Telehouse Policy - Privacy Notice

1. ABOUT US AND OUR PRIVACY NOTICE

This notice explains how we, Telehouse International Corporation of Europe Ltd (“We”, “us”, “Our”), use information about you (your ‘personal data’) when you use our services, contact us or access our website or social media sites. This means information such as your name, address or email address. More details are included below about the types of personal data about you that we hold and process.

We are the ’data controller’ which means that we are the main decision-maker responsible for how and why your personal data is used. It is our responsibility to comply with applicable data protection when we are processing your personal data.

We sometimes use personal data on behalf of other organisations as their ‘data processor’, meaning that we can only use the personal data in the ways instructed by the other organisation. This is usually to provide those other organisations with our services. Where this happens, that other organisation will explain how they use your personal data.

You can get in touch by using the details at Section 10 ‘Contact Us’ if you have any questions about this notice.

2. THE PERSONAL DATA WE COLLECT ABOUT YOU

The table below explains what personal data we use and how we collect it.

What personal data?	How do we collect it?
Your identity and contact information including your: Name Business address and potentially other locations (e.g. different offices) LinkedIn page address Email address Phone numbers If you work for one of our business customers, we will collect: Your organisation’s name Your position in the business, and the organisation’s address, email address and phone numbers. If you work for an organisation that supplies services to or works with us, we will also collect: Your organisation’s name Your position in the business, and the organisation’s address, email address and phone numbers. We also collect details of any electronic device you use to access our services, such as its IP address and operating system. We may also collect your fingerprints for access purposes. We have included further information about this below.	You might provide this information when you: Contact us directly Use our websites or apps Fill in one of our forms e.g., contact us on our website Apply online for a service from us Use or receive our services Work with us on projects such as marketing campaigns Supply services to or work with us
Financial details including: The cost of the products and services you have bought; Records of your payments; and your payment information, such as credit card or debit card payment details.	You provide this information to us when you buy our services or later when we seek payment for our services. We may also receive some of this information from other organisations such as credit-reference agencies where we use them to do credit checks or to help us confirm your identity.
Audio and video recordings including: Images recorded on CCTV, body-worn cameras and other equipment.	We may record images of you if you visit a location where we use CCTV or body-worn cameras. We use such cameras to protect our customers, employees and property.
Biometrics, including fingerprints and facial recognition.	We use these for access control and we will request this as part of our access requirements for our building. We use biometrics to protect the public, to help prevent, deter and disrupt criminal activity, for safety reasons, for our customers to protect them and their equipment, to protect our employees and to safeguard the continuity of our services.
Your number plate for Automatic Number Plate Recognition (ANPR) systems.	We may collect your number plate when you are accessing one of our sites as part of our access control to help prevent, deter and disrupt criminal activity.
Information about your marketing preferences.	We collect this information when you contact us (for example, when you apply for one of our services or register with one of our websites). You can update your marketing preferences at any time via our website or by emailing us at [email protected]. We have included further information on our marketing activities under Section 4 ’Marketing’.
Information collected by cookies and similar technologies.	We record this information when you visit our website. Our Cookies Policy [Cookie policy – Telehouse] contains more information on the cookies and similar technologies we use.

3. WHY WE USE YOUR PERSONAL DATA AND OUR LEGAL BASIS

The table below explains how we use your personal data.
To use your personal data an organisation must have a valid ‘lawful basis’ to be allowed to use people’s personal data. There are six available lawful bases which are set out in data protection laws. The table also explains which lawful basis we rely on when using your personal data.

When?	Purpose (Why?)	Lawful Basis
When setting you up as a customer	Enables smooth delivery of services and enables you to assess whether the services are what you need and how they interact with your IT systems.	Performance of our contract with you (or your organisation) Legitimate interests (to manage our relationship with you) Necessary to comply with a legal obligation
When providing our services to you	To provide our services with you and manage our contract with you, including: Arranging payment; and managing any service issues that arise	Performance of our contract with you Necessary for our legitimate interests (providing service and customer support and to recover debts due to us).
Dealing with enquiries or complaints	To manage our relationship with you which may include: Communicating with you; Managing any queries, complaints or service issues that may arise; Engaging with you to understand your service feedback; Discussing our range of services with you; Assisting you in demonstrating how the functionality of our services can further assist you; and notifying you about changes to our terms or this notice.	Performance of our contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to manage our relationship with you, keep our records updated and to study how customers use our products/services).
Marketing our services to customers and potential customers	To deliver relevant marketing to you where we are allowed to do so and to measure or understand the effectiveness of the marketing we serve to you. We have included further information on our marketing activities under Section 4 ’Marketing’.	Necessary for our legitimate interests (to study how service users use our products/services, to develop them, to develop our business and to inform our marketing strategy). Consent of the data subject.
Website analytics, feedback you provide and market research and analysis	To improve your experience of our services and websites including: Understanding how different people use and interact our website and services. Improving our service offering to you Ensuring our website and service offering remains safe from cyber incidents Conducting analysis required to detect malicious data and understanding how this may affect your IT system; Statistical monitoring and analysis of current attacks on devices and systems; and adapting the solutions provided to secure devices and systems against current attacks.	Necessary for our legitimate interests (to define types of service users for our services, to keep our website updated and relevant, to develop our business and services, and to inform our business and marketing strategy).
Maintaining security, preventing fraud and money laundering, and taking action against fraudsters and other criminals	This includes: Identifying and stopping illegal scam / phishing mails; Monitoring the use of our copyrighted material; Using credit checks; Using personal data to support or defend legal action, including as evidence in court cases; and monitoring communications between our workforce and other third parties to protect the security of personal data and confidential information.	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud). Necessary to comply with a legal obligation.
CCTV, video footage and biometrics when you access our premises	To protect our customers, employees and property; to keep our operations safe, protect continuity of service for our customers and protect the rights and property of our workforce and customers and any other people on our sites; In investigations and legal action relating to any possible crime detected, including as evidence in legal disputes and court proceedings; For in-depth threat analysis; To obtain further knowledge of current threats to network security in order to update our security solutions and provide these to the market; and to help us keep our workforce safe (health and safety/fire risks).	Necessary for our legitimate interests (for protecting our business, customers, other third parties, employees and property). Necessary to comply with a legal obligation.

