Privacy Policy

Date last revised: 23/04/2018

NEW STAR NETWORKS LIMITED (we/us/our) is committed to protecting your personal data. We recognise that your personal data is your property and that you have loaned it to us for specific purposes.

Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you (set out below or in our agreement with you) or in the way you ask us to, and we will give it back to you at any time.

  1. This policy
    1. This policy, together with any terms and conditions or other documents we provide to you at any time during our relationship with you, sets out how we will process your personal data.
    2. This policy will apply to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
    3. By visiting our website at www.nsn.co (our Website), or by providing your personal data to us, you understand, accept and consent to the practices described in this policy.
    4. Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
    5. For more information relating to your rights under this policy, please see section 10.
    6. If you have any queries relating to this policy, please contact us at yourdata@nsn.co in the first instance
  2. Who we are
    1. We are the chief provider of operational services to the Fidelity Group Limited (number 06765669) (Fidelity), which we provide on the terms of a written agreement. Fidelity are one of the UK’s fastest growing communications providers, with well established relationships with all major UK communications vendors.
    2. For the purposes of the Act, we consider that the data controller will be (jointly):
      1. NEW STAR NETWORKS LIMITED, a company registered in England & Wales (number 07143368) with its registered office at 8 Lincoln’s Inn Fields, London WC2A 3BP; and
      2. FIDELITY GROUP LIMITED, a company registered in England & Wales (number 06765669) with its registered office at 37-41 Bedford Row, London, WC1R 4JH.
    3. We are registered with the ICO to process your personal data and our registration number is Z2598251. Fidelity are also ICO registered and their registration number is Z2099463.
    4. New Star Networks (Pty) Limited are an organisation affiliated with us, based and registered in the RSA (number 2017/045016/07). Their registered office is located at Block B First Floor, Eco Office Park, Cnr Hennie Alberts & Michelle Ave, Meyersdal, Alberton, South Africa, 1448 (NSN RSA). NSN RSA will be a data processor, appointed to process your personal data on our behalf.
  3. Your consent
    1. We do not ordinarily rely on your consent to process your personal data. We process your personal data primarily to perform our contract with, and provide our services to, you. We consider the personal data we obtain is reasonable and necessary for these purposes. However, we review this intermittently and remove any inaccurate or obsolete data in accordance with our internal data retention policy.
    2. By using our Website and/or our services, you expressly consent to:
      1. the transfers of your personal data to those specifically listed third parties in this policy, for the reasons specified; and
      2. us using your personal data for direct marketing purposes.
    3. Where you consent to marketing from us, we confirm that we only market our services directly and do not engage any third parties to do this on our behalf.
    4. You may exercise your rights under section 10 at any time, which includes withdrawing your consent to our processing of your personal data (where we rely on your consent to process such data). However, where this withdrawal prevents us from performing our contract with you, we may not be able to provide our services to you.
  4. What we collect
    1. In order to provide our services to you, we process the following categories of your personal data:
      1. name and job title;
      2. personal contact details, including email address;
      3. mobile phone number; and
      4. bank account details.
    2. Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, a separate privacy notice applies and a copy is available on request.
    3. If your personal data changes, or becomes inaccurate at any time, you must let us know to avoid any errors or delays in our services, and to allow us to update our records.
  5. How we collect it
    The categories of data in section 4 are collected in the following ways:

    1. When you provide it to us
      1. When you correspond with us by phone or e-mail as part of our business with you (whether for customer support, billing, upgrades or otherwise), any of your personal data contained in that correspondence will be retained by us. All of our calls are recorded for training and monitoring purposes;
      2. When we enter into a contract with you (whether directly or via one of our appointed “dealers”), any personal data contained in that contract (or related correspondence) will be retained by us;
    2. When we collect it from you
      1. When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
      2. We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website.
    3. When we receive it from others So that we can provide our services to you, and can verify your identity and your ability to continue to make payments to us, we will use recognised third party credit rating/reference agencies to carry out credit checks on you. Any information in that credit report that allows us to identify a natural person will be retained by us for the purposes of providing our services.
    4. We may also receive personal data and basic contact details from our existing partners, dealers and suppliers who may refer your data to us if they reasonably consider that you may be interested in our services. They only do so on the terms of a written agreement with us and are under legal and contractual obligations to notify you that they are referring your details to us, for specified purposes. So that we can monitor their compliance, please notify us immediately if you were not aware that your personal data had been transferred for us.
  6. What we use it for
    1. Your personal data is primarily required to enable us to supply you with the relevant services and support you have requested from us, and to contact you in relation to any enquiries or requests you raise with us.
    2. We also use your personal data to send you information by email about us, our services and any recent market updates that are similar to those you have already purchased or enquired about. We only do this where you have given us permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
    3. Technical information we collect about your visit to our Website is used to enable us to:
      1. personalise and improve its functionality and security (to keep it safe and secure);
      2. administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
      3. ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary.
    4. From time to time we also use your email address or telephone number to contact you for market research purposes (where you have given us permission to do so).
    5. Once collected, your personal data will be retained by us for as long as is necessary for us to provide you with the relevant services, to market our services to you (where requested) and to enable us to improve our Website. After this point, the data will be securely deleted and we will not contact you unless you ask us to.
  7. Who can access it
    1. Our CRM system (details of which are confidential), used for billing and ongoing service support, is hosted by Fidelity and accessed by both our staff and those of Fidelity. Access to the data stored on that system is limited by staff seniority (the more senior the staff member, the wider the access). Please be assured that this system is hosted in the UK and all data is processed and stored within the EU (other than that data processed by NSN RSA staff).
    2. Your personal data will be held and stored by us in our internal management information systems on servers located in the UK or through the Cloud (hosted from the US). All personal data is processed either by UK or South African (RSA) based staff (see section 2.4) who are regulated by our internal staff data protection and information security policies.
    3. All personal data processed by Fidelity is in accordance with their privacy policy, available at http://www.fidelity-group.co.uk/privacy-policy/. Whilst we consider ourselves joint data controllers, Fidelity is a separate legal entity to us and we have no control over how they process your personal data (other than the terms of the written agreement that exists between us).
  8. How secure is my data
    1. The personal data we store and process is held by us in more than one place, by multiple hosting solution and software providers. Whilst we use the following third parties to host the personal data we process, all IT support is primarily managed by us, internally.

