ADVANIA EXTERNAL NOTICE (SIP COMMUNICATIONS LIMITED IS PART OF THE ADVANIA GROUP)
This Policy is issued by each of the controller entities listed in Section 12 below (together, “Advania”, “we”, “us” and “our”) and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our websites, other users of our services, personnel of corporate customers and suppliers, applicants for employment, and visitors to our premises (together, “you”). Defined terms used in this Policy are explained in Section 14 below.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
Advania protects your privacy, and we want you to feel safe when submitting your personal data to us. It is important to us to be open about how we manage your personal data and give you information in a way that makes you understand how we will process them.
In this Policy, which applies to all of Advania’s customers, suppliers and partners in the local country, we want to inform you about how we handle your personal data as it relates to visits to our websites, registering an account in our e-shop or mailing list, when your employers buy our products or services, or in other contacts made with us.
Advania works continuously with privacy matters, and therefore we may update this Policy. You will find the latest version on this page. This Policy was last updated on December 2024.
We collect personal information:
We additionally collect the following information as part of our services to our Customers:
We may also receive personal data about you from the customer, supplier or partner by whom you are employed. In some cases, we may also collect personal data from public registers (e.g., from the Companies Registration Office if you are a board member, managing director or authorized signatory). We also create personal data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us.
Advania uses your personal data for the purposes and on the legal bases provided below:
| Purpose | Personal data | Legal basis |
Managing and improving services and products as well as our regulatory obligations regarding Emergency Services. |
|
|
Management, contractual and regulatory obligations of maintaining CRDs (Call Data Recordings). |
|
|
Where we have provided end user equipment, such as an analogue telephone adapter or a VoIP phone, we collect device-specific information from you. |
|
|
Management of the relationship with contact persons at customers, suppliers or partners, i.e., communication before and during contractual relationship. |
|
|
Management of customer service inquiries, e.g., reception, investigation and responding to requests. |
|
|
Customer and supplier credit checks. |
|
|
Sending of newsletters, including marketing. |
|
|
Management of events organized by us or in cooperation with our partners. |
|
|
Conducting surveys. |
|
|
Updating and improving services and products as well as the technical functionality of our computer systems and websites. |
|
|
Maintaining records of the people who have communicated that they do not wish to receive marketing from Advania. |
|
|
Maintaining records of sales, finance, corporate audit, and supplier management. |
|
|
Complying with our legal and regulatory obligations under applicable law. |
|
|
Ensuring physical safety of our premises. |
|
|
Establishing, exercising and/or defending legal claims: managing legal claims; establishing facts and claims (including collection, review and production of documents, facts, evidence and witness statements), and exercising and defending legal rights and claims (including formal legal proceedings). |
|
|
Engaging in recruitment activities (advertising positions, interviewing, analysing suitability for the relevant position, and recording hiring decisions, offer details and acceptance details). |
|
|
We care about your personal data and therefore want to inform you that based on your express consent, we may collect health information (allergies) to organize events according to your desires and needs when food or drinks are served (the legal basis of your consent is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). We will ask for your express consent to the processing of this information alongside the invitation or registration to the specific event. Your personal data is stored for 1 month after the event has ended. Please contact us (our contact details are in Section 12below) to revoke your consent or to update the information that is registered about you. Read more about how we process your personal data in our privacy information below.
Advania ensures that your personal data is handled in accordance with appropriate technical and organisational security measures to protect against illicit or unauthorized access to said information as well as destruction, loss, alteration, unauthorized disclosure and other unlawful or unauthorized forms of processing, in accordance with applicable law. At Advania, we only handle necessary information, and only by those who need it in order to provide the best service to our customers, suppliers and other people who come into contact with Advania.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although Advania will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us are sent securely.
