www.nlts.co.uk

Effective date: 1st June 2024

1. Introduction

Welcome to North London Telecom Systems Limited (NLTS), a company registered in England under the number 06595087, with our registered office located at Woodgate House, 2-8 Games Road, Cockfosters, Herts, England, EN4 9HN. This Privacy Policy underscores our commitment to your privacy, detailing how we manage and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and relevant UK privacy laws. Our comprehensive approach covers the collection, use, storage, and sharing of your data obtained through your interactions with our services, our website, and direct communications with us.

By using our services, you agree to the practices outlined in this document, ensuring your personal information is handled with the highest standards of privacy and security.

2. Scope and Consent

By using our services, you consent to the collection, use, and sharing of your personal information as described in this Privacy Policy. If you do not agree with any aspect of this policy, you should refrain from using our services. This policy encompasses all services provided by NLTS, regardless of the medium through which you access or use them.

3. Personal Data We Collect

In order to provide you with efficient and effective services, we collect the following personal data:

• Name: To identify you and personalize our communications.

• Business Name: Necessary to engage in contracts and understand the entity you represent.

• Business Address: Used for invoicing, service delivery, and logistics.

• Phone Number: Critical for direct communication regarding service updates, support, and urgent matters.

• Email ID: Essential for ongoing communication, including service updates, marketing information (if consented to), and transactional notifications.

• Website Information: Helps us tailor our services to better suit your business needs and preferences.

This data is collected directly from you when you register for our services, interact with our customer support, or participate in promotions or surveys.

4. How We Collect Your Data

We gather personal information through various methods:

• Direct Interactions: When you sign up for our service, consult with our customer service team, send us an email, or communicate with us in any way, you are voluntarily providing information that we collect.

• Automated Technologies or Interactions: As you interact with our website, we may automatically collect data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies.

• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources such as business directories.

5. Purpose of Processing Your Data

We process your personal data for several reasons, each vital to our service delivery:

• Service Provision: Managing your account, providing requested services, and maintaining our contractual obligations.

• Communication: Sending important service-related notifications, responding to inquiries, and providing customer support.

• Improvement and Personalization: Enhancing the functionality and user-friendliness of our services, and personalizing your experiences based on your history and preferences.

• Legal Compliance: Fulfilling legal requirements, including financial record keeping and complying with lawful requests by public authorities.

6. Use of Collected Data

The information we collect serves several operational purposes:

• To Ensure Efficient Service Delivery: Managing service operations and meeting your business needs effectively.

• To Enhance Security: Monitoring for and protecting against security threats, fraud, and other malicious activity.

• To Conduct Business Analyses: Using data analytics to evaluate and improve our product offerings, marketing, and customer relationships.

7. Data Storage and Security

Your personal data is stored on secure servers provided by our CRM provider, "Highlevel". We employ standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include encryption, access control, secure software development practices, and standard compliance. We regularly review our security policies and update them as necessary to ensure the integrity and confidentiality of your data.

8. Data Sharing and Disclosure

We only share your personal data with third parties under the following conditions:

• Service Providers: We engage various service providers who perform functions on our behalf, such as hosting services, customer service assistance, and payment processing. These service providers are bound by contractual obligations to secure and use your personal data only for the purposes for which it was disclosed, in accordance with our Privacy Policy.

• Legal Requirements: We may disclose your personal information where required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

• Business Transfers: In the event that NLTS is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred as part of that transaction, but we will ensure that it is protected with the same level of security as described in this policy.

9. International Data Transfers

In order to provide our services effectively, your personal data may be transferred to, and processed in, countries outside of your country of residence, which may have different data protection laws than those in your country. Regardless of where your personal information is processed, we apply the same protections described in this policy. We also comply with legal frameworks relating to the transfer of data, such as the GDPR's framework for data transfers outside the EU and EEA.

10. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: We may rely on your explicit consent to process personal data for specific purposes communicated to you. You have the right to withdraw your consent at any time.

• Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

• Legal Obligations: Processing is necessary for compliance with a legal obligation to which we are subject.

• Legitimate Interests: We may process data when it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, unless these interests are overridden by your data protection interests or fundamental rights and freedoms.

