Privacy Notice

Effective as of October 28th, 2020

At Compatel, we care about your personal data. It is very important to us to be transparent about the data we collect about you, how we use such data and with whom we share it. Therefore, we advise you to read the following Privacy Notice to be informed about the processing of your personal data.

We believe that the responsible use of data supports business growth and builds strong relationships between partners, consumers, and brands. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact.


1. Definitions
2. About Compatel Services
3. Controller’s contact details
4. How do we obtain your personal data?
5. What personal data do we collect, why and on which legal basis? How do we use it and how long do we keep it?
  5.1. When we provide the Services to our customers
  5.2. When you provide your products or services to us (suppliers)
  5.3. When you contact us with a question about our products and services
  5.4. When you visit our website
6. How and with whom do we share your personal data?
7. How do we transfer your personal data outside the EEA?
8. What are your rights in respect of your personal data?
9. How can you object to the processing of your personal data?
10. How can you exercise your rights?
11. Do we conduct automated decision-making that significantly affects you?
12. How long do we keep your personal data?
13. Information from children
14. How often do we update this Privacy Notice?

 

  1. DEFINITIONS

In the text, we use specific data protection terms, and their definitions are the following:

The term “Compatel” or “us” or “we” or “our” refers to the company Compatel Limited, with its registered office in the United Kingdom, London WC1R 4HE, 26-28 Bedford Row, registration number 7456831. 

Compatel, which is a part of the Infobip group, is a worldwide provider of telecommunications services acting as a Mobile Virtual Network Operator (MVNO) and fixed line operator.

The term “GDPR” means the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC).

The term “personal data” means any information about you by which you can be identified, directly or indirectly.

The term “controller” means the natural or legal person which determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the GDPR and other applicable European and national regulations on personal data protection.

The term “processor” means a natural or legal person who processes personal data on behalf of the controller.

The term “Services” means telecommunications services, including cloud messaging services with vast-volume capacity and high delivery rates to anywhere in the world. 

The term “you” refers to a natural person (an individual) whose personal data Compatel collects and processes.

 

  1. ABOUT COMPATEL SERVICES

Compatel is a next-generation MVNO offering innovative solutions and carrier-grade capability for cloud telephony. Our mission is to broaden existing operator service portfolios, connecting innovative companies with their global customers’ end user base through locally relevant telecommunications products and trusted operator relations. 

We are able to deliver messages that our customers send to their end users, independent of where they are located, through our connections with telecoms and other communications providers operating all over the world.

While providing Services to our customers and processing personal data, we act either as the controller or the processor, depending on the situation.

Our customers are mainly companies that integrate our Services into their business operations through their own software applications (via API). 

We are not in a direct relationship with our customers’ end users, so we distribute these communications through telecom operators and other communications providers.

We act as the processor when processing the personal data of individuals on behalf of our customers, and for the sole purpose of providing our Services to them. We do that within limits and according to the customer’s instructions as well as in line with the service terms and conditions, the agreement for Services and/or data processing agreement concluded with the customer.

For example, when you, as an end user of our customer, are the recipient of communication that our customer sent you by using our cloud messaging services (such as an SMS message), we send that customer’s communications acting on behalf of our customer. That means that the customer is the controller, and Compatel is the processor.

Any request we may receive from customers’ end users regarding their rights related to our activities taken on behalf of our customers will be forwarded to customers, or the end users will be asked to contact them directly.

In situations when we process personal data for our own purposes and do not act on behalf of someone else, we act as the controller and we are committed to processing that data as described in this Privacy Notice and respecting all obligations arising from the GDPR and other applicable data protection legislation.

 

  1. CONTROLLER’S CONTACT DETAILS

Compatel Limited, with its registered office at the United Kingdom, London WC1R 4HE, 26-28 Bedford Row

Contact details of all group companies are available at: https://www.infobip.com/offices.

If you have questions regarding this Privacy Notice, you can reach our Data Protection Officer at the email address dpo@compatel.com. 

 

  1. HOW DO WE OBTAIN PERSONAL DATA?

Most of the personal data we process is provided to us directly by you for one of the following reasons:

  • For the creation of an account to enable the provision of our Services 
  • You visited our website and/or you initiated communication with us

We also receive personal information indirectly, such as in situations where:

  • Our customer or supplier provided us with the contact details of its representatives and personnel who will be our business contact points
  • Our customer provided us with contact details of its end users (such as a telephone number or email address) when using our Services.

