Euphoria: our company
Euphoria Telecom (PTY) LTD is a South African telecommunications company. We provide the following services:
- a direct business phone solution (Euphoria)
- a home phone solution (FreshPHONE)
- an indirect business phone solution (through our resellers network)
Our Privacy Policy
Our Privacy Policy complies with the requirements of the Protection of Private Information Act (PoPIA) in South Africa.
Euphoria takes cognisance of the General Data Protection Regulation (EU) 2016/679 (GDPR) in the European Union. However, we currently do not comply with all the requirements of the GDPR.
This Privacy Policy Notice explains how we process the Personal Information we collect from you. The Notice applies to all Personal Information processed by Euphoria.
What is personal information?
We define as Personal Information (PI) any information that identifies or relates specifically to you, such as your identification number, your email address, your name or contact details, your company registration number, your phone number, etc. Refer also to Appendix A.
When do we collect information from you?
We collect information, including Personal Information, directly from you when you:
- visit our website
- submit information by completing a form on our web-site (e.g. to register with our services or to request a quote from us)
- email us information in order to place an order with our company
- authorise us to perform credit checks in order to approve your application for services
- communicate with our employees in order to obtain services from our company (e.g. resolve issues)
- use our PBX platform (i.e. place or receive calls)
- apply for employment within Euphoria
Euphoria will only collect your information directly from you; or with your explicit authorisation.
Your Consent
By using our website, by contracting Euphoria and using our product(s), or otherwise contacting us you confirm that you have read, understood and that you consent to Euphoria processing your Personal Information in order to enable the provision of the respective services as per the Principal Agreement between you and Euphoria.
Where relevant, consent clauses are included in our forms.
Euphoria commits to only use your Personal Information for the sole purpose of providing services to you. No other use will be permitted.
You may withdraw your consent at any stage. We will need adequate time to remove you from our systems.
Can you provide Consent for other Persons?
Should you provide us with the personal information of any other person for marketing or other purposes, it is your responsibility to:
- inform that person that you intend to disclose or that you have disclosed their details to
- Euphoria
- notify them of this Privacy Notice and
- obtain their consent
Euphoria will further request consent from that person the first time we contact them. You indemnify us against any claim from that person regarding our access to or use of their personal information that you provided us with.
What if you refuse to submit the requested information?
Providing your Personal Information to Euphoria is voluntary.
However, should you not provide all the information we request we will not be able to provide you with our services.
What happens if you withdraw consent, objecting to processing or in case of processing restrictions?
You may withdraw your consent to our contacting you for direct marketing at any time by unsubscribing from our mailing lists.
If you are a customer, you may withdraw your consent to our processing your personal information altogether by addressing a written notice to us. You will need to give us adequate time to remove you from our systems and note that this will result in us terminating your services.
The same applies when you object to Euphoria processing your personal information or if the processing is restricted by law.
If Euphoria has restricted processing of your Personal Information, we will notify you should the restriction be lifted.
What information do we collect from you, store or otherwise process?
When you use our website we may process your information, such as:
- records of your information on our server logs from your browser or mobile platform, including your location, IP address, cookie information, and the page you requested. This data is treated as non-personal information, except if we are compelled to do otherwise by law or a legal authority
- your name and contact information, including email address and company details which you may submit to us when you request a quote
When you apply for one or more of our services (via the web-site or via email) we may process information necessary to performing credit checks and creating your account, such as:
- your name, identification information and contact details
- copies of director ID and company registration documents
- telephone number(s) you want to port
|
When you use our PBX platform (including the Telephone Management System web application):
- we record information on our server logs from your browser or mobile platform, including
- your location, IP address and all actions
- we process a Call Detail Record (CDR) which contains information about the call. Depending on the type of the call (inbound, outbound, between two extensions, etc) the CDR contains different types of information such as the call source and destination, date, time, call duration, etc. The CDRs are used to produce various reports, including billing reports and invoices
- if you have opted to record your calls, we create and process a .wav file with the recording of your discussion
When you call us or we call you:
- we may intercept (record calls) and monitor your communications to the extent permissible by law. Our sole intention in doing so is to monitor the quality of the service we give you in order to ensure the quality is maintained, and for disclosure purposes
- we update the information we have on your account profile based on the information you provide, if necessary
When you refer potential customers to us:
- we capture the contact details of those potential customers
- Note that it is your responsibility to obtain consent from such persons before you refer their contact details to us.
