Privacy Notice

Contents

  1. Scope of this notice
  2. What types of information do we collect
  3. Why do we collect this information
  4. Who do we give your information to
  5. Where we store your information
  6. Automated processing and decisions
  7. How is your personal information protected?
  8. Contacting Callsign about privacy questions or concerns
  9. Privacy notice changes

Scope of this notice

The purpose of this Privacy Notice is to provide you with a clear explanation about how your personal information is collected and used by us during your interaction with us as well as your rights in relation to your personal information. It relates to the Callsign websites ("the Sites") and Employee Authentication App (our "App") available to download on App Stores (together the "Services"). To learn about how we process personal information as part of our products, please see the Callsign Data Processing on behalf of Subscriber Organizations.

Who is Callsign?

Callsign Ltd., (“Callsign”) is a UK based company (company number 07277719) registered at 150 Cheapside, London, EC2V 6ET. Callsign is the controller for the purposes of European Economic Area and United Kingdom data protection law, (the "Data Protection Law").

This Privacy Notice applies to Callsign Ltd. (“Callsign” or “we”) and its business users. The individual at an organization that subscribes to the Services will be referred to as the “Subscriber” or “you”.

By accepting our Services or engaging with the Sites you acknowledge you have read and understood this privacy policy.

How to contact Callsign

If you have any questions regarding our Privacy Notice or use of your personal information, please contact us using the below methods:

Address: Callsign Ltd., 150 Cheapside, London, EC2V 6ET

Email: gdpr@callsign.com

What types of information do we collect?

We may process your personal data if:

  • You or the company you work for are a customer or a supplier of ours.
  • You or the company you work for uses our Services.
  • You are someone (or you work for someone) to whom we want to advertise or market.
  • You choose to register for an online interactive demo

Information we collect from you or a third party:

We may process your personal data that we have either obtained from you or obtained from somewhere else. Personal data which is not collected directly from you may be collected:

  • From your employer in connection with your job and how it relates to us.
  • If you use our Services.
  • From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers).

Personal data relating to you that we process may include:

  • Name.
  • Contact information such as telephone number and email address.
  • Job title and place of work.
  • Information that you give to us when you complete a form on our app regarding our products or services, making an enquiry, register for an online demo on our website or to download content and provide us with.
  • Things that you share with us through mediums such as events, telephone and email correspondence.

Information we collect about your use of the Services.

  • Information that we obtain from your interaction with the Services.
  • Where information is required to authenticate when using the App. This includes registration data to use the app including username, telephone and email addresses.
  • Biometric information including behavioral data about how you use your device to help secure the usage of the Services by legitimate parties and also authenticate you to Callsign protected services.
  • Information about your visit, which may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with Callsign.
  • Location data including information about the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for the Apple device, or the Android ID for your Android device, or a similar device identifier. See Cookies and other technologies for more information on the use of cookies and device identifiers on the App and websites.

Failure to provide information or provide correct information could lead to Callsign not being able to comply with the request or provide the Services.

Callsign may also collect information about how you use the Sites and the App via cookies. We do this so that we can tailor and personalize your experience and, improve the content, layout and performance of our Services. Further details are set out in our Cookies policy.

Why do we collect this information?

Platform PInformation Category What we collect information for Lawful basis for processing Retention Period
Website and other online platforms such as blogs and micro-sites. Transaction details, fulfilment data, Personal information including contact information as listed above. To fulfil any requests that are made to us.
To email you regarding details of the Services or marketing related information.
Our Legitimate Interests, where we have considered these are not overridden by your rights.
Contractual Performance.
We may use some automation to help process data. This includes using cookies and preferences you have selected such as area of interest, location or industry to show or contact you with relevant information.
At any time, you can update your preferences (including amending Personal Data) or opt out of all communications by clicking the links in the footer of any emails you receive from us. You can also contact us via the methods outlined in this document.
In the instance where you have chosen to opt out of communications from Callsign, we will not use your personal data for direct marketing purposes, but we will continue to use your personal data in relation to the administration of the service, or to provide technical and other support to you in relation to the service.
For as long as consent to communicate is given
Online Demos Personal information including username or email address chosen when registering, data associ-ated with your device and behav-ioral data associated with your keystroke, mouse movements To fulfil any requests that are made to us for online demos. Our Legitimate Interests, where we have considered these are not overridden by your rights. Data will be kept for as long as relevant for the purposes of follow-up from the demo.
Following a period of one year without interaction (opening correspondence, interacting with our website etc.) we will remove your details from our accounts.
Using the Callsign Mobile App We collect registration information - data about who you are - including user alias, passwords, email address and telephone number to help provide a mobile app-based authentication service.
We use this data along with behavioural data about how you swipe and device data to authenticate you as an individual when accessing protected resources and collateral.
We also collect IP and User Agent Strings (info about your device) for security reasons (Security Operations & Forensic)
This information is necessary to fulfil the contract as part of authentication service when using the Callsign app.
The same data points also help us detect illegitimate registration attempts by fraudulent parties and thereby protect our legitimate interests and protect our genuine users.
Callsign will keep your data until you as a user provide written request and / or delete your profile in the Callsign app. Following this request, your data may be stored for up to seven years for legal purposes.
As a user you can delete your Callsign account at any time within the settings in the app.