We may disclosure your personal data to the following categories of recipients:
| Recipient category | Purpose and legal basis | Personal data |
Our third party service providers (processors acting on our behalf and under our instructions) for example in the areas of IT hosting. | To fulfil our contractual obligations to you (Article 6.1b of the GDPR) and for the administration of our business needs, to the extent that such legitimate interest is not overridden by their interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Accountants, auditors, consultants, lawyers and other outside professional advisors to Advania, subject to binding contractual obligations of confidentiality. | To fulfil our legal obligations (Article 6.1c of the GDPR) and to achieve our legitimate interest in maintaining business continuity, sourcing finance, managing a proposed sale or merger of our business, and such other purposes necessary for the running of our business, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Legal and regulatory authorities (e.g., The Tax Agency). | To fulfill our legal obligations (Article 6.1c of the GDPR). |
|
Partners other than the one for whom you work. | Our legitimate interest in managing cooperation agreements (Article 6.1f of the GDPR). |
|
Law enforcement agencies, courts, agents, parties and counter parties. | To fulfil our legal obligations (Article 6.1c of the GDPR).Our legitimate interest in establishing, asserting and defending legal claims (e.g., in the case of a dispute) to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Licensors for products and services resold by Advania. | Advania’s legitimate interest in managing agreements with licensors, e.g., for the licensor to know who the end customer is and their contact person for administration purposes to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Customer credit check providers. | Advania´s legitimate interest under Article 6.1 f of the GDPR to carry out customer credit checks to the extent such legitimate interest is not overridden by your interests, fundamental rights or freedoms. |
|
Advisors and buyers for the entirety or part of the business and its operations. | Advania’s legitimate interest in being able to carry out sales of the entirety or parts of the business, e.g., in relation to company inspections to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). |
|
Your personal data may also be disclosed to relevant third party providers, where our websites use third party advertising, plugins or content. We use such third party providers to maintain the functionality of our websites (to achieve our legitimate interest, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1f of the GDPR). If you choose to interact with any such advertising, plugins or content, your personal data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
Summary |
We take every reasonable step to ensure that your personal data are only retained for as long as they are needed in connection with a lawful purpose. |
We take every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your personal data are as follows:
(1) we will retain personal data in a form that permits identification only for as long as: |
(a) we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or |
(b) your personal data are necessary in connection with the lawful purposes set out in this notice, for which we have a valid legal basis (e.g., where your personal data are included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your personal data), |
plus: |
(2) the duration of: |
(a) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data are relevant); and |
(b) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any personal data that are relevant to that claim), |
and: |
(3) in addition, if any relevant legal claims are brought, we continue to process personal data for such additional periods as are necessary in connection with that claim. |
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our processing of your personal data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
Because of the international nature of our business, we may transfer personal data within the Advania group, and to the third parties listed above. For this reason, we may transfer personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your personal data from the EEA to recipients located outside the EEA who are not in jurisdictions that have been formally designated by the European Commission as providing an adequate level of protection of personal data, we do so on the basis of appropriate Standard Contractual Clauses. You may be entitled to request a list of the relevant countries to which your personal data may be transferred and a copy of our Standard Contractual Clauses by reaching out to us using the details provided in Section 12 below.
Please note that when you transfer any personal data directly to any Advania entity established outside the EEA, we are not responsible for that transfer of your personal data. We will nevertheless process your personal data, from the point at which we receive those data, in accordance with the provisions of this privacy information.
EU-U.S. Data Privacy Framework (DPF) and UK Extension to the EU-U.S. DPF
Advania Corporation complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Advania Corporation has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
For purposes of compliance with the DPF, Advania Corporation commits to resolve complaints about your privacy and our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding this privacy policy should first contact Advania Corporation at support@sipcom.com.
Protection Authorities for each EEA jurisdiction can be found here. Details of the UK Information Commissioner’s Office can be found here.
Under certain conditions, more fully described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Advania Corporation commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to ICDR-AAA, an alternative dispute resolution provider based in United States.
If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the Data Protection Authorities for each EEA and UK Information Commissioner’s are provided at no cost to you.
Advania Corporation’s adherence to the DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Advania Corporation furthermore is subject to investigatory and enforcement powers of the Federal Trade Commission (FTC.)
In compliance with the DPF Principles, Advania Corporation commits to the following:
Notice: In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Advania Corporation commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Choice: Advania Corporation will provide individuals with the opportunity to choose (opt-out) whether their personal information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Accountability for Onward Transfer: Advania Corporation will only transfer personal information to a third party consistent with the DPF Principles and will ensure that such third party is obligated to provide at least the same level of privacy protection as is required by the DPF Principles.
Security: Advania Corporation will take reasonable and appropriate measures to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation: Advania Corporation will take reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete, and current.
