Privacy Policy

Last updated: September 2022

Our approach

XBTEL takes the privacy of its users seriously. Generally, you can browse through our website without giving us any information about yourself (including your email address).

For the correct functionality of our service, certain data fulfilling the definition of "personal data" given by paragraph 4.1 of GDPR needs to be processed.

This data is stored and processed solely for the purpose of enabling the features of the Service. By accepting our Privacy Policy & End User Licence Agreement, you are entering a contract and personal data is lawfully processed in accordance to paragraph 6.1.b of GDPR.

The controller of the personal data as defined in Article 4.7 of GDPR is XBTEL Limited, Unit A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, United Kingdom.

XBTEL's Data Protection Office is Conor McGrath who can be contacted by emailing dpo@xbtel.co.uk or by writing to Conor McGrath – DPO, XBTEL Limited, Unit A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, United Kingdom

If we decide to change our Privacy Policy & End User Licence Agreement, we will post those changes here.

Terms and Conditions for our service can be found here.

1. Personal Data We Collect

The data we collect from you includes the following:

  • When you set up an account with us, we will request information such as your name, private/business email or postal address, telephone or mobile number, financial or credit card information, company registration number, VAT number, IP address/es to help us identify you and to provide a service to you.
  • Where directory enquiry services are provided, the End User's name, address and postcode.
  • Where number portability services are provided, the End User's name, address, postcode and any associated telephone numbers.
  • Where 999 services are provided as set out in our Emergency Services Agreement, the name and installation address (including post code) of the End User.
  • When you contact us to discuss your services, we will ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately.
  • Where PRS and 08 numbers are supplied additional registration forms are required for Phone Pay Plus registration, the End User's name, address and postcode.
  • Where service issues are reported, personal data may be requested in order to investigate these issues such as call date and time, number dialled, CLI passed, call traces and call recordings.
  • When you visit our website, we may collect and process information about your usage of these by using "cookies" and other similar technologies to help us make improvements to the websites and to the services we make available. Please see the Cookies section below for more information.
  • VoIP User and SIP Account Credentials. Required when using the XBTEL Softphone App for Push Notifications and WebRTC app to work. They are being used to register the account on the server and forward any incoming calls and messages to the device via Push Notifications.
  • Address Book Data. Required for "Contact Sync" and "Smart Contacts" feature to work. A copy of your Address Book is kept on the server and used to show your address book in WebRTC app and to notify you about your contacts that also use the Service.
  • IP Addresses. When using features which require server components, like Push Notifications or Contact Sync and Smart Contacts, or any web services, the IP address and browser information may be logged by the servers. The logs are automatically rotated and the information in them is only processed when troubleshooting specific issues, or when required by law.

2. How We Use Personal Data

We will use the information for purposes that include:

  • Verify your identity when you use our services or contact us.
  • Process any enquiries you have about the service.
  • Prevent or detect a crime, fraud or misuse of, or damage to our network, and investigate where we believe any of these have occurred.
  • Provide access to the emergency services including passing the End User name and location data to the emergency operator.
  • Provide Number Portability under Ofcom's General Conditions.
  • Provide the facility to make entries to BT Directory Enquiries.
  • Tell you about changes to our websites, services or terms and conditions.
  • Recover any monies you may owe to us for using our services.
  • Analyse our services with the aim of improving them.
  • Monitor network traffic from time to time for the purposes of network optimisation, backup and problem solving. If you have agreed, we will provide you with information about our other services, offers or products that you may be interested in. Monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations.

Your personal data will be kept secure, accurate and up to date with appropriate technical and organisational methods used to ensure the integrity of the data we hold and to prevent it being accidentally lost, accessed or used in an unauthorised way, altered or disclosed.

The Personal Data is stored on servers within the European Union.

3. How We Disclose Personal Data

We may share information with organisations outside of XBTEL Limited:

  • In response to properly made requests from law enforcement agencies for the prevention and detection of a crime.
  • With a company who is assisting in providing services to you for us, e.g. customer support, portability, directory enquiry services.
  • The provision of 999 access or other telecommunications services.
  • In response to properly made requests from regulatory bodies such as the Information Commissioners Office and Ofcom.
  • As part of the process of selling or merging our business.
  • As part of current or future legal proceedings.
  • For the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
  • Where we share information with other parties who help us provide the services, they are required to follow our express instructions in respect of the use of your personal information and they must comply with the requirements of the GDPR and any other relevant legislation to protect your information and keep it secure.

