Company Policies

Privacy Policy

Effective Date: May 25, 2018

For Website Terms and Conditions, see Terms and Conditions

About Tollring

This website is maintained by Micro Plus Software Limited trading as ‘Tollring’.

Company Registration

Registered Number 02843012.

Registered Office: Micro Plus Software Ltd, trading as Tollring, 10 Moorcroft, Harlington Road, Uxbridge, Middlesex. UB8 3HD.

Controller

Tollring (which is registered with the Information Commissioner’s Office under registration reference: Z1990751) is the data controller and is the Tollring entity which is responsible for your personal information.

Tollring contact details are in the Contact Us section.

Your continued use of this web site constitutes your agreement to this privacy policy and any updates. If you have any questions about this privacy policy please contact us using the contact details provided in the Contact Us section.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Purpose of this Privacy Policy

Tollring values the privacy of those who use our web site, products, and services we are committed to protecting it. This privacy policy tells you how we collect, use, and disclose personal information which may be collected from you when you interact with us, such as when you visit our web site, use or purchase our products and services, or communicate with our employees. It also tells you how we look after your personal information.

Please read the following to learn more about what personal information we collect, what we do with that information, and how we may use that information.

Information we collect

Personal information, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal information about you which we have grouped as follows:

  • Identity Information– such as first name, surname, title and username.
  • Contact Information– e-mail address, contact preferences and telephone number.
  • Profile Information– which Tollring products and services you use and information about products and services which you have purchased from us or one of our distributors.
  • Demographic Information– such as where you use your computer and mobile devices to improve understanding of our customer needs.
  • Tracking Information– about your visit from the browser or Tollring application on your computer or mobile device. This includes IP address, cookies, and the pages you request, to analyse trends, administer the site, track your navigation of the site and to gather broad demographic information for aggregate use (note that IP addresses are not linked to personally identifiable information).
  • Marketing and Communications Information– your preferences in receiving marketing from us.

We may also collect, use, store and transfer aggregate information from multiple users without personally identifying individuals such as the geographic region from which your accessing our web site or products and services. Aggregate information may be derived from your personal information but is not considered personal information in law as this information does not directly or indirectly reveal your identity.

How we collect your personal information

We use different methods to collect personal information from and about you including through:

  • Direct interactions such as where you provide us your Identity Information and Contact Information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you purchase our products or services or provide us with feedback.
  • Automated technologies or interactions that automatically collect Tracking Information about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. Please see further details in relation to cookies below.

How we use your personal information and lawful basis for use

We will only use your personal information when we have a lawful basis for doing so.

We have explained below each lawful basis for using your personal information but please contact us if you would like further details about the specific lawful basis we rely on to use your personal information:

Performance of a contract – we need some of your personal information, such as your Identity Information, Financial Information and Contact Information in order to perform contracts that you have entered into with us (for example to provide you with support services in relation to the software you have purchased).

To comply with a legal obligation – we use your Identity Information, Contact Information and Marketing and Communications Information to comply with various legal obligations including ensuring that you do not receive marketing communications from us in circumstances where you have advised us that you do not wish to receive those communications.

Necessary for our legitimate interests – we use your Identity Information, Contact Information, Profile Information, Demographic Information, Tracking Information, Marketing and Communications Information to for our legitimate interests such as keeping our records up to date, understanding how our customers use our products and services, to develop our products and services and to grow our business and inform our marketing strategy.

Marketing

We may use all of the above information to decide what products and services may be of interest to you. We will send marketing communications to you if you have requested information from us, if you have purchased products or services from us or if you have provided us with consent to do so.

We will stop sending marketing communications to you if you opt out by either contacting us using the details in the Contact Us section or by clicking on the “unsubscribe” link at the bottom of our emails.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk or harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you fail to provide personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at any time.

Information disclosure to third parties

We do not share, sell, rent or otherwise distribute your personal information to others, except as disclosed in this privacy policy. We would only share your information under the following circumstances:

  • We have your explicit consent to share the information.
  • We need to share your information to fulfil your product or service request.
  • We wish to use third parties to contact you with information about our products and services.
  • We are required to provide such information by law, subpoena, or court order.
  • We believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats against persons or property.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Third party links

The website and services may contain links to other third-party sites. We are not responsible for the privacy policy or other practices employed by websites linked to, or from, our website nor the information or content contained therein. This privacy statement applies solely to information collected by this website. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

Cookies are small data files that a web site you visit may save on your hard drive that usually includes an anonymous unique identifier. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses, or capture your e-mail address. Our web site uses cookies for user authentication, keeping track of your preferences, keeping track of our audience size and traffic patterns, and in certain other cases.

