This document describes what data we collect from you, our customers, and what we do with that data, in accordance with the new General Data Protection Regulation (GDPR) commencing on 25th May 2018.
What information/data do you collect?
We collect the following information:
(1) Personal Details
When you subscribe to any of our services, we require information on up to three contacts/individuals – the admin/contractual contact, the billing/financial contact, and the technical contact. We collect the following information for each of them:
Should you request number portability then we may also require your ID Card details.
(2) Equipment Data
We store the details (serial number, etc) of all the equipment we provide you with (router, TV boxes, etc) that you need in order to access our service(s). It may also be necessary to record information of customer equipment if used to receive our service(s).
(3) Biometric Data
We may collect fingerprint data if access to our data centre or any other secure location is required.
(4) Telephone Calls & Voicemail
We record telephone calls made to Sapphire, so if you call us we may record your conversation. We naturally also record any voicemail you may leave if we are unable to answer your call.
(5) CCTV Cameras
We have installed CCTV cameras within our premises – if you visit our premises you may be recorded.
(6) Support Tickets
We use a ‘ticket’ system for customer support which records all correspondence between ourselves and our customers as well as relevant notes we may add to assist in resolving the issue.
(7) Activity Logs
We store activity logs which include:
(8) Traffic Stats & Monitoring
We record some real-time customer traffic/activity.
Why do you collect this data?
We need your Personal Details in order to know who you are, where to provide the service(s), where to invoice you, and how to contact you. Should you require number portability, we may need your ID Card details to pass on to your existing telephone provider to prove your identity to them as part of the process.
Equipment Data is required to provision the equipment in order to provide you with the service(s).
Your Biometric Data is required to provide you with access to one or more of our secure locations.
We store Telephone Calls made to us for training purposes to assist in identifying and improving our customer support. Voicemails are recorded so we can reply to any issues or queries you may have.
We record our premises with CCTV Cameras for security purposes.
We record all correspondence with you in our Support Tickets system to have a history of previous issues in order to help assist you with any problems you may experience in the future.
We have a legal obligation under the Communications (Personal Data and Privacy) Regulations 2006 to store Activity Logs for 12 months. For your information, the storing of these logs is normal practice and, as a legal requirement, is public knowledge, so nothing has changed other than our requirement under the new GDPR to clearly inform you of it.
The Traffic Stats & Monitoring are used to generate statistics and, more importantly, to monitor our network for the purposes of security and anomaly detection which allows us to identify any misuse and/or attack on our network.
Where is this data stored?
We store all data, other than your ID Card details, securely on our own servers in our offices in Europort.
We also use a cloud-based Process Management system where we may attach your Personal Details only in order to activate your service and billing. This data is only used for the one-time activation of the service and is not ‘live’ nor updated thereafter. The cloud provider is fully GDPR compliant – your data is secure and only accessible and controlled by ourselves.
We don’t store your ID Card details. This may only be required for the number portability process to prove your identity to the company from where your number will be ported and to ensure the correct number is ported.
How do you protect this data?
The security and protection of data is very important to us. We use robust industry-standard security and encryption methods to ensure all data is secure both online and physically.
Although we safeguard your data on our infrastructure, we cannot guarantee the security of any information we transmit beyond our infrastructure in providing you with your service(s), including Internet traffic, emails and telephone calls.
Who has access to my data? Personal Details, Equipment Data, Telephone Calls and Support Tickets are only accessible by authorised personnel who need access in order to:
1. Provide you with the service
2. Provide support and maintenance of your service
3. Improve our customer support
4. Create invoices and provide accounting support
Your Biometric Data is encrypted and stored securely within a propriety biometric security system whose data can’t be extracted for use on any other system.
The CCTV Camera recordings are archived and only ever accessed by authorised personnel when necessary in the event of a security breach or incident.
The Activity Logs are archived and never accessed again other than if/when required to fulfil any legal obligations that the Regulations provide for.
The Traffic Stats & Monitoring data is used by automatic processes to create statistics and/or reports/graphs/etc for monitoring purposes only.
How long do you keep this data for?
It is a legal requirement for us to keep:
In other cases we’ll store the data for the periods needed for the purposes for which the information was collected or for which it is to be further processed, otherwise we delete it.
How can I access and update my data?
It is important that the information we have on you is always up to date. If there are any changes with any of the contacts or their information please contact your account manager who can update our records.
If you would like a copy of all the personal data we hold in relation to your company, please contact your account manager to make the request.
We cannot provide you with any copies of any CCTV Camera footage or Telephone Calls. These can be retrieved in the event of a security issue or incident.
Do you share my data with any third parties?
Number porting in Gibraltar is handled by a cloud-based company (as stipulated by the GRA). They are fully GDPR compliant and will use any data received solely for the porting process. Should you request your number to be ported, they will receive your request including your telephone number and ID Card details (if required) to confirm your identity with your current telephone provider. We do not retain or store any of your ID Card details ourselves.
We share your name, address and telephone number with the Gibraltar Telephone Directory unless you have opted not to be included in the Directory. Information provided to the Gibraltar Telephone Directory will be made public and can no longer be considered ‘secure’.
We may also share your information to comply with legal and regulatory obligations such as with our auditors and with the Gibraltar Regulatory Authority (GRA). These entities will always have strict procedures in accordance with the GDPR.
We do not share any personal data we store with any other third party unless legally required to.
For further information about the GDPR please visit:
If you require any further information from us please contact your account manager.