Although we use the European term personal data in this policy, we use it as interchangeable with the US term personally identifiable information. In each case we mean any information identifying a living natural person or which could identify that person in conjunction with other information, such as their name, numbers or address and we protect it regardless of the term applied.
Your use of our services is your consent to our use of your personal data (and other data you provide to us) in accordance with this policy, including (if you are a resident of the European Economic Area (‘EEA’)) the transfer of your personal data outside the EEA.
As data protection law and practice is constantly developing, and we’ll also continue to innovate, we’ll need to update this policy now and then by posting a new policy on our websites that takes effect from the date stated. It is your responsibility to return to our websites from time to time and check for changes. By providing us with personal data about yourself or others, whether by visiting our websites, using our products or services or otherwise, you agree to our processing the personal data you provide to us in accordance with the then-current version of this policy.
Who Are We?
How Do We Obtain Personal Data?
In a number of ways, for example:
- You might directly provide us with your details when you ask about our services and, when you become a customer, you might give us further information such as your employer, credit card information, and other information for security issues, such as date of birth, usernames and passwords. We call this ‘Account Data’.
- We may receive personal data from our customers and their guests when they use our services and our software, eg: names and numbers when people dial in to a conference or are dialed out to by the User; customers using the Administrator area of your account to add Users (those who can host conferences or their delegates) or change their User profiles; Users and their delegates changing User profiles; customers might ask us to reference their contact database; public profiles on social media and networking services; and resolving names by checking the numbers on your conference against your mobile or PC address book. We call this ‘Service Data’.
- When you visit our websites, we may collect information about your visit such as your IP address and the pages you visited. We may analyse such information, for example for technical purposes and to improve the customer experience.
- We may also receive information because someone you know thought you would appreciate our services and used our ‘Tell a Friend’ service.
When you provide us with personal data about yourself or another person, you are confirming to us that you are authorised to provide us with that information and that any personal data you give us is accurate and up-to-date.
How do we use personal data?
We use personal data in the usual course of our business, for example:
- To respond to enquiries, to provide our websites, software and services and to invoice accordingly.
- To analyse and improve our business and service, looking at technology, performance and network analysis, customer service, marketing, finance, billing, and the prevention or detection of fraud.
- To communicate with you about same or similar services that we offer, whether they are our own services or services that we resell. If we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future.
- In certain instances to share it within our group of companies and with limited third parties as described in this policy, eg: for service provision and business continuity purposes.
We do not retain any financial data, such as bank details or credit card details. Any such data is collected and processed by our payment processors to process the relevant payments and those processors will at all times comply with the applicable industry codes and laws regarding security and retention of such data, for example the Payment Card Industry Data Security Standard.
Sharing Data & International Transfers
First, we will not give, sell or rent your personal data to third parties so they can market their services to you. Nor do we accept advertising from third parties on our websites. We do share personal data as follows:
- A key benefit of our services is to make conferences and remote meetings more productive by showing who’s on a conference, and other data, to the conference guests in accordance with this policy. Customers’ Administrators can use the Administrator Portal to review, edit, change or delete all information on their accounts including adding and removing Hosts and reviewing Hosts’ details and history. Delegates can manage the conferences of Hosts for whom they’re authorised (apart from changing a Host’s profile). Passwords are not visible.
- To provide a global service to you, and to provide for disaster recovery and business continuity, we may share information, including your personal data, between our datacenters in Chicago, USA, London, UK and Hong Kong. These are state-of-the-art datacenters hosted in locations operated by specialist third parties, and we have written contracts in place incorporating relevant wording to safeguard personal data.
- We share the minimal personal data required with our suppliers, eg: telephone numbers with our carrier partners, identity with credit agencies for credit checks, payment details with finance partners, and otherwise with our contractors and advisors to help us operate, secure and analyse our business.
- We may be obliged to disclose your personal data to comply with any law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline.
We’re a global business providing a global service and therefore certain of the third parties mentioned in the paragraph above may be outside the USA, the European Economic Area or in countries whose laws do not provide adequate protection to personal data (as determined under EU or UK law). In all cases we will take steps to ensure that appropriate security measures are in place to protect your personal data. For example, LoopUp UK and LoopUp USA have entered into the European Model Clauses on transfer of personal data outside the EEA with each other for these purposes. You consent to such transfers when you use our services.
Live Call Status
It’s much more useful, and your calls are more productive, when you know who’s on your conference by name, not just by number. It makes it much easier for the host to effectively manage the conference and for everyone to achieve their results faster. When you’re on a LoopUp conference a list of the guests’ names and/or numbers, as well as their status such as “on hold” etc, is viewable by those on the conference – we call this Live Call Status. As part of our award-winning conferencing service, we provide Live Call Status not just through browsers online but also on smartphones using our proprietary software; and we allow the call host full control over each call leg, so they know who is on the call and can eg: rename call legs, put them on mute or hold and drop them if they don’t recognize them. Also, where a public profile on a social media or networking service is available for someone on a conference, we may display some or all of that public profile in Live Call Status subject to obtaining any relevant consent.
Information from Participants
As a guest on a conference, you might provide us with your name and number when using our services to join (by entering your name on our websites or through a mobile application), saying your name when you join, or allowing the number of the phone you are calling from (called your CLI or Calling Line Identification) to be passed on. In such cases, that is your consent to our including your name, CLI or other data we receive as part of Live Call Status. You can always dial-in and block your CLI if you wish and your service provider will be able to tell you how.