You can configure your browser to accept cookies, reject cookies, or notify you when a cookie is being used. However, if you configure your browser to reject cookies, you may not be able to use our products or services that require you to sign in or take advantage of all the features of our web site.

Data Security

We are committed to protecting the security of your personal information and take reasonable precautions to protect it. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure and as a result we cannot warrant the security of information you transmit to us and you do so at your own risk. Once we receive your data transmission, we are committed to ensure its security on our systems:

  • Your Tollring password is protected by encryption and only you have access to it.
  • Your personal information and data stored in our systems is protected by various physical, electronic, and procedural safeguards. It is housed in a secure facility and we restrict physical and network access to this facility to select trained staff. We regularly evaluate its technologies, facilities, procedures and potential risks to maintain the security and privacy of our users’ data. As a rule, our employees do not monitor or view your personal information or content stored in the our system, but it may be viewed if we learn that our Terms and Conditions may have been violated and confirmation is required.
  • All of our services support the use of standard SSL encryption to protect data transmissions. However, this is not a guarantee that such data transmissions cannot be accessed, altered, or deleted due to firewall or other security software failures.

If we learn of a security system breach we will notify you any applicable regulator where we are legally required to do so. We may provide information on protective steps through the e-mail address that you supplied during registration or posting a notice on our web site. Depending on where you live, you may have a legal right to receive such notices in writing. To request written notice of any security breach in writing, please send an e-mail with your request and mailing address to the email or postal address in the Contact Us section below.

Changes and Updates

As this privacy policy may be updated from time to time, we will revise and display the effective date at the top of the web page. You should periodically review it to keep abreast of our plans and procedures to protect the personal information that we collect.

If we should ever sell our assets, merge with another entity, or file for bankruptcy, information collected from this web site remains our asset and may be transferred.

Your Legal Rights

Under EU data protection laws, you have rights in relation to your personal information including:

(i) Right to request access to your personal information

This is also known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

(ii) Right to request correction of the personal information that we hold about you

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

(iii) Right to request erasure of your personal information

This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

(iv) Right to object to processing based on certain grounds

This enables you to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

(v) Right to withdraw consent

This enables you to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

(vi) Right to transfer data

This enables you to request the transfer of your personal information to you or to a third party. We will transfer the data in a structured, commonly used, machine readable format. This right applies only in respect of automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

If you wish to exercise any of the above rights please contact us using the details provided below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Contact Us

We welcome your feedback regarding this privacy policy. If you have questions, comments, or concerns please contact us by:

Email: info@Tollring.com

Postal address:
10 Moorcroft, Harlington Road, Uxbridge, Middlesex, UB8 3HD, UK

Tollring General Data Protection Regulation (GDPR) Credentials Statement

Who we are and what services we are providing

Micro Plus Software Limited trading as Tollring (“Tollring”)

Registered office: 10 Moorcroft, Harlington Road, Uxbridge, Middx UB8 3HD

Designated contact: dpo@tollring.com

Services provided: Software development, product supply and support.

Personal data being processed and processing activities

The personal data being processed by Tollring is that which the controller has supplied to Tollring or which Tollring has obtained or created in order to provide the services in accordance with, and as notified in, the relevant client contract, quote and/or end user license agreement. We may also use personal data for marketing and credit control purposes.

As also notified in the relevant client contract, quote and/or end user license agreement, there are circumstances in which Tollring will be acting as Controller in relation to the personal data.

When a Partner, or one of their customers, calls the Tollring technical help desk or partner support team, we are contractually required to record these calls as part of the agreements we have in place with our Partners, to help us meet our service obligations.  Our support engineers may sometimes need to speak directly to end users to resolve an issue and as such these calls may be recorded.  These call recordings already form part of our Data Protection and Retention policy and handling of these recordings forms part of our GDPR programme.

