Introduction & who we are
This Privacy Policy explains how AIRCOM LIMITED ("Aircom", "we", "us" or "our") collects, uses, shares and protects personal data. We are a UK-registered telecoms voice carrier providing wholesale voice, SIP trunking, international voice routing and carrier interconnect services to businesses and other carriers.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Aircom is the data controller responsible for the personal data described in this policy. Our details are set out below.
- Controller: AIRCOM LIMITED
- Company number: 16411888, registered in England & Wales
- Registered office: 47 Ellora Road, London, SW16 6JG, United Kingdom
- Email for privacy enquiries: contact@aircomlimited.co.uk
We have not appointed a statutory Data Protection Officer, as we are not required to do so. Our privacy enquiries are handled by the person responsible for data protection at the contact email above.
What this policy covers
This policy applies to personal data we process when you interact with us, including when you visit our website, complete a contact or enquiry form, correspond with us, or use our services as a customer, partner or carrier counterparty.
Our services are aimed at businesses and other carriers (a business-to-business model). In the course of carrying voice traffic on behalf of our customers, we may process metadata that relates to individuals (for example, calling and called numbers). Where we do so on a customer's instructions, the customer is typically the data controller and Aircom acts as a processor; the rest of this policy concerns personal data for which Aircom is the controller.
Our website may contain links to third-party websites and services. This policy does not apply to those sites, and we are not responsible for their privacy practices. We encourage you to read the privacy notices of any third-party sites you visit.
Personal data we collect
We collect different categories of personal data depending on how you interact with us. We aim to collect only what we need for the purposes set out in this policy.
Contact and enquiry data
- Your name and the name of your company or organisation
- Your business email address
- The content of your message or enquiry, and any details you choose to include
- Records of our correspondence with you
Customer, account and KYC data
Where you engage us as a customer, partner or carrier, we collect information needed to set up and manage the relationship and to meet our regulatory and anti-fraud obligations. This is largely business and contact information, and the personal data within it is typically limited to the individuals who represent the organisation.
- Business contact details for your authorised representatives (name, role, email and telephone)
- Company information and identifiers used for know-your-customer (KYC), due diligence and credit checks
- Billing, payment and account information needed to invoice and settle traffic
- Service configuration, support tickets and operational correspondence
Call detail records and traffic metadata
To deliver and bill our services, detect fraud and meet legal obligations, our network generates call detail records (CDRs) and related signalling and traffic metadata. This metadata can include calling and called numbers, call timestamps, duration, routing information and quality measurements. It does not include the content of calls.
Website and technical data
When you visit our website we may collect technical information such as your IP address, device and browser type, and information about how you use the site. Some of this data is collected through cookies and similar technologies. Please see our Cookie Policy at /legal/cookies for full details and how to manage your preferences.
How we use your data & lawful bases
We only process personal data where we have a lawful basis to do so under Article 6 of the UK GDPR. The bases we rely on, and the purposes for which we process data, are set out below.
Performance of a contract
- Setting up and administering customer, partner and carrier accounts
- Provisioning, routing, monitoring and supporting our voice services
- Generating CDRs, rating, invoicing and settling traffic
Legitimate interests
We rely on our legitimate interests (and those of our customers and the wider telecoms ecosystem) where this is not overridden by your rights and freedoms. These interests include:
- Responding to enquiries submitted through our contact form and managing business relationships
- Detecting, investigating and preventing fraud, traffic pumping and network abuse
- Maintaining the security, integrity and resilience of our network and systems
- Understanding and improving our website and services, and limited B2B marketing to relevant business contacts
Legal obligation
- Complying with telecoms regulation, KYC and anti-fraud requirements, and tax and accounting law
- Responding to lawful requests from regulators, courts and law enforcement
- Retaining records where we are legally required to do so
Consent
Where we rely on consent, for example, for certain non-essential cookies or optional communications, we will ask for it clearly and you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
International transfers
As an international voice carrier, traffic and the associated metadata may necessarily be routed and processed outside the United Kingdom. Some of our service providers may also be located, or store data, outside the UK.
