Introduction
PXS provides the communications industry with user friendly and accessible numbering management and data processing services. While enabling consumers and businesses to easily manage their numbers, switch their communications provider and secure their personal data, we empower communication service providers to achieve ambitions, simplify processes and comply with regulations.
PXS designs and implements safe and reliable solutions for an international customer base, customized to and compliant with current and new national regulations. PXS is committed to protecting their customers’ data and privacy.
This privacy statement describes how PXS collects, receives, uses, stores, transfers and processes personal data.
Responsibility data processing
PXS processes data of direct and indirect data subjects.
- Direct data subjects
PXS provides services to customers, uses services of suppliers and provides information services to, for example, website visitors. Data being obtained from them, are considered data of direct data subjects. - Indirect data subjects
The end users of communication service providers (our customers) are indirect data subjects. PXS provides its services not directly to end users, but to or on behalf of communication service providers. Therefore, PXS obtains end users’ data from these communication service providers. PXS has made mutual agreements with the end user’s communication service providers about the careful processing of the data.
Type of data being processed
Depending on the services and functionalities relevant to the data subject, PXS may process the following personal data about the data subject:
- Name
- Address
- Phone number
- Email address
- Bank account number
- IP address
- Communication service provider customer ID
- Internet browser and device type
Fundament of data processing
The personal data mentioned above are processed solely on the basis of the following grounds, as referred to in Article 6 of the GDPR:
- The existing legal obligations, such as the obligation to keep invoices for a period of seven years for the tax authorities;
- The performance of an agreement. The processing is necessary for the execution of the agreement;
- Obtaining consent from the data subjects for certain matters, such as informing about the use of services or improving services. But also, for trend analysis and marketing;
- In case of legitimate interest, such as personalized marketing.
Purpose of the data processing
Processing data is required to be able to provide services. PXS only processes the abovementioned personal data for the following purposes:
- The provision of services, including the performance of the agreement;
- Collecting invoices;
- Conducting communication, in any form whatsoever, in response to information and/or request(s) provided to PXS by the data subject on the data subject’s initiative. For example via a contact form or by e-mail (one-off contacts);
- To comply with legal obligations;
- For marketing and communication activities;
- For recruitment and selection procedures.
Data retention period
Personal data will only be stored for the purposes for which the data were obtained and will not be stored longer than necessary. Therefore, PXS complies with legal retention periods. Retention periods may vary by purpose and depend on the nature of the data. After the expiry of a retention period, the personal data will be deleted or stored anonymously, making it unreducible to the data subjects.
Sharing personal data
PXS may share personal data with third parties if this is required for the provision of services or upon request of an authority based on laws and regulations. When PXS provides personal data to a third party, PXS has taken contractual and organizational measures to ensure that personal data is processed exclusively for the purposes defined above. The personal data will be deleted as soon as it is no longer needed. If a third party is from outside the European Economic Area, PXS guarantees that the processing of personal data is covered with the same contractual and organizational measures as in case of processing by a third party in the European Economic Area.
Automated decision-making
PXS does not make any decisions based on automated processes, like decisions made by computer programs or systems, without an employee of PXS being involved with regard to matters that can have (significant) consequences for data subjects.
Safely processing personal data
PXS considers it of great importance that personal data from data subjects is handled with care and only processes the personal data on behalf of the responsible telecom provider or the data subject. PXS makes every effort to ensure that the service runs safely, transparently and reliably. To ensure this, PXS takes the necessary technical and organizational measures to protect personal data against loss and unlawful use. Examples of security measures are measures that allow us to control access to data (logical access protection), administration of authorizations, encryption of personal data, intensive monitoring of infrastructure to detect vulnerabilities, use of firewalls and intrusion detection systems and agreements with suppliers on information security. Furthermore, only registered visitors are admitted to the premises of PXS.
PXS employees and any third parties who may have access to any kind of data recorded by PXS are obliged to keep this information confidential. Only authorized personnel are allowed to view and edit data. This is also only allowed to the extent necessary for the proper execution of the services. This way PXS ensures that physical and digital data is handled with care. PXS continuously invests in employee knowledge and awareness regarding the privacy regulations and PXS screens employees before they are hired.
Rights of data subjects
Data subjects have the right to request PXS to access, correct or delete personal data or for a restriction of the processing thereof, in cases where PXS is responsible for the processing of their data. Data subjects are also entitled to object the processing of their personal data and have the right to receive their personal data. PXS processes such requests in accordance with the GDPR.
Questions or comments
This Privacy Statement is intended to provide insights in how PXS processes personal data. If you have any questions or comments, please contact PXS’ Data Protection Officer at dataprivacy@pxs.com.
PXS will assist in any way possible in case of complaints about the processing of personal data. Nevertheless, if you have a complaint about the use of your data by PXS, you also have the right (under the privacy legislation) to file a complaint with the privacy regulator, the Dutch Data Protection Authority.
PXS reserves the right to make changes to this privacy statement, for example due to adjustments to (changed) laws and regulations.