Data management and security

Tollring is registered with the U.K. Information Commissioner’s Office under registration reference Z1990751.  Tollring takes data security very seriously and follow best practices for security and data storage including but not limited to:

  • Company GDPR policy
  • Information Security Management System (ISMS) policy
  • Controlled and logged access to sensitive business systems.
  • Controlled physical access to company premises.
  • Employee training on policies and best practices.
  • Regular employee reminders of policy and best practice.
  • A documented data classification register.
  • Data retention policy.
  • Data security incident management policy.
  • Website privacy policy
  • Website terms and conditions
  • Nominated Data Protection contacts (dpo@Tollring.com)

Confidentiality

Tollring employees are bound by contractual confidentiality provisions in their contracts of employment. In addition, employees are required to complete an annual declaration confirming their awareness of Tollring’s confidentiality and security procedures. Compliance with any group policies relating to data protection and confidentiality of information is mandatory.

Use of Sub-Processors

Tollring has either obtained or is in the process of seeking and obtaining similar Credentials Statements or equivalent from Sub-Processors who process the personal data which is the subject of our contract.

Terms & Conditions

Effective Date: May 25, 2018
For information on Privacy Policy and Cookies, see Privacy Policy.

Important

The following terms and conditions apply to the use of this Website, which is maintained here. By using the Website, you are agreeing to accept these terms and conditions in full. If you disagree with these terms and conditions, you must not use the Website.

Terms of Use

  • You may not use the Website in any way that could limit access or availability or otherwise or cause damage to the Website.
  • You may not use the Website to store, distribute or link to any malicious computer software.
  • You may not use the Website for any illegal purpose or any purpose connected with illegal activities.
  • Tollring reserves the right to restrict access to certain areas of the Website and to change the extent of these restricted areas at its own discretion. Access to these areas is granted under additional Terms and Conditions agreed during the login process.

Intellectual Property, including copyright

  • Except where stated, all intellectual property rights in the website and its content belong to Tollring or have been licensed to Tollring. You may only use it as granted in these Terms and conditions, all other rights are reserved.
  • You may download Website pages to a browser for personal viewing and printing, but you may not re-use, reproduce or redistribute any part of the material, in whole or edited form.
  • Where software or content is made available on the Website explicitly for downloading by Tollring, you will be asked to agree to specific licensing terms and conditions via a EULA during the installation process.
  • All comments, materials and other information submitted through the Website become the property of Tollring. If a contributor owns the property rights over any such content, they automatically grant Tollring a non-exclusive, royalty free, worldwide license to use the content for any purpose. Should the intellectual property rights of any content lie with a third party, it is the responsibility of the contributor to gain the appropriate permissions.
  • All third-party product and company names used on this website are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Appropriate Content

Applicable where third parties can add content, such as comments sections:

  • All comments, materials and other information submitted through the Website (User Content) must be suitable for a family audience. This includes indecent, offensive, inappropriate, defamatory or aggressive material or language, harassment or prejudice.
  • User Content must not be illegal, or have the potential to cause a criminal offence.
  • User Content must not infringe anybody’s legal rights, including copyright, intellectual property or rights to privacy.
  • User Content must not contain links to inappropriate or malicious webpages.
  • You must not use the Website for unsolicited commercial communications of any kind.
  • Tollring reserves the right to moderate all User Content and edit or remove anything it feels contravenes either the spirit or the explicit terms and conditions of this agreement.

Warranty

The Website is provided “AS IS” and Tollring makes no warranty of any kind, whether expressed or implied, for its use or for the accuracy or completeness of the information and materials provided.

Limitation of liability

  • Tollring tries to ensure that all information provided is correct at the time of inclusion on the Website but does not guarantee the accuracy of such information. Therefore Tollring does not accept any liability for special, consequential, indirect or incidental damages, claims or costs whatsoever, including for pecuniary loss, information loss, business loss, loss of goodwill, or physical harm to property or person resulting from inaccuracies within the information given, even if the Tollring has been advised or is aware of the possibility of such damages arising.
  • The Website may contain hyperlinks to external or third-party websites. Access to these websites is at your own risk, Tollring is not liable for the operation and content of any third-party website.
  • Tollring will not be liable to you for any loss of service incurred as a result of circumstances beyond our control, including Acts of God, strikes and equipment failure. Tollring will always try to notify you in the event of such circumstances.

Usernames and Passwords (Credentials)

  • If you are provided with Credentials to enable access to restricted areas of the Website, you must ensure that they are kept confidential. In addition, Tollring does not accept any liability for damages or losses due to your choice of credentials.
  • You accept responsibility for all activities that occur under your Credentials.
  • We may disable your Credentials if you breach any of the policies or terms governing this Website.

