Last update: June 2016, 29th
If you have any questions, comments, or suggestions, please contact us by email at email@example.com
The use of personal data by Dial-Once was declared to the CNIL organization in France (see below). The declaration was studied and accepted by the CNIL organization and recorded
under number 1966881. In compliance with French Data Protection Act no. 78-17 of 6 January 1978, as later amended, you have the right to access, modify, rectify and delete any of
your individual data collected and stored by Dial-Once. To do so, please write to firstname.lastname@example.org by e-mail.
2. CNIL and French Data Protection Act
The Commission Nationale de l’Informatique et des Libertés or CNIL (French pronunciation: [knil]; English: National Commission on Informatics and Liberty) is an independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data. Its existence was established by the French law number 78-17 on Information Technology, Data Files and Civil Liberty of January, 6th 1978, and modified by the law of August, 6th 2004. The CNIL is the national data protection authority for France.
Since some private or personal data may be collected from users through our Web sites, services, solutions or applications, Dial-Once must be registered to the CNIL to ensure that data privacy law is applied to the collection, storage, and use of said private or personal data.
The “Data Protection” Act of 6 January 1978, amended by the Act of 6 August 2004, defines the principles to be respected while collecting, processing and storing personal data. It strengthens the rights of individuals on their data, simplifies related paperwork and specifies the powers of control and sanction of the CNIL.
The “Data Protection” Act of 6 January 1978 is applicable whenever there is an automated processing or manual file, that is to say a computer file or a “paper” file, containing personal information about individuals.
Some data are not subject to the Act “treatments made to the course of a purely personal activity” such as electronic calendars, address books, family websites with restricted access. Non personal data are not subject to the Act either. A data that is collected is a personal data only if it can be related to a physical person, directly or after some cross-checking.
The “Data Protection” Act does not apply to legal persons (e.g. files containing company names). However, if a file contains personal names (e.g. name of the business manager), the Data Protection Act is applicable.
Please note that this Policy applies solely to Dial-Once’s Web sites, applications, services, software products and infrastructure.
This Policy describes how Dial-Once handles personal and private data and affirms its commitment to protecting users’ privacy. The Policy does not address all possible data- processing scenarios. Information about product-specific or service-specific data collection may be issued by Dial-Once or its partners and customers in supplementary policies. It is recommended that you read both this Policy and any supplements to fully understand Dial-Once’s privacy policies for a specific product or service.
The infrastructure and services developed or offered by Dial-Once may be implemented by Dial-Once, its partners or customers, said customers and partners being able to collect personal data on their own. When personal data is collected by partners or customers, Dial-Once doesn’t usually have any access to such personal data collected by its clients and partners. When need be, the policy that applies may then be one from said client or partner that collected personal data
3. Purpose of data collections
Data collected by Dial-Once cannot be considered being personal or private data when nothing makes it possible for Dial-Once to link said collected data to any identifiable individual.
3.1 Purpose of data collection
It may be necessary to collect some technical information (e.g. IP-address, device ID number, phone state etc.) from the user’s device so that the Services can be provided to the user. The information collected is required by Dial-Once so as to verify, for instance, that the user’s device is registered accurately. When permitted by applicable law, Dial-Once reserves the right to use this collected data for statistics and user support without restrictions regarding applicability in time.
For the sole and express purpose of the “Dial-Once” Service (thereafter the Service or the Services), and only for a finite list of telephone numbers registered by the Service, Dial-Once may access and process phone numbers of incoming, and outgoing calls, duration of calls, user’s location, device information and the history of a user’s interactions with the Service or with a particular customer service.
Dial-Once does not push any advertising to users. However, Dial-Once may use an advertising identifier for the purposes of user analytics named “Advertising ID”, usually used to identify anonymously a specific user and to be able to display targeted advertisements and offers (more details here: https://support.google.com/googleplay/android-
developer/answer/6048248?hl=en). In such case, the advertising identifier will not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSID, MAC address, IMEI, etc.,) unless the user expressly gives consent.
Dial-Once does not collect personally-identifiable information for its own use. Whenever a user provides private or personal data, for instance when a profile with an organization using Dial-Once services is established or modified, Dial-Once is committed not to collect on its own any of such personal or private data. Furthermore, except when a subcontracting agreement exists between Dial-Once and an organization, Dial-Once has no means to collect any of said personal or private data. Whenever a subcontracting agreement exists between Dial-Once and an organization and said agreement covers the collection of private or personal data by Dial-Once on behalf of said organization, Dial-Once is committed to being contractually bound and complying with the law and with the best practices in particular regarding the collection, the rights to access, modify, the processing, the security and the privacy of said private and personal data.