4. How Long We Hold Information

The time period that we will keep information will vary depending on what the information is used for. Unless there is a specific legal requirement to the contrary, we will keep information in a form which permits identification of data subjects only for as long as it is necessary for the purposes for which we process it. Once the requirement to hold the data is complete, appropriate measures will be taken to delete the data in line with the terms of the GDPR.

The law requires us to keep certain information about how you use our services for a period of 12 months – this will include, but is not limited to, records of the dates and times of the calls made via your account and the numbers dialled. This information may be used by certain law enforcement agencies to prevent and detect crime and to protect national security. We will only disclose this information to them when we are legally required to.

Call Data Records (CDR's) will be available for 12 months to the customer before being archived for 6 years to comply with legal requirements.

When you contact us we may monitor and record your communications with us to use this information for training and quality purposes, and to meet our legal and regulatory requirements. Where we store emails, these are only held for a limited period of time before we delete them permanently. Typically this will be 6 years for contract-related emails and 1 year for all other emails. We will continue to hold information about you if you terminate our services. This information will only be held for such periods as is necessary for the purpose of dealing with enquiries, complying with any legal obligation and for crime and fraud prevention and detection.

5. Data Subject Access Request

Under the GDPR, a data subject has a right to be request a record of the data held about him/her. To do this a request should be submitted in writing to XBTEL Limited, Unit A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, United Kingdom.

We may ask the data subject to provide us with proof of identity to make sure we are giving information to the right person.

To help us process requests we will need the following information:

  • Name
  • Account number(s)
  • Telephone number(s)
  • Username(s)
  • Address
  • Date & time (if requesting information about a call)

6. Marketing Preferences

If you have agreed to us contacting you, we will contact you with details of products, services and special offers that we believe you may be interested in. If you change your mind and do not want to us to send you marketing messages you can do this by using the "Unsubscribe" link in the email footer. If you notify us we will stop sending you the marketing messages, but we will send you service-related messages pursuant to our contract with you. These may include billing emails, service announcements and changes to our services or terms and conditions.

7. Cookies

Our website uses cookies. Cookies collect information about the use of our website, including but not limited to: details of the operating system, browser and IP address of the device used to visit the website, the time and duration of the visit and which parts of our website were visited. The information collected by cookies enables us to understand the use of our website, including the number of visitors we have, the pages viewed per session, time exposed to particular pages, etc. This in turn helps us to provide a better experience, since we can evaluate the level of interest in the content of our website and tailor it accordingly. We will not attempt to personally identify visitors from their IP addresses unless required to as a matter of law or regulation or in order to protect our, or our other customers', rights.

Most browsers automatically accept cookies. You can set your browser options so that you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of the website will not function properly if you disable cookies.

8. Protecting Information

We take protecting data seriously, and through appropriate organisational and technical security measures we will do our utmost to protect against unauthorised disclosure or processing. Unfortunately we cannot guarantee the security of transmitting information via the internet. We have tried to create a secure and reliable service but we have no responsibility or liability for the security of personal information transmitted via the internet.

Where any data breach is identified that affects the information that we hold about or have processed from you, we will notify you in writing immediately and provide full information about the personal data affected by this breach. We will take all appropriate steps to restore any personal data which is lost or corrupted as a result of a data breach where we are at fault.

If you identify any data breach on your network that affects data we have passed to you, you must notify us in writing immediately and provide full information about the data affected by this breach. You have an obligation to take all appropriate steps, at the fastest possible speed, to restore all personal data which is lost or corrupted due to a data breach on your network.

Online Purchases — If you make a purchase online with a credit card, a third party commerce service is used to verify credit card details. This company is sent the total price of the purchase, the card number and expiration date, and the cardholders name and billing address. All information transmitted to this third party is sent using SSL (Secure Socket Layer) encryption. Using this method of encryption further ensures the privacy and security of all our customers. This information is used only to verify the account and clear the transaction.

9. Complaints

You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.

10. Changes

Please note that the ways in which we protect personal data will be reviewed periodically and may change from time to time. Up to date information can be found in the privacy policy on our website.

Questions? We're here to help!

If you have any questions about privacy issues, want us to update your marketing preferences, or amend information, please contact us by email on privacy@xbtel.co.uk

Contact Us