Privacy Policy

Back to Portal

Last Updated: November 03, 2025

1. Introduction

TISA Business Communications ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

TISA Business Communications is the data controller responsible for your personal data. You can contact us at:

3. Information We Collect

3.1 Personal Information

We collect the following categories of personal data:

  • Identity Data: Name, username, title
  • Contact Data: Email address, telephone number, postal address
  • Technical Data: IP address, browser type, operating system, device information
  • Usage Data: Call records (CDR), call duration, call destinations, timestamps
  • Communication Data: Records of your communications with us

3.2 How We Collect Your Data

  • Directly from you when you register or use our services
  • Automatically through our systems when you use our telephony services
  • From third parties such as payment processors and service partners

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide our telephony services to you
  • Legitimate Interest: To improve our services, prevent fraud, and ensure network security
  • Legal Obligation: To comply with telecommunications regulations and law enforcement requests
  • Consent: For marketing communications (where applicable)

5. How We Use Your Information

We use your personal data for:

  • Providing and managing our telephony services
  • Processing billing and payments
  • Customer support and service improvement
  • Fraud prevention and network security
  • Compliance with legal and regulatory obligations
  • Analytics and service optimization
  • Marketing communications (with your consent)

6. Data Security and Encryption

We implement robust security measures to protect your personal data:

  • Encryption: All personal identifiable information (PII) is encrypted using AES-256-GCM encryption
  • Secure Transmission: All data transmission uses TLS/SSL encryption
  • Access Controls: Strict access controls and authentication mechanisms
  • Audit Logging: Comprehensive logging of all data access and modifications
  • Regular Security Audits: Periodic security assessments and penetration testing

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Duration of your active account plus 6 years (tax/legal requirements)
  • Call Records (CDR): 12 months (telecommunications regulations)
  • Financial Records: 6 years (UK tax law)
  • Marketing Consent: Until withdrawn or 2 years of inactivity

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at hi@tisa.one or through your customer portal.

9. Data Sharing and Third Parties

We may share your data with:

  • Service Providers: Payment processors, cloud hosting, technical support
  • Telecommunication Partners: Network operators and interconnect providers
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In the event of a merger, acquisition, or sale

We ensure all third parties are contractually bound to protect your data and comply with UK GDPR.

10. International Data Transfers

Your data is primarily stored and processed within the UK. If we transfer data internationally, we ensure adequate safeguards are in place through:

  • UK GDPR-approved standard contractual clauses
  • Adequacy decisions by the UK government
  • Binding corporate rules

11. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality

We do not use third-party tracking or advertising cookies without your explicit consent.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

13. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our portal. Continued use of our services constitutes acceptance of the updated policy.

16. Complaints

If you have concerns about how we handle your personal data, please contact us first at hi@tisa.one. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

17. Contact Us

For any questions about this Privacy Policy or your personal data, contact us at: