Privacy Policy

Document Reference Title Classification
DP03 Privacy Policy Public
Last Edit Version Author Description of Change
18/11/2018 1.0 Liam O’Reilly First documented copy
16/02/2019 1.1 Liam O’Reilly Revised Copy
20/01/2020 2.0 Liam O’Reilly Major revision, Sub-Processor list.
22/03/2023 3.0 Liam O’Reilly Major revision, additional of SMS Compliance, Sub-Processor list.
22/03/2024 3.1 Liam O’Reilly Reviewed no changes
16/02/2025 4.0 Liam O’Reilly Major revision, Sub-Processor list.

1. Contents

1. Contents ………………………………………………………. 2
2. Policy ………………………………………………………. 3
   2. Purpose ………………………………………………………. 3
   3. Definitions and Interpretation ………………………………………………………. 3
   4. Information About Us ………………………………………………………. 3
   5. When Do We Collect Personal Information? ………………………………………………………. 4
   6. Types of Data We Collect ………………………………………………………. 4
   7. Purpose and Legal Basis for Processing ………………………………………………………. 4
   8. How We Use Personal Information ………………………………………………………. 4
   9. International Transfers ………………………………………………………. 5
  10. Data Retention ………………………………………………………. 5
  11. Security and Confidentiality ………………………………………………………. 5
  12. Data Subject Rights ………………………………………………………. 5
  13. Contact Details ………………………………………………………. 6
  14. Cookies ………………………………………………………. 6
  15. SMS Compliance ………………………………………………………. 6
  16. Third Parties and Processors ………………………………………………………. 7
  17. Profiling and Automated Decision-Making ………………………………………………………. 8
  18. Updates to the Privacy Policy ……………………………………………………….. 8

2. Policy

Occam Networks Limited (Occam Networks) respects your privacy and is committed to maintaining the privacy and confidentiality of the personal information we collect.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance
of our Privacy Policy is deemed to occur upon your first use of our sites. If you do not accept
and agree with this Privacy Policy, you must stop using our sites immediately.

2. Purpose

The purpose of this Privacy Policy is to explain what personal information Occam Networks collects, how and when it may be collected, how it is processed, and what your rights are. For the purpose of this Privacy Policy, “we” and “us” refer to Occam Networks.

Personal Information is any identifiable information, such as your name, email address, home or work address, telephone number, bank details, or online identifier, which can directly or indirectly identify you.

3. Definitions and Interpretation

In this Policy, the following terms shall have the following meanings:

    •  “Account” means an account required to access and/or use certain areas and features of our sites;
    • “Cookie” means a small text file placed on your computer or device by our sites when you visit certain parts of our sites and/or when you use certain features of our sites. Details of the Cookies used by our sites are set out in section 13, below;
    • “Cookie Law” Reference to the Privacy and Electronic Communications (EC Directive) Regulations 2003, particularly around the requirements for cookies and consent.
    • “Personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our sites. This definition shall, where applicable, incorporate the definitions provided in the UK General Data Protection Regulation (“UK GDPR”) and the EU Regulation 2016/679 – the General Data Protection Regulation (“EU GDPR”);
    • “we/us/our” means Occam Networks Limited, a limited company registered in England under company number 10302957, whose registered address is 5 Yeomans Court, Ware Road, Hertford, Hertfordshire, SG13 7HJ, United Kingdom.

4. Information About Us

Our sites are owned and operated by Occam Networks Limited, a limited company registered in England under company number 10302957, whose registered address is 5 Yeomans Court, Ware Road, Hertford, Hertfordshire, SG13 7HJ, United Kingdom.

VAT number: 266 357 772.

Our Data Protection Officer (DPO) is Chris Beeson, and can be contacted by email at [email protected], by telephone on +44 (0)800 756 6955, or by post at 5 Yeomans Court, Ware Road, Hertford, Hertfordshire, SG13 7HJ, United Kingdom.

5. When Do We Collect Personal Information?

Information You Provide:
Personal Information is provided when you:

    • Access Occam Networks website.
    • Request, purchase, or use a service.
    • Communicate with us via phone calls, email, web forms, social media, or other methods.
    • Subscribe to marketing materials.
    • Attend our events.
    • Provide services to Occam Networks.

Automated Data Collection:
We collect information via cookies, web beacons, and similar technologies when you:

    • Visit our website.
    • View our advertisements or marketing emails.

Third-Party Sources:

We may collect information from trusted partners and suppliers to fulfil services, analytics, or marketing.

Social Media Platforms:
We may collect information when you engage with us on platforms like LinkedIn® and Twitter®.

6. Types of Data We Collect

    • Contact Information: Name, company name, job title, address, phone numbers, email address.
    • Transactional Information: Details of services purchased or used.
    • Technical Information: IP address, browser type, device information.
    • Special Category Data: Health-related data, processed only with explicit consent and where necessary. As defined under Article 9 of UK GDPR

7. Purpose and Legal Basis for Processing

We process personal information on the following legal bases under Article 6 of UK GDPR:

    • Performance of a Contract: To provide services or respond to service requests.
    • Legitimate Interests: To operate, market, and improve our business (subject to a Legitimate Interests Assessment where appropriate).
    • Legal Obligation: To comply with legal and regulatory requirements.
    • Consent: For direct marketing purposes or where explicit consent is required.