General

  • Tollring may change the format and content of the Website or suspend operation for maintenance work from time to time.
  • Tollring may revise these Terms and Conditions where necessary. Revised terms and conditions will apply from the date of publication as shown above.
  • These Terms and Conditions are governed by the law of England and Wales, and are subject to the exclusive jurisdiction of the courts of England and Wales.

Email Policy

  • All emails sent by Tollring are confidential to the named recipient(s) (‘Addressee’) and may contain privileged information.
  • If you are not the Addressee you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachment(s) is strictly prohibited.
  • If an email is sent to you in error please notify the sender immediately by telephone or by electronic mail, and delete this message and all copies and backups thereof.  No waiver of privilege or confidentiality should be inferred from an error in sending.
  • We endeavour to exclude viruses from our data but it is the obligation of the recipient to check any attachments for viruses.

ISO 27001: Information Security Management Systems

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

View Certificate

ISO 9001: Quality Management Systems

ISO 9001 standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.

View Certificate

Introduction

This security statement applies to the products, services, websites and apps offered by Tollring, except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this statement.

Tollring offers call analytics, call recording and fraud management solutions, working closely with partners in order to provide the best quality of service. Tollring values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below.

Compliance

Tollring is compliant with ISO 27001 Information Security Standard and ISO 9001 Quality Management System. Tollring re-certifies those compliances annually. Tollring is compliant and follows the General Data Protection Regulation (GDPR).

Service Hosting

When delivered as an ‘Over-The-Top’ Service, all servers, applications, network and data is hosted in the Microsoft Azure Public Cloud. For European Service Provider partners, these services are held in Azure West Europe (Netherlands) Data Centre. For Service Provider Partners operating in the United Kingdom, the service is hosted in Azure UK South Data Centre. For this deployment method, an on-site recording server is also deployed in the Service Provider’s data centre. For services delivered fully in the Service Provider’s Data Centres, all servers, applications, network and data is fully hosted by the Service Provider.

Access Control

Access to Tollring technology resources is only permitted through secure connectivity (VPN) and requires authentication. Our password policy requires complexity, expiration and lockout. Access to the resources is restricted and closely monitored. Access is granted only for the period necessary to perform administrative or technical support tasks and is revoked after tasks are completed. All permissions are reviewed quarterly.

Security Policies

Tollring maintains and regularly reviews and updates its security policies on at least an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training if required. The training schedule is designed to adhere to all specifications and regulations that are applicable.

Personnel

Tollring communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to complete a full induction process, as well as providing ongoing privacy and security training.

Dedicated Security Personnel

Tollring has a dedicated security and compliance department, which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.

Vulnerability Management and Penetration Tests

Tollring maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

We also conduct regular internal and external penetration tests and remediate according to severity for any results found.

Approach for Penetration Testing

OWASP Top 10 methodology will be used for testing the application.

We shall also perform a penetration test to stimulate a number of scenarios such as:

  • Assess the application to ensure a robust security posture.
  • Stimulate the penetration test from an attacker point of view to gain access to the application data in an unauthorised manner.
  • Users with authentication credentials trying to gain unauthorised access to other client data or account information.

All of the tests will be carried out only on Pre-Production/Test environments only.

External Libraries

All third-party library versions are checked for known vulnerabilities and remedial actions are taken.

All third-party libraries are checked for commercial use and licenses.

Encryption

All data in transit is encrypted using secure TLS cryptographic protocols. Data is also encrypted at rest.

Development

Our development team employs secure coding techniques and best practices. Development, testing, and production environments are separated. All changes are peer-reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Asset Management

Tollring maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software.

Information Security Incident Management

Tollring maintains security incident response policies and procedures covering initial response, investigation, customer notification, public communication, and remediation. These policies are reviewed regularly and tested annually.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. However, if Tollring learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under GDPR regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers with all information necessary for them to meet their own regulatory reporting obligations.

Business Continuity

Tollring infrastructure is backed up daily. Backups are encrypted and stored within the production environments to preserve their confidentiality and integrity and they are tested regularly to ensure availability.

Logging and Monitoring

All logs from applications and infrastructure systems undergo analysis by authorised Tollring personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.

