Last updated on 15 January 2021
CENTILI is a global digital monetisation company that enables innovative mobile payment solutions in 80+ countries worldwide and partners with over 280 mobile network operators and leading digital content providers. We lead the innovation with seamless setup of the complete carrier billing ecosystem with advanced features for one time and recurring payments drives business growth for telecoms, online businesses, app developers, and digital content providers. Centili’s in-house carrier billing platform is built on top of deep industry knowledge and years of large-scale cooperation with mobile operators.
We believe that the responsible use of data supports business growth and builds strong relationships between partners, consumers, and brands. As a business, we are committed to respecting and protecting personal data and privacy of all individuals with whom we interact.
We set a high bar for security and privacy and we follow holistically intelligent approach to manage the risks to maintain the trust of our clients and business partners. As we move into our second decade in digital monetisation, we are as vigilant as ever about trust – a multifaceted virtue in need of constant attention from all parts of our organization.
The term "CENTILI" or "us" or "we" refers to the company CENTILI Ltd, with its registered office at London SW1Y 6AW, 5th Floor, 86 Jermyn Street, and registration number 7911314.
The term "personal data" means any information by which a natural person can be identified, directly or indirectly.
The term "data controller" means natural or legal person which, alone or jointly with others, determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the applicable legislation.
The term "data processor" means the natural or legal person which processes personal data on behalf of a data controller. When we processes personal data by the means and for the purposes determined by our business partners, we act as a data processor.
2. WHAT DATA WE COLLECT AND HOW WE COLLECT IT
CENTILI processes, as a data controller, personal data in the following situations:
Business cooperation - when you use our services, ask us for a support, send us enquiry, and do business with us;
Sales activities - when you register in order to get information for a specific service, and/or ask to communicate with us;
Marketing activities - when you subscribe to our newsletter, visit our website or social network profile, send us information through a contact form, or you are a part of our marketing campaign;
Recruiting and selection processes - when we try to find best employees and you apply for a job to some of the published open positions;
Security reasons – we make sure that our information systems are following principles of confidentiality, integrity, and availability. For that reason we keep track of business activities and keep track of log files and other digital traces.
Legal, financial and compliance obligations – we make sure to respect all relevant legal and compliance obligations and for that reason we ask you to provide us with necessary data.
3. BUSINESS COOPERATION
We collect and process personal data connected with usage of our services, e.g. if you create an CENTILI account, ask for a support and become a client or a business associate.
For that purpose, we will collect personal data from contact persons of our clients, such as name, contact information (e-mail, phone number, address, job title, log files, registered client name, information on incidents and reports, IMSI,IMEI and User-Agent), and billing information (name, address, VAT number) connected with the client.
Processing these types of personal data is necessary to us in order to enter into a business relationship or to fulfil our obligations arising from an existing contract/business relationship.
When we process personal data on behalf of our clients for the purposes of providing our services to clients, in accordance with the General Terms and Conditions, and/or the Agreement for the Services and Data Processing Agreement concluded with our Clients, the client is data controller and CENTILI is data processor regarding such personal data processing activities.
4. SALES ACTIVITIES
We process personal data about visitors of our website and people who contact us through e-mail, phone call, social networks or website contact forms or some other way of communication. Based on our legitimate interest for doing business and sell our products and services, we will collect only basic contact information (such as name, surname, phone number, email address, company, job title, position, address) as well as any other information you choose to send us, depending on a nature of your contact. For this purpose, please do not send any sensitive data to us.
5. MARKETING ACTIVITIES
We process personal data when people subscribe to our newsletter, webinar, event, blog, case study or our other services through which we provide the information about our business and services.
For this purpose, we process data based on your consent, such as, name, surname, employer/company, country, mobile phone and email address and we use Mailchimp services. Based on a legitimate interest we process data regarding opening e-mail, bounce rate, clicks, subscription/un-subscription.
We also process personal data based on our legitimate interest for performing direct marketing activities. If you are our current client or you were in contact with us, we will send you some news on our products, services and events. If you contact us through webforms on our website, through an e-mail, phone, or social network profile we will process data from contact form and a message based on our legitimate interest to connect and communicate with potential clients/business associates. 6. RECRUITING AND SELECTION PROCESSES
For the purpose of recruiting and selecting new employees we collect personal data from people who sent us open job application or applied for some open position. We process personal data, such as, name, surname, title, working experience, picture, qualifications, education, skills, interview notes and comments, test results etc. We store this data in our own software
Please do not send us any sensitive personal data, such as, religious beliefs, health data. We may process sensitive data if such processing is required by law in connection with labour agreement.