11. User Rights Under GDPR

You have specific rights under the GDPR and other relevant privacy statutes, including:

• Right to Access: You can request access to your personal data we hold.

• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.

• Right to Erasure: Under certain circumstances, you may request the deletion of your personal data from our records.

• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.

• Right to Data Portability: You can request a copy of your personal data in a machine-readable format.

• Right to Object: You may object to the processing of your personal data on grounds relating to your particular situation.

11.1 Cyprus Residents

In addition to adhering to the General Data Protection Regulation (GDPR) and UK privacy laws, NLTS fully complies with the personal data protection laws applicable in Cyprus. This includes following the provisions set forth by the Processing of Personal Data (Protection of the Individual) Law, which aligns with the GDPR standards but also addresses specific requirements and rights relevant to individuals within Cyprus.

At NLTS, we ensure that all personal data collected from our operations in Cyprus is handled with the utmost care, providing additional safeguards and complying with local legal requirements. This includes, but is not limited to, ensuring transparency in data processing activities, providing clear information about data collection purposes, and upholding the rights of data subjects to access, rectify, delete, or oppose the processing of their personal data.

For our users and clients in Cyprus, we have established mechanisms to address any concerns or inquiries related to the handling of personal data promptly and in accordance with Cypriot laws. By engaging with our services, individuals located in Cyprus can be assured that their privacy is protected not only by European standards but also by local regulations designed to safeguard their personal rights.

12. How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided in this policy. We may request specific information from you to help us confirm your identity and process your request. Access to personal data and the exercise of these rights are free of charge, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

14. Third-Party Services

Our Service may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy and data protection laws. If you have any questions about this policy or our privacy practices, please contact our DPO at: [email protected]

16. Impact Assessments

Where certain data processing activities are likely to result in a high risk to your rights and freedoms, we conduct Data Protection Impact Assessments to determine and mitigate these risks.

17. Data Breach Notification

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable regulator of a breach where we are legally required to do so, within the timeframe prescribed by law.

18. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information from our servers immediately. If you are aware that a child under 18 has provided us with personal data, please contact our Data Protection Officer.

19. Links to Other Websites

Our service may contain links to other websites not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

20. Changes to the Privacy Policy

We may update our Privacy Policy periodically to reflect changes to our practices or for other operational, legal, or regulatory reasons. When we make changes, we will revise the "Last Updated" date at the top of the policy and post the new policy on our website. We encourage you to review our Privacy Policy whenever you access our services to stay informed about our information practices and the ways you can help protect your privacy. If we make significant changes, we will notify you through our service or by some other means, such as email, to offer you the opportunity to review the changes before they become effective.

21. Complaints to Authorities

You have the right to lodge a complaint with a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA). If you have any issues with our use of your data that we have not been able to address satisfactorily, we encourage you to contact our Data Protection Officer first (details provided in Section 15).

22. Retention of Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, as well as applicable legal requirements.

23. Automated Decision Making and Profiling

We do not use automated decision-making or profiling as part of the services we offer. Should we decide to use any form of automated decision-making in the future, we will update this policy and provide transparency regarding the logic involved, as well as the significance and the expected consequences of such processing for you.

24. Contact Information

If you have any questions or concerns about this Privacy Policy, your personal data, or data protection on our service, please contact us at the following address:

33 Lancaster Avenue,Hadley Wood,Barnet,Hertfordshire,EN4 0EP or on [email protected] , 0203 380 7075

You may also reach out to our Data Protection Officer directly for more specific issues or concerns about your data privacy.

25. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Kingdom. Any disputes relating to this Privacy Policy will be resolved by the competent courts of the United Kingdom, unless otherwise required by applicable EU laws.

26. ICO (Information Commissioner's Office

As a data controller and processor operating in the United Kingdom, we are regulated by the Information Commissioner's Office (ICO). The ICO is the UK's independent authority set up to uphold information rights and data privacy for individuals. We comply with the guidance provided by the ICO regarding the handling, use, and storage of personal data.

In the event we are unable to resolve your dispute, involving the processing of your personal data, you have the right to make a complaint directly to the ICO. The ICO provides information on how to submit complaints, and this can be done through their website at ico.org.uk. We encourage you to contact us prior to escalating your complaint to the ICO, as we aim to resolve any issues directly and promptly.