Additional information may be provided voluntarily by the user. The user may also provide information concerning their use of third party services (e.g. Google, Facebook etc.). This information, when provided by the user, is required only for Dial-Once’s Services to interact with the above mentioned third party services. Dial-Once will use information concerning third party services only for the purpose of interaction between its own Services and the service of third parties. The user is responsible for any content and information uploaded to and displayed in their user account and user profile. When a user provided some personal data, said personal data will be received and stored by Dial-Once, its partners or customers until this information is changed or deleted by the user.
Dial-Once may access a user address book but does not collect any data from said address book. When accessed, the details in an address book are used to display a contact name instead of a phone number. Potentially some other details from users address books may be read but they are not collected nor recorded by Dial-Once.
3.2 Collection and use of non-identifiable data
Non-identifiable data refers to data that cannot be used to identify an individual, even with cross-checking. For example, Dial-Once may collect aggregated statistics, such as the number of visitors to a website or the number of user of an application. Dial-Once collects this data to understand how people use its website, products and services. This allows Dial-Once to improve its services to better satisfy customer needs. Dial-Once may, at its own discretion, collect, use, process, transfer or disclose non-identifiable data for other purposes.
Dial-once endeavors to keep personal data and non-identifiable data separate, and use each independently. If personal data is combined with non-identifiable data, it will be treated as personal data.
3.3 Collected data shared with third parties
A third party implementing one of the Services and accessing data collected by Dial-Once such that said data is linked to at least one personal data collected by or for said third party, is contractually bound to be accordance with the law and best practices for the collection, processing, security, access and rights of modification and deletion of said collected data. Certain provisions of this Policy may then be replicated or adapted by said third party in its own privacy policies, terms of sales, end user license agreements etc. Such third party need not mention Dial-once in its contractual documents when the data collected by Dial-Once are not private or personal data by themselves.
4. How Dial-Once, its partners or customers may use collected data
Dial-Once, its partners or customers are hereinafter collectively referred as the Publishers (and individually a Publisher).
Websites, applications and services made available to users by the Publishers are hereinafter collectively referred to as the Solutions (and individually as a Solution).
Personal data is information that can be used on its own or in combination with other information, to identify an individual. Such data may be collected when a user uses a Solution and can include telephone number, telephone IDs, details about the systems in use when data are collected, date and time details as well as the location where products or services were accessed. The Publishers collect and use certain data solely for the purposes indicated in this Policy. The following are examples of data that a Publisher may collect and how they are used:
4.1 Personal Data potentially collected by the Publishers
The Publishers may collect some personal data related to the users of the Solutions, including phone numbers, unique telephone identifiers (IMEI), device serial numbers and some localization data. Below are some examples of the types of personal data that Publishers may collect:
a) Data submitted directly by the users: A number of the Solutions allow a user to create accounts or profiles. A user may be requested to provide account information, such as an email address, delivery address, phone number. Some of the Solutions may allow a user to communicate and share information with other people or entities, including customer care services. All such communications are secure.
b) Service use data: The publishers may collect system and application data from a user’s devices, including the device name, system and application versions, regional and language settings, device version, device identification number (IMEI, ESN, MEID and SN), geographic location (such as the ID of the area where the device is located), service provider network ID (PLMN), usage habits and IP address. The Publishers may also log service access times.
4.2 How the Publishers may use personal data
The Publishers may use personal data, for instance to:
a) Fulfil purchase orders; deliver, activate, or verify products or services; make changes request, and offer technical support;
b) Contact a particular user; after having received the explicit consent to do so, send a particular user information about products and services that may be of interest; invite a particular user to participate in a Publisher promotions and market surveys; or send a particular user marketing information with the user’s explicit consent. If a particular user does not want to receive such information, this user can opt out at any time.
c) Inform users about operating system or application updates and install them.
d) Offer users a personalized user experience and personalized content and activate users after-sale services.
e) Carry out internal audits, data analysis and research to improve the Publishers products and services.
f) Analyze the efficiency of a Publisher business operations and measure a Publisher market share.
g) Improve customer communications and ensure that the Publishers provide a secure, quality service to customers.
h) Troubleshoot errors should the user choose to send error details.
i) Improve loss prevention and anti-fraud programs.
4.3 Location-based services
When users access certain location-based services the Publishers may collect, use and process the device’s precise or fuzzy location. This allows the Publishers to provide the aforementioned services and in particular to provide dynamic services based on localization data. The publishers may collect device identification numbers (IMEI, ESN, MEID, and SN), device type, model and real-time location data (obtained through GPS, Wi-Fi and service provider’s network ID). The Publishers collect location data to provide and improve their location-based products and services.
It may be asked to the users which applications they want location-based services to be enabled for. Users can choose not to share their location data by turning off location-based services on their devices. For detailed information on how to disable location-based services on a specific device or for a specific application or service, it is recommended to contact the network operator, device manufacturer or the service provider who provided the device.