As above, if a guest joins a LoopUp session using our services, they’ll be shown in Live Call Status by the name and number they entered during the join process. Similarly, if a guest has been added to the session by the conference host initiating a call to that guest, the name associated with that guest by the conference host will be displayed in Live Call Status. However, if neither of the above leads to a name for a number on your conference, we’ll try to resolve that number against a name as follows.
First we do a “back-end look-up” in three ways:
- we check if the number is for one of our other registered LoopUp users,
- if you or your employer have provided us with a contact list for this purpose, we’ll check against that (only for your account’s conferences, we won’t use it for other customers’ conferences), and
- where allowed by law, we may carry out a look-up against a third-party database. If we do, we’ll ensure that third party maintains confidentiality.
If this back-end lookup produces a name, we show that in Live Call Status to all guests.
Second, we do a “local look-up”: the conference host’s and guest’s respective LoopUp mobile apps or web client check the number against the device’s address book and cached numbers in the software respectively. If the number is resolved to a name, it is only shown locally in that software – the name is not transferred off that local device or PC, nor is it displayed in Live Call Status for others to see. A local look-up will take priority over a back-end look-up. Also, if the call host has enabled the feature, the host’s LoopUp Toolbar for Outlook will send any name resolution to Live Call Status; so everyone on the call can see the update as if the host had edited the name themselves.
Call History & Invoices
Names are shown as above and also in the summary and details of the conference we provide the conference host afterwards, on their Call History webpage, in the post-conference email and in their invoice.
Screen sharing allows you to share your screen or a selectable area of your screen in real time with others on your conference. The content is only made available to those on your conference at that time and no copy is kept unless the conference host asks us to record their conference for them, in which case, please see the Recording section below.
‘Tell a Friend’
If you give us a person’s details using our ‘Tell a Friend’ service you warrant that you have consent to do so, the person is over 18 years old and the email sent is not unwanted or malicious (if you do not use our standard wording). You understand we will tell the person receiving the email that it was sent by you or on your recommendation. If we receive your personal data from a subscriber using our ‘Tell a Friend’ service, we will send you an email with your friend’s message and details on how to sign up to our service and give you an unsubscribe method. If you unsubscribe, we will only retain your personal data for the purpose of checking that we do not send you another email under the ‘Tell a Friend’ service.
If the conference host asks us to record all or part of their conference, we will play an audio notification to all on the call, and make it clear that the conference is being recorded in other media as appropriate. We’ll make the recording available in electronic format to the conference host for download for 60 days after the conference ends, and we’ll delete the recording from our system after 90 days. If you ask us to record a conference, you are the data controller of that recording and you warrant that you have the consent of all parties on that conference to do so and that you will only use such recording in accordance with all applicable laws, including data protection laws.
Separately, we reserve the right, in accordance with applicable law, to monitor or record any telephone call or other communication with us, eg: for training purposes or to monitor the quality of customer services. We will notify you when a recording is taking place as required by law.
Cookies, Web Beacons etc
California Privacy Notice
Our websites do not respond to ‘Do-Not-Track’ signals communicated by your internet browser.
Sensitive Personal Data
We will only retain personal data for a reasonable period based on our contract with you and business requirements, for example to use that particular data as described in this policy or to comply with any law, order of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Our default retention period for personal data within Service Data and Account Data is 12 months (from the date of the conference or date of termination of the Account respectively) although this period may differ by country or type of personal data to comply with applicable laws.
The security of data is central to our business. The LoopUp group’s information security policies and practices have been audited and certified as compliant with ISO 27001, the international standard for information security, by the British Standards Institute. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. For example, our data-centres are protected by industry-standard technical and operational security such as IT firewalls and access restrictions at their physical locations. However, we can only be responsible for systems that we control and we would remind you that the internet itself is not a secure environment.
Third Party Services
You are entitled to know if we are processing any personal data about you and, if we are, with certain limitations, to a copy of that personal data. You can also ask us to remove or correct inaccurate personal data we hold about you and that we do not use your details to contact you for marketing purposes. We’ll ask you to prove your identity when you make such a request.
You can contact us by email at firstname.lastname@example.org or by post to the Privacy Officer at the address given below, depending on which LoopUp company is responsible for your data (see Who are ‘we’? above). While we ask you to raise any questions or complaints with us first, as we want to make sure we provide you with a world-class service, you are always entitled to notify a complaint to any regulator such as the UK Information Commissioner at any time.
LoopUp UK’s details are: Ring2 Communications Limited, First Floor, 78 Kingsland Road, London E2 8DP, UK. LoopUp UK is a company incorporated in England, company number 4677393, and is notified with the UK Information Commissioner, number Z855314X.
LoopUp USA’s details are: Ring2 Communications LLC, 282 2nd Street, Suite 200, San Francisco, CA 94105-3121, USA. LoopUp USA is a company registered in Nevada.
LoopUp HK’s details are Ring2 (HK) Limited, Level 43, AIA Tower, 183 Electric Road, North Point, HK. LoopUp HK is a company incorporated in HK, number 1611980, BR: 58468840-000-06-11-4.
LoopUp BBD’s details are Ring2 (Barbados) Ltd, The Gables, Haggatt Hall, St. Michael, BB11063, Barbados. LoopUp BBD is a company incorporated in Barbados, company number: 35849.
© 2016 Ring2 Communications Limited t/a LoopUp, all rights reserved.