Where personal data is caught by the scope of the UK-GDPR (United Kingdom General Data Protection Regulation), we are responsible as ‘Controller’ of that personal information for the purposes of those laws. Within and beyond the scope of GDPR, we are committed to respecting your privacy. We take privacy, security and complying with data protection and privacy laws seriously.
This policy is divided into the following sections:
• Who we are
• Our websites
• Our collection and use of your personal information
• Our legal basis for processing your personal information
• International data transfers
• Cookies and similar technologies
• Your rights
• Keeping your personal information secure
• How long your personal data will be kept for
• How to complain
• How to contact us
Who we are
We are Mobell Communications Ltd. Mobell Communication Ltd. powers our family of brands: Mobal; MobalPay; SIM Card Geek and Hanacell.
These third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate. We do not share your information with any third-party websites.
Our collection and use of your personal information
We collect personal information about you when you:
• Buy or use any of our products and services
• Register for a specific product or service
• Subscribe to newsletters, alerts or other services from us
• Contact us through various channels, or ask for information about a product or service
• Take part in a competition, prize draw or survey
• Visit or browse our website or other Mobell Group websites
• Have given permission to other companies to share information about you
• Where your information is publicly available
When you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
We may collect and use the following personal information about you:
• Your name, address, phone number and email address.
• Your date of birth.
• Your credit or debit card information, information about your PayPal account and other banking and payment information. For example, you will need to provide this information when you open an account with us. We will collect the data necessary to process a payment whenever you make a purchase.
• Data about your usage. We will get information about how you use our products and services, for example, every time you use your mobile phone, a record is kept. This includes the number you called or sent a text or picture message to, the length, date and time of that call, text or picture message and your approximate location at the time the communication takes place. The same is also recorded every time you receive an incoming call or message. We don’t, however, keep a record of the content of your calls or messages.
• Your contact with us, such as a note or recording of a call you make to one of our contact centres, a Live Chat, an email or letter sent, or other records of any contact with us.
• Your account information, such as dates of payment owed or received, the subscriptions you use, account numbers or other information related to your account.
• Credential and account information, for example, username and log-on details. We will collect passwords and similar security information used for authentication and access to accounts and services.
• Your preferences for particular products, services and lifestyle activities when you tell us what they are, or we build a profile about you, based on how you navigate our websites or use our products and services.
• Cookies, web beacons and other technologies, including anonymised screen recordings, mouse clicks and ad data. For more information, see the ‘Cookies and similar technologies' section of this policy.
• Information about you that we obtain from other sources, such as credit agencies, fraud-prevention agencies, and from other data providers.
• Details of any feedback you give us by phone, email, Live Chat, post, surveys/reviews or via social media.
We use this personal information to:
• create and manage your account with us
• verify your identity
• provide goods and services to you
• customise our website and its content to your particular preferences
• notify you of any changes to our website or to our services that may affect you
• improve our services
• provide you with updates about your service
• notify you of new products and services
• send you newsletters and occasionally invite you to participate in market research
Our website, goods and services are not intended for use by anyone under the age of 18 and we do not knowingly collect or use personal information relating to anyone under the age of 18.
Our legal basis for processing your personal information
When we use your personal information, the GDPR requires us to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
• Consent: where you have given us clear consent for us to process your personal information for a specific purpose. Consent may be withdrawn at any time. When you give your consent, you will be given details on how to change your mind. For more information, see the 'Your rights' section of this policy.
• Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).
• Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third-party. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, see the 'Your rights' section of this policy.
The table below explains what we use (process) your personal information for and our reasons for doing so:
The above table does not apply to special category personal information, which we will only process with your explicit consent.
International data transfers
We may need to transfer your information to other Mobell Group companies or service providers in countries outside the UK, such as Japan and the USA. This kind of data transfer may happen if our servers (i.e. where we store data) or our suppliers and service providers are based outside the UK, or if you use our services and products while visiting different countries.
Personal data is hosted on our secure servers in the UK, the USA and Japan. Data may be transmitted between our secure servers in Japan and the UK; data may also be transmitted between our secure servers in the USA and the UK. This is so that we can deliver your products to you and provide you with customer service and billing information. Data is always transmitted between our secure servers via our secure encrypted VPN.
If we need to transfer your information, we will always make sure that your information is properly protected by ensuring that there is a proper legal agreement that covers the data transfer.
Who we share your personal information with
Where applicable, we share information about you with:
• Companies in The Mobell Group in order to deliver your products to you and to provide worldwide customer service
• Partners, suppliers or agents involved in delivering the products and services you’ve ordered or used, for example shipping companies and pick-up location agents
• Companies who are engaged to perform services for, or on behalf of, The Mobell Group
• Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies • Debt collection agencies or other debt-recovery organisations
• Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities as required or as authorised to by law
• A third-party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement
• Emergency services (if you make an emergency call), including your approximate location
• Third parties that we advertise with, such as Facebook, in order to serve you advertisements online
• Third parties that we use to serve you marketing, for example Mail Chimp, in order to send you marketing emails (note that we will only send you marketing emails in the event that you have signed up to receive them).
