XC Technology Holdings Ltd Group, a UK Company governed by the Laws of England and Wales, is a specialist information provider for customers worldwide.
This privacy policy explains how we use any personal information we collect about you for the Number Information Services that we provide to our customers. XC Technology Holdings Group and its subsidiaries (including XConnect Services Limited) comply with applicable data protection laws and regulations.
What do we do?
XConnect provides Numbering Information Services (NIS) to business customers internationally. XConnect’s key services help make mobile phone calls and texts work as intended. Our customers, which include mobile network operators, telecommunication carriers and messaging providers, use our services in order to improve the quality of telecommunications, to prevent fraud and identity theft and to optimise the performance and cost efficiency of communication services that they provide to you and to people and businesses with whom you communicate.
Our Number Information Services include, for example:
- Number Portability Query: Allows customers to query the XConnect service to obtain information about the current service provider for a telephone number.
Status Live and Route Live: Allows customers to query the XConnect service to identify the current service provider, the MCC (Mobile Country Code)/MNC (Mobile Network Code) for a telephone number and determine whether a telephone number is live.- Global Number Range: Allows customers to query the XConnect service using a telephone number to determine whether the number is valid and belongs to an allocated range.
- Port History: Allows customers to query the XConnect service using a telephone number to determine how often the number has ported.
What information do we collect about you?
XConnect collects information about telephone numbers. The information relates to the service providers that deliver, or have delivered, services to the telephone number(s) that you use. This information includes the name of the service provider, any special attributes that uniquely identify the service provider to telecommunications networks, and the dates that the service provider associated with a number may have changed.
XConnect also collects information about the services available on a particular telephone number. These include whether the telephone number is able to receive calls or texts.
Certain additional data may be collected depending on the service provided and the availability of the data in compliance with applicable laws and regulations, including:
- Home Location Register (HLR) Lookup data
- Port History data
- Reachability data
XConnect is a subsidiary of Somos, Inc., the trusted administrator of both the North American Numbering Plan for more than 3 billion local and wireless telephone numbers and the Reassigned Number Database. Additionally, Somos operates the SMS/800 TFN Registry for more than 42 million Toll-Free Numbers in North America, and the TSS Registry, the centralized registry for the use of Toll-Free Numbers in text messaging and multimedia services.
How is the data collected?
XConnect sources and combines telephone number information from global telecommunications operators, national numbering administrators and telecoms regulators. XConnect also uses real-time information from telecommunication service providers in order to access information about the services available to a telephone number.
With whom might we share your information?
XConnect shares information about your telephone number with our customers. These companies provide communication services, financial services or e-commerce services. The information is crucial to maintaining the cost effectiveness, quality, and performance of our customers’ processes as well as protecting your identity.
All XConnect customers are subject to service contracts, which include permitted use policies in order to safeguard privacy. Our Customer Data Processing Agreement is available at: https://www.xconnect.net/privacy/xconnect-customer-data-processing-agreement/ and limits use of XConnect data to lawful purposes.
Information is available via query basis, and customer queries are authorised to ensure the queries can only come from approved customers. Global Number Range information is also available on a download basis.
XConnect may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
XConnect may transfer data to third parties acting as agents on its behalf, subject to appropriate contractual restrictions on use and disclosure of such data.
How do we handle your data?
For each service that XConnect offers, we conduct a Data Privacy Impact Assessment. The purpose of this is to minimise risks to individuals and assure our clients, suppliers, and regulators that appropriate data safeguarding is in place.
XConnect has also conducted a Legitimate Interest Assessment for these services.
In order to minimise risks, XConnect also has in place appropriate technical and organisational measures to safeguard the data it holds.
How can I access the information you hold about me?
You can request access to the data we hold about you by filling in this Subject Access Request form.
If you have reason to believe that the data we have about your telephone number is incorrect, or if you wish to exercise any of your data subject rights, you can contact us at privacy@xconnect.net or write to us at XConnect Services Limited, Cooper House, 316 Regent Park Road, London N32JX. Please ensure that your query clearly identifies the subject data and rights you assert, particularly if it is a request for information about the data we hold about you.
