Protecting SMS Used in Critical Business Processes
On November 9th, 2019, the National Cyber Security Centre (NCSC), which draws expertise from the UK’s GCHQ and CERT-UK, published advice on the use of
XC Technology Holdings Group, a UK Company governed by the Laws of England and Wales, is a specialist information provider and telecommunications company.
This privacy policy explains how we use any personal information we collect about you for the Number Information Services that we provide to our customers. XC Technology Holdings Group and its subsidiaries (including XConnect Services Limited, XConnect Carrier Services Ltd, and XConnect Americas Inc) comply at all times with the Data Protection Legislation, including GDPR and Privacy Shield.
XConnect collects information about telephone numbers. The information relates to the service providers that deliver the services to the telephone number(s) that you use. This information includes the name of the company and any special attributes that uniquely identify the service provider to telecommunications networks.
XConnect also collects information about the services available on a particular telephone number. These include whether the telephone number is able to receive calls or texts.
XConnect sources and combines telephone number information from global telecommunications operators and national numbering administrators and telecoms regulators. XConnect also uses real-time information from your telecommunication service provider in order to access information about the services available to a telephone number.
XConnect collect this information in order to provide our Numbering Information Services, which we sell to our customers. Our customers will use this service in order to improve quality, performance and cost efficiency of the communication services that they provide to you. Our Number Information Services (NIS) are:
XConnect has conducted a Legitimate Interest Assessment for these services. XConnect does not believe there would be any significant risk to any individual if the data from its services was unlawfully obtained or accidentally lost. In order to minimise all risks, XConnect has in place appropriate technical and organisational measures to safeguard the data it holds.
XConnect shares information about your telephone number with our customers. These companies will be providing a component of a communication service that you are aware of and the information is crucial to maintaining cost effectiveness, quality, and performance of our customers’ communication systems.
You might not be aware our customers’ companies because they only provide a component of the service you are aware of.
All XConnect customers are subject to service contracts, which include permitted use policies in order to safeguard privacy. XConnect only shares information with other companies if they can demonstrate to us that they are providing a lawful service as part of a service known to the individuals.
Information is available on a query only basis, and customer queries are authorised to ensure the queries can only come from approved customers.
XConnect may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
XConnect may transfer data to a third party acting as an agent on its behalf. XConnect remain liable under data protection law and the principles of Privacy Shield for any agent’s processing of such personal information.
For each service that XConnect offers, we conduct a Data Privacy Impact Assessment. The purpose of this is to minimise risks to individuals and assure our clients, suppliers, and regulators that appropriate data safeguarding is in place.
You can access information about your telephone’s number range using this link. This page demonstrates our GNR service that we provide to our customers. You are unlikely to know this information.
The only other information that we have about your telephone number is the name of your current service provider, you can obtain this information directly from your phone or phone bill.
If you have reason to believe that the data we have about your telephone number is incorrect then you can contact us at info@xconnect.net.
Security and Data Protection are governed by the XConnect board. XConnect regularly reviews risks to data and compliance issues, as well as undertaking and recording activities designed to keep our business and information about individuals secure. These activities include technical and organisational measures including cyber security defences, staff training, internal audits, and external reviews.
We will never deliberately mislead you about what we do with your data. We will never provide our services to companies that cannot reasonably demonstrate that they have a lawful requirement to use the services we provide.
The General Data Protection Regulations gives data subjects (you) a number of rights, these include:
You can find out more about these rights from the UK Information Commission.
In some instances, not all of these rights are absolute.
XConnect provides services to our customers on the basis of Legitimate Interests of our Customers. To do this, XConnect must conclude that the data we process has minimal privacy impact and that we do not process data in a way that you might not reasonably expect. You can receive more information about our Legitimate Interest Assessment (LIA) by contacting us.
You can also learn more about what a company must do in order to rely on Legitimate Interest through the UK Information Commission.
The services that XConnect provides to our customers are based on our customer’s need for personal data to enable services which you have requested from a company known to you. XConnect does not necessarily know the company (third party) that provides the service to you, but the third party will be responsible for supporting all of your data subject rights.
XConnect does not have the ability to support some of your rights. For example, in some cases we cannot practically limit (at an individual level) how organisation uses data or object to processing because to do so may also prevent the services you wish to receive from enterprises from working. The best way for you to exercise your rights would be through the enterprise that provides you with services or through your telecommunications providers.
XConnect does not obtain personal information from you, hence some of the rights we do not provide you. These include, the right to get your data deleted and the right to data portability.
XConnect does directly support the following rights:
XConnect is a member of the Mobile Ecosystem Forum, Trust Enterprise Messaging Code of Conduct. Along with the other Code of Conduct signatories we ensure that the best privacy practices are maintained for collecting, processing, and transmitting personal data. You can learn more about this Code of Conduct here.
It is our objective to provide meaningful and effective information to you that is totally consistent with the services we provide to our customers. This privacy notice may change as a result of changes to our services and feedback from you.
This Privacy Notice is Version 3, updated November 2018.
If you have any questions about this Privacy Policy, please contact us by email at privacy@xconnect.net or write to us at XConnect Services Limited, Cooper House, 316 Regent Park Road, London N3 2JX. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done according to the terms of Data Protection Laws.
The Data Protection Laws and other information rights laws set out your rights regarding your personal information, how organisations should carry out direct marketing and how you can access information from public authorities.
More information can be found from the UK information commissioner.
XConnect Americas Inc is subject to the investigatory and enforcement powers of the FTC. You have the right to complain and seek appropriate recourse free of charge through an independent dispute resolution service and the possibility, under certain conditions, you have the right to invoke binding arbitration, You can do this via any EU Information commissioner (such as the UK Information Commissioner’s Office), or EU Data Protection Authorities (DPAs).
XConnect Americas Inc complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. XConnect Americas Inc certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit Privacy Shield.
On November 9th, 2019, the National Cyber Security Centre (NCSC), which draws expertise from the UK’s GCHQ and CERT-UK, published advice on the use of
GDPR: One Year On – is daunting topic and I couldn’t help myself avoid parallels with foretelling what my young sons will grow up to be. In
XConnect’s Lee Suker wrote an article published by the Mobile Ecosystems Forum (MEF). Suker explains the vulnerabilities of SMS ‘One Time Passwords’ (OTP). OTP enable
Cooper House
316 Regents Park Road
London N3 2JX
United Kingdom
Tel: +44 (0) 20 8371 4800
Email: info@xconnect.net