Access: Upon request, Advania Corporation will grant individuals reasonable access to personal information that it holds about them. Advania Corporation will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Recourse, Enforcement, and Liability: Advania Corporation will comply with the DPF Principles regarding recourse, enforcement, and liability by providing mechanisms for individual complaints and disputes to be resolved and by enforcing compliance with the DPF Principles within the organization.
For more information about the DPF Principles and to view our certification, please visit the DPF website.
Advania SA
ADVANIA SA (PTY) LTD Our group company ADVANIA SA (PTY) LTD is based outside the EEA in South Africa. This company provides support desk services to Advania Limited in the UK. ADVANIA SA maintains its own South African Privacy Policy in accordance with the requirements of GDPR, the Protection of Personal Information Act, 4 of 2013 (POPIA) and the Promotion of Access to Information Act, 2 of 2000 (PAIA). A copy of the South African Privacy Policy and the PAIA Manual for ADVANIA SA is available on written request from our South African Information Officer at the following email address: informationofficer.sa@advania.se
Subject to applicable law, you may have the following rights regarding the processing of your personal data. To submit a request in accordance with the data subject’s rights, you may contact us using the details provided in Section 12 below. If we receive a request from you, we may request additional information to ensure that we are providing the information to the right person.
You have the right not to provide your personal data to us. However, please note that we may be unable to provide you with the full benefit of our websites or services, if you do not provide us with the necessary personal data.
Subject to applicable law, you may have the right to receive confirmation from Advania that your personal data is being processed by Advania and, if so, to access the personal data and the following information:
Subject to applicable law, you may also have the right, upon request, to receive a copy of your personal data in a commonly used electronic format. Please note that Advania has the right to charge a fee if you request more than one (1) copy of your personal data.
Subject to applicable law, you may have the right to rectification of incomplete or incorrect personal data processed by us. Depending on the purpose of the processing you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.
Subject to applicable law, you may have the right to erasure of your personal data. The right to erasure may apply:
Where we have made the personal data public and are obliged to erase the personal data according to the above, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
What is stated above regarding the right to erasure does not apply to the extent the processing is necessary for example:
Subject to applicable law, you may have the right to obtain restriction of processing where one of the following grounds applies:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If you have obtained restriction of processing, you shall be informed by us before the restriction of processing is lifted.
You have the right to withdraw your consent to the extent that Advania’s processing of your personal data is based on consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal data in reliance upon any other available legal bases).
When the processing of your personal data takes place on the basis of your consent or because the processing is necessary to fulfil or enter into an agreement with you, and provided that the personal data has been collected directly from you, you have the right to receive a copy of your personal data in a common machine-readable format. To submit a request to exercise your rights, please contact us using the details provided in Section 12below.
Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data:the right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Articles 6.1e (public interest) or 6.1f (legitimate interests) of the GDPR; andthe right to object to the processing of your personal data by us or on our behalf for direct marketing purposes. |
You are welcome to contact us with questions or complaints regarding the processing of your personal data, using the details provided in Section 12 below. However, you also always have the right to file a complaint regarding the processing of your personal data to the relevant Data Protection Authority. Details of the Data Protection Authorities for each EEA jurisdiction can be found here. Details of the UK Information Commissioner’s Office can be found here.
For the purposes of this Policy, the relevant controllers are:
Controller entity | Contact details |
Sipcom Communications LimitedRegistered Number: 05759363 (which is part of the Advania group) | Registered Office: Lowry Mill, Lees Street, Swinton, Manchester M27 6DB UKTelephone: 0203 328 5000Email: privacy@sipcom.com |
Each of the controllers established outside the EEA and listed in Section 12above has appointed Advania Sverige AB, reg. no. 556214-9996, compliance@advania.se to be its representative for the purposes of Article 27 of the GDPR.
Each of the controllers established outside the UK and listed in Section 12 above has appointed Advania UK Limited, reg no. 03645998, privacy@advania.co.uk to be its representative for the purposes of Article 27 of the UK GDPR.
Each of the controllers established outside the UK and listed in Section 12 above has appointed Content and Cloud Corporation dba Sip Communications, privacy@advania.co.uk to be its representative for the purposes of Article 27 of the UK GDPR.