When you apply for employment with us:
- your name, contact details, ID number and any other information you submit to us via your CV as part of a job application
- your background check report
In all cases, the requested information is necessary for us to provide you with service. We review our collection processes on a periodic basis to ensure the information we collect is not excessive.
Website Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
We use first party cookies. Those are cookies that are set by our website and can only be read by our website. They are used for the functionality of the website (allowing our Website to recognise that you have visited it before, allowing you to securely use our phone system, etc.).
Our euphoria.co.za and freshphone.co.za websites also use third party cookies (Google). These are cookies set by Google services or software, such as analytics, maps, online videos, advertising and remarketing or social networking features. Google uses cookies on your browser to store your options such as user preferences, information of google maps, preferred zoom level, website statistics, etc. These cookies may get re-read during a visit to other sites if they do business with Google as well (e.g. YouTube). Data collected is used in accordance with Google’s privacy policy (https://policies.google.com/privacy).
You can set your browser not to accept cookies. Some of our website features may not function as a result. For further information, on removing cookies from your browser, visit allaboutcookies.org.
How to inquire about your Personal Information
You may request details of personal information which we hold about you under the Promotion of Access to Information Act, 2000 (PAIA) as well as under the Protection of Personal Information Act (PoPIA), 4 of 2013.
If you would like to obtain a copy of your personal information held by Euphoria you can contact our Helpdesk.
Our PAIA Manual located on our website: www.euphoria.co.za/paia_manual/
How to rectify your Personal Information
You may request that we correct any information about you that you believe is inaccurate or incomplete.
You can either correct the information yourself using our system or you can request this by logging a call with the Euphoria Helpdesk.
What does Euphoria use your personal information for?
The information we collect from you may be used in one of the following ways (in addition to the ways we have set out above):
Sales and Administration
- To enter into a contract with you
- To support our legitimate interests in managing our business (or those of a third party)
- To create your account
- To recommend a solution that optimally addresses your needs
- To recover debts or trace those who owe us money
Product and Support
- To provide you with the PBX services you have requested
- To allow you to administer your account and your PBX installation
- To bill you in accordance with your use of our system
- To prevent and detect fraud, information security and privacy incidents and other crimes
- To notify you about problems, important changes or developments in the services you receive
- To respond to your inquiries / complaints
- To process your requests in relation to your information
Operations and Marketing
- For internal record keeping
- To evaluate our services with the purpose of improving our services
- To inform you of other products we offer by email or other direct contact, also known as direct marketing (only where you have not withdrawn your permission for us to do so)
- To advertise our business by exhibiting our clients (only if you have provided us with explicit permission to do so)
- To do research and statistical analysis to understand how you use our network, products and services and enable Euphoria to improve those
Human Resources
- For evaluating candidates for positions within the company or evaluating staff and consultants
We use your information in-line with the reason you submitted it to us and we respect your interests and rights. For instance, CV related information will only be used to process job applications and for no other reason.
How does Euphoria protect your information?
We have implemented an Information Security Framework and are putting in place a variety of security measures to maintain the safety of the personal information that is processed by Euphoria.
These measures are in line with market standards, and generally acceptable requirements in the industry, and in line with any requirements imposed on us by law or in a code of conduct approved by the Information Regulator. A list of the measures can be obtained from Euphoria on request.
What is the Shared Responsibility Model?
Privacy, just as security, is a shared responsibility between Euphoria (who is an Operator in terms of PoPIA) and You (who is the Responsible Party in terms of PoPIA).
Euphoria is responsible for providing a secure communications tool and you are responsible for using it securely.
Euphoria has put organisational and technical controls in place to securely process Your Personal Information while it is stored and transferred in the Euphoria PBX platform. Your responsibility lies with:
- Overall, conforming with the legal requirements that apply to you when obtaining, processing and storing your information in the Euphoria system. In terms of the South African regulation (PoPIA), you should conform with the requirements for Responsible parties when processing information using the Euphoria systems. For instance, you should only instruct Euphoria to process your Personal Information on Euphoria’s systems if you have a firm basis in law to process that information yourself.
