Privacy Policy

Welcome to the Privacy Policy for NextSupport, a UK-based provider of AI-driven calling solutions. This policy outlines how we collect, use, store, and protect personal data in connection with our services and website, www.nextsupport.co.uk. Our commitment to data privacy is rooted in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR) 2003, and other applicable UK laws. We aim to ensure transparency, security, and respect for the privacy rights of our clients, their customers, and website visitors. For questions or concerns, contact our Compliance Team at compliance@nextsupport.co.uk.

This Privacy Policy complements our Terms of Service, Consumer Protection Compliance, and Cookie Policy, providing a comprehensive framework for data protection and user trust.

Scope of This Policy

This Privacy Policy applies to:

• Clients: Businesses or authorized individuals using our AI calling services under a contract, as defined in our Terms of Service.
• Consumers: Individuals contacted through our services on behalf of clients, protected under UK consumer laws like the Consumer Rights Act 2015.
• Website Visitors: Users accessing our website, including those interacting with forms, content, or cookies, as detailed in our Cookie Policy.

We act as a data processor for personal data provided by clients (e.g., contact lists) and as a data controller for data collected directly from website visitors or clients (e.g., account information). This policy explains our responsibilities in both roles, ensuring compliance with UK GDPR and Data Protection Act 2018.

Data We Collect

We collect and process personal data to deliver our services, improve user experience, and comply with legal obligations. The types of data we collect include:

Client Data

• Contact Information: Names, email addresses, phone numbers, and business addresses provided during account setup or contract agreements.
• Account Information: Login credentials, billing details, and service preferences, used to manage client accounts securely.
• Campaign Data: Contact lists, call scripts, and campaign specifications provided by clients for AI calling services, which may include consumer personal data (e.g., names, phone numbers).

Consumer Data

• Contact Information: Names, phone numbers, or email addresses provided by clients for call campaigns, processed solely for the purposes specified by the client.
• Call Interaction Data: Details of call interactions, such as duration, responses, or opt-out requests, used to monitor service quality and compliance with PECR 2003.
• Recordings: Audio recordings of calls, where permitted and notified to consumers, for quality assurance or legal compliance, as per our Telecommunications (Lawful Business Practice) Regulations.

Website Visitor Data

• Usage Data: Anonymized data collected via cookies or analytics tools (e.g., Google Analytics), such as IP addresses, browser types, and page views, as detailed in our Cookie Policy.
• Form Submissions: Information provided through contact forms, such as names, email addresses, or inquiries, used to respond to user requests.

We adhere to the principle of data minimization, collecting only the data necessary for the purposes outlined, in compliance with UK GDPR.

How We Use Your Data

We process personal data for specific, lawful purposes, ensuring transparency and compliance with UK data protection laws. The primary uses include:

• Service Delivery: Using client-provided contact lists and scripts to execute AI calling campaigns, such as customer support or lead generation, as outlined in our Terms of Service.
• Account Management: Managing client accounts, processing payments, and communicating service updates or contract details.
• Quality Assurance: Monitoring call interactions and recordings to ensure service quality, compliance with Ofcom regulations, and client satisfaction.
• Website Functionality: Using cookies and analytics to enhance website performance, accessibility, and user experience, as explained in our Cookie Policy and Accessibility Statement.
• Legal Compliance: Processing data to meet regulatory requirements, such as maintaining consent records for PECR 2003 or responding to data subject requests under UK GDPR.
• Security: Detecting and preventing unauthorized access or fraud, using secure protocols to protect data, as required by the Data Protection Act 2018.

We do not use personal data for purposes beyond those specified, and we do not engage in automated decision-making or profiling that produces legal effects, unless explicitly agreed with clients and compliant with EU AI Act principles.

Legal Basis for Processing

We process personal data only when we have a lawful basis under UK GDPR. The bases we rely on include:

• Contract: Processing client data (e.g., contact information, campaign data) to fulfill our contractual obligations, as per our Terms of Service.
• Consent: Using consumer data for marketing calls or non-essential cookies with explicit, informed consent, as required by PECR 2003 and detailed in our Cookie Policy.
• Legitimate Interests: Processing anonymized analytics data to improve our website and services, provided it does not override user rights, or monitoring calls for quality assurance, as permitted by Telecommunications (Lawful Business Practice) Regulations.
• Legal Obligation: Retaining certain data to comply with regulatory requirements, such as audit records for the ICO or Ofcom, or responding to data subject requests.

Clients must ensure they have a lawful basis for providing consumer data to us, such as consent or a contractual necessity, and we verify compliance through our onboarding processes.

Data Sharing and Third Parties

We prioritize data privacy and limit data sharing to the minimum necessary. Personal data may be shared with:

• Third-Party Service Providers: Trusted providers who assist with service delivery, such as telecommunications platforms or analytics tools (e.g., Google Analytics). These providers are bound by Data Processing Agreements to ensure UK GDPR compliance.
• Regulatory Authorities: The ICO, Ofcom, or other authorities, when required by law, such as during audits or investigations, as noted in our Data Breach Notification Policy.
• Law Enforcement: If required to comply with legal processes, such as court orders, in accordance with UK law.

