Privacy Notice For The Sure Group Of Companies

Sure is committed to protecting your privacy.  We take our responsibility to safeguard and secure your personal information very seriously.  This Privacy Notice, together with our website terms of business and any other documents referred to in it, and this Privacy Notice has been created to explain how we use your data, why we use it and who we share it with in relation to our services, as well as what rights you have under relevant Data Protection legislation.

Sure comprises a group of companies which operates in a number of jurisdictions worldwide. More information on the subsidiaries within the Sure group of companies can be found here.

For the purposes of this Privacy Notice, the following are the Sure data controllers in the Channel Islands and Isle of Man:

Data Controllers  

Company Reg. No.

Jersey  
Sure (Jersey) Limited 84645
Foreshore Limited 76239
Guernsey  
Sure (Guernsey) Limited 38694
Isle of Man  
Sure (Isle of Man) Limited 004621V

This Privacy Notice is issued on behalf of the members of the Sure Group in the Channel Islands and Isle of Man so when we mention Sure, "we", "us" or "our" in this Privacy Notice, we are referring to the relevant company in the Sure Group responsible for processing your personal information.

 

Data Protection Officer

Sure has appointed a designated Data Protection Officer to have oversight of data protection.  Their contact details are as follows:

Address:              

The Data Protection Officer

Sure 

The Powerhouse

Queens Road

St Helier

Jersey

JE2 3AP

Email: dataprotection@sure.com

 

Types of Personal Data we Process

  • Account Information: contact details including name, gender, date of birth, installation address, land line and mobile phone numbers and email addresses, proof of identity (including a copy of your passport/passport number and address taken from a utility bill) and billing address, passwords and usernames.
  • Information about the services you contract for with Sure;
  • Traffic data: i.e. details of your use of our services (for example, where you contract for telephony services we may record the date that calls were placed by you as well as the duration of each call).
  • Billing information such as number of calls, duration, category of call, numbers of SMS, roaming usage and other service information used to calculate your bill.
  • Financial information such as bank account details and credit and debit card information for receipt of payments, copies of credit checks. Card information is not stored by Sure.,
  • When you visit our registered office in each relevant jurisdiction, our retail shops, or other Sure sites, we may collect details of the visitors who attended, the time and date of the meeting and their image via CCTV footage as well as production of photographic visitor passes.
  • Recordings of phone calls to our Customer Service Centre and Service Operations Centre as well as other communications such as email and electronic messaging which may be used for staff training and audit purposes as well as resolution of complaints and queries.
  • Information regarding the employees, contractors and agents of our Enterprise customers, their roles and contact details, as well as other information on data subjects where we act as a processor for these Enterprise clients.
  • Marketing and Communications Data: including your preferences in receiving marketing from us and your communication preferences, as well as your responses to our surveys.
  • Refer a Friend – details of introducers and those introduced to Sure for the purpose of administering the rewards scheme.
  • Directory Information Data: including for inclusion in printed and online telephone directories where relevant.
  • Generic location data related to mobile services such as mobile sites with which phone has connected, countries visited when roaming.
  • Passwords and credentials to access My Sure account online, MySure App, or any other online service operated by, or for Sure, as well as other data collected from our websites, which may be considered personally identifiable information in some cases, such as IP addresses and MAC addresses.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

 

 

Purpose and Legal Basis for Processing

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. 

Purpose
Lawful Basis For Processing
To provide your contracted services with Sure or other licenced operators.

Processing is necessary for the establishment, conclusion or performance of a contract with our customers, and as a wholesale service to the customers of other licenced operators

To provide customer support services in respect of our services

Processing is necessary for the purposes of the legitimate interests of Sure or a third party engaged by Sure to ensure that we are able to provide and maintain high standards of customer care and support.

Calls to our Customer Service Centre are recorded.

To provide you with updates regarding our services

Processing is necessary in the legitimate interests of Sure to inform its customers of changes to the services that we provide to them such as tariff changes.

To allow us to review, develop and improve our products and services

Processing is necessary for the purposes of the legitimate interests of Sure is to ensure that its business is carried out effectively with the intention of enhancing our products and services for the benefit of our customers.

