Number Information Services Privacy Notice

XConnect collects information about telephone numbers. The information relates to the service providers that deliver, or have delivered the services to the telephone number(s) that you use. This information includes the name of the company, any special attributes that uniquely identify the service provider to telecommunications networks, and the dates that service provider associations may have changed.

XConnect also collects information about the services available on a particular telephone number. These include whether the telephone number is able to receive calls or texts.

XConnect sources and combines telephone number information from global telecommunications operators and national numbering administrators and telecoms regulators. XConnect also uses real-time information from your telecommunication service provider in order to access information about the services available to a telephone number.

XConnect collect this information in order to provide our Numbering Information Services, which we sell to our customers. Our customers will use these services in order to improve quality, prevent fraud and identity theft and optimise performance and cost efficiency of the communication services that they provide to you. Our Number Information Services (NIS) are: 

• Number Portability: Allows customers to query the XConnect service using any E.164 Telephone Number in order to discover information about the current service provider.
• HLR Lookup : Allows customers to query the XConnect service using any E.164 Telephone Number in order to discover information about the current service provider and the number status.
• Number Range : Allows customers to query the XConnect service using any E.164 Telephone Number in order to discover information about the international number range which contains the number.
• Port History: Allows customers to query the XConnect service using any E.164 Telephone Number in order to discover how often a number has ported in the last two years

XConnect has conducted a Legitimate Interest Assessment for these services. XConnect does not believe there would be any significant risk to any individual if the data from its services was unlawfully obtained or accidentally lost. In order to minimise all risks, XConnect has in place appropriate technical and organisational measures to safeguard the data it holds. This includes ISO27001 certification.

XConnect shares information about your telephone number with our customers. These companies will be providing a component of a communication service, financial service or e-commerce service that you are aware of and the information is crucial to maintaining cost effectiveness, quality, and performance of our customers’ processes as well as protecting your identity.

You might not be aware our customers’ companies because they only provide a component of the service you are aware of. 

All XConnect customers are subject to service contracts, which include permitted use policies in order to safeguard privacy. XConnect only shares information with other companies if they can demonstrate to us that they are providing a lawful service as part of a service known to the individuals. 

Information is available on a query only basis, and customer queries are authorised to ensure the queries can only come from approved customers. 

XConnect may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

XConnect may transfer data to a third party acting as an agent on its behalf. XConnect remain liable under data protection law and the principles of Privacy Shield for any agent’s processing of such personal information. 

For each service that XConnect offers, we conduct a Data Privacy Impact Assessment. The purpose of this is to minimise risks to individuals and assure our clients, suppliers, and regulators that appropriate data safeguarding is in place.

You can request access to the data we hold about you by filling in this Subject Access Request form.

 If you have reason to believe that the data we have about your telephone number is incorrect then you can contact us at privacy@xconnect.net. 

Security and Data Protection are governed by the XConnect board. XConnect regularly reviews risks to data and compliance issues, as well as undertaking and recording activities designed to keep our business and information about individuals secure. These activities include technical and organisational measures including cyber security defences, staff training, internal audits, and external reviews.

We will never deliberately mislead you about what we do with your data. We will never provide our services to companies that cannot reasonably demonstrate that they have a lawful requirement to use the services we provide.

The General Data Protection Regulations gives data subjects (you) a number of rights, these include: 

• The right to be informed about how your personal data is being used, 
• The right to get a copy of your data, 

• The right to get your data corrected, 
• The right to get your data deleted, 
• The right to limit how an organisation uses personal data 
• The right to data portability 
• The rights to object to automated decisions 

• The right to complain and report concerns 

You can find out more about these rights from the UK Information Commission. 

In some instances, not all of these rights are absolute. 

XConnect provides services to our customers on the basis of Legitimate Interests of our Customers. To do this, XConnect must conclude that the data we process has minimal privacy impact and that we do not process data in a way that you might not reasonably expect. You can receive more information about our Legitimate Interest Assessment (LIA) by contacting us. 

You can also learn more about what a company must do in order to rely on Legitimate Interest through the UK Information Commission. 

The services that XConnect provides to our customers are based on our customer’s need for personal data to enable services which you have requested from a company known to you. XConnect does not necessarily know the company (third party) that provides the service to you, but the third party will be responsible for supporting all of your data subject rights. 

XConnect does not have the ability to support some of your rights. For example, in some cases we cannot practically limit (at an individual level) how organisation uses data or object to processing because to do so may also prevent the services you wish to receive from enterprises from working. The best way for you to exercise your rights would be through the enterprise that provides you with services or through your telecommunications providers. 

XConnect does not obtain personal information from you, hence some of the rights we do not provide you. These include, the right to get your data deleted and the right to data portability. 

XConnect does directly support the following rights: 

• Your right to be informed, through this privacy notice. 
• Your right to get a copy of your data and correct data, through the following section of this policy HOW CAN I ACCESS THE INFORMATION YOU HOLD ABOUT ME? 
• The right to complain and report concerns, through contacting XConnect using the HOW TO CONTACT US section of this privacy notice. 

• For some of the services that we provide, it may not be possible or necessary to directly support other data subject rights. These will be documented in the Legitimate Interest Assessment (LIA) for each service we provide. 

XConnect is a member of the Mobile Ecosystem Forum, Trust Enterprise Messaging Code of Conduct. Along with the other Code of Conduct signatories we ensure that the best privacy practices are maintained for collecting, processing, and transmitting personal data. You can learn more about this Code of Conduct here. 

It is our objective to provide meaningful and effective information to you that is totally consistent with the services we provide to our customers. This privacy notice may change as a result of changes to our services and feedback from you. 
 
This Privacy Notice is Version 4, updated January 2020.

If you have any questions about this Privacy Policy, please contact us by email at privacy@xconnect.net or write to us at XConnect Services Limited, Cooper House, 316 Regent Park Road, London N3 2JX. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. 

Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done according to the terms of Data Protection Laws. 

 The Data Protection Laws and other information rights laws set out your rights regarding your personal information, how organisations should carry out direct marketing and how you can access information from public authorities. 

 More information can be found from the UK information commissioner. 

 XConnect Americas Inc is subject to the investigatory and enforcement powers of the FTC. You have the right to complain and seek appropriate recourse free of charge through an independent dispute resolution service and the possibility, under certain conditions, you have the right to invoke binding arbitration, You can do this via any EU Information commissioner (such as the UK Information Commissioner’s Office), or EU Data Protection Authorities (DPAs). 

 XConnect Americas Inc complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. XConnect Americas Inc certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit Privacy Shield.