- Ensuring that access to the Euphoria systems is physically and logically secure. A non-exhaustive list of controls include:
- using a secure device to access the TMS system
- implementing secure identity management, such as:
- ■ users having unique accounts
- ■ users selecting strong, unique passwords and keeping them safe
- ■ users not sharing credentials
- implementing physical security controls to limit access to your telephone and network devices
Third-Party access to your information
We use Third-Parties (Subprocessors) to enable our services to you. They may be suppliers of telecommunications lines, hosting services, data storage services, email communications, ticketing and technical support systems, customer relations management systems, etc.
We implement the following organisational and technical controls:
- reviewing the Terms and Conditions and the Service Level Agreements of our Third-Parties prior to appointing them
- amending our Terms and Conditions or the Service Level Agreements with existing Third-Parties where those need to be updated implement technical controls to protect the Euphoria Personal Information from access by our Third-Party providers without authorisation (encryption of information, access controls) to assess that:
- your information cannot be accessed by our Third-Party providers without authorisation
- your information cannot be processed in a manner contrary to the requirements of the South African Protection of Personal Information Act, 2013 (PoPIA)
We are not always in position to sign individual agreements with our Third-Parties; in such circumstances we:
- review their general Terms and Conditions
- monitor any changes in those Terms and Conditions
periodically review the compliance status of the Third-Parties Euphoria uses with the requirements of PoPIA
We may disclose your information to professional advisers, judicial, regulatory and law enforcement bodies as and when required, for the purposes of defending or instituting claims, litigation, disputes or taking legal advice on any matter including matters that are strategically important to Euphoria. We do not grant access to any information that is not strictly within the scope of work of those parties, nor do we grant them access to any more information that is strictly necessary.
With the exception of the cases mentioned above, none of your information is shared with any other company for any reason whatsoever, unless we first obtain your explicit consent.
What is the lifecycle of your information?
Customer information
The information you provide in order to enter into a contract with us is stored into our systems for the period of our relationship. Should our contract come to an end for any reason, we will need to retain the information we require under section “For how long does Euphoria retain your information?”.
Call recordings
An overview of the call recording lifecycle and the high level security controls in place to protect your call recordings is provided in the “Euphoria Telecom (Pty) Ltd – Call Recording Lifecycle” document. The latest copy of the document is available on request.
Does Euphoria use an automated decision-making system?
Automated decision-making systems are not relevant to Euphoria’s business and are therefore not used.
Is the Personal Information held by Euphoria portable?
Our system allows you to download your Call Detail Records (CDR) and your call recordings. You may save those at a medium of your choice. The rest of the data we collect about you are only relevant to our system and cannot be transferred to another organisation.
For how long does Euphoria retain your information?
For accounting, tax and legal reasons, we keep the following client information for an unlimited amount of time:
information provided to create your account and set up your PBX installation
tax or accounting related information: invoices and Call Detail Records (CDRs)
However, we only store and we do not process that information after your services have been terminated; unless we need to use it in dealing with complaints, disputes, legal action or prospective litigation, or taking advice on any of these. You are responsible to define the retention periods for your call recordings based on your business needs and your legal and regulatory compliance requirements. The Euphoria system gives you this functionality. Further information on how to use the functionality is available on request.
Is the “Right to be forgotten” applied in the Euphoria PBX system?
Euphoria allows our customers the “right to erasure” or “right to be forgotten” following a written request. Euphoria will erase your personal data, unless the law requires us to keep it. We cannot however delete data that is related to our invoicing system. Privacy Notice
Transborder Data Transfers
Euphoria uses local and international cloud services to provide an economical, secure and scalable product. As a result, many of our services are hosted outside South Africa.
Those service providers are considered Third-Parties and are treated as such.
A latest list of those providers can be made available on request.
Can the Responsible Party request for an audit of the Euphoria systems?
Euphoria can provide you with documentation on our information security and privacy controls on demand.
Should you, or your auditors, require further assurance on the controls Euphoria has implemented to comply with PoPIA and secure your Personal Information you may contact Euphoria to discuss the option of an audit on our systems.
Any time, resource and other cost implications will need to be agreed upon by both parties prior to the commencement of such an audit.
What happens if there is a security compromise that affects your Personal Information?