To occasionally carry out market research

Processing is necessary for the purposes of the legitimate interests of the Sure Group, in the Channel Islands and Isle of Man, to evaluate and understand whether the existing services provided meet its customers' expectations and to assess demand for new and additional services in development, as well as assess our performance as compared to our competitors.

To administer the Sure “Refer a Friend” scheme

Processing is necessary for the legitimate interest of Sure, it’s customers and prospective customers to administer the rewards scheme.

To send you details of products and services we think will be of interest to you

Processing is necessary for the purposes of the legitimate interests of the Sure Group to communicate with customers on new and existing products, services or other promotions that may be of interest.

Where we do not have your explicit consent, we will perform Legitimate Interest Assessments to ensure you would reasonably expect to receive such communications and that their frequency is not excessive.

Individuals may object to direct marketing by clicking the unsubscribe button on any emails received from Sure; or informing our Customer Service Centre or other Sure representative; or emailing dataprotection@sure.com.

To provide Directory Information Services, consisting of a printed directory, online version, or a version of the directory accessible from a mobile app. The data used is derived from billing data held by Sure on its customers unless you have requested otherwise

Guernsey – Sure has a legal obligation to provide a directory listing of all fixed line subscribers. You may choose to be ex-directory by informing us that you wish to be ex-directory. For pay monthly mobile phone customers we will rely on your consent to your data being published. The data will consist of name, address and phone number for fixed line customers, and name and phone number for mobile customers. For customers of the other licenced operators you should advise your service provider of your preferences for a directory listing.

 

Individuals will be able to look up a customer’s phone number using their name and approximate address. Searches to find name from phone number alone, known as Reverse Searches, are not provided.

 

For those customers who have requested special formatting of their directory listing the processing of this data will be necessary for Sure to meet its contractual obligation.

 

Jersey – Currently Sure does not publish subscriber data.

 

IOM – It is the legitimate interest of users of telephone services that there is a directory of subscribers. The names, address and phone number of fixed line subscribers will be published in the Isle of Man Directory unless they have indicated they wish to be ex-directory. Sure does not provide the data of mobile customers in the Isle of Man for publishing.

 

If you are an Isle of Man customer and wish to be ex-directory you must inform Sure at the time of taking the service or thereafter, either via our retail staff, via email , in writing or calling our Customer Call Centre.

Collecting personal data for the purpose of identification as part of secure log-in on our websites and apps.

It is the legitimate interest of Sure to ensure the security of it’s websites and apps., and to ensure persons logging into these services are who they purport to be and prevent online crime.

Collecting personal data from CCTV and door access logs when a customer visits our main office, retail stores, or their Sure sites, to ensure the security of Sure staff, systems and premises including client equipment hosted by Sure.

Processing is necessary for the legitimate interests of Sure to protect its staff and systems, retail stock, as well as client equipment it is contracted to host and to prevent or detect theft. Use of CCTV is a contractual requirement upon Sure, placed by a number of our Enterprise Clients.

To meet legal, regulatory and ethical obligations applicable to Sure Group.

In order to meet our legal obligations, in certain circumstances this may require us to provide your information to law enforcement agencies or other public bodies.

There are also circumstances where Sure may be requested to process your data for tasks carried out in the public interest, or for the vital interests of a customer or another living individual.

For purposes of internal training

The processing is necessary for the purposes of the legitimate interests of Sure to improve the customer service and experience it delivers by training its staff.

Debt collection, fraud prevention and credit checks

It is in the legitimate interest of Sure to minimise the bad debts it incurs through the provision of its contracted services. We may therefore process your data in order to perform a credit check prior to entering into a contract with you, or when a material change in our relationship occurs. Sure does not utilise automated decision making in its processing of your data.

Where an over-due debt is owed to Sure, it is in our legitimate interest to recover the funds owed to us, this may involve processing your data; sharing details of the debt with debt collection services, lawyer or the courts.