We do not sell, rent, or share personal data with third parties for marketing purposes. Any data transfers outside the UK (e.g., for cloud storage) comply with UK GDPR international transfer requirements, using safeguards like Standard Contractual Clauses.

Data Security

We implement robust technical and organizational measures to protect personal data, in line with Data Protection Act 2018 and UK GDPR. These include:

• Encryption: Using end-to-end encryption for data transmission and storage to prevent unauthorized access.
• Access Controls: Restricting data access to authorized personnel with role-based permissions and two-factor authentication.
• Regular Audits: Conducting security audits and penetration testing to identify and address vulnerabilities.
• Staff Training: Providing ongoing training to employees on data protection best practices and compliance with UK laws.
• Incident Response: Maintaining a rapid response plan for data breaches, as detailed in our Data Breach Notification Policy.

Clients are responsible for securing their own systems and data, including account credentials, as outlined in our Terms of Service.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to meet legal obligations. Retention periods include:

• Client Data: Retained for the duration of the contract and up to 6 years post-termination to comply with tax and audit requirements, unless otherwise agreed.
• Consumer Data: Retained for the duration of the campaign and deleted within 30 days post-campaign or upon client request, unless required by law (e.g., for TPS/CTPS compliance).
• Call Recordings: Retained for up to 6 months for quality assurance, unless longer retention is required by law, as per Telecommunications (Lawful Business Practice) Regulations.
• Website Visitor Data: Cookie data is retained for up to 12 months, as detailed in our Cookie Policy, while form submission data is kept for 1 year or until the inquiry is resolved.

Data is securely deleted or anonymized once retention periods expire, ensuring compliance with UK GDPR.

Your Data Protection Rights

Under UK GDPR, you have rights regarding your personal data, including:

• Right to Access: Request a copy of your personal data we hold.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data, subject to legal retention requirements.
• Right to Restrict Processing: Limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format for transfer to another controller.
• Right to Object: Object to processing based on legitimate interests, including marketing communications.
• Right to Withdraw Consent: Revoke consent for non-essential processing, such as marketing calls or cookies, at any time.

To exercise these rights, contact us at compliance@nextsupport.co.uk or via our Contact Us page. We respond within 30 days, and our processes are accessible to users with disabilities, as noted in our Accessibility Statement. If you are a consumer contacted on behalf of a client, you may need to contact the client directly, but we can assist with forwarding requests.

Data Breach Notification

In the unlikely event of a personal data breach, we follow a robust response plan, as outlined in our Data Breach Notification Policy. Key steps include:

• Assessing the breach’s scope and impact within 24 hours.
• Notifying affected clients and, if required, the ICO within 72 hours, as mandated by UK GDPR.
• Informing affected individuals (e.g., consumers) if the breach poses a high risk to their rights and freedoms, with guidance on protective measures.
• Implementing corrective actions to prevent future breaches, such as enhanced security protocols.

Children’s Data

Our services are not intended for individuals under 16, and we do not knowingly collect or process children’s personal data. If we become aware of such data, we will delete it immediately, unless required by law. Clients must ensure their contact lists exclude children’s data, in compliance with UK GDPR and our Terms of Service.

Compliance with Other Regulations

Our data protection practices align with additional UK and international regulations, including:

• PECR 2003: Ensuring consent for marketing calls and cookies, with clear opt-out options.
• Ofcom Regulations: Maintaining transparency in automated calls, with AI disclosure and human intervention options.
• Equality Act 2010: Ensuring data processing is non-discriminatory and accessible, as per our Accessibility Statement.
• UK Government AI Principles: Using AI ethically and transparently to protect user privacy.
• EU AI Act: Adhering to emerging AI regulations for cross-border operations, where applicable.

Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in laws, regulations, or our practices. Updates will be posted at www.nextsupport.co.uk/privacy-policy and take effect immediately. Significant changes will be communicated via email or website notifications. Continued use of our services or website constitutes acceptance of the updated policy. We recommend reviewing this page regularly, alongside our Cookie Policy and Terms of Service.

Contact Us

For questions, data protection requests, or concerns, contact:

• Compliance Team: compliance@nextsupport.co.uk
• General Inquiries: Visit our Contact Us page.
• Registered Address: NextSupport Ltd, [Insert Registered Address], United Kingdom.

If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Conclusion

NextSupport is committed to protecting your personal data with the highest standards of privacy and security, in compliance with UK GDPR, Data Protection Act 2018, PECR 2003, and other UK laws. Our transparent data practices ensure trust and accountability, supporting our mission to deliver ethical AI calling services. For more information, explore our Terms of Service, Consumer Protection Compliance, Disclaimers and Limitation of Liability, Accessibility Statement, and Cookie Policy pages.