Skip to main content

Data Protection Policy

  • Updated

Introduction

‘Digiesim’ is managed by Acom Solutions Limited, an independent technology supplier specialising in consultancy and managed services for consumers, SMEs, and global enterprises.

To deliver our services effectively, we may need to collect and use personal information about individuals we work with. It’s vital that this data is handled properly, regardless of its format—be it paper, digital records, or other means.

We prioritise the lawful and correct handling of personal data, as it is essential for our operations and for maintaining trust with our clients. We fully endorse the principles of the General Data Protection Regulation (GDPR).

This policy covers the processing of personal data in both manual and electronic records related to our Acom Audit and Project Hub Services, as well as our response to data breaches and other GDPR rights.

Definitions

  • Personal Data: Information that identifies an individual, such as name, ID number, location, or online identifier. This includes pseudonymised data.

  • Special Categories of Personal Data: Data related to health, sexual orientation, race, political opinion, religion, trade union membership, and genetic or biometric data used for identification.

  • Criminal Offence Data: Information about an individual’s criminal convictions.

  • Data Processing: Any operation performed on personal data, including collection, storage, and deletion.

  • Client: A person or organisation using Acom Solutions' services.

  • Service Data: The data you provide to Acom for processing.

Data Protection Principles

In line with GDPR, we commit to the following principles:

  1. Fair and Lawful Processing: Data will be collected transparently for legitimate purposes.
  2. Data Minimisation: Only necessary data will be collected.
  3. Accuracy: Data will be kept accurate and up to date, rectifying inaccuracies without delay.
  4. Storage Limitation: Data will not be retained longer than necessary.
  5. Security: We will implement appropriate technical and organisational measures to protect personal data.
  6. International Transfers: We will comply with GDPR procedures for any data transferred internationally.

Types of Data Held

To provide services like telecom audits, we may collect the following categories of data:

  • Telephony Assets: A list of fixed and mobile connections and hardware.
  • Business Details: Cost centre information and site lists.
  • Staff Details: Information about users of telephony equipment, including names and addresses if they work from home.
  • Telephony Invoices: Monthly spending details, including recurring and one-off charges.
  • Call Data Records: Itemised call data, including source and destination numbers, timestamps, and costs.
  • Service Desk Requests: Details of additions, changes, cancellations, and fault tickets.

Responsibilities

All employees involved in data processing are trained on our data protection policies. We have designated staff responsible for reviewing and auditing our data protection measures.

How We Collect Data

We collect information in various ways, including:

  • Data Feeds: Business documents sent via email or downloaded from vendor portals.
  • Contact Centre: Information gathered during calls or emails.
  • Campaigns: Calls to gather asset usage details.
  • Surveys: Questionnaires sent to staff regarding business mobile connections.

Access to Data

Employees and clients have the right to access their personal data. To exercise this right, employees should submit a Subject Access Request or email myservice@acom-solutions.com.

If you’re in the European Economic Area (EEA), you have several rights regarding your information, including:

  • Right to Access: Obtain a copy of your personal data.
  • Right to Rectification: Update inaccurate information.
  • Right to Erasure: Request deletion of personal data in specific circumstances.
  • Right to Restrict Processing: Request limitations on data use in certain situations.
  • Right to Data Portability: Transfer your information to a third party in a structured format.
  • Right to Object: Object to certain data uses, like direct marketing.
  • Right to Complain: Raise grievances with the relevant supervisory authority.

Data Security

Employees must follow data security protocols, including:

  • Storing confidential information securely.
  • Using encryption for digital data storage and transfer.
  • Avoiding unauthorised access to personal data.

Failure to adhere to these rules may result in disciplinary action.

Data Ownership and Deletion

You own your service data. We protect and process it according to your instructions. After ending services with Acom, your data will be deleted from our active database within six months and from backups within three months thereafter.

Third-Party Processing

When engaging third parties for data processing, we ensure compliance with data protection standards through formal agreements.

Lawful Bases for Processing

We only process data when a lawful basis exists, including client consent, which must be informed and explicit. We will clearly communicate the implications of consent and your right to withdraw it.

International Data Transfers

  • The Company does not transfer personal data outside of the EEA.

Breach Notification

All data breaches will be logged, and where required, reported to the Information Commissioner within 72 hours. Affected individuals will also be notified as necessary.

Training

All new employees will review our data protection policies as part of their induction. Regular training will cover confidentiality and breach identification.

Data Protection Compliance

Our Data Protection Officer is:

Asif Shabir
myservice@acom-solutions.com

This document was last updated in July 2024.

Related articles