Introduction
Welcome to the Meraki communications Limited Privacy policy
Within this privacy notice it will explain how Meraki communications Limited (Meraki comms) use data we collect from you, or that you provide to us and how it will be processed by us. We respect the privacy of our service users and website visitors. Your privacy is extremely important to us.
In this policy, “we”, “us” and “our” refer to Meraki communications Limited.
Our website address is: https://www.merakicommunications.co.uk.
What personal data we collect and why we collect it.
We may collect personal data from you this can be collected by filling in forms on our site, or when speaking to one of our account managers or customer service employees. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third-party embeds.
The acquired data will be minimised for its purpose, including your business name and/or personal name, job title, job description, mobile number, landline number, email address and relevant public information. The sources of your acquired data are from credit reference agencies. The legal basis for this processing is consent for individuals, or legitimate interests for corporate subscribers.
We may process information contained in call recordings. This data may be processed for quality monitoring, training, compliance and security purposes. We will never actively acquire personal sensitive information of any type; however, we may hold this if presented by you during any communication. The legal basis for this processing is lawful, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others and the proper administration of our business, your services and communications.
Access to information
The Data Protection Act 1998 (the “Act”) gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
IP Addresses
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Please remember changes made in terms of enabling, disabling or blocking cookies, will not just affect the ones we use. The changes you make will apply to any website you visit. However, you can choose to block cookies from certain websites.
Below is a list of the most popular browsers and how you can manage cookies.
Google Chrome
https://support.google.com/chrome/answer/95647?hl=en
Internet Explorer
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?
Safari
https://support.apple.com/kb/PH21411?locale=en_US
To find out how to manage your cookie preferences on other web browsers, please visit their official webpage.
What rights you have over your data
You have the right to ask us not to process your personal data for marketing and all other business purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the contact information below.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Their inclusion cannot be taken to imply any endorsement or validation by us of the content of said website.
What third parties we receive data from
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We may disclose your personal data to some of our suppliers identified below insofar for the performance of a contract between you and us and/or taking steps, at your request, to enter such a contract
Our details
We are registered in England and Wales under registration number 10995439, and our registered office is at 106 Kiln Road, Fareham, England, PO16 7UN. Our place of business is Meraki Communications, Steel House, 4300 Parkway, Whiteley, Fareham, Hants, PO15 7FP
You can contact us by post, to the postal address given above; using our website contact form; by telephone, on the contact number published on our website; or by email, using the email address published on our website. To request copy’s of personal data please write to DSAR unit The BelfRy, 4400 Parkway, Whiteley, Hampshire PO15 5FJ. We will respond to written requests within 10 working days.
Amendments
Any changes we may make to our privacy policy in the future will be posted on this page. We recommend you check this page occasionally to ensure you are happy with any changes to this policy. We may also notify you of changes to this policy by email.
Data Protection Statement
Meraki Communications Limited and all its associated companies are compliant with the data
protection regulations and Data Protection Act, continually monitor and update policies and
processes to ensure continued compliance with Data Protection Legislation and Regulations
including the General Data Protection Regulations (GDPR) and Data Protection Act 2018. As part of
the various services and products we offer our customers, and this includes system maintenance, we
may hold or have access to data that can identify individuals in order to be able to provide our
customers with the services, products and support that is agreed through our contracts. In all
instances, access to such data is controlled and limited to specific individuals.
Processing Information
Scope and purpose or processing
Personal data is held for the purposes of the provision services and related products. The personal
data held is obtained in support of contractual arrangements and is necessary under the ‘legitimate
interests’ pursued by the controller (Meraki Communications Limited) as defined in article 6.1 of the
GDPR. The facility to opt out of marketing communications remains but excludes operational or
pricing communications.
Nature of processing
Meraki Communications Limited does not undertake any automated decision making as defined by
article 22 of the GDPR. Data will be processed internally by the marketing department for the
purposes of objective and permission based marketing.
Duration of processing and retention
Meraki Communications Limited will maintain personal data for the duration of contracts during the
provision of services and products. Thereafter, the data will be held for a ‘reasonable’ period,
depending on the nature of the relationship with the customer. The data will be deleted when the
retention of that data can no longer be justified under the provisions of the Data Protection Act and
is not overruled by competing legislation or regulations. The terms against which data are held vary
and are dependent on the business cycle, regulations and legislation.
Requests for information
Persons whose data are held by Meraki Communications Limited and its associated companies may
request their own data. These are called subject access requests. These should be submitted in
writing to our postal address or via email to process@merakicommunications.co.uk. We will need to
verify the identity of the requestor and in the unlikely event there is substantial cost to Meraki
Communications Limited in terms of retrieving the data, we may charge a maximum of £10. The
regulations require us to respond within 28 days of the request.
Deletion of information
Persons whose data are held by Meraki Communications Limited and its associated companies may
request that their data be permanently deleted as stated in Data Protection Regulations and Data
Protection Legislation, and such requests will be complied with as soon as practicable where a
customer no longer has a relationship with Meraki Communications Limited or its associated
companies. Where a requestor continues to have a business relationship with Meraki
Communications Limited or its associated companies, we may need to ensure that the requestor’s
details are replaced with those of an alternative contact to enable the continued effective
management of our relationship with our customers and partners. Any such requests should be
submitted in writing to our postal address or via email to merakicommunications.co.uk. We will
need to verify the identity of the requestor in all circumstances.
Types of Personal Data
The personal data held will include: Name, Position, Telephone Number(s), email address.
No ‘sensitive data’ (as defined by the Data Protection Act) or ‘special categories of personal data’ (as
defined by the GDPR) are held against any current, former or prospective (wholesale only)
customers.
Categories of Data Subject
The data subjects whose data may be held by Meraki Communications Limited is restricted to that of
existing, former or prospective (wholesale only) customers and associated contacts. These data fall
under the category of ‘personal data’ and do not include any ‘sensitive data’ (as defined by the Data
Protection Act) or ‘special categories of personal data’ (as defined by the GDPR).
Data sharing
There is no routine data sharing of person identifiable data. Where exceptions exist, these concern
the management of systems where providers require sample data for the purposes of de-bugging
systems or processes. In these circumstances we would implement a formal data sharing agreement
to ensure the transaction is handled for the purposes of the ‘system fix’ and to obtain a legal
platform to ensure that access, security and disposal of the data adheres to our requirements in
terms of current and future ISO accreditation and Data Protection legislation.
In terms of transactional data (non person identifiable data), for example direct debit data, there is a
robust data sharing agreement and corresponding process for exchanging data with all suppliers. No
person identifiable data is exchanged or transferred routinely.
Data hosting
The majority of our data is hosted in secure cloud/data centre environments accessible only through
VPN. Our data is held within the EU, and where practicable these data will be held in a UK based
environment. Some data is held in secure local servers with the relevant backup and security
protocols. Access to all systems is managed through robust permission structures based on the
requirement of the individual’s role, and these are regularly reviewed.
Out of hours access
There are a number of specific roles within our organisation that require that ‘specified individuals’
have access to data outside of operational hours. For example to manage and react to incidents of
exceptional call reporting (fraudulent calls) and to access systems remotely or on site for the
purposes of maintenance or in managing system failures or errors. In these circumstances access is
either on our premises or is governed by the same security measures outlined in data hosting.
Risk management
There have been no significant security incidents in the last 12 months.
The organisational risk register contains all risks identified to date and these are managed as
determined by our internal processes, reporting to the organisational risk management group.