GDPR Policy

Last Updated: March 19, 2025


1.Introduction

This GDPR Policy outlines how Telo ("we," "us," "our") processes personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. As a provider of VoIP telecommunications and managed services, we are committed to protecting the privacy and security of our customers' data.


2. Data Controller Information

Telo acts as a Data Controller for personal information processed through our services.

Contact Details:

  • Website: www.telo.uk
  • Phone: 03330 50 60 70
  • Data Protection Officer: [Insert DPO details]


3.Lawful Bases for Processing

We process personal data under the following lawful bases:

3.1 Contract Performance:

  • Providing telecommunications services
  • Managing customer accounts
  • Processing payments
  • Delivering technical support

3.2 Legal Obligation:

  • Compliance with telecommunications regulations
  • Tax and financial reporting
  • Law enforcement requests
  • Emergency services access (999 calls)

3.3 Legitimate Interests:

  • Service improvement
  • Security monitoring
  • Fraud prevention
  • Marketing to business customers

3.4 Consent:

  • Marketing communications
  • Optional service features
  • Cookie usage
  • Special category data processing
  1. Data Subject Rights


4. Under GDPR, you have the following rights:

4.1 Right to Information:

  • Clear information about data processing
  • Purpose and legal basis for processing
  • Recipients of personal data
  • Retention periods

4.2 Right to Access:

  • Confirmation of processing
  • Copy of personal data
  • Processing information
  • Response within one month

4.3 Right to Rectification:

  • Correction of inaccurate data
  • Completion of incomplete data
  • Updates to personal information

4.4 Right to Erasure:

  • Deletion of unnecessary data
  • Removal when consent withdrawn
  • Exceptions for legal obligations

4.5 Right to Restriction:

  • Limiting data processing
  • Temporary processing holds
  • Verification periods

4.6 Right to Data Portability:

  • Data in structured format
  • Direct transfer where possible
  • Machine-readable format

4.7 Right to Object:

  • Marketing objections
  • Processing objections
  • Automated decision-making


5. Data Protection Measures

5.1 Technical Measures:

  • Encryption at rest and in transit
  • Access controls and authentication
  • Firewalls and security monitoring
  • Regular security updates
  • Intrusion detection systems

5.2 Organizational Measures:

  • Staff training programs
  • Data protection policies
  • Access management
  • Regular audits
  • Incident response procedures


6.International Data Transfers

6.1 Transfer Mechanisms:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Appropriate safeguards
  • Transfer impact assessments


7. Data Retention

7.1 Retention Periods:

  • Service data: Duration of service plus 6 years
  • Financial records: 7 years
  • Marketing data: 2 years from last interaction
  • Technical logs: 12 months


8. Data Protection Impact Assessments

We conduct DPIAs for:

  • New technologies
  • Large-scale processing
  • Systematic monitoring
  • Special category data


9. Data Breach Procedures

9.1 Response Plan:

  • Immediate investigation
  • Risk assessment
  • Notification within 72 hours
  • Remedial actions
  • Documentation


10. Processor Relationships

10.1 Third-Party Management:

  • Due diligence processes
  • Data Processing Agreements
  • Regular compliance reviews
  • Security assessments


11. Training and Awareness

11.1 Staff Training:

  • Annual GDPR training
  • Security awareness
  • Incident reporting
  • Data handling procedures


12. Documentation and Records

12.1 Required Records:

  • Processing activities
  • Consent records
  • Data breaches
  • Impact assessments
  • Training records


13. Regular Reviews

This policy is reviewed:

  • Annually
  • After significant changes
  • Following incidents
  • With regulatory updates


14. Compliance Monitoring

14.1 Monitoring Activities:

  • Internal audits
  • External assessments
  • Compliance reports
  • Performance metrics


15. Contact and Complaints

For GDPR-related queries or complaints:

  • Email: gdpr@telo.uk
  • Phone: 03300 43 44 41
  • Post: Telo, Tormarton Rd, Marshfield, SN14 8SR
  • Supervisory Authority: Information Commissioner's Office (ICO)


This GDPR Policy demonstrates our commitment to data protection and privacy rights. We regularly review and update our practices to maintain compliance with current regulations.