We use the following definitions in this notice:
Limited is responsible for processing your personal data.
The Controller is Icetrak
Ltd, 2 Nimrod House, Malvern,
Worcestershire with a Company Registration Number of 04415020
If you have
any questions regarding this Privacy Notice or our privacy practices, you may
contact our Privacy team and Data Protection Officer via the email address
Icetrak is a Communications Platform-as-a-Service (CPaaS) provider. While providing Services to our customers,
we act either as the controller or the processor, depending on the situation.
When we act as a processor
Our customers are mainly companies that integrate our Services into
their business operations through their own software. By using our Services,
our customers are able to send or exchange communications with their end-users
using different communication channels (SMS, fax etc.). We do not have a direct
relationship with our customers’ end-users.
Therefore we simply distribute our Customers communications requests through
telecom operators and other communications providers. When we do this, we act
as the processor on behalf of our customers, and process the relevant data for
the sole purpose of providing our Services to them. We do that within limits
and according to customers’ instructions and in line with our Terms of
In this scenario i.e. when you as an end-user of a communication from
one of our customers it means that the customer is the controller, and Icetrak is the processor. Any request we may receive from
customers’ communication recipients regarding their rights related to our
activities taken on behalf of our customers will be forwarded to customers, or
the end-user will be asked to contact them directly.
When we act as a controller
This Privacy Notice describes the activities which Icetrak
undertakes as a controller. Icetrak is a controller
when we process personal data for our own purposes and do not act on behalf of
personal data we process is mostly provided to us directly by you when you register
to use and subsequently send communication requests to end-users via our
collect data when you visit our website, or otherwise communicate with us.
We can also
receive personal information from other sources, such as in the following
collect and use personal data for 2 different reasons.
We collect personal data to provide communication services for our
In this instance we are acting as a Data Controller.
Icetrak collects customer data in order
to maintain a business relationship with that customer, create a customer
account so the customer can use our Services and bill the customer accordingly. Collecting
this data is in our legitimate interest in the sense of providing our Services
to your organisation.
In order to
create an account for a customer and provide services to our customers Icetrak will collect the following data directly from the
customer typically during the customer registration process.
The customer account data will be kept for 7 years after the account is
We collect personal data to allow our customers to send messages to
their end users and produce billing reports for those transactions.
In this instance we are acting as a Data Processor only.
Icetrak collects communications
data sent directly to us by the customer that includes:
data”, which is information created during your use of our
Services. This includes information communicated by the customers application
to Icetrak (e.g. IP addresses, information on your
usage, routing information), as well as logs of your activities.
Communications content is collected and
processed solely on behalf of a given customer. We act as a processor and in
line with the customer’s instructions.
Traffic data is generally kept in the
form of communication detail records, and we collect it and use it to:
The carrying out of these
activities is in our legitimate interest in the sense of handling payments and
resolving financial disputes.
Please note that in order to
comply with our legal obligations, we may be obliged to share communications
related data upon government request.
We may engage suppliers (also known as vendors or service providers) to
help us in the processing of your personal data for the activities that we
conduct as a controller and that we describe in this Privacy Notice.
For example we use a 3rd party accounts system to manage our accounts
and invoices. Details of this can be
found at www.kashflow.com.
We do not share personal data with third parties except when strictly
necessary and on a need-to-know basis, such as with:
For Accounting and Invoicing purposes Icetrak
uses a 3rd party product www.kashflow.com. We upload customers billing contact details
and Invoice details to this platform.
Other than our Invoicing system all personal data where we act as a
controller is stored on our secure servers in the UK.
Only Icetrak staff have any access to these
data protection law, you have rights including:
Your right of access - You have the right to ask us for
copies of your personal information.
Your right to rectification - You have the right to ask us to
rectify personal information you think is inaccurate. You also have the right
to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to
erase your personal information in certain circumstances.
Your right to restriction of
processing - You have the right to ask us to
restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the
processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we
transfer the personal information you gave us to another organisation, or to
you, in certain circumstances.
are not required to pay any charge for exercising your rights. If you make a
request, we have one month to respond to you.
contact us at firstname.lastname@example.org if you wish to make
Retention periods are listed under the activities in section 5 of this
Privacy Notice. The retention periods listed are the standard default periods.
In some cases, exceptions apply due to local laws related to law enforcement,
tax, or other purposes. Additionally, if legal matters such as litigation, law
enforcement requests, or government investigations require us to preserve
records, including those containing personal information, for longer periods
than listed in section 5, then we will delete the records in question when we
are no longer legally obligated to retain them.