Privacy Policy

Privacy Policy

Effective Date: May 25, 2018

For Website Terms and Conditions, see Terms and Conditions

About Tollring

This website is maintained by Micro Plus Software Limited trading as ‘Tollring’.

Company Registration

Registered Number 02843012.

Registered Office: Micro Plus Software Ltd, trading as Tollring, 10 Moorcroft, Harlington Road, Uxbridge, Middlesex. UB8 3HD.

Controller

Tollring (which is registered with the Information Commissioner’s Office under registration reference: Z1990751) is the data controller and is the Tollring entity which is responsible for your personal information.

Tollring contact details are in the Contact Us section.

Your continued use of this web site constitutes your agreement to this privacy policy and any updates. If you have any questions about this privacy policy please contact us using the contact details provided in the Contact Us section.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Purpose of this Privacy Policy

Tollring values the privacy of those who use our web site, products, and services we are committed to protecting it. This privacy policy tells you how we collect, use, and disclose personal information which may be collected from you when you interact with us, such as when you visit our web site, use or purchase our products and services, or communicate with our employees. It also tells you how we look after your personal information.

Please read the following to learn more about what personal information we collect, what we do with that information, and how we may use that information.

Information we collect

Personal information, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal information about you which we have grouped as follows:

  • Identity Information– such as first name, surname, title and username.
  • Contact Information– e-mail address, contact preferences and telephone number.
  • Profile Information– which Tollring products and services you use and information about products and services which you have purchased from us or one of our distributors.
  • Demographic Information– such as where you use your computer and mobile devices to improve understanding of our customer needs.
  • Tracking Information– about your visit from the browser or Tollring application on your computer or mobile device. This includes IP address, cookies, and the pages you request, to analyse trends, administer the site, track your navigation of the site and to gather broad demographic information for aggregate use (note that IP addresses are not linked to personally identifiable information).
  • Marketing and Communications Information– your preferences in receiving marketing from us.

We may also collect, use, store and transfer aggregate information from multiple users without personally identifying individuals such as the geographic region from which your accessing our web site or products and services. Aggregate information may be derived from your personal information but is not considered personal information in law as this information does not directly or indirectly reveal your identity.

How we collect your personal information

We use different methods to collect personal information from and about you including through:

  • Direct interactions such as where you provide us your Identity Information and Contact Information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you purchase our products or services or provide us with feedback.
  • Automated technologies or interactions that automatically collect Tracking Information about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies. Please see further details in relation to cookies below.

How we use your personal information and lawful basis for use

We will only use your personal information when we have a lawful basis for doing so.

We have explained below each lawful basis for using your personal information but please contact us if you would like further details about the specific lawful basis we rely on to use your personal information:

Performance of a contract – we need some of your personal information, such as your Identity Information, Financial Information and Contact Information in order to perform contracts that you have entered into with us (for example to provide you with support services in relation to the software you have purchased).

To comply with a legal obligation – we use your Identity Information, Contact Information and Marketing and Communications Information to comply with various legal obligations including ensuring that you do not receive marketing communications from us in circumstances where you have advised us that you do not wish to receive those communications.

Necessary for our legitimate interests – we use your Identity Information, Contact Information, Profile Information, Demographic Information, Tracking Information, Marketing and Communications Information to for our legitimate interests such as keeping our records up to date, understanding how our customers use our products and services, to develop our products and services and to grow our business and inform our marketing strategy.

Marketing

We may use all of the above information to decide what products and services may be of interest to you. We will send marketing communications to you if you have requested information from us, if you have purchased products or services from us or if you have provided us with consent to do so.

We will stop sending marketing communications to you if you opt out by either contacting us using the details in the Contact Us section or by clicking on the “unsubscribe” link at the bottom of our emails.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk or harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you fail to provide personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at any time.

Information disclosure to third parties

We do not share, sell, rent or otherwise distribute your personal information to others, except as disclosed in this privacy policy. We would only share your information under the following circumstances:

  • We have your explicit consent to share the information.
  • We need to share your information to fulfil your product or service request.
  • We wish to use third parties to contact you with information about our products and services.
  • We are required to provide such information by law, subpoena, or court order.
  • We believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats against persons or property.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Third party links

The website and services may contain links to other third-party sites. We are not responsible for the privacy policy or other practices employed by websites linked to, or from, our website nor the information or content contained therein. This privacy statement applies solely to information collected by this website. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

Cookies are small data files that a web site you visit may save on your hard drive that usually includes an anonymous unique identifier. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses, or capture your e-mail address. Our web site uses cookies for user authentication, keeping track of your preferences, keeping track of our audience size and traffic patterns, and in certain other cases.

