Cookies can either be "session cookies" or "persistent cookies".
Session cookies are temporary cookies that are stored on your device while you are visiting our website or using our service, whereas persistent cookies are stored on your device for a period of time after you leave our website or service. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our platform, and how your use of it varies over time.
For more information on cookies, including how to control your cookie settings and preferences, visit http://www.allaboutcookies.org/4. How we use personal data
Cordless uses personal data to: (i) provide, administer, and improve our service; (ii) better understand your needs and interests; (iii) fulfil requests you make (including customer support queries); (iv) personalise your experience; (v) provide service announcements; (vi) protect, investigate, and deter against fraudulent, harmful, unauthorised, or illegal activity and (vii) comply with legal obligations.
For example, we use personal data to:
5. Lawful basis for processing personal data
- Operate and improve the platform;
- Learn more about our users and their behaviours;
- Facilitate communications among and between users;
- Evaluate eligibility of customers for certain offers, products, or services;
- Evaluate the types of offers, products, or services that may be of interest to users;
- Communicate with users regarding support, security, technical issues, commerce, marketing, and transactions;
- Facilitate marketing, advertising, surveys and promotions;
- Administer the service and carry out our legal/contractual obligations; and
- Identify usage trends, which may be derived from personal data.
We will only use personal data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity: We process the following categories of personal data because we need to process the data in order to provide our service to you. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the service that require such data:
- Contact Information
- User Account Information
- Usage Information
Legitimate Interest: We process the following categories of personal data when we believe doing so furthers our legitimate interest or that of third parties:
- Contact Information
- User Account Information
- Usage Information
- Log Data
of these legitimate interests include:
- Operation and improvement of our business, products, and services
- Marketing of our products and services
- Provision of customer support
- Protection from security threats
- Compliance with legal obligations
Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.6. Opting out
Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser’s support feature.
Through your web browser, you may be able to:
- Delete existing Tracking Tools
- Disable future Tracking Tools
- Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set
Do Not Track ("DNT"): DNT is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services.
Emails: You can opt-out of non-essential emails such as marketing emails by clicking on the unsubscribe link at the bottom of each such email. Note that you cannot opt-out of emails that are essential to providing Cordless services relating to customer service, security, billing, or pursuant to legal/contractual obligations.
Withdrawing consent: Where you have consented to Cordless’s processing of your personal data, you may withdraw that consent at any time and opt out of further processing by contacting us on firstname.lastname@example.org.
If you would like to object to the use of your personal data for certain purposes, such as for marketing purposes, or if you would like to ask us to restrict further processing of your personal data, please contact us on email@example.com. International Transfers
Where we transfer personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
8. Accessing, correcting and deleting your data
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
You have the right to request a copy of some or all of your personal data — please contact us on firstname.lastname@example.org to do so. We also want to make sure that your personal data is accurate and up-to-date, so please email us if you would like to amend or delete it.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.9. How long we keep personal data
We are required under UK tax law to keep your name, contact details and billing data for a minimum of 6 years (after which it will be destroyed). Other data will be deleted as and when there is no longer a lawful basis for processing it.10. How and when we disclose your data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.Disclosure to comply with the law
We may disclose personal data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the platform and any facilities or equipment used to make the services available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.Disclosure to third parties
We may share personal data with:
- third party providers who provide us with support, hosting, and database management services;
- outside professional advisors (such as lawyers and accountants) for purposes related to the operation of our business such as auditing, compliance, and corporate governance; and
- our subsidiaries.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.11. How long will personal data be retained for?
We will only retain personal data for as long as reasonably necessary, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete personal data that we process on your behalf.12. How we store and protect your data
If you are a Customer located outside the UK and choose to provide information to us, be advised that personal data will be processed in accordance with our data processing agreement. Customer End User Data is stored securely on the Google Cloud Platform and hosted in the UK.13. Visiting other websites
If an individual applies for a role at Cordless, it will be necessary for us to use personal information provided as part of the recruitment process.
If you apply for a job with us, we may collect the following categories of personal information:
- Personal details (name, title, address, contact details and emergency contact)
- Email address
- Employment history
- Education history
- Any personal information you provide in your CV, application form or other correspondence
- Any personal information you provide to us at interview
If you apply for a job with us, we may also collect personal information about you from the following sources:
- Directly from you (for example, information provided on CVs, application forms and during interviews)
- Right to work documents (for example, passports and visas)
- Recruitment agencies
- Referees and former employers
- Disclosure and Barring Service in respect of criminal convictions
- Publicly available information
We use and store personal information relating to applicants to decide whether they are suitable for employment with Cordless. This will involve using personal information to do the following:
- Assess skills, qualifications, and suitability for a role
- Establish right to work
- Carry out background and reference checks, where applicable
- Communicate with you about the recruitment process
- Keep records related to our hiring processes
- Comply with legal or regulatory requirements
Our main legal ground for using your personal information is that it is necessary to take steps at your request to decide whether to enter into a contract of employment. Where we use your personal information for reasons other than entering into a contract with you, we will only do so on the legal ground that doing so is necessary for the purposes of the legitimate interests of our business.
We will retain personal information collected for the recruitment process for a period of two years after we have told an applicant our decision about whether or not to appoint them to a role.15. Changes to this Policy
Please revisit this page periodically to stay aware of any changes to this policy, which we may update from time to time. Your continued use of the service after the revised policy has become effective indicates that you have read, understood and agreed to the current version of the policy.16. Security
We will process personal data in a manner that ensures appropriate security of the personal data, including protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All information you provide to us is stored on our secure servers.17. Contacting Us
Supportal Technologies Limited trading as Cordless ("Cordless") is a company registered in England and Wales with company number 13010030 and it's registered office at 3rd Floor, 65 Clerkenwell Road, London, England, EC1R 5BL.
If you have any questions, comments or want to raise issues about this policy, please contact us on email@example.com
Last updated: 7 February 2022