      1. Our CRM systems for new business leads and acquisitions are hosted (in part) by a platform operated by Insightly, Inc., (Insightly) a company incorporated in the USA (California). Insightly’s servers are located in the USA and Insightly complies with international data protection laws regarding transfers of customer data across borders and is certified to EU-U.S. Privacy Shield Framework regarding the processing of information transferred outside of the EU to the US. More information can be found at https://www.insightly.com/privacy-policy/;
      2. We use a separate, internal CRM system for managing all billing matters and ongoing service support (see section 7.1 above).
      3. Our calls are recorded and stored on Google Drive®, a storage solution hosted by Google LLC (Google) who are based in the USA (California);
      4. we use Adobe™ Sign to process and store our contracts and agreements, and manage the e-sign process. Some of these documents will contain personal data (name, job title, signatures). This software is managed by Adobe Systems Software (Ireland) Limited, whose servers are located in Ireland. Their privacy policy is located at https://www.adobe.com/privacy.html; and
      5. any personal data you provide, or that is contained within, any email correspondence you have with us, is stored in Microsoft Office®365, to which all staff have separate, secure access (and all IT support have administrator-level access).
    2. Our affiliated company, NSN RSA has recently migrated its database so that all personal data is now stored on Microsoft Azure (Azure), a Cloud-hosting solution provided by Microsoft, Inc. (Microsoft). Microsoft complies with international data protection laws regarding transfers of customer data across borders and is certified to EU-U.S. Privacy Shield Framework regarding the processing of information transferred outside of the EU to the US. More information can be found at https://www.microsoft.com/en-us/trustcenter/privacy/where-your-data-is-located.
    3. Access to the various parts of our database is made available to those staff and members of our team who need to know in order to provide our services to you. All passwords are held securely and any access to back-end servers requires this as well as user-based authentication
    4. All staff (based in the UK and the RSA) receive appropriate training on the protection of personal data on induction, and at regular intervals during their time with us. This is to ensure they are aware of your rights, and their obligations, in relation to your personal data, how to keep it safe and secure at all times, and what to do where a breach is discovered.
    5. We have recently synchronised access security to our various databases within our group. Access to our databases, including those of our RSA-based affiliate, is restricted to those who need to know who have received appropriate training. Access is password-based, with strict complexity, history and expiry requirements.
    6. Any data held on Insightly will be transferred to our other internal CRM system (and deleted from Insightly) once we enter into a formal contractual relationship with you.
  9. How and why we disclose your data
    1. Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.
    2. In addition to Fidelity and NSN RSA (as already disclosed in this policy), we may disclose your personal data to the following third parties, for the reasons specified in this section:
      1. Cloud 100 Limited, a company registered in England & Wales (number 09009259) who operate out of the same registered office as us, who provide IT support services to us; and
      2. NSNRG Limited, a company registered in England & Wales (number 09675874) who also operate out of the same registered office as us. They provide energy brokerage services.
    3. We only disclose your personal data to the third parties listed in section 8.2 where you express an interest in their services during an account management call with us, or where you permit us to transfer your details to them in response to a marketing email we send to you (with your permission)
    4. We also disclose your name and email address to The Rocket Science Group LLC d/b/a Mailchimp®, a company registered in the USA (Georgia) with its registered office at 675 PONCE DE LEON AVE NE STE 5000, ATLANTA, GA, 30308-1884, United States to distribute our marketing content to you (where we have your consent to do so). They store our marketing distribution lists on their secure servers located in the USA.
  10. Your rights
    1. In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
      1. not to process your personal data for marketing purposes;
      2. to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
        to amend any inaccurate data we hold about you;
      3. to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
      4. to only process your personal data in limited circumstances, for limited purposes.
    2. In addition, given the nature of the joint processing of your data between us and Fidelity, you have the right (under the Regulation) to exercise any of your rights under the Regulation against each of us.
    3. We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
    4. If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
    5. Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.
    6. If you wish to contact Fidelity in relation to the personal data that they may access about you, you may contact them at info@fidelity-group.co.uk. How Fidelity process that request will be in accordance with their internal policies.