.

4. MARKETING

We may use your personal data to help us understand what services we think might help you or be of interest to you or your organisation.
If you have opted-in to marketing (e.g., a newsletter on our website), requested information from us or bought services from us and we are allowed to do so, we may send information to you about those or other services and offers.
You can ask us to stop sending this information at any time by clicking “unsubscribe” on any email marketing sent to you or by contacting us using the details at Section 10 ‘Contact Us’.
We will ask for your express opt-in consent before sharing your personal data with other companies for them to market their products or services to you.

5. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

We may share your personal data with the following groups of organisations for the purposes set out at Section 3 ‘Why we use your personal data’.

Our Group Companies

• with other companies in our group, for the purposes of security operations and financial management.

Business partners

• with our business partners (e.g. the organisation which sold you our service).

Vendors

• with companies providing services to us who will process your personal data on our behalf and under our written instructions such as IT service providers (e.g. Microsoft), financial institutions, customer relationship management vendors (e.g. Salesforce) and other cloud-based solutions providers that are used by us in the conducting of our business.

Our professional advisors

• for example our accountants, lawyers, auditors etc.

Information required by law or regulation

• to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation such as law enforcement bodies, governmental and regulatory bodies, the courts and other competent authorities that may request personal data in connection with any inquiry, court order, or other legal or regulatory procedures which we would need to comply with.

To protect us or others

• to establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims.

In connection with business transfers

• in connection with a reorganisation, restructuring, merger, acquisition, or transfer of our business or assets, as long as the receiving party agrees to treat your personal data in accordance with data protection laws.

6. TRANSFERRING YOUR PERSONAL DATA INTERNATIONALLY

We have group companies around the world and are part of a global business called KDDI. Our suppliers, customers and our operations are spread around the world. As a result we collect and transfer personal data on a global basis. We will transfer the personal data we collect about you to countries outside the United Kingdom and/or European Union (such as the USA) to perform our contract with you and for the legitimate interests listed above at Section 3 ‘Why we use your personal data’.
In these circumstances, we will ensure that your personal data is protected and transferred in a manner consistent with legal requirements. This may be that:

• the country that we send the data to might be approved by the European Commission or UK government as offering an adequate level of protection for Personal Data;
• the recipient might have signed up to a contract based on Standard Contractual Clauses approved by the European Commission or UK government, obliging them to protect your personal data; or in other circumstances the law may permit us to otherwise transfer your Personal Data outside the UK or European Economic Area.

You can obtain more details of the protection given to your personal data in these circumstances (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described at Section 10 ‘Contact Us’.

7. HOW WE PROTECT YOUR PERSONAL DATA

We take the security of your personal data very seriously. We use various strategies, controls, policies and measures to keep your data safe and keep these measures under close review. Customer’s files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. This means that your data is protected and only accessible by members of our team who need it to carry out their job responsibilities. We also ensure that there are strict physical controls in our buildings which restricts access to your personal data to keep it safe.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

In general terms, we will only keep your personal data for as long as is needed for the purposes described in this notice. This means that the period it is kept (its ‘retention period’) will vary according to the type of the personal data and the reason that we have it in the first place.
We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the lawful basis for doing so.

9. YOUR RIGHTS

You have a number of rights relating to your personal data and what happens to it. You are entitled to:

• have your data processed in a fair, lawful and transparent way;
• be informed about how your personal data is being used, an example being this privacy notice;
•  access personal data we hold about you;
•  request that we transfer your personal data to you or another service provider in a simple, structured format;
• require us to correct any mistakes in your personal data;
• require us to delete personal data about you in certain situations where there is no good reason for us to continue to process it;
• object at any time to processing of your personal data for direct marketing purposes;
• object to automated decision making which produces legal effects concerning you or similarly affects you;
• object in certain other situations to our continued processing of your personal data; and
• otherwise restrict or temporarily stop our processing of your personal data in certain circumstances.

You can exercise your rights by contacting us using the details under Section 10 ‘Contact Us’.

You can read more about your rights, including the circumstances in which they apply, in the guidance from the UK Information Commissioner’s Office (ICO) https://ico.org.uk/for-the-public. You also have the right to complain about our use of personal data to the ICO. You can do this by contacting the ICO via their website https://ico.org.uk/concerns or by calling 0303 123 1113.

10. CONTACT US

If you have any questions or concerns about our use of your personal data, or about this notice, please contact us at:

Address: FAO: General Counsel and Chief Risk Officer, Telehouse International Corporation of Europe Ltd, 3 Thomas More Street, London E1W 1YW

Email Address: [email protected]

11. CHANGES TO THIS NOTICE

We may update this notice from time to time. If we make significant changes, we will let you know but please regularly check this notice to make sure you are aware of the most updated version.

 

6 November 2023