You can configure your browser to accept cookies, reject cookies, or notify you when a cookie is being used. However, if you configure your browser to reject cookies, you may not be able to use our products or services that require you to sign in or take advantage of all the features of our web site.

Data Security

We are committed to protecting the security of your personal information and take reasonable precautions to protect it. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure and as a result we cannot warrant the security of information you transmit to us and you do so at your own risk. Once we receive your data transmission, we are committed to ensure its security on our systems:

  • Your Tollring password is protected by encryption and only you have access to it.
  • Your personal information and data stored in our systems is protected by various physical, electronic, and procedural safeguards. It is housed in a secure facility and we restrict physical and network access to this facility to select trained staff. We regularly evaluate its technologies, facilities, procedures and potential risks to maintain the security and privacy of our users’ data. As a rule, our employees do not monitor or view your personal information or content stored in the our system, but it may be viewed if we learn that our Terms and Conditions may have been violated and confirmation is required.
  • All of our services support the use of standard SSL encryption to protect data transmissions. However, this is not a guarantee that such data transmissions cannot be accessed, altered, or deleted due to firewall or other security software failures.

If we learn of a security system breach we will notify you any applicable regulator where we are legally required to do so. We may provide information on protective steps through the e-mail address that you supplied during registration or posting a notice on our web site. Depending on where you live, you may have a legal right to receive such notices in writing. To request written notice of any security breach in writing, please send an e-mail with your request and mailing address to the email or postal address in the Contact Us section below.

Changes and Updates

As this privacy policy may be updated from time to time, we will revise and display the effective date at the top of the web page. You should periodically review it to keep abreast of our plans and procedures to protect the personal information that we collect.

If we should ever sell our assets, merge with another entity, or file for bankruptcy, information collected from this web site remains our asset and may be transferred.

Your Legal Rights

Under EU data protection laws, you have rights in relation to your personal information including:

(i) Right to request access to your personal information

This is also known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

(ii) Right to request correction of the personal information that we hold about you

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

(iii) Right to request erasure of your personal information

This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

(iv) Right to object to processing based on certain grounds

This enables you to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

(v) Right to withdraw consent

This enables you to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

(vi) Right to transfer data

This enables you to request the transfer of your personal information to you or to a third party. We will transfer the data in a structured, commonly used, machine readable format. This right applies only in respect of automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

If you wish to exercise any of the above rights please contact us using the details provided below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Contact Us

We welcome your feedback regarding this privacy policy. If you have questions, comments, or concerns please contact us by:

Email: info@Tollring.com

Postal address:
10 Moorcroft, Harlington Road, Uxbridge, Middlesex, UB8 3HD, UK

GDPR Policy

Tollring General Data Protection Regulation (GDPR) Credentials Statement

Who we are and what services we are providing

Micro Plus Software Limited trading as Tollring (“Tollring”)

Registered office: 10 Moorcroft, Harlington Road, Uxbridge, Middx UB8 3HD

Designated contact: dpo@tollring.com

Services provided: Software development, product supply and support.

Personal data being processed and processing activities

The personal data being processed by Tollring is that which the controller has supplied to Tollring or which Tollring has obtained or created in order to provide the services in accordance with, and as notified in, the relevant client contract, quote and/or end user license agreement. We may also use personal data for marketing and credit control purposes.

As also notified in the relevant client contract, quote and/or end user license agreement, there are circumstances in which Tollring will be acting as Controller in relation to the personal data.

When a Partner, or one of their customers, calls the Tollring technical help desk or partner support team, we are contractually required to record these calls as part of the agreements we have in place with our Partners, to help us meet our service obligations.  Our support engineers may sometimes need to speak directly to end users to resolve an issue and as such these calls may be recorded.  These call recordings already form part of our Data Protection and Retention policy and handling of these recordings forms part of our GDPR programme.