 

5. WHAT PERSONAL DATA DO WE COLLECT, WHY AND ON WHICH LEGAL BASIS? HOW DO WE USE IT AND HOW LONG DO WE KEEP IT?

 

5.1. When we provide the Services to our customers
5.2. When you provide your products or services to us (suppliers)
5.3. When you contact us with a question about our products and services and when we are looking for new business opportunities
5.4. When you visit our website

 

5.1. When we provide the Services to our customers

5.1.1. To create the customer’s account and enable the customer to start using our Services:

What personal data do we collect?

We collect customer’s “account data”, which is data that relates to the customer’s relationship with Compatel.

In order to create a customer’s “account” we ask for your name, contact details (e.g.: phone number, email address, country) and certain related information such as your company’s name, industry and your business role.

Within the customer’s account we also collect billing information (such as the billing address, information on whether the customer is a legal entity or an individual or a post-paid subscriber, and further information if we are legally required to, depending on each country’s legislation).

When doing business with legal persons, we may collect personal data (such as the name, business contact details, position in the company) related to their representatives and other personnel that will be our contact points.

Collecting your name, contact details, and billing information is necessary for us in order to enter into an agreement for Services with you. Therefore, we will not be able to provide you with our Services without collecting this basic information.

 

How do we collect personal data?

If you, as an individual, are our customer, we obtain this data directly from you. If your organisation is our customer, we may obtain your personal data either directly from you or via your organisation.

 

Why do we collect personal data, under which legal basis, and how do we use it?

We collect and use collected data for agreement signing and agreement administration purposes, to create your account and enable you to use our Services, to keep your account secure, to provide you with customer care and technical support, to share relevant information about our products and services, and to exercise our rights and fulfil our obligations arising from the business relationship that we may have with you or with your organisation.

Conducting these activities is our legitimate interest according to GDPR article 6.1.(f) in the sense of providing our Services to your organisation. However, if you personally are our contractual counterpart, we process your data because it is necessary for the performance of an agreement for Services, or in order to take steps, at your request, prior to entering into the agreement in accordance with GDPR article 6.1.(b).

 

5.1.2. To enable customers to exchange their communications by the use of our Services and to ensure the security of our network and Services:

What data do we collect?

We collect traffic data. Traffic data is data that is processed for the conveyance of a communication exchanged by using our Services or for billing related to that communication, and it includes data on the routing, type, duration, and time of the communication. So, this data encompasses data used to trace and identify the source and destination of a communication (including the customer’s end user’s telephone number, depending on the Service provided).

We also collect the commands your application communicates to Compatel (such as your IP addresses, information on your usage, routing information), as well as logs on your activities created during your use of our Services, and we connect this information with your account details.

How do we collect this data?

We receive the customer’s end user’s telephone number from our customer, while other traffic data are automatically generated or unveiled during the process of conveyance of a communication.

 

Why do we collect this data, under which legal basis, and how do we use it?

We collect and process traffic data to provide customers with our Services, that is, to manage traffic with the purpose of transmitting a customer’s communications toward or from telecom operators and other communication networks in order to handle a customer’s enquiries and to calculate charges.

If you, as our customer, are an individual, we rely on GDPR article 6.1. (b) for these processing activities since it is necessary for the performance of our agreement on Services. If our customer is a legal person, we rely on our legitimate interest (GDPR article 6.1.(f)).

We also process traffic data to prevent spam and fraud, for troubleshooting and detecting problems with the network, and to settle interconnection payments with telecom operators and other communications providers. Should we have a billing dispute with our customer or with telecom operators or other communications providers, we may need to use traffic data related to routing (including the end user’s telephone number, as well as the customer’s IP address) in order to resolve it. The carrying out of these activities is our legitimate interest in the sense of GDPR article 6.1.(f).

In order to comply with our legal obligations (article 6.1.(c) GDPR), we may be obliged to retain records containing communications-related data as stipulated in the relevant national data retention provisions regulating a law enforcement matter and to share them upon government request.

We collect logs on your activities created during your use of our Services and connect this information with the customer’s account details in order to secure the customer’s account, to prevent or detect fraudulent activities, and to ensure the security of the Compatel network. This information is necessary to construct the timeframe of a user’s activities in the case of security-related incidents, and to be able to take adequate steps for mitigation. IT security is crucial for us, so for these activities we rely on our legitimate interest and on the legitimate interest of our customers (GDPR article 6.1.(f)) to maintain and improve the security of our network and Services.

 

5.2. When you provide your products or services to us (suppliers)

What personal data do we collect?

If you, as our supplier, are an individual, we collect your name, contact details (such as your address, phone number, email address), certain related information such as your company’s name, industry and your business role, and your billing information (e.g.: billing address, your VAT number, bank account details, and further information if we are legally required to and in accordance with applicable national legislation).

When doing business with legal entities, we collect personal data related to their representatives and other personnel that will be our contact points (such as their name, business contact details, position in the company).

