Privacy Policy introduction

At Citrus Telecommunications Ltd (CITRUS) we believe it is important that the personal information of our customers, suppliers and staff is handled in accordance with GDPR. We are committed to abide by the obligations of GDPR.

We want to create a way where we can easily carry on our business with you in a seamless way; where you can be sure that we are safeguarding your data, meeting all the requirements of the new regulations and taking the security and confidentiality of data seriously.

The process by which we will achieve this will have many facets and will be continuously reviewed. Changes in technology and legislation amongst other things mean that this document will also be part of an iterative process of improvement. The information you provide to us enables us to provide services to you and issue quotes for the potential provision of other services. It also enables us to improve and develop our products, services and communication to you. We are committed to always striving to enhance your experience.

We will describe below what information we collect, how we use and store it, how we process it and our commitment to its protection. As this is an iterative process, we reserve the right to modify this Privacy Policy at any point in time. We will post the new version on our website and where appropriate notify you by e- mail.

We will at all times process your data lawfully, fairly and in a transparent manner. We will respect the rights for individuals defined under the GDPR legislation. These are currently defined as:


The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
  • The right to withdraw consent (where applicable)
  • The right to lodge a complaint with a supervisory authority

Scope of the Privacy Policy

This policy applies to personally identifiable information we hold about you. It will have been gathered through a variety of means, some of which you will have given us through e- mails, web forms, meetings, phone calls and other communication medium’s such as post etc. Your information may also have been given to us by your employer or colleagues. As we process information on behalf of our customers in our role as IT support providers etc, it is also likely that during the course of this we will have access to personally identifiable information on their systems. This information may be about our customers themselves, their staff, their suppliers or their customers.

The information we have access to and may store will depend on what services you take from us. The information is likely to include some or all of the following:

  • Name
  • Address
  • Telephone Numbers (Landline and Mobile)
  • Location data, including latitude and longitude
  • IP addresses
  • Correspondence
  • Transaction history
  • Bank details

We do not store data about our customers, suppliers or employees unless we believe that it is necessary to allow us to carry out our contractual commitment. During the course of our contractual work, our customers may ask us to process the data for which they are the data controller. Please see the section on Processing Data on behalf of another Controller.

Lawful basis for processing.

We only process data that is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Processing Data on behalf of another Controller.

Whenever a controller uses us as a processor it needs to have a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The data we are asked to process on behalf of our customers is treated with the same level of care as we treat our own data. We do request that where we are asked to process our data for which our customers are the data controller, as part of our support services or other related services, that we are informed by the data controller of the customer, if at any point during the course of our work, we will be processing sensitive personal data / special categories of data. This is so we can take the appropriate additional steps required by GDPR and the Data Protection Bill.

We do store the data we are asked to process on behalf of a customer in our role processing data on their behalf. Where we do, it will only be “to fulfil our contractual obligations to them”. We will only process data where it is necessary.

Purpose of processing.

We will process data where it is the only way to achieve our contractual obligations. The list below gives an example of the types of obligations we may need to achieve but it is not an exhaustive list of our obligations.

  • Employment
  • Issuing of contract documents.
  • Providing quotes.
  • Providing support services to our customers IT and infrastructure. This includes but is not limited to Operations and Service Maintenance; Customer and Technical Support; Content Delivery Network (CDN): Provide infrastructure, operations and support for the CDN service.
  • Providing internet service and related products.
  • Providing advice and consultancy on IT, Internet, Telephony and other products that we sell and advise on.
  • Ordering of services with third parties such as but not limited to: BT, Vodafone, SSE; Warranty and Software extension and support products, Wholesale telecommunications providers.
  • Invoicing customers for goods and services provided by us and processing supplier invoices for payment
  • To investigate and complaint, disciplinary action or adhere to legislative requirements.

Data Retention Limits.

We will not store data once it is deemed no longer necessary. The time limits below will be overridden by any legal or financial obligations we have to retain data.

For employees, once you have left our employment we will destroy your files no later than 6 months after you have left our employment

For customers and suppliers, we will delete your data no later than 6 months after your last transaction with us. We do not routinely delete parts of a customers’ information whilst you still have an active contract with us as there may be a link between an old service and a new one.

We reserve the right to delete data earlier than above once we have passed the end of our contractual obligation period with you.

Data Transfer.

We do not routinely transfer your data outside of the EU. On occasions, we need to use companies that supply services to us who are based outside of the EU. Where we do, it is only with your consent and to countries such as the United States of America and Canada. In every case, we ensure that we are happy with the privacy policies and data processing processes of the organisations used and that only information necessary for delivery of that service is transferred.

Where we give your data to third parties to allow them to fulfil their obligations to you under services we have re-sold, we will where possible pass your data to a UK representative of the third party, including but not limited to: warranties, software support contracts and telecommunications carriers.

Automated decision-making, including profiling.

We do not use automated decision making or profiling to achieve results

Use of sub-processors.

From time to time we may need to use external service providers to process your data and the data we need to process under our role providing support services to our customers IT and infrastructure etc. Where this is the case, these third parties will be bound by a written contract and be monitored by us. We will only contract with other data processors where we can be sure that they have adequate policies and procedures in place for processing data and we will only share the information necessary for them to meet their contractual obligations.

Data security.

We will take appropriate and reasonable steps to ensure that the data we control and process is kept secure. This will be achieved by a combination of administrative process, training, physical, electronic and systematic measures. No measures can provide protection from all threats, so we cannot guarantee that your Personal Information will not be inadvertently disclosed through unauthorised or illegal acts. In the event of any data breach we will notify you as required by the current legislation.

Data Deletion.

You have the right to request personal information under certain circumstances. Any request should be in writing to the contact information given below. All requests will be treated on a case by case basis.

Data Correction.

Please contact us in writing using the address details given below. We will correct or update your data as soon as is practical and reasonable.

Contact Details.

If you have any questions or concerns about our GDPR Privacy Policy Statement or any other aspect of how we control and process your data, please contact:

Matthew Langley
Citrus Telecommunications Ltd 99
Holdenhurst Road Bournemouth

If you would like to know more please contact us.

15 years experience in rolling out competitive, innovative & resilient solutions. ITFS Platform, Inbound Number Services & International Toll Free Numbers

ITFS Platform | Inbound Call Handling Services |Toll Free Numbers | SIP Trunk Provider

Enquire Now

*(denotes required field)