Privacy Policy

1. Introduction

BusinessVoIP.uk ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
BusinessVoIP.uk
A trading name of Coffee Cup Solutions Ltd
Unit 3, Millars Brook
Wokingham, Berkshire
RG41 2AD
United Kingdom
Email: privacy@businessvoip.uk

BusinessVoIP.uk is a trading name of Coffee Cup Solutions Ltd, registered in England and Wales.

2. Information We Collect

2.1 Information You Provide

We collect personal information you provide when using our services:

• Account Information: Business name, contact name, email address, phone number, business address
• Billing Information: Bank account details (via GoCardless), billing address, VAT number
• User Information: Names, email addresses, and phone extensions for authorized users
• Support Requests: Communications with our support team, including emails and call recordings
• Service Configuration: Phone numbers, call routing settings, IVR configurations, and other service preferences

2.2 Information Automatically Collected

We automatically collect certain information when you use our services:

• Call Data Records (CDRs): Call date/time, duration, numbers called, call type, and call outcomes
• Usage Data: Service usage metrics, feature utilization, and performance data
• Technical Data: IP addresses, device information, browser type, and operating system
• Location Data: Location information provided for emergency services (999/112) routing
• Website Analytics: Pages visited, time spent, referral sources, and interaction data

2.3 Communications Data

As a telecommunications provider, we collect and retain communications data as required by UK law, including:

• Phone numbers involved in communications
• Date, time, and duration of communications
• Type of communication (voice call, SMS, etc.)
• Location data for mobile users

Note: We do not record the content of your communications unless you have explicitly enabled call recording features.

3. How We Use Your Information

3.1 Service Provision

We use your personal data to:

• Provide and maintain VoIP telecommunications services
• Configure and manage your phone system and extensions
• Route emergency calls to appropriate services
• Provide technical support and customer service
• Process service changes and upgrades

3.2 Billing and Payment

We use billing information to:

• Process monthly subscription charges via Direct Debit
• Calculate and bill usage charges
• Generate invoices and billing statements
• Manage payment collections and dispute resolution

3.3 Legal and Regulatory Compliance

We process personal data to comply with legal obligations:

• Retain communications data as required by the Investigatory Powers Act 2016
• Respond to lawful requests from law enforcement and regulatory authorities
• Comply with Ofcom regulations and telecommunications licensing requirements
• Maintain records for tax and accounting purposes

3.4 Service Improvement

We analyze aggregated and anonymized data to:

• Improve service quality and reliability
• Identify and resolve technical issues
• Develop new features and services
• Optimize network performance

3.5 Marketing Communications

With your consent, we may send:

• Service updates and feature announcements
• Product recommendations and upgrade opportunities
• Industry news and best practice guidance
• Promotional offers and discounts

You can unsubscribe from marketing communications at any time using the link in our emails or by contacting us.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
• Legal Obligation: Compliance with UK telecommunications regulations, data retention laws, and tax requirements
• Legitimate Interest: Fraud prevention, network security, service improvement, and business operations
• Consent: Marketing communications and optional features (obtained separately and withdrawable at any time)
• Vital Interest: Emergency services routing and critical safety communications

5. Data Sharing and Disclosure

5.1 Service Providers

We share personal data with trusted third-party service providers who assist in delivering our services:

• GoCardless: Payment processing and Direct Debit management
• Network Carriers: Telecommunications network providers for call routing
• Cloud Hosting: Secure data storage and platform hosting
• Customer Support Tools: Helpdesk and ticketing systems
• Analytics Providers: Website analytics and service performance monitoring

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Emergency Services

We share location information and caller details with emergency services (999/112) when you make emergency calls.

5.3 Legal Disclosures

We may disclose personal data when required by law:

• In response to court orders, warrants, or legal processes
• To comply with regulatory requests from Ofcom or other authorities
• To law enforcement agencies under lawful intercept requirements
• To protect our rights, property, or safety, or that of others

5.4 Business Transfers

If we are acquired, merged, or sell assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5.5 No Third-Party Marketing

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

6. Data Retention

6.1 Retention Periods

We retain personal data for the following periods:

• Account Data: Duration of service plus 7 years for accounting and legal purposes
• Communications Data: 12 months as required by the Investigatory Powers Act 2016
• Call Detail Records: 24 months for billing disputes and service analysis
• Billing Records: 7 years for tax and accounting requirements
• Support Tickets: 3 years for quality assurance and training
• Marketing Consents: Until withdrawn or 3 years of inactivity

6.2 Secure Deletion

When retention periods expire, we securely delete or anonymize personal data using industry-standard methods.

7. Data Security

7.1 Security Measures

We implement robust security measures to protect your personal data:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Multi-factor authentication for customer portal access
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Employee training on data protection and security
• Secure data centers with physical and network security
• Regular backups and disaster recovery procedures

7.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by UK GDPR.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of the personal data we hold about you. We will provide this within 30 days at no charge.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information through your customer portal.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. Note that we may be required to retain some data for legal compliance (e.g., communications data retention).

8.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

8.5 Right to Data Portability

You can request your personal data in a structured, machine-readable format for transfer to another provider.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you.

8.8 Exercising Your Rights

To exercise any of these rights, contact us at privacy@businessvoip.uk or call 0333 3584173. We will respond within 30 days. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Call Recording

9.1 Optional Feature

Call recording is an optional feature that you can enable. If you use call recording, you are the data controller for recorded calls and must comply with call recording laws.

9.2 Your Responsibilities

If you enable call recording, you must:

• Inform all parties that calls may be recorded
• Obtain appropriate consent where required by law
• Securely store and manage recorded calls
• Implement appropriate retention and deletion policies
• Handle subject access requests for recorded calls

9.3 Support Call Recording

We may record calls to our support team for quality assurance and training. You will be informed at the start of the call if recording is in progress.

10. Cookies and Tracking Technologies

10.1 Use of Cookies

Our website uses cookies to:

• Maintain your login session and remember preferences
• Analyze website traffic and user behavior
• Improve user experience and site functionality

10.2 Cookie Types

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our site
• Preference Cookies: Remember your settings and preferences

10.3 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

11. Children's Privacy

Our services are designed for business use and are not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by the ICO
• Data processing agreements with equivalent protections

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through your customer portal. The "Last Updated" date at the top indicates when changes were made.

14. Contact Us

14.1 General Inquiries

For questions about this Privacy Policy or our data practices:

• Trading Name: BusinessVoIP.uk (a trading name of Coffee Cup Solutions Ltd)
• Email: privacy@businessvoip.uk
• Phone: 0333 3584173
• Address: Unit 3, Millars Brook, Wokingham, Berkshire, RG41 2AD

14.2 Data Protection Officer

For data protection concerns or to exercise your rights:

• Email: dpo@businessvoip.uk
• Response Time: Within 30 days

14.3 Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15. Additional Information for Business Customers

15.1 Data Processing Agreement

When we process personal data on your behalf (e.g., user information, call recordings), we act as a data processor. A Data Processing Agreement (DPA) is available upon request.

15.2 Your Controller Responsibilities

As a business customer, you are the data controller for:

• Employee and user personal data you provide to us
• Call recordings you create and store
• Phonebook contacts and customer information

You must ensure you have appropriate legal bases and consents for processing this data.

15.3 Sub-processors

A list of sub-processors we use to deliver our services is available upon request. We will notify you of changes to our sub-processor list.