Where we transfer personal data outside the UK, we take steps to ensure it is afforded an adequate level of protection. We rely on one or more of the following safeguards:
- Transfers to countries the UK Government has determined provide an adequate level of data protection (adequacy regulations)
- The International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses (SCCs)
- Other appropriate safeguards recognised under the UK GDPR, together with any supplementary measures we consider necessary
You can ask us for more information about the safeguards we apply to international transfers by contacting us at contact@aircomlimited.co.uk.
Data retention
We keep personal data only for as long as we need it for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, tax or reporting requirements, and to establish, exercise or defend legal claims.
When determining the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and applicable legal requirements.
- Contact and enquiry data: retained for as long as needed to handle your enquiry and for a reasonable period afterwards in case of follow-up
- Customer, account and KYC records: retained for the duration of the relationship and for the period required by law after it ends
- CDRs and traffic metadata: retained for the period needed for billing, dispute resolution, fraud prevention and any applicable legal or regulatory requirement
- Financial and tax records: retained for the period required by UK accounting and tax law
When data is no longer required, we will securely delete or anonymise it.
Your rights under UK GDPR
Subject to certain conditions and exemptions, you have the following rights in relation to your personal data:
- Right of access, to be told whether we hold your data and to receive a copy of it
- Right to rectification, to have inaccurate data corrected and incomplete data completed
- Right to erasure, to ask us to delete your data in certain circumstances ('right to be forgotten')
- Right to restriction, to ask us to limit how we use your data in certain circumstances
- Right to data portability, to receive certain data in a structured, commonly used, machine-readable format
- Right to object, to object to processing based on legitimate interests, and to direct marketing at any time
- Right to withdraw consent, where we rely on your consent, you can withdraw it at any time
- Rights related to automated decision-making, see the section on automated decision-making below
To exercise any of these rights, please contact us at contact@aircomlimited.co.uk. We may need to verify your identity before we act on your request. We will respond within the timeframes required by law, normally within one month, and we will not charge a fee unless your request is manifestly unfounded or excessive.
Data security
We take the security of personal data seriously and maintain appropriate technical and organisational measures designed to protect it against unauthorised or unlawful processing, accidental loss, destruction or damage.
- Access controls and the principle of least privilege for systems holding personal data
- Encryption in transit and, where appropriate, at rest
- Network monitoring, logging and resilience measures across our platform
- Contractual and confidentiality obligations on staff and processors who handle personal data
No method of transmission or storage is completely secure, so while we strive to protect your data we cannot guarantee absolute security. Where we are legally required to do so, we will notify the relevant supervisory authority and any affected individuals of a personal data breach.
Automated decision-making & profiling
We do not make decisions that produce legal effects, or similarly significant effects, based solely on automated processing of personal data.
We do use automated tools to help detect and prevent fraud and network abuse, for example, analysing traffic patterns and metadata to flag anomalies. Where such tools identify a potential issue, meaningful human review is applied before any action that significantly affects an individual or customer is taken. If you have concerns about any automated processing, please contact us.
Children's data
Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children.
If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.
Complaints & the ICO
If you have any concerns about how we handle your personal data, please contact us first at contact@aircomlimited.co.uk so we have the opportunity to address them.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters. You can contact the ICO via its website at ico.org.uk or by telephone or post. We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal and regulatory requirements. When we make changes, we will revise the 'last updated' date shown alongside this policy.
Where changes are significant, we will take reasonable steps to bring them to your attention. We encourage you to review this policy periodically to stay informed about how we protect your data.
How to contact us
If you have any questions about this Privacy Policy, wish to exercise your rights, or want more information about how we process personal data, you can contact us using the details below.
- AIRCOM LIMITED (company number 16411888)
- Registered office: 47 Ellora Road, London, SW16 6JG, United Kingdom
- Email: contact@aircomlimited.co.uk
This Privacy Policy is provided for information only and does not constitute legal advice.