We process this personal data on basis of precontractual obligations and/or legitimate interest. We retain personal data for the period of 2 years from sending an open application or date of rejection. In each case, you may ask us to delete your personal data before expiration of the retention period. 7. SECURITY REASONS
Based on our legitimate interest to protect our employees, associates and our property we process personal data, such as, log files, IP address, traffic data, metadata, incident reports, data form data breaches.
In case of personal data breach, we must perform risk assessment and based on this assessment we will inform supervisory authority, data controller and data subjects.
8. LEGAL OBLIGATIONS
As a company registered in the UK, we have to comply with legal obligations in the UK law. Regarding data protection laws, we also comply with necessary laws with regards to certain data subject.
We process and store all the necessary financial records, invoices, reports, transaction, agreements and statements. We also process data based on our legitimate interest to defend our claims in court proceeding or similar proceeding.
9. DATA RETENTION
We keep personal data for the period of time that is prescribed by law. For the general business activities we keep the data for 6 years, and we keep accounting and financial records for 6 years from the end of the last company financial year for which data relates to.
In some cases, where the law does not define maximum data retention period, we keep some personal data based on legitimate interest, in case, we need to defend our claim at court or some other public authority, in accordance with statutory limitations periods.
10. DATA RECIPIENTS
Data processors - we share personal data with authorised data processor for providing IT support, accounting, legal, HR, marketing, and sales services. For these type of activities we also engage affiliated CENTILI and Infobip companies.
Network operators and/or other communications service providers- when necessary for the set-up of proper routing and connectivity.
Third-party service providers - to the extent strictly necessary for them to perform specific actions on our behalf. We may share personal information with our trusted and verified third-party service providers for example in order to enable them to process payments for us or to prevent fraud.
Relevant legislation- in case we are presented with a legal obligation, we will share the data from users with such third parties that are legally entitled and authorized to request the same, such as within criminal procedures or threats to the public security.
Mergers and acquisitions - personal data may be transferred to data recipients who are in the process of buying our company (for example, in case of due diligence process), or personal data can be transferred to a company which merged with our company or to company who bought partially or in whole our company in case of business acquisitions or resolution/bankruptcy proceeding.
11. DATA TRANSFERS
For providing our services, unless otherwise agreed with a client, we use data centre located within European Union (Frankfurt, Germany).
We transfer data to USA in cases in which we use services of our data processors. We use Zoho for processing contact details of contact persons from our sales and marketing leads, and we use Microsoft Office 365, Atlassian, and Zendesk services for performing business activities and communication.
For IT support, accounting, legal, HR, marketing, and sales services we also engage affiliated CENTILI in Serbia and Malaysia, as well as certain Infobip companies as data processors.
In cases in which personal data has been transferred to third countries, we take all the appropriate and necessary steps to ensure that such data is processed in accordance with the applicable data protection laws, including signing standard contractual clauses.
12. BREXIT NOTICE
From 1 January 2021, the UK is no longer considered as an EU Member State and UK GDPR starts to apply. Based on the agreement between the UK and the EU, until April 2021 (and possibly June 2021) all the personal data transfers from the EU to the UK are not considered as transfers to a third country.
For the transfer from the UK to the EU, UK finds this transfer as transfer with adequate protection so there are no additional requirements needed for such personal data transfers.
13. DATA ABOUT MINORS
We generally do not process data about minors. In case we need to process personal data of a person under age of 18, we ask for guardian’s or parent’s permission. Please do not use our services and website if you are under age of 18.
In accordance with the UK General Data Protection Regulation (UK GDPR), in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
14. YOUR RIGHTS
In accordance with applicable law, you have the right to:
Access your personal data to learn the origin of the data, the purposes of processing and the period for which your personal data will be processed, who are the controllers and processors of your personal data and to whom your data may be disclosed;
Withdraw your consent at any time where your personal data is processed pursuant to your consent;
Update or correct your personal data;
Delete your personal data from our records if it is no longer needed for the purposes indicated above or it is not needed in respect to some legal obligation and overcoming legitimate interest;
Restrict the processing of your personal data in certain circumstances;
To exercise any of your right or to file a complaint to us you may contact us on email@example.com. You have right to object our legitimate interest for performing direct marketing activities. You have right to file a complaint to our data protection supervisory authority: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 You may exercise these rights by contacting us by the contact information specified below providing your name, email address and purpose of your request.
15. HOW LONG DO WE KEEP PERSONAL DATA
Your personal data will be retained in our database for a period specified in such consent. If you wish to withdraw your consent for processing of your personal data for any purpose and to delete your data from our database, you can do that at any time by sending an email to firstname.lastname@example.org.
Date: 15 January 2021