Data management and security

Tollring is registered with the U.K. Information Commissioner’s Office under registration reference Z1990751.  Tollring takes data security very seriously and follow best practices for security and data storage including but not limited to:

  • Company GDPR policy
  • Information Security Management System (ISMS) policy
  • Controlled and logged access to sensitive business systems.
  • Controlled physical access to company premises.
  • Employee training on policies and best practices.
  • Regular employee reminders of policy and best practice.
  • A documented data classification register.
  • Data retention policy.
  • Data security incident management policy.
  • Website privacy policy
  • Website terms and conditions
  • Nominated Data Protection contacts (dpo@Tollring.com)

Confidentiality

Tollring employees are bound by contractual confidentiality provisions in their contracts of employment. In addition, employees are required to complete an annual declaration confirming their awareness of Tollring’s confidentiality and security procedures. Compliance with any group policies relating to data protection and confidentiality of information is mandatory.

Use of Sub-Processors

Tollring has either obtained or is in the process of seeking and obtaining similar Credentials Statements or equivalent from Sub-Processors who process the personal data which is the subject of our contract.

Terms and Conditions

Terms & Conditions

Effective Date: May 25, 2018
For information on Privacy Policy and Cookies, see Privacy Policy.

Important

The following terms and conditions apply to the use of this Website, which is maintained here. By using the Website, you are agreeing to accept these terms and conditions in full. If you disagree with these terms and conditions, you must not use the Website.

Terms of Use

  • You may not use the Website in any way that could limit access or availability or otherwise or cause damage to the Website.
  • You may not use the Website to store, distribute or link to any malicious computer software.
  • You may not use the Website for any illegal purpose or any purpose connected with illegal activities.
  • Tollring reserves the right to restrict access to certain areas of the Website and to change the extent of these restricted areas at its own discretion. Access to these areas is granted under additional Terms and Conditions agreed during the login process.

Intellectual Property, including copyright

  • Except where stated, all intellectual property rights in the website and its content belong to Tollring or have been licensed to Tollring. You may only use it as granted in these Terms and conditions, all other rights are reserved.
  • You may download Website pages to a browser for personal viewing and printing, but you may not re-use, reproduce or redistribute any part of the material, in whole or edited form.
  • Where software or content is made available on the Website explicitly for downloading by Tollring, you will be asked to agree to specific licensing terms and conditions via a EULA during the installation process.
  • All comments, materials and other information submitted through the Website become the property of Tollring. If a contributor owns the property rights over any such content, they automatically grant Tollring a non-exclusive, royalty free, worldwide license to use the content for any purpose. Should the intellectual property rights of any content lie with a third party, it is the responsibility of the contributor to gain the appropriate permissions.
  • All third-party product and company names used on this website are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Appropriate Content

Applicable where third parties can add content, such as comments sections:

  • All comments, materials and other information submitted through the Website (User Content) must be suitable for a family audience. This includes indecent, offensive, inappropriate, defamatory or aggressive material or language, harassment or prejudice.
  • User Content must not be illegal, or have the potential to cause a criminal offence.
  • User Content must not infringe anybody’s legal rights, including copyright, intellectual property or rights to privacy.
  • User Content must not contain links to inappropriate or malicious webpages.
  • You must not use the Website for unsolicited commercial communications of any kind.
  • Tollring reserves the right to moderate all User Content and edit or remove anything it feels contravenes either the spirit or the explicit terms and conditions of this agreement.

Warranty

The Website is provided “AS IS” and Tollring makes no warranty of any kind, whether expressed or implied, for its use or for the accuracy or completeness of the information and materials provided.

Limitation of liability

  • Tollring tries to ensure that all information provided is correct at the time of inclusion on the Website but does not guarantee the accuracy of such information. Therefore Tollring does not accept any liability for special, consequential, indirect or incidental damages, claims or costs whatsoever, including for pecuniary loss, information loss, business loss, loss of goodwill, or physical harm to property or person resulting from inaccuracies within the information given, even if the Tollring has been advised or is aware of the possibility of such damages arising.
  • The Website may contain hyperlinks to external or third-party websites. Access to these websites is at your own risk, Tollring is not liable for the operation and content of any third-party website.
  • Tollring will not be liable to you for any loss of service incurred as a result of circumstances beyond our control, including Acts of God, strikes and equipment failure. Tollring will always try to notify you in the event of such circumstances.

Usernames and Passwords (Credentials)

  • If you are provided with Credentials to enable access to restricted areas of the Website, you must ensure that they are kept confidential. In addition, Tollring does not accept any liability for damages or losses due to your choice of credentials.
  • You accept responsibility for all activities that occur under your Credentials.
  • We may disable your Credentials if you breach any of the policies or terms governing this Website.