8. How We Use Personal Information

    • Service Delivery: Provide and manage services.
    • Contact and Communication: Respond to enquiries and service updates.
    • Marketing: Send relevant marketing communications (subject to consent).
    • Security: Detect and prevent fraud or unauthorised activity.
    • Compliance: Fulfil legal and regulatory obligations.
    • Internal Operations: Train employees, conduct research, and improve services.

9. International Transfers

We may transfer personal information outside of the UK to countries where adequate protection mechanisms are in place. These transfers will be carried out under the appropriate legal mechanisms, such as the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, to ensure your data remains protected. In some cases, your explicit consent may be requested before data is transferred.

10. Data Retention

We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.
For example:

    • Personal data used for service delivery will be retained for the duration of the contract, plus an additional period to comply with legal requirements and limitations.
    • Personal data used for marketing will be retained until you opt-out or request deletion.
    • Any other personal data will be retained for as long as necessary for the specific purpose or as required by law.

11. Security and Confidentiality

We operate an ISO 27001-certified Information Security Management System (ISMS) with strong controls in place to safeguard personal data. Our measures include encryption of data, multi-factor authentication, role-based access controls, vulnerability and penetration testing, and regular security audits. While we strive to protect your data, please note that internet transmissions can never be guaranteed 100% secure.

12. Data Subject Rights

You have the following rights under UK GDPR:

    • Right to be informed.
    • Right of access (Subject Access Request).
    • Right to rectification.
    • Right to erasure.
    • Right to restrict processing.
    • Right to data portability.
    • Right to object to processing.
    • Rights in relation to automated decision-making and profiling.

To exercise these rights, contact our Data Protection Officer (DPO) using the contact details in section 2.10. As outlined in Articles 12 to 22 of UK GDPR

13. Contact Details

If you have any questions about our sites or this Privacy Policy, please contact us by email at
[email protected], by telephone on +44 (0)800 756 6955 or by post at 5 Yeomans Court,
Ware Road, Hertford, Hertfordshire, SG13 7HJ, United Kingdom. Please ensure that your
query is clear, particularly if it is a request for information about the data we hold about you.

If you are dissatisfied, you can lodge a complaint with the Information Commissioner’s Office (ICO) via www.ico.org.uk.

14. Cookies

Our sites may place and access certain first-party Cookies on your computer or device. First party Cookies are those placed directly by us and are used only by us.

We use Cookies to facilitate and improve your experience of our sites and to provide and improve our products and services. We have carefully chosen these Cookies and have taken steps to ensure that
your privacy and personal data are protected and always respected.

By using our sites, you may also receive certain third-party Cookies on your computer or
device. Third-party Cookies are those placed by websites, services, and/or parties other than
us. Third-party Cookies are used on our sites for advertising and analytical purposes.

Before Cookies are placed on your computer or device, you will be shown a pop-up form
requesting your consent to set those Cookies. By giving your consent to the placing of Cookies
you are enabling us to provide the best possible experience and service to you. You may, if
you wish, deny consent to the placing of Cookies; however certain features of our sites may
not function fully or as intended.

Certain features of our sites depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings as detailed below in section, but please be aware that our sites may not function properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

15. SMS Compliance

Occam Networks complies with relevant SMS regulations, including the Telephone Consumer Protection Act (TCPA) and the Cellular Telecommunications and Internet Association (CTIA) guidelines. We do not share your mobile information with third parties for marketing purposes and ensure that all SMS communications are secure and compliant with applicable laws.

16. Third Parties and Processors

We may share data with trusted third parties and sub-processors for various purposes, including service provision, analytics, or marketing. All third parties and sub-processors are vetted and required to comply with UK GDPR and our data security standards. A list of our sub-processors and the data processing purposes is provided below:

Sub-Processors (where client data is processed)

Sub-Processor Data Subjects Processing Purpose Data Processed Data Location(s)
Amazon Web Services, Inc. (AWS) Employees, customers, and clients’ customers Cloud infrastructure (servers, databases, storage) Contact details, correspondence, potentially client data EU/US>
Microsoft Corporation (Office 365) Employees, customers, and clients’ customers Email, SharePoint, document storage Contact details, correspondence, potentially client data UK/EU
Dropbox, Inc. Employees, customers, and clients’ customers Document and file storage Contact details, correspondence, potentially client data US
DataDog, Inc. Employees, customers, and clients’ customers Reporting/Systems analytics, log data Company name, source and destination telephone numbers, Call IDs EU
Zendesk, Inc. Employees, customers, and clients’ customers Cloud-based customer support/Helpdesk Contact details, correspondence, potentially client data US
Twilio, Inc. Employees, customers, and clients’ customers Communications API Contact details US

Third Parties (no client data is used)

Sub-Processor Data Subjects Processing Purpose Data Processed Data Location(s)
Google LLC (Google Analytics) Website visitors Website engagement tracking IP address, activity US
Xero Limited Employees Invoicing and accounting platform Contact, bank, and financial information EU
Monday.com Ltd. Employees, customers, and clients’ customers Customer relationship management Contact details, responsibilities, correspondence EU

17. Profiling and Automated Decision-Making

We do not perform automated decision-making or profiling that produces legal or significant effects on individuals.

18. Updates to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. All updates will be posted on our website, and we will notify you directly when significant changes are made, where appropriate. If there are substantial changes to how we handle your personal data, you will be given an opportunity to review and accept the updated policy.