To ensure that websites and applications function properly, the Publishers sometimes store small data files known as cookies on computers or mobile devices. A cookie is a simple text file that is stored on a computer or mobile device by a remote server. Only the server that creates the cookie can retrieve or read the cookie’s contents. Each cookie is unique to the user’s web browser or mobile application. Cookies usually contain an identifier, the site name and some numbers and characters. Cookies allow websites and other remote servers to store data, such as some particular user preferences or the contents of a user’s shopping basket.
6. Disclosure of collected data
Dial-Once does not sell collected data to third parties. However, Dial-Once may disclose collected data under the following circumstances:
6.1 Disclosures with explicit consent
After obtaining a user’s explicit approval, Dial-Once may share his/her collected data with other parties.
6.2 Disclosures to Dial-Once affiliates
Collected data may be shared with Dial-Once’s affiliates. As a matter of policy, we will only disclose the minimal set of collected data that is necessary.
6.3 Disclosures to authorized partners (“our Partners”)
Some Dial-Once services may have to be provided by our Partners. Thus Dial-Once may have to share some collected data with its Partners to offer better customer service and an improved user experience. Collected data may only be processed for specified, explicit and legitimate purposes, and only the data that is necessary to offer a service shall be disclosed. Dial-Once subsidiaries or Partners are not authorized to use shared collected data for any other purpose.
6.4 Disclosures on legal or reasonable grounds
Huawei may disclose collected data if required by the law, legal proceedings, litigation or public and governmental authorities. In some jurisdictions, collected data may also be disclosed to transaction parties if Dial-Once is involved in a reorganization, merger or insolvency and liquidation proceedings. Dial-Once may also disclose collected data where reasonable need can be demonstrated, such as to enforce its terms and conditions and to protect its customers.
7. How to access or modify your personal data
Under French law and Dial-Once’s terms and conditions, users can manage their personal data, such as their account information, at any time. Users should ensure that all personal data submitted is accurate. Dial-Once will make reasonable efforts to keep user’s personal data accurate, complete and up-to-date. Users have a right to access their personal data, subject to some legal exceptions. Where privacy and information laws differ in some jurisdictions, we will comply with them. If a user would like to exercise his/her right to access data, the process is to inform us by email at email@example.com. For security reasons, the request may be required to be put in writing.
Users have a right to access their personal data, subject to some legal exceptions. Where privacy and information laws differ in some jurisdictions, we will comply with them. If a user would like to exercise his/her right to access data, the process is to inform us by email at firstname.lastname@example.org. For security reasons, the request may be required to be put in writing.
Users also have the right to delete or amend any personal information about them that we hold. Dial-Once will delete or amend such information upon request. To make such a request, the process is to inform us by email at email@example.com. We may decline to process requests if we have a reasonable basis to believe that they are made in bad faith, are impractical or if access is not otherwise required by local law.
8. How Dial-Once protects collected data
Dial-Once takes collected data security seriously. We follow industry-standard practices to safeguard personal data against unauthorized access, disclosure, use, modification, damage or loss. We take all reasonably practicable steps to protect personal data. For example, we can
• use encryption to ensure data confidentiality;
• use trusted protection mechanisms to protect data from malicious attacks;
• deploy visit control mechanisms to ensure only authorized personnel can access personal data;
• raise awareness among employees about the importance of protecting personal data through security and privacy protection training sessions;
• set contractual agreements with our customers and partners in order for shared collected data to be processed similarly to what is described in the present Policy.
We take all reasonably practicable steps to only collect relevant data, in particular personal data. We only retain collected data for the period necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.
While we take the utmost care to protect personal data, please note that no security measures are completely infallible.
9. Third party providers and their services
To ensure a smooth user experience, users may be served content or web links from third parties (“Third Parties”) external to Dial-Once and our Partners. Dial-Once does not have control over such Third Parties. Users can choose whether or not to access links, content, products and services offered by Third Parties.
Dial-Once has no control over the privacy and data protection policies of Third Parties, which are not governed by this Policy. Before submitting personal information to Third Parties, users are advised to refer to their respective privacy protection policies.
10. How collected data is transferred internationally
Dial-Once products and services may be delivered through resources and servers located around the world. This means that to use our products or services, collected data may be transferred to or accessed from other jurisdictions which are outside the country where is the user which data are collected. These jurisdictions may have different data protection laws, or such laws may not even exist. In such cases, Dial-Once will ensure that a similar and adequate level of protection is afforded to collected data as required by all applicable laws and regulations. For example, Dial-Once may request a user’s consent to transfer personal data across borders, or implement security measures like data anonymization prior to cross border data transfers.
11. How this Policy is updated
12. How to contact Dial-Once
If you have any questions, comments, or suggestions, please contact us by email at firstname.lastname@example.org.
Copyright © Dial-Once Holdings. 2016. Tous droits réservés.