When we refer to “we”, “our” or “us” we are referring to Overline Network Consultants Limited of The Quadrant, 60 Marlborough Road, Lancing Business Park, Lancing, West Sussex, BN15 8UW (Company No. 3138719) and its subsidiaries or any of them as the context so requires.
Any links from our website to other websites are provided merely for your convenience and do not imply our endorsement of the content or the provider. If you follow a link to any of these websites, you do so at your own risk, and we do not accept any responsibility or liability for the content of such websites.
Overline Network Consultants Limited is registered to process data under the Data Protection Act 2018 and our ICO registration number is ZA039545.
What information do we collect?
Information that you provide by filling in forms on our website. You may, however, visit our site anonymously. This includes information provided at the time of registering to use our website, subscribing to our products and services, posting material or requesting further products and services. We may also ask you for information when you report a problem with our website
if you contact us, we may keep a record of that correspondence (including email and phone conversations);
your name, address, telephone numbers, email address and other information which you supply to us;
we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
details of transactions you carry out through our website and the fulfilment of those transactions; and
details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
What information do we collect?
We may use information held about you in the following ways:
to ensure that content from our website is presented in the most effective manner for you and for your computer;
to provide you with information, products or services that you request from us or which we feel may be of interest to you, where you have consented to be contacted for such purposes;
to audit the usage of our website;
to carry out our obligations arising from any contract entered between you and us;
for training purposes, quality assurance or to record details about the products and services you order from us;
to satisfy and meet our legal and regulatory requirements;
to allow you to participate in interactive features of our services, when you choose to do so; and
to notify you about changes to our products and services.
Unless prescribed by law, we will retain your personal information for no longer than is necessary for the purposes for which the personal information was collected or for which it is to be further processed by us.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
We may collect information about your computer, including where available your IP address, operating system and browser type for system administration. This is pseudonymised statistical data about our users’ browsing actions and patterns.
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems and are required to keep the information confidential.
Data Rectification and Correction
You have the right to request specific alteration or correction of your personal data, and Overline has a responsibility to ensure that the data we hold is accurate. Such requests do not need to specifically refer to the Data Protection Act 2018 or the GDPR.
In some cases, this is more straightforward, such as where you provide us with an amended email address because the previous address was bouncing our emails back to us. However, Overline recognises that any request for correction of your data should be considered appropriately. For example, if you believe that your bill is incorrect, we will assess the data first prior to any amendment being carried out. It may be pertinent for us to consider restricting your affected data whilst any such analysis is carried out to prevent any infringement occurring to your data. It is not appropriate to simply remove the incorrect data because there may have been decisions or other processes carried out using the incorrect data, so being able to know the erroneous data and the fixed data can help to rectify inconsistencies.
The ICO also highlights that care must be taken when dealing with the recordings of opinions. While an opinion may be factually inaccurate, if it is an opinion, it may be more appropriate to retain the data for holistic purposes.
Right to be Informed
Right to Restrict
The right to restrict the processing is where you request that Overline stops any processing of relevant data. This differs to the right to erasure because the data is not removed.
In some cases, you may have a reason to request that your data be restricted and not fully erased. This may be because you have a legal or other contestation over the use or inaccuracy of the data.
There is no set format for how a request must be made, and Overline will assess any request you make regarding the DPA to determine whether you may benefit from similar restriction/ separation methods while such requests are being processed.
You may also request restriction where you have grounds to assure your data is not being removed, deleted or unfairly altered.
Right of Erasure
As with many of the other rights you have under GDPR and DPA, you do not need to make specific reference to Erasure, nor do you have to lodge you request using a particular method of communication, or to a set person or team at Overline.
The right to erasure requires an organisation, upon request, to remove any and all data relating to you. You can make a specific request, such as the removal of your data from marketing material, or a broad request covering all data types and areas.
Overline has a responsibility for keeping certain data for certain timeframes in order to abide by regulatory rules and relevant laws, consequentially there may be limits to what data can be removed. Similarly, if you are an active customer, or work for an active customer, there may be some data that we must retain in order to provide the service offered – such as call data, which is needed to calculate the amounts invoiced.
As with the right to access, we are within our rights to seek from you proof that you have a right to erase the information you are requesting, otherwise there may be a risk of unduly interfering with data belonging to another individual.
Similarly, as a B2B organisation some data is still relevant to other individuals or to organisations. As such, Overline will consider the use of anonymisation instead of erasure where appropriate. Where Overline feels that the erasure of data is not possible for the above reasons or otherwise, you will be informed of any such decision along with your right to refer the matter to the ICO if you have a cause for disagreement.
Right to Data Portability
The right to Data Portability requires for your data to be provided to you upon request in a machine-readable format. What this means is that you can request a copy of your data so that it can be easily transferred from one provider to another.
This right only applies to the information you have provided to Overline, however as Overline deals primarily with B2B customers, we must provide only your personal information, and not the information that belongs to the business customer. Consideration will be given to the manner of the request; if you are the sole proprietor of a business or whether you are requesting in your capacity within your business, you may receive a different response.
For all customers we can advise that call data is readily available to access at https://www.overline.com/network-services in both pdf and spreadsheet formats.
Where relevant, Overline may need to clarify with you whether you are making the request as an individual or on behalf of your organisation. While there is no regulatory requirement to provide businesses with the same rights as you are afforded under GDPR, it may be sensible to comply with your request at a business level if it is more appropriate.
In any event, strong consideration must be given to ensuring the request is adhered to correctly, and that responding to your request does not in and of itself constitute a privacy breach.
Overline has 30 days to respond to your request and we should inform you of the outcome of your request within that time frame.
Right to Object
You have the right to object to the processing of your personal data. You do not have to follow any specific wording or process in your notification. You may use this right to ensure that Overline is complying with our duty to minimise data to just the data that is required.
Once a request is made, we have a duty to carry it out and advise you of the outcome of our actions within 30 days. The outcome will include your rights to refer the matter to the ICO if you are not happy with our response.
Where you request that we do not contact you for marketing purposes, we must assess in what capacity you are making your request.
If you are the sole proprietor of a business, it would be appropriate to ensure that your request is carried out on behalf of your business.
Where the individual acts as an employee for the business, it may instead be appropriate to ensure that the data relating to you, such as your name and job title, is no longer part of our marketing data.
We will have 30 days to confirm that your request has been carried out, and we will explain what actions we have taken.
Right Related to Automated Decision Making and Profiling
At present there are no automated decision-making processes, and profiling is not carried out on individuals. However, if you are the sole proprietor of your business there is a risk that such processing may have an impact on you.
As such, any decisions to carry out relevant processing must be subject to a Data Protection and Privacy Impact Assessment (DPPIA) to ensure no individuals are impacted. Such DPPIA must consider the use of anonymisation to reduce affecting your rights.
Where a DPPIA reveals a risk, it must be balanced with the business reasons for such process, and if any decision making is carried out, you will be notified of the inclusion of automation or profiling, along with your right to have such decisions reprocessed without such automation.
You wish to exercise any of your rights please email or write to: Overline Network Consultants Limited, The Quadrant, 60 Marlborough Road, Lancing Business Park, Lancing, West Sussex, BN15 8UW.