Audit Purposes

It is in the legitimate interest of Sure and It’s customers that Sure undergoes regular Security, Resilience and Financial audits by internal specialists as well as independent auditors. This may involve processing your data.

Prevent and detect crime

The processing is necessary for the prevention, detection or investigation of crime which may involve the sharing of your image captured on our CCTV, door access data from our systems, or log information regarding your use or interactions with our telecommunications infrastructure, websites, apps., including any misuse of our networks.

Sharing of personal data

In order to provide contracted services as well as service the legitimate interests of Sure and it’s clients we will share personal data between the Sure entities operating in Jersey, Guernsey and Isle of Man.

We may also share your data with sub-processors and selected businesses partners where they support Sure in providing it’s services. This includes provision of Directory Information Services.

Acting as a “Data Processor”

For some services that Sure provides its Enterprise customers Sure is classified as a Data Processor, such services include Cloud Services where Sure may store personal data held by the Enterprise customer on Sure equipment. In such cases the data is segregated from personal data that Sure holds in relation to it’s own activities

Administering Data Subject Rights.

When a Data Subject exercises their rights under the relevant Data Protection Legislation, Sure is legally obliged to process their data, and in some cases the data of third parties in relation to the requests.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to providing some Directory Information Services for mobile customers and for marketing to new customers.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal data for an incompatible purpose, we will notify you and we will explain the legal basis which allows us to do so or gain your consent if required to do so by law.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

Sources and Recipients of Personal Data

Sure may disclose your personal data to other Sure group companies, within the Channel Islands and Isle of Man, and carefully selected business partners and third party suppliers to whom we engage to provide services set out in this Privacy Notice, including Directory Services. However, other than as set out in this Privacy Policy, Sure will not disclose or share your personal data with any third party without your express consent unless this is necessary to provide the service or products you requested, to undertake the legitimate interest of Sure, or as required by law.

Transfers of Personal Data to Third Countries

As Sure is part of an international group of companies operating globally we may store your personal data in your home country and/or we may transfer your personal data to other Sure group companies and carefully selected business partners and third party suppliers in other countries around the world where it has your consent or where it is necessary to do so in order to conclude or perform a contract on your behalf.  In all cases we will ensure the security of the transfer of your data.

These may include:

  • Suppliers who support our services to you such as billing and directory services.
  • Suppliers who support the security of our telecommunications infrastructure and services we provide to you
  • Our parent company.
  • Audit firms and certification bodies working for ourselves and / or our parent company.
  • Debt collection services,
  • Third parties to whom you have authorised your data to be disclosed.

In the event that a third party is outside the European Union and where the data being transferred include personal data we will ensure that the relevant requirements of applicable data protection laws are met.

Period Data Will be Stored

Sure Group only keeps data for as long as necessary to fulfil the purpose it was collected including for the purposes of satisfying any legal, accounting, or reporting requirements. In most cases no personal data will be held on an individual who is no longer a Sure customer after 10 years. There may be limited exceptions where some information is required to be kept longer such as if there was an ongoing legal dispute or we were required to hold your data longer by law.

Any requests for further information in relation to the continued processing of specific data, or requests for destruction of data should be made to the Sure Data Protection Officer. 

Rights of Data Subjects

Data subjects in the European Union or jurisdictions with equivalent data protection laws (to The European Data Protection Regulation) have certain rights in respect to their personal data. These rights include:

  • to withdraw consent to processing previously given as appropriate,
  • to access to your data (please see the heading 'Subject Access Requests' below),
  • to have your data corrected, or updated, 
  • to have your data deleted in certain circumstances,
  • to restrict, in certain circumstances, processing for a specified period of time,
  • to have your data provided to a third party (also known as data portability) in certain circumstances,
  • to object, in certain circumstances, to certain types of processing e.g. direct marketing (please see the heading 'Opting Out' below),
  • to make a complaint to a Supervising Authority,

Any request to relating to the above rights should be addressed in the first instance to the Sure Data Protection Officer at dataprotection@sure.com

Please note that by exercising some of the above detailed rights, Sure may, in certain circumstances, be unable to provide you some or all of the services you have requested from Sure. We will inform you of this at the time you seek to exercise the right.