What we do to keep your data secure
XConnect regularly reviews risks to data and compliance issues, as well as undertaking and recording activities designed to keep our business and information about individuals secure. These activities include technical and organisational measures including cyber security defences, staff training, internal audits, and external reviews.
XConnect has received an ISO 27001:2013 certification of compliance, formally issued by independent auditors accredited by the ANAB Management Systems Certification Body, the largest accreditation body in North America and serving more than 75 countries. ISO 27001 is the internationally recognised standard for information security to protect against internal and external threats.
XConnect is a member of the Mobile Ecosystem Forum and has signed its Trust In Enterprise Messaging Code of Conduct. Along with the other Code of Conduct signatories we strive to maintain industry-leading privacy practices for collecting, processing, and transmitting personal data. You can learn more about this Code of Conduct here.
What rights do you have?
Depending on where you live, you may have rights under applicable data protection laws and regulations.
UK and Europe: UK law and the General Data Protection Regulation (GDPR) as implemented in your country (if you are not in the UK) may provide rights such as:
- The right to be informed if your personal data is being used
- The right to get a copy of your personal data
- The right to get your data corrected
- The right to get your data deleted
- The right to limit how an organisation uses personal data
- The right to data portability
- The rights to object to automated decisions being made without human involvement
- The right to report concerns
You can find out more about these rights from the UK Information Commission or your local Data Protection Authority: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
California
California consumers may have rights such as:
- The right to disclosure of information about the collection, sale or disclosure for a business purpose of your personal information
- The right to opt out of the sale of your personal information
- The right to request deletion of your personal information
- The right not to receive discriminatory treatment for exercising any of your privacy rights.
You can find out more about these rights from the California Attorney General’s Office at: https://oag.ca.gov/privacy/ccpa.
XConnect does not control your relationship with the telecommunications service provider with whom you maintain your mobile phone number and account, or with the carriers who provide you with telecommunications services. To exercise any of your rights with respect to such services, you should contact such service providers directly.
In addition, these rights are not absolute. For example, for mobile telecommunication services to work, and for fraud detection and identity protection, certain data cannot be deleted, and corrections may be limited.
XConnect provides services to our customers on the basis of Legitimate Interests. To do this, XConnect has concluded that the data we process has minimal privacy impact and that we do not process data in a way that you might not reasonably expect. XConnect collects and processes the personal data of individuals all around the world in order to provide services that are key to telecom infrastructure, and therefore your data rights cannot be as broad as in other cases. You can receive more information about our Legitimate Interest Assessment (LIA) by contacting us.
XConnect does directly support the following rights:
- Your right to be informed, through this privacy notice.
- Your right to get a copy of your data and correct that data, through the following section of this policy HOW CAN I ACCESS THE INFORMATION YOU HOLD ABOUT ME?
- The right to complain and report concerns, through contacting XConnect using the HOW TO CONTACT US section of this privacy notice.
Can your data be transferred?
Telecommunications are of course global and therefore XConnect has customers around the world.
To the extent that the personal data of a United Kingdom data subject is processed by a customer outside of the United Kingdom, XConnect follows the UK Addendum and UK International Data Transfer Agreement provided at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance.
For other European data subjects, XConnect uses the Standard Contractual Clauses available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en.
Changes to our Privacy Notice
It is our objective to provide meaningful and effective information to you that is totally consistent with the services we provide to our customers. This privacy notice may change as a result of changes to our services and feedback from you.
This Privacy Notice is Version 6, updated July 2022.
How to contact us
If you have any questions about this Privacy Policy, please contact us by email at privacy@xconnect.net or write to us at XConnect Services Limited, Cooper House, 316 Regent Park Road, London N3 2JX. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
Where to get independent advice
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done according to the terms of applicable data protection laws and regulations.
The data protection laws and other information rights laws set out your rights regarding your personal information, how organisations should carry out direct marketing and how you can access information from public authorities.
For UK residents, more information can be found from the UK information commissioner.
Other European residents can check with their local Data Protection Authority: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
California consumers can view resources from the California Attorney General’s Office at: https://oag.ca.gov/privacy/ccpa.