Collecting this data is necessary for us in order to enter into an agreement with you. Therefore, we will not be able to purchase your products or services without collecting this personal data.

 

How do we collect personal data?

If you, as an individual, are our supplier, we obtain this data directly from you. If your organisation is our supplier, we may obtain your personal data either directly from you or via your organisation.

 

Why do we collect personal data, under which legal basis, and how do we use it?

We collect and use this data for agreement signing and agreement administration purposes, to maintain and improve our business relationship, to get relevant information about our suppliers’ products or services, or to share relevant information about our business and services with you, as well as to exercise our rights and fulfil our obligations arising from the business relationship that we may have with you or your organisation.

Conducting these activities is our legitimate interest according to GDPR article 6.1.(f) in the sense of purchasing products or services from a supplier that is a legal person. However, if you personally are our contractual counterpart, we process your personal data because it is necessary for the performance of an agreement or in order to take steps, at your request, prior to entering into an agreement in accordance with GDPR article 6.1.(b).

 

How long do we keep your personal data?

If you, as our supplier, are an individual, we will keep your personal data collected when entering into an agreement (such as your name, contact details, billing details, as well as the agreement concluded with you and billing documentation) for a period defined by applicable tax and financial legislation.

Your requests and other communication exchanged with our support team via our help desk (support ticketing) system will be kept for three years after the end of the agreement.

If our supplier is a legal person, the personal data of the supplier’s personnel that were our contact points during the business relationship will be deleted or made anonymous within 12 months after the end of the provision of the Services.

If legal matters such as litigation, law enforcement requests or government investigations require us to preserve records, including those containing personal information, we will delete the records in question when we are no longer legally obligated to retain them.

 

5.3. When you contact us with a question about our products and services and when we are looking for new business opportunities

What personal data do we collect?

We may collect your name and basic contact and business information such as your email address. We will also collect any other information you choose to send us, depending on the nature of our communication.

How do we collect your personal data?

We may collect this information directly from you through our forms available on our website. 

We are constantly searching for new business opportunities. Therefore, we may collect your contact and business information indirectly, through business and professional networks and databases (such as LinkedIn) or we may employ third parties that supply us with information collected from publicly available sources and data enrichment providers. We only retain information that will help us reach potential customers and suppliers that could benefit from our services and products or whose products and services we are interested in.

 

Why do we collect personal data, under which legal basis, and how do we use it?

We collect this information to contact you, answer your questions, and to find out if you or your organisation are interested in further collaboration with us.

We use your personal data to provide you with the requested information about our products and services and to see if you are interested in using them or if we can benefit from using your products and services, as well as to provide you with all the necessary information and support required to ensure mutually beneficial and satisfying collaboration if you become our customer or supplier. Any further processing of your personal data will be based on the business relationship established with you or your organisation and on lawful processing grounds.

Such activities represent our legitimate interest in accordance with GDPR article 6.1.(f).

If there will be mutual interest in entering into an agreement, we will process your personal data within the presales and purchasing process to ensure adequate technical and administrative support (tender procedures, negotiations, and concluding agreements). In accordance with GDPR article 6.1.(f), it is our legitimate interest to conduct this process properly. If you personally are our contractual counterpart (as an individual), we process your data because it is necessary for the performance of a contract or in order to take steps, at your request, prior to entering into a contract in accordance with GDPR article 6.1.(b).

 

How long do we keep your personal data?

If we do not enter into an agreement, we will delete your personal data collected for this purpose within six months after our last communication.

In any case, if you no longer wish to be contacted by our dedicated team, you can always object to being contacted by them by sending an email to info@compatel.com.

 

5.4. When you visit our webpage

 

We use third-party services such as Google Analytics when you visit www.compatel.com in order to collect standard internet log information and details on visitor behaviour patterns. We do this to find out information such as the number of visitors to various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of visitors to our website.

When you browse our website, we automatically place necessary cookies on your browser. You can opt in to accept advertising or analytical cookies. The information we collect helps us maintain and improve our website and business. For detailed information please read our Cookie Notice. There you will be able to find out more about how to manage your advertising preferences to suit your needs.

We do not and will not sell, rent, or share any information in any shape or form to any third parties for advertising or similar marketing purposes.

 

6. HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

Since we are a global company, we may share your personal data within Infobip group companies to complete internal procedures within our offices, to perform certain processing activities on a global scale, or to support you in the use of our products and services. Infobip group companies can be engaged as processors or, in certain situations, can act as joint controllers.

All Infobip group companies will only use the personal data as described in this Privacy Notice. All intercompany processing of personal data is regulated by the Infobip group’s intercompany agreements on personal data processing and transfer and where applicable with European Commission standard contractual clauses.