Subject Access Requests

Under relevant data protection laws, you have the right to access your personal data held by Sure. This is known as a Subject Access Request (SAR). The process you should follow to do this is set out below.

You can make a SAR to receive your own personal data. Or a third party can make a SAR for you, with proof they have your permission.

If you’re a Sure customer you may be able to access your bills online, or you can request copies through our customer service team.

Only information considered to be your personal data will be released under a SAR. We won't be able to provide information that may also relate to other data subjects such as:

  • Content of any communications including text messages, calls or voicemail;
  • Information about your incoming and/or outgoing calls or texts (unless provided in your standard bill);
  • Any data held on your phone e.g. photos, contacts which we would not normally hold. 

We may need to request specific information from you to help us confirm your identity, and/or the identity of any person acting on your behalf, and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data (including address or name) changes during your relationship with us.


Changes to our Privacy Policy

We may make changes to our Privacy Notice from time to time.  We will post any changes to this policy online at www.sure.com and where the changes are significant and if appropriate, we may notify you by other means including SMS or email or when you next log into your account on our website.

Marketing

We aim to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional information and offers from us
We may use your identity, contact, technical, usage to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.  You may receive marketing communications from us if you have requested information from us or purchased goods or services from us, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you may opt out of receiving direct marketing material.

Third-party marketing

We do not share your personal data with any company outside of the Sure Group in Channel Islands and Isle of Man, or it’s immediate business partners, for the purpose of marketing their products to you.

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

“Digital Marketing Service Providers”

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

  • Prospect Global Ltd (trading as Sopro) Reg. UK Co. 0964833. You can contact Sopro and view thei privacy policy here http://sopro.io. Sopro are registered with the UK ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io. 

 

Right of objection for direct marketing purposes

You can ask us to stop sending you direct marketing messages at any time by:

  • calling our call centre
  • e-mailing dataprotection@sure.com; or
  • writing to our data protection officer at the address above at any time. 

Your right to object to receiving direct marketing messages will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions where this results in Sure sending you a service message.

Use of cookies

Sure may use "cookies" on its website(s). A "cookie" is information that a website puts on your hard drive so that it can remember pieces of information about you when you next visit the website or a related website. Sure uses necessary cookies to enable the basic functions of its websites such as secure login and preserving user sessions between page requests, without these cookies our websites cannot function properly. Sure also uses statistic cookies which help Sure understand how visitors interact with our websites by collecting and reporting information anonymously We may also use marketing cookies to track users across websites with the intention to display advertisements that are engaging and relevant for the user Unless otherwise notified by Sure, Sure will not use personal data sent in a cookie for marketing purposes and will not share this personal data with third parties other than those directly supporting the websites. Further information on cookies can be found at www.aboutcookies.org

Controlling cookies

You may wish to restrict the use of cookies or completely prevent them from being set. Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful, or you can use the help option in your browser for more details:

If you disable cookies, please be aware that some of the features of our Services may not function correctly.

You can opt out of Google Analytics by installing Google’s opt-out browser add-on.

Sure mobile applications

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Sure mobile applications (MySure and Sure Directory) may request permissions to access data and features of on your phone. Users may deny these permissions but should note that this may impact the apps ability to function correctly. Specifically, the Sure Directory app requests permission to access your microphone and to access your location. The geo-location data is used to identify yellow page advertisers close to your location when you search. The microphone access is used in conjunction with a native feature of your phone to provide voice search capability, for instance as assistance for the visually impaired. No microphone data leaves your phone at any time when using this facility.

Complaints

If you wish to raise a complaint in regard to our processing of your data you may do so by writing to our Data Protection Officer at the address above, or emailing dataprotection@sure.com. You may also complain directly to the relevant data protection regulator.  Contact details and instructions for making a complaint and other useful information may be found on their websites as set out below:

Guernsey: www.odpa.gg

Isle of Man: www.inforights.com

Jersey: www.jerseyoic.org

 

Version 11.0    December 2022