General

  • Tollring may change the format and content of the Website or suspend operation for maintenance work from time to time.
  • Tollring may revise these Terms and Conditions where necessary. Revised terms and conditions will apply from the date of publication as shown above.
  • These Terms and Conditions are governed by the law of England and Wales, and are subject to the exclusive jurisdiction of the courts of England and Wales.
Email Policy

Email Policy

  • All emails sent by Tollring are confidential to the named recipient(s) (‘Addressee’) and may contain privileged information.
  • If you are not the Addressee you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachment(s) is strictly prohibited.
  • If an email is sent to you in error please notify the sender immediately by telephone or by electronic mail, and delete this message and all copies and backups thereof.  No waiver of privilege or confidentiality should be inferred from an error in sending.
  • We endeavour to exclude viruses from our data but it is the obligation of the recipient to check any attachments for viruses.
Certifications

ISO 27001: Information Security Management Systems

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

View Certificate

ISO 9001: Quality Management Systems

ISO 9001 standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.

View Certificate

Security

Introduction

This security statement applies to the products, services, websites and apps offered by Tollring, except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this statement.

Tollring offers call analytics, call recording and fraud management solutions, working closely with partners in order to provide the best quality of service. Tollring values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below.

Compliance

Tollring is compliant with ISO 27001 Information Security Standard and ISO 9001 Quality Management System. Tollring re-certifies those compliances annually. Tollring is compliant and follows the General Data Protection Regulation (GDPR).

Service Hosting

When delivered as an ‘Over-The-Top’ Service, all servers, applications, network and data is hosted in the Microsoft Azure Public Cloud. For European Service Provider partners, these services are held in Azure West Europe (Netherlands) Data Centre. For Service Provider Partners operating in the United Kingdom, the service is hosted in Azure UK South Data Centre. For this deployment method, an on-site recording server is also deployed in the Service Provider’s data centre. For services delivered fully in the Service Provider’s Data Centres, all servers, applications, network and data is fully hosted by the Service Provider.

Access Control

Access to Tollring technology resources is only permitted through secure connectivity (VPN) and requires authentication. Our password policy requires complexity, expiration and lockout. Access to the resources is restricted and closely monitored. Access is granted only for the period necessary to perform administrative or technical support tasks and is revoked after tasks are completed. All permissions are reviewed quarterly.

Security Policies

Tollring maintains and regularly reviews and updates its security policies on at least an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training if required. The training schedule is designed to adhere to all specifications and regulations that are applicable.

Personnel

Tollring communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to complete a full induction process, as well as providing ongoing privacy and security training.

Dedicated Security Personnel

Tollring has a dedicated security and compliance department, which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.

Vulnerability Management and Penetration Tests

Tollring maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

We also conduct regular internal and external penetration tests and remediate according to severity for any results found.

Approach for Penetration Testing

OWASP Top 10 methodology will be used for testing the application.

We shall also perform a penetration test to stimulate a number of scenarios such as:

  • Assess the application to ensure a robust security posture.
  • Stimulate the penetration test from an attacker point of view to gain access to the application data in an unauthorised manner.
  • Users with authentication credentials trying to gain unauthorised access to other client data or account information.

All of the tests will be carried out only on Pre-Production/Test environments only.

External Libraries

All third-party library versions are checked for known vulnerabilities and remedial actions are taken.

All third-party libraries are checked for commercial use and licenses.

Encryption

All data in transit is encrypted using secure TLS cryptographic protocols. Data is also encrypted at rest.

Development

Our development team employs secure coding techniques and best practices. Development, testing, and production environments are separated. All changes are peer-reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Asset Management

Tollring maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software.

Information Security Incident Management

Tollring maintains security incident response policies and procedures covering initial response, investigation, customer notification, public communication, and remediation. These policies are reviewed regularly and tested annually.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. However, if Tollring learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under GDPR regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers with all information necessary for them to meet their own regulatory reporting obligations.

Business Continuity

Tollring infrastructure is backed up daily. Backups are encrypted and stored within the production environments to preserve their confidentiality and integrity and they are tested regularly to ensure availability.

Logging and Monitoring

All logs from applications and infrastructure systems undergo analysis by authorised Tollring personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.