- Scope of this notice
- What types of information do we collect
- Why do we collect this information
- Who do we give your information to
- Where we store your information
- Automated processing and decisions
- How is your personal information protected?
- Contacting Callsign about privacy questions or concerns
- Privacy notice changes
Scope of this notice
The purpose of this Privacy Notice is to provide you with a clear explanation about how your personal information is collected and used by us during your interaction with us as well as your rights in relation to your personal information. It relates to the Callsign websites ("the Sites") and Employee Authentication App (our "App") available to download on App Stores (together the "Services"). To learn about how we process personal information as part of our products, please see the Callsign Data Processing on behalf of Subscriber Organizations.
Who is Callsign?
"Callsign Limited" is registered at 9th floor, One Bartholomew Close, London, EC1A 7BL with this company number 07277719 and "Callsign Inc." is registered 2225 East Bayshore Road, Palo Alto, California, 94303, USA. Callsign is the controller for the purposes of European Economic Area and United Kingdom data protection law, (the "Data Protection Law").
This Privacy Notice applies to Callsign Ltd. (“Callsign” or “we”) and its business users. The individual at an organization that subscribes to the Services will be referred to as the “Subscriber” or “you”.
How to contact Callsign
If you have any questions regarding our Privacy Notice or use of your personal information, please contact us using the below methods:
What types of information do we collect?
We may process your personal data if:
- You or the company you work for are a customer or a supplier of ours.
- You or the company you work for uses our Services.
- You are someone (or you work for someone) to whom we want to advertise or market to.
- You choose to register for an online interactive demo or event, download a piece of content or fill in a form on our site.
Information we collect from you or a third party:
We may process your personal data that we have either obtained from you or obtained from somewhere else. Personal data which is not collected directly from you may be collected:
- From your employer in connection with your job and how it relates to us.
- If you use our Services.
- From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers).
Personal data relating to you that we process may include:
- Contact information such as telephone number and email address.
- Job title and place of work.
- Information that you give to us when you complete a form on our app regarding our products or services, making an enquiry, register for an online demo on our website or to download content and provide us with.
- Things that you share with us through mediums such as events, telephone and email correspondence.
Information we collect about your use of the Services.
- Information that we obtain from your interaction with the Services.
- Where information is required to authenticate when using the App. This includes registration data to use the app including username, telephone and email addresses.
- Biometric information including behavioral data about how you use your device to help secure the usage of the Services by legitimate parties and also authenticate you to Callsign protected services.
- Information about your visit, which may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with Callsign.
Failure to provide information or provide correct information could lead to Callsign not being able to comply with the request or provide the Services.
Callsign may also collect information about how you use the Sites and the App via cookies. We do this so that we can tailor and personalize your experience and, improve the content, layout and performance of our Services. Further details are set out in our Cookies policy.
Why do we collect this information?
|Platform||Information Category||What we collect information for||Lawful basis for processing||Retention Period|
|Website and other online platforms such as blogs and micro-sites.||Transaction details, fulfilment data, Personal information including contact information as listed above.||To fulfil any requests that are made to us.
To email you regarding details of the Services or marketing related information.
|Our Legitimate Interests, where we have considered these are not overridden by your rights.
Contractual Performance. We may use some automation to help process data. This includes using cookies and preferences you have selected such as area of interest, location or industry to show or contact you with relevant information.
|For as long as consent to communicate is given.
At any time, you can update your preferences (including amending Personal Data) or opt out of all communications by clicking the links in the footer of any emails you receive from us. You can also contact us via the methods outlined in this document.
In the instance where you have chosen to opt out of communications from Callsign, we will not use your personal data for direct marketing purposes, but we will continue to use your personal data in relation to the administration of the service, or to provide technical and other support to you in relation to the service.
|Online Demos||Personal information including username or email address chosen when registering, data associ-ated with your device and behav-ioral data associated with your keystroke, mouse movements||To fulfil any requests that are made to us for online demos.||Our Legitimate Interests, where we have considered these are not overridden by your rights.||Data will be kept for as long as relevant for the purposes of follow-up from the demo.
Following a period of one year without interaction (opening correspondence, interacting with our website etc.) we will remove your details from our accounts.
|Using the Callsign Mobile App||We collect registration information - data about who you are - including user alias, passwords, email address and telephone number to help provide a mobile app-based authentication service.
We use this data along with behavioural data about how you swipe and device data to authenticate you as an individual when accessing protected resources and collateral.