Should a breach of your personal information come to our attention Euphoria will cooperate with You and take reasonable commercial steps to assist you in the investigation, mitigation and remediation of such a Personal Information breach.
Euphoria implements controls that would allow us to identify the breach timely and to notify you and provide information about the breach, as per the requirements of PoPIA:
the nature of the breach
if known, the identity of the unauthorised person who may have accessed your Personal Information
the list of Data Subjects that are affected by the breach
the categories of Personal Information that were exposed in the breach
a description of the possible consequences of the breach
any measures the Data Subjects can take to mitigate the possible adverse effects of the breach
any other relevant information
Euphoria will notify the Information Regulator as per the requirements of PoPIA.
Terms and Conditions
The Privacy Notice reflects our Privacy Policy, is complementary to and should be read and understood together with our Terms and Conditions.
The Terms and Conditions establish the use, disclaimers, and limitations of liability governing the use of all our services.
Changes to our Privacy Policy
If we decide to change our Privacy Policy, we will also update our Privacy Notice and post the updated Notice on our website.
We will also notify you by means of a prominent notice on the Website prior to the change becoming effective, but only if we make a change to this privacy policy that we believe materially reduces your rights.
How can I contact the supervisory authority?
You have the right to lodge a complaint with a supervisory authority; should you have concerns about the way your data is handled by Euphoria and should the explanations provided not be satisfactory, you have the right to lodge a complaint with the supervisory authority in South Africa: Information Regulator, inforeg@justice.gov.za The latest contact details, can be found here:
https://www.justice.gov.za/inforeg/contact.html
Euphoria does not currently have any GDPR representatives in the European Union.
Euphoria Information Security and Privacy contact details and the timeframe for a response
You should direct any queries on our privacy policy to our Information Security Officer:
Eirini Kalimeri, infosec@euphoria.co.za, 010 593 4500
or write to us:
Euphoria Telecom, PO Box 12429, Mill Street, Cape Town, 8010
If you make a request, we have one month to respond to you.
Definitions and Abbreviations
In this document by the terms:
1.1. “We”, “Us”, “our Company”, “the Company”, etc. refers to Euphoria
1.2. “You” refers to our web-site visitors, customers and Euphoria employees.
Further:
1.3. “Contracted Operator” or “Contracted Processor” or “Subprocessor” or “Third Parties” means a company subcontracted by Euphoria that processes Your Personal Information on behalf of Euphoria. Such a company may have their own “Contracted Operators”
1.4. “Information Protection Laws” or “Data Protection Laws” means the:
1.4.1. Protection of Private Information Act 4, of 2013, in South Africa and
1.4.2. General Data Protection Regulation (EU) 2016/679 (GDPR) in the European Union
1.5. “Your Personal Information” or “Your Personal Data” means any Personal Information processed by Euphoria on Your behalf in connection with the Principal Agreement between you and Euphoria
1.6. “Euphoria Personal Information” or “Euphoria Personal Data” means any Personal Information processed by a Contracted Operator on behalf of Euphoria in connection with the Principal Agreement between the Contracted Operator and Euphoria
1.7. “Operator” or “Data Processor” is Euphoria and includes our employees, including permanent and temporary staff, contractors, service providers and consultants utilising Euphoria’s information assets
1.8. “PAIA” is the Promotion of Access to Information Act 2, of 2000
1.9. “PBX platform” the information technology system that has been developed by Euphoria for the provision of telephony services to our customers
1.10. “Personal Data”, “Data Controller”, “Recipient” or any other term solely defined in the GDPR have the meaning ascribed to them in the GDPR
1.11. “Person”, “Personal Information”, “Processing”, “Operator”, “Responsible Party”, “Breach” or any other term defined in the PoPIA have the meaning ascribed to them in the PoPIA
1.12. “PoPIA” is the Protection of Personal Information Act 4 of 2013
1.13. “Principal Agreement” means the current contract between two parties and includes the Terms and Conditions and the Service Level Agreement. In this document and depending on the context, a Principal Agreement may refer to the contract signed between:
1.13.1. you and Euphoria
1.13.2. the Contracted Operator and Euphoria
1.14. “Responsible Party” or “Data Controller” is you
1.15. “Services” is the various services Euphoria provides to you in accordance with the Principal Agreement between you and Euphoria