Our promotional updates and communications

Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email, SMS, Push Notification, Telephone, Post and Social Media about our products and Services.

You can object to further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email to gdpr@callsign.com.

You can also request that we send marketing material to a non-personal email address instead of one which identifies you as an individual.

Who we give your information to:

We may share your information with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
  • Selected third parties.

Our selected third parties may include:

  • Our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for.
  • Our auditors, legal advisors and other professional advisors or service providers.
  • Third-party organizations that process your data on our behalf in order to improve or enhance the service in our app. These organizations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions. All of the third-party organizations that we use have been evaluated and comply with our Infosec vendor assessments and EU Data Protection Standards. Our website may contain links to other websites which are outside our control and are not covered by this privacy statement. The operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.
  • Analytics and search engine providers that assist us in the improvement and optimization of the App and subject to the cookie section of this policy (this will not identify you as an individual).

We will disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
  • If Callsign or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Callsign, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

Where we store your information

The data that we collect from you may be transferred to, and stored at, a destination outside the UK or the European Economic Area ("EEA") that may not be subject to equivalent Data Protection Law.

Where your information is transferred outside the UK or the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.

We may transfer your personal information outside the UK or the EEA:

  • In order to store it.
  • In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
  • Where we are legally required to do so.
  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

We may transfer your personal information to the following countries outside the UK or the EEA: United States of America safeguarded under Privacy Shield.

Automated processing and decisions

During the registration journey on the Callsign Mobile App we make automated decisions based upon interpretation of profiled data points that assess associated risk with your device. From time to time we may refuse your attempt to register with Callsign via the Mobile App when we detect anomalous details about your device that suggest it is compromised.

Likewise, post-registration Callsign assesses and decides upon authentication attempts made by users by assessing your behavior and device details. If we assess a deviation from your normal profile, we challenge you for further authentication.

When using the Callsign App, we process data because it is necessary to fulfil a contract with your organization and you should contact your organization regarding any questions about the processing of your personal data in relation to the service.

Please note that beyond the above authentication outcomes may also be augmented by Subscriber Organization policies set in the Callsign Dashboard. These policies - which could include specific blacklisting or location policies - are not defined by Callsign and wholly outside the scope of our automated decision making. For more information on these, please contact your organization.

We may also process your information following an interaction with the Sites such as filling in a form. As a user you have many rights to challenge and object to these automated processes and outcomes. For more information please see Your rights as a data subject or, contact us via the information provided in this privacy notice.

How is your personal information protected?

Confidentiality is maintained throughout our systems in accordance with the General Data Protection Regulation. This includes encryption of data when stored and in transport.

Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

How long we keep your information

We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for seven years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve the Services. You cannot be identified from aggregate information retained or used for these purposes.

Your rights as a data subject

Regarding your personal data, you, the data subject, have the following rights under certain circumstances:

  • Right to be informed: you have the right to be informed about how we use your data in a clear and concise way.
  • Right of access: you have the right to request a copy of the information that we hold about you.
  • Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
  • Right of portability: you have the right to have the data we hold about you transferred to another organization in certain circumstances.
  • Right to object: you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to withdraw consent: Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us using the methods outlined in this Notice.
  • Right to complain: If your request or concern is not satisfactorily resolved by us, you have the right to raise any concerns with the Information Commissioner’s Office (ICO), which can be done so here: https://ico.org.uk/make-a-complaint.
    • You can exercise the rights listed above at any time by contacting us at gdpr@callsign.com.

      Contacting Callsign about privacy questions or concerns

      If you have any questions about this Privacy Notice or the use of your Personal Data, please contact Callsign by sending an email to the following address (indicating “PRIVACY NOTICE REQUEST” in the message line): gdpr@callsign.com, or a letter to the below postal address. The details for our Data Protection Officer are:

      GRCI Law
      Address: GRC International Group PLC, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA
      Email: gdpr@callsign.com.

      If you contact Callsign by e-mail or letter, we may keep a record of your correspondence or comments. We may ask for your name, e-mail address and contact information in order to send you a reply.

      Privacy Notice changes

      This Privacy Notice was last changed on 13/03/2019. Callsign may change, modify, add or remove portions of this Privacy Notice at any time, and any updates will be published here and changes will become effective immediately upon being posted unless stated otherwise.