We also collect IP and User Agent Strings (info about your device) for security reasons (Security Operations & Forensic)
|This information is necessary to fulfil the contract as part of authentication service when using the Callsign app.
The same data points also help us detect illegitimate registration attempts by fraudulent parties and thereby protect our legitimate interests and protect our genuine users.
|Callsign will keep your data until you as a user provide written request and / or delete your profile in the Callsign app. Following this request, your data may be stored for up to seven years for legal purposes.
As a user you can delete your Callsign account at any time within the settings in the app.
Our promotional updates and communications
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email, SMS, Push Notification, Telephone, Post and Social Media about our products and Services.
You can object to further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to email@example.com.
You can also request that we send marketing material to a non-personal email address instead of one which identifies you as an individual.
Who we give your information to:
We may share your information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
- Selected third parties.
Our selected third parties may include:
- Our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for.
- Our auditors, legal advisors and other professional advisors or service providers.
- Analytics and search engine providers that assist us in the improvement and optimization of the App and subject to the cookie section of this policy (this will not identify you as an individual).
We will disclose your personal information to third parties:
- If Callsign or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Callsign, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Where we store your information
The data that we collect from you may be transferred to, and stored at, a destination outside the UK or the European Economic Area ("EEA") that may not be subject to equivalent Data Protection Law.
Where your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism or standard contractual clauses, and that it is treated securely and in accordance with this privacy notice.
We may transfer your personal information outside the UK or the EEA:
- In order to store it.
- In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
- Where we are legally required to do so.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
We may transfer your personal information to the following countries outside the UK or the EEA: United States of America under Privacy Shield certification and standard contractual clauses.
Automated processing and decisions
During the registration journey on the Callsign Mobile App we make automated decisions based upon interpretation of profiled data points that assess associated risk with your device. From time to time we may refuse your attempt to register with Callsign via the Mobile App when we detect anomalous details about your device that suggest it is compromised.
Likewise, post-registration Callsign assesses and decides upon authentication attempts made by users by assessing your behavior and device details. If we assess a deviation from your normal profile, we challenge you for further authentication.
When using the Callsign App, we process data because it is necessary to fulfil a contract with your organization and you should contact your organization regarding any questions about the processing of your personal data in relation to the service.
Please note that beyond the above authentication outcomes may also be augmented by Subscriber Organization policies set in the Callsign Dashboard. These policies - which could include specific blacklisting or location policies - are not defined by Callsign and wholly outside the scope of our automated decision making. For more information on these, please contact your organization.
We may also process your information following an interaction with the Sites such as filling in a form. As a user you have many rights to challenge and object to these automated processes and outcomes. For more information please see Your rights as a data subject or, contact us via the methods outlined in this privacy notice.
How is your personal information protected?
Confidentiality is maintained throughout our systems in accordance with the General Data Protection Regulation. This includes encryption of data when stored and in transport.
Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
How long we keep your information
We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for seven years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve the Services. You cannot be identified from aggregate information retained or used for these purposes. Please see 'Why Do We Collect This Information?' for retention periods around marketing communications.
Your rights as a data subject
Regarding your personal data, you, the data subject, have the following rights under certain circumstances:
- Right to be informed: you have the right to be informed about how we use your data in a clear and concise way.
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to another organization in certain circumstances.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to withdraw consent: Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us using the methods outlined in this Notice.
- Right to complain: If your request or concern is not satisfactorily resolved by us, you have the right to raise any concerns with the Information Commissioner’s Office (ICO), which can be done so here: https://ico.org.uk/make-a-complaint.
You can exercise the rights listed above at any time by contacting us at firstname.lastname@example.org.
Contacting Callsign about privacy questions or concerns
If you have any questions about this Privacy Notice or the use of your Personal Data, please contact Callsign by sending an email to the following address (indicating “PRIVACY NOTICE REQUEST” in the message line): email@example.com, or a letter to the below postal address. The details for our Data Protection Officer are:
Address: GRC International Group PLC, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA
If you contact Callsign by e-mail or letter, we may keep a record of your correspondence or comments. We may ask for your name, e-mail address and contact information in order to send you a reply.
Privacy Notice changes
This Privacy Notice was last changed on 19/03/2021. Callsign may change, modify, add or remove portions of this Privacy Notice at any time, and any updates will be published here and changes will become effective immediately upon being posted unless stated otherwise.