Union Street Technologies The Courtyard, 37 Sheen Road, Richmond, London TW9 1AJ,
firstname.lastname@example.org | 020 8614 9090
When you use Union Street products and services you trust us with your information. We greatly appreciate the trust you place in us and take the secure management and protection of your information extremely seriously. Whilst we strive to ensure all of Union Street’s obligations to current regulations and data protection laws are met, we also endeavour to be transparent about the ways in which we manage and protect your information, privacy and security.
As data controller we hold and collect data on all our employees. We also hold some personal customer contact information to allow us to meet our contractual obligations. We have performed Privacy Impact Assessments (PIAs) to identify our data stores and to ensure there is a lawful reason for holding such data. We have clear procedures in place to deal with all types of personal data requests in order to meet our commitments to the General Data Protection Regulations (GDPR). We do not share this data with third parties.
Users of products and services will always be informed of how any personal data will be collected and used as part of the submission process. Should a user wish to know what personal data is recorded about them, they can request this from us using the contact information at the end of this document. You can also contact us should you require your personal information to be rectified, no longer processed, or completely erased.
For submission of any enquiry related to individual rights under the GDPR please use the contact information at the end of this document. As a data controller we maintain oversight of our data and continually review our processes and procedures on how we secure data within Union Street.
Bureau Billing Services
At Union Street we offer our clients a bureau billing service in which we process billing information on their behalf and with their consent. Personal contact information for all our clients’ customers is either held within our EU cloud platforms or within their own on-premise IT network. We have access to those systems to carry out the billing process and do not use the data contained within those systems for any other purpose.
We meet recommended industry standards for processing such information and have gained Total Metering and Billing System (TMBS) certification to attest to our compliance with those standards. Through our TMBS certification there is a high focus on billing accuracy. For this we are independently audited in key areas related to the processing of billing activities.
The types of data processed primarily include telephone numbers, address details, account details, clients’ customer details and payment details, not all of which would necessarily fall into the Information Commissioner’s Office’s (ICO) definition of personal data. Our amended Standard Terms and Conditions takes account of all the requirements outlined by the ICO in relation to the GDPR.
Staff who process Personally Identifiable Information (PII) within their job roles have all signed a confidentiality agreement as well as receiving training on the GDPR and data security. We delete all customer databases that reside within our network within a week of the contract end date, unless there is a lawful or contractual reason not to do so.
We operate according to the principle of least privilege, ensuring a strict access control policy is in place. Access is restricted and allowed only to those individuals who require it as part of their “Job Role.” This ensures that any data Union Street processes is accessed only by appropriately trained staff. Our clients’ billing data is not readily available to all staff at Union Street and is always securely accessed. A clear audit trail is in place.
ISO27001 – Information Security Management
We are certified against ISO/IEC 27001 and are regularly audited against this standard. Click this link to obtain a copy of Union Street’s Information Security Policy (ISP). We are unable to change this policy on individual customer request, please refer to our Supplier Exception Notice for further details.
Union Street uses leading cloud infrastructure providers* for hosting and storing client data. We ensure any cloud provider we use meets industry standards for data security and, in addition, our own ISO/IEC 27001 certified standards and controls for the data security.
Regular backups are taken for company and client data. Tests are conducted regularly to ensure reliability and ease of recovery.
Sensitive data will always be encrypted in transit. Data stored within our Cloud Platforms* will also be encrypted in storage.
Protection and Detection
Throughout our IT infrastructure we have a variety of anti-malware solutions. These are intended to detect and protect against unauthorised intrusion or access of data. We also operate a defence-in-depth policy with regards to data infrastructure and appliances.
Data is only retained for the time necessary to process it for the purpose provided. While the purpose of processing data will vary (the many different types of employee data, for instance), should you require information on retention times on any type of data, please contact us using the contact details at the end of this document.
*By leading cloud provider or cloud platforms we are referring to third party providers of hosting services that Union Street contracts with to provide cloud services. This does not refer to installations of Union Street’s software on customer premises.
Privacy by Design
As a software development house, data privacy, security and accuracy are considered from the initial design phase. This way we ensure due consideration is given to the protection and security of data in any new products or enhancements to the products we develop.
How aBILLity™ Allows You to Comply with Your Customers’ Rights
The Right to Object
aBILLity allows the billing agent to cease billing processes at any time should an end user object to their data being processed.
The Right to Rectification
Where you receive a request to correct or amend billing details, you can simply change them within the relevant product screens.
The Right to Restrict Processing
aBILLity allows for all processes to be restricted at any time for a single customer or an entire bill run. This also applies to our WLR gateway and provisioning portals that are designed using our Mosaix™ software.
The Right to Data Portability
aBILLity allows the export of customer information should a data portability request be received.
The Right of Access
If a client needs to provide information that is stored on one of their customers, they can do so by accessing information from the “Site Details” section inside aBILLity.
The Right to Erasure
aBILLity allows for the complete removal of any contact information including Personally Identifiable Information held within the system.
Rights in Relation to Automated Decision Making and Profiling
aBILLity does not process data in this way.
Legacy Product Lines
There are some products that Union Street will be discontinuing as they do not meet the specific requirements of the GDPR. We are offering affected clients an upgrade path for these products that will ensure compliance with the GDPR. If you currently use one or more of these products and require further information or advice on this matter, please refer to your Union Street account manager.
WLR3 Portal – The WLR3 Portal is superseded by our WLR3 gateway powered by Mosaix. This features an enhanced user interface that delivers a superb user experience.
WebaBILLity – The WebaBILLity portal, a telecoms billing management portal that interfaces with the aBILLity platform to provide billing information to end-user customers, has been superseded by WebaBILLity Pro. WebaBILLity Pro is a significant upgrade of WebaBILLity and features a raft of enhancements.
Some older versions of the aBILLity product set, those prior to version 2.7.21, do not have the latest security and privacy features required to comply with GDPR. We therefore recommend an upgrade to the latest version of aBILLity. Please be aware that if you’re on a version that has some elements of bespoke functionality, you may lose that functionality by upgrading.
Please contact your account manager who can advise you on the best course of action.
About This Website
Types of Data Collected Through This Website
User data is collected to allow us to provide our services, as well as for analytics and contacting the user. Union Street profiles website visitors, in order to better understand the way in which our website content is viewed by visitors. It is also used to identify the types of organisations that might be interested in using our products and services.
A web analysis service provided by Google Inc. (“Google”). Google utilises the data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualise and personalise the ads of its own advertising network. Personal Data collected: Cookie and Usage data.
Data Submitted on This Website
Where you submit your data for addition to a mailing list or contact purposes on this website, a privacy notice will explain how the data will be used and for what purpose. You will need to consent for your data to be used as explained in the privacy notice in order to submit it. Where you can select a link to email us your recruitment details, a privacy notice explains how the details will be used. As you are taking an affirmative action in sending us your recruitment details there is no need for further confirmation or consent. Users are responsible for any personal data of third parties obtained, published or shared through this website and confirm that they have the third party’s consent to provide the data to the owner.
Where a user submits data for recruitment, to contact us or to be added to a mailing list, the information that is submitted will be retained. While this may vary depending upon the submission, it will typically contain data such as first and last name, phone number and address details including postcode.
Methods of processing
In addition to Union Street Technologies Ltd, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration), or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies). Those involved in operation and maintenance of this website may collect files that record interaction with this website (system logs).
If you require further details regarding the data we collect or your personal information please use the contact information at the end of this document.
Address: Union Street Technologies, The Courtyard, 37 Sheen Road, Richmond, London TW9 1AJ
Last modification: 16 April 2018