Notwithstanding the foregoing, as a rule, we do not share personal data with third parties except when necessary, such as:

 

  • With other telecom operators and other communications service providers when necessary for the set-up of proper routing and connectivity. 
  • With third-party service and technology providers, to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal information with our trusted and verified third-party service providers, for example, in order to enable them to process payments for us or to prevent fraud.
  • Due to relevant legislation. If we are presented with the legal obligation to, we will share the data with third parties that are legally entitled and authorized to request it, such as for criminal procedures or because of threats to public security. As a provider of telecommunications and other communications services, we are required to retain certain communications-related data for law enforcement purposes and will be required to share that data with authorized law enforcement authorities upon their request. Also, if we are under an obligation to demonstrate compliance with relevant accounting, financial and tax legislation, your data can be shared with auditors and tax authorities for those purposes.
  • Targeted advertising. We do not and will not sell, rent, or share any information in any shape or form to a third party for advertising or similar marketing purposes. You can visit our Cookie Notice or adjust the advertising settings in your browser. There you will be able to find out more about how to manage your advertising preferences to suit your needs.
  • Disclosure in the event of a merger, sale, or other asset transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets or in a transition of services to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or the contract.

 

7. HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EEA?

Your personal data may be processed both inside and outside of the European Economic Area by the parties specified in the section above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations.

In any case, any activity that involves access to personal data from outside the EEA (with or without re-locating the personal data) is done in accordance with the high EU data protection standards, either by implementing EU standard contractual clauses, by transferring personal data in accordance with EU data protection adequacy decisions, or by implementing another adequate GDPR transfer mechanism.

 

8. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?

Under GDPR and/or other applicable data protection laws, you have rights we need to make you aware of.

Where permitted by applicable data protection laws or regulations, you have the right to:

  • withdraw your consent to our processing of your personal data (to the extent that such processing is based on your consent and consent is the only permissible basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal,
  • request from us to access your personal data, which means request a copy of the personal data about you we hold,
  • ask us to rectify (correct) your personal data that you think is inaccurate and to complete your personal data that you think is incomplete,
  • ask us to erase your personal data in certain circumstances,
  • ask us to restrict the processing of your personal data in certain circumstances,
  • exercise data portability if we process your personal data by automated means based on your consent or upon a contractual relationship with you
  • object to processing if we process your personal data upon our legitimate interest, in which case we will reassess the legitimacy of the processing,
  • file a complaint with us and/or the relevant data protection authority.

You may also have specific rights in exceptional cases when we may carry out automated decision-making operations, including profiling.

You can exercise these above-listed rights within the limits stipulated by applicable data protection legislation.

 

9. HOW CAN YOU OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA?

If we process your personal data upon our legitimate interest, you have the right to object to the processing. In such a case we will reassess its legitimacy and will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercising or defence of legal claims.

 

10. HOW CAN YOU EXERCISE YOUR RIGHTS?

If you have any questions on how we use your personal data or if you wish to exercise a certain right (as specified under 8 and 9 of this Notice) or resolve a complaint regarding the processing of your personal data, you can contact our Data Protection Officer by sending an email to the following email address: dpo@compatel.com, or by sending a written request to the postal address: Compatel Ltd, 26-28 Bedford Row, London WC1R 4HE, United Kingdom.

If you want to file a complaint or contact the relevant data protection authority for any other reason, you may find the contact details of EEA data protection authorities at: https://edpb.europa.eu/about-edpb/board/members_en.

In particular, you can lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

 

11. DO WE CONDUCT AUTOMATED DECISION-MAKING, INCLUDING PROFILING, THAT SIGNIFICANTLY AFFECTS YOU?

No. We do not conduct any operation under which you would be subject to a decision based solely on automated processing that has legal or similarly significant effects for you, including profiling.

 

12. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Regarding your personal data that is not subject to your consent, we will process it for the period necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer period for the processing of such personal data is required or permitted by law. We have provided relevant information regarding this under section 5 of this Privacy Notice. Any storage of data beyond the deletion deadlines will encompass only non-personal data (aggregated or anonymized data).

 

13. IINFORMATION FROM CHILDREN 

Our products and services are not intended for children under 16 and we do not knowingly permit children under 16 to use our services. If we learn or are notified that we have collected and/or processed personal data from a child under 16, we will immediately take reasonable steps to delete that information from our records as quickly as possible. If you believe we have any information collected from a child under 16, please contact us at dpo@compatel.com. 

 

14. HOW OFTEN DO WE UPDATE THIS PRIVACY NOTICE?

The most current version of this Privacy Notice will govern our practices for collecting, processing, and disclosing personal data. We will provide a notice of any modifications to it by posting a written notice on our website.