We designate WorldPay and PayPal as our payment processors. WorldPay/PayPal are Controllers of the personal data you share with us because they determine which items of personal data are required to provide their payment services, the purposes for which personal data will be used, and how long to retain the personal data in accordance with their own legal and regulatory obligations. For more information on our payment processors’ responsibilities, please see their privacy statements: WorldPay; PayPal.
Fraud management and law enforcement
We will release information if it is reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.
We also may need to release your information to comply with our legal obligation to respond to lawful demands from governmental or law enforcement agencies. Your personal data shall only be provided when we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.
Mergers and acquisitions
If we are reorganised or sold to another organisation, we will provide your information to that organisation.
Relationships with third parties
Where you purchase Mobell Group products and services using a third party or partner organisation, we often need to exchange information with them as part of managing that relationship and your account – for example, to be able to identify your order and be able to pay them.
If we have a contract with a service provider or contractor to provide us with services or provide a service on our behalf, and they have access to your personal information, we do not authorise them to use or disclose your personal information except in connection with providing those services.
Connecting to third-party devices
You may connect third-party devices to your SIM/device. These include mobile phone devices or connected devices such as smart speakers or smart watches.
When you connect your SIM to these devices, those third parties may record your SIM details or your interaction with the network. The third-party device manufacturers will process your personal data in accordance with their own policies and we therefore recommend that you read their privacy statements before choosing to connect.
Cookies and similar technologies
• To improve the performance of our websites by understanding which parts work well, and which parts do not work well.
• To measure how effective our online advertising and marketing communications are.
• To enable us to collect information about how you and other people use our websites.
• To serve online advertisements to you via third party advertisers for other Mobell Group products and services that may be of interest to you.
Blocking or restricting cookies
You can stop cookies being used on your device by activating the setting on your browser that allows you to block the deployment of all or some cookies. Please visit www.allaboutcookies.org to find out how. Please note, if you use your browser settings to block cookies you may not be able to access all or parts of our site.
As our customer or a visitor to our website, you have the option to opt-in to receive marketing communications from us.
If you have opted to receive marketing communications from us, we may contact you by email to keep you informed about new and existing products and services, competitions, prize draws and other promotions. We may also send you newsletters and occasionally invite you to participate in market research. We tailor these messages based on the products and/or services you have purchased from us in the past.
If you have previously agreed to being contacted in this way you can manage your marketing communications preferences by following the unsubscribe instructions at the bottom of any marketing email we send you or by sending an unsubscribe request to email@example.com
For more information on your rights, see the ‘Your rights’ section of this policy.
Under the General Data Protection Regulation (GDPR), you have a number of important rights free of charge. In summary, those include rights to:
• fair processing of information and transparency over how we use your personal information
• require us to correct any mistakes in your information that we hold. You have the right to correct information held about you if it is not accurate. If the information we hold about you is inaccurate or needs to be updated, you can log in to your online account to update it
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third-party in certain situations
• object at any time to processing of personal information concerning you for direct marketing. For more information about how to opt-out of direct marketing, please see the ‘Marketing’ section of this policy
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation here. If you would like to exercise any of those rights, please:
• email or write to us – see the ‘How to contact us’ section of this policy for contact information
• let us have enough information to identify you (e.g. account number, phone number, email address, etc.)
• let us know the information to which your request relates including any account or reference numbers, if you have them
If you have any questions regarding your rights, please email firstname.lastname@example.org and a member of our dedicated team will respond to you.
Keeping your personal information secure
Our internal security teams constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
Data is transferred between our systems using encrypted connections wherever possible. Email communications may not be secure unless they have been encrypted. Your emails may go through a number of countries before being delivered, as this is the nature of the internet.
We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need for that information. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you are required to submit ID information to us, your ID information is fully encrypted on our secure servers. We will never ask for your secure personal or account information by an unsolicited means of communication. You are responsible for keeping your personal and account information secure and not sharing it with others.
Our websites may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. We therefore recommend that you read that company’s privacy and cookies policies before using or putting your personal information on their site. The same applies to any third-party websites or content you connect to using our products and services.
To get detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, we recommend visiting Get Safe Online. This service is supported by the UK Government and a number of leading international businesses.
How long your personal data will be kept for
We will keep your personal information while you have an account with us, or we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:
• to respond to any questions, complaints or claims made by you or on your behalf
• to show that we treated you fairly
• to keep records required by law
We will not retain your personal information in an identifiable form for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available in our Retention Policy and details are available upon request.
When it is no longer necessary to retain your personal information, we will delete or anonymise it.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. If you want to contact us about any of your rights or complain about how we use your information, please email email@example.com. The General Data Protection Regulation gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted online at https://ico.org.uk/concerns/ or by telephone at +44 (0)303 123 1113.
How to contact us
You may also direct your privacy related comments or questions by mail to: The Mobell Group, Attention: Mobell Group Data Protection Team, The Winding House, Walkers Rise, Rugeley Road, Hednesford, WS12 OQU, UK.