Firstly, we are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.
But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it.
Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We tend to need permission when what is proposed is more intrusive (for example, sharing your contact details with other organisations so they can market their own products and services to you).
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks). But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, or to ‘profiling you’ for marketing purposes, we must then stop.
This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.
Please read this policy carefully as it applies to the products and services we provide to you (such as your phone, mobile, wi-fi, TV and broadband), our apps and our websites. It applies to our consumer, sole trader and partnership customers but doesn’t apply to the information we hold about companies or organisations.
It also applies even if you’re not one of our customers and you interact with us as part of running our business, such as by:
- using one of our products or services – paid for by someone else;
- taking part in a survey or trial;
- entering a prize promotion;
- calling our helpdesk; or
- generally enquiring about our services.
What’s not included?
You should review their privacy policies before giving them your personal information.
Moving to another provider and want to take your information?
If we provide you with our products and services, or you’ve said we can use your information, you can ask us to move, copy or transfer the information you have given us.
We’ll send your personal information electronically. And we’ll do our best to send it in another format if needed.
We’ll always try to help you with your request. But we can refuse if sharing the information would have a negative effect on others, for example because it includes personal information about someone else, or the law prevents us from doing so.
It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or we get a lot of requests at once.
What kinds of personal information do we collect and how do we use it?
The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information.
To provide you with products and services
We’ll use your personal information to provide you with products and services. This applies when you register for or buy a product or service from us. Or if you register for an online account with us or download and register on one of our apps.
This means we’ll
- record details about the products and services you use or order from us;
- send you product or service-information messages (we’ll send you messages to confirm your order and tell you about any changes that might affect your service, like when we have infrastructure work planned or need to fix something);
- update you on when we’ll deliver, connect or install your products and services;
- let you create and log in to the online accounts we run;
- charge you and make sure your payment reaches us;
- filter any content you ask us to, through your Parental Controls settings (or any content our partners ask us to, such as for a wi-fi hotspot);
- give information to someone else (if we need to for the product or service you’ve ordered) or to another communications provider if you’re buying some services from them and us (if we do this, we still control your personal information and we have strict controls in place to make sure it’s properly protected); and
- support you more if you are a vulnerable customer.
We use the following to provide products and services and manage your account.
- Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as the security questions and answers we have on your account).
- Your payment and financial information.
- Your communications with us, including emails, webchats and phone calls. We’ll also keep records of any settings or communication preferences you choose.
- Information from cookies placed on your connected devices that we need so we can provide a service.
We use this information to carry out our contract (or to prepare a contract) and provide products or services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.
If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable customer, but only if you give your permission or if we have to for legal or
regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information so we don’t repeatedly ask you about it. We will also record the details of a Power of Attorney we have been asked to log against your account.
Because it is in our legitimate interests as a business to use your information
We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
- Identify, and let you know about, products and services that interest you;
- share within the MAXIMA TELECOM Group for administrative purposes;
- create aggregated and anonymised information for further use;
- detect and prevent fraud; and
- secure and protect our network.
To meet our legal and regulatory obligations
We might have to release personal information about you to meet our legal and regulatory obligations.
To law enforcement agencies
Under investigatory powers legislation, we might have to share personal information about you to government and law-enforcement agencies, such as the police, to help detect and stop crime, prosecute offenders and protect national security. They might ask for the following details.
- Your contact details. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us.
- Your communications with us, such as calls, emails and webchats.
- Your payment and financial information.
- Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records.
We’ll also share personal information about you where we have to legally share it with another person. That might be when a law says we have to share that information or because of a court order.
In limited circumstances, we may also share your information with other public authorities, even if we do not have to. However, we would need to be satisfied that a request for information is lawful and proportionate (in other words, appropriate to the request). And we would need appropriate assurances about security and how the information is used and how long it is kept.
For regulatory reasons
We’ll also use your call, browser (including IP address) and TV records to find the best way of routing your communications through the various parts of our network, equipment and systems as required by our regulator.
If you order a phone service, we’ll ask if you want your details included in our directory services such as our Phone Book. If you do, we’ll publish your details and share that information with other providers of directory services. Ex-directory numbers aren’t included and will not appear in The Phone Book.
Sharing your information
In this section we detail how, why and with whom we share your information. We also explain the safeguards we’ve put in place to protect your information.
Who do we share your personal information with, why and how?
We share your personal information with other companies within the MAXIMA TELECOM Group. We have a group-wide arrangement, known as binding corporate rules, to make sure your personal information is protected, no matter which company in the MAXIMA TELECOM Group holds that information. You can ask for a copy of our binding corporate rules by emailing our data protection office, contact details can be found here.
We also use other service providers to process personal information on our behalf. Details of how they handle your personal information are set out below.
Using other service providers
We use other providers to carry out services on our behalf or to help us provide services to you. We also use them to:
- provide customer-service, marketing, infrastructure and information-technology services;
- personalise our service and make it work better;
- process payment transactions;
- carry out fraud and credit checks;
- analyse and improve the information we hold (including about your interactions with our service); and
- run surveys.
- Where we use another organisation, we still control your personal information. And we have strict controls in place to make sure it’s properly protected. Finally, the section above describes the situations in which your personal information is shared to other organisations, government bodies and law-enforcement agencies. When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.
If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ‘adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.
If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.
For more details, or if you’d like a copy of our binding corporate rules or other information about a specific transfer of your personal information, get in touch with us here. The fraud prevention section above provides details on transfers fraud prevention agencies may carry out.
The countries we share personal information to
Protecting your information and how long we keep it
This section is about how we keep your information secure and how long we keep hold of it for. We always follow the law and delete your information when we no longer need to keep it.
How to contact us and further details
You can get in touch with our data-protection officer by email firstname.lastname@example.org or write to the address above and mark it for their attention.
MAXIMA TELECOM LTD
If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner email@example.com
9. YOUR DATA RIGHTS
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. ThemeREX permits residents of the European Union to use its Service. Therefore, it is the intent of ThemeREX to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
11. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to ThemeREX, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.