Privacy Notice
Call Handling Services Ltd (‘CHS’) is committed to protecting the privacy and security of personal data. This Privacy Notice explains how we collect, use, store, and protect personal data when providing our services and when individuals interact with our websites, communication platforms, and applications.
CHS processes personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
Who We Are
Call Handling Services Limited
Company Number: 02610940
Registered in England and Wales
Registered office address: 65 Knowl Piece Wilbury Way, Hitchin, Hertfordshire, England, SG4 0TY
CHS provides cloud-based contact centre and communication services which facilitate interactions between organisations and their customers, clients, and service users.
For the purposes of data protection law:
- CHS acts as a Data Processor when processing personal data on behalf of its customers
- CHS acts as a Data Controller when managing its own business relationships, website interactions, and recruitment processes
Personal Data We Process
Depending on the services provided, CHS may process:
- Contact information (name, email address, telephone number)
- Technical data (IP address, browser or device information)
- User account credentials
- Call metadata (CLI and routing information)
- Call recordings
- Voicemail recordings
- SMS messages
- Email correspondence
- Web chat or social media messages
- Interaction notes recorded by authorised personnel
- Transaction records
- Automated transcripts generated from call recordings where transcription services are enabled by the Data Controller
CHS does not collect or store payment card numbers, expiry dates or CVV codes.
Automated Call Transcription
Where enabled by the CHS customer (Data Controller), CHS may provide automated transcription of call recordings using Artificial Intelligence (AI)-based speech-to-text technology.
This processing:
- occurs solely for the purpose of delivering contracted services
- does not involve automated decision-making that produces legal or similarly significant effects
- does not involve profiling
- does not use personal data to train Artificial Intelligence models
- is performed under the documented instructions of the Data Controller
Transcripts are stored securely within CHS systems and are retained in accordance with the same retention schedule as the associated call recordings.
Customers (as Data Controllers) are responsible for informing their end users where transcription functionality is enabled.
Use of Third-Party Processing Infrastructure
Where automated transcription services are enabled, CHS utilises secure third-party infrastructure providers acting as sub-processors under documented contractual instructions.
Processing is restricted to infrastructure located within:
- the United Kingdom; and
- the European Economic Area (EEA)
CHS ensures that:
- personal data is processed only for service delivery purposes
- no personal data is used to train Artificial Intelligence models
- generated transcripts are retained in accordance with applicable retention schedules
- appropriate contractual and technical safeguards are implemented to prevent unauthorised access or onward processing
CHS conducts risk-based due diligence on third-party service providers that process personal data on its behalf. Where applicable, this includes reliance on:
- Data Processing Agreements (DPAs)
- Standard Contractual Clauses (SCCs)
- Vendor privacy commitments
- Certifications such as ISO 27001 or SOC 2
Lawful Basis for Processing
CHS processes personal data under one or more of the following lawful bases:
| Processing Activity | Lawful Basis |
| Service delivery | Contract |
| Service improvement | Legitimate Interest |
| System security & monitoring | Legitimate Interest |
| Legal compliance | Legal Obligation |
| Marketing communications | Consent |
| Recruitment processing | Legitimate Interest |
When acting as a Data Processor, CHS processes personal data under the lawful basis determined by the Data Controller.
Marketing Communications
Where CHS sends marketing communications by electronic means (including email or SMS), this will only occur where:
- the recipient has provided prior consent; or
- CHS is permitted to do so under the “soft opt-in” provisions of the Privacy and Electronic Communications Regulations (PECR).
Recipients may opt-out of marketing communications at any time by:
- using the unsubscribe link provided in communications; or
- contacting clientsupport@callhandling.co.uk
Opting out of marketing communications will not affect the provision of contracted services.
Data Sharing
CHS may share personal data with third-party processors where this is necessary for the provision of contracted services.
Such sharing may include:
- system metadata (e.g. call routing or delivery information)
- user identifiers (e.g. agent login details)
- communication records or recordings (where required to deliver the service)
CHS does not disclose message content or customer interaction data to infrastructure providers unless this is necessary for the operation of the service or explicitly instructed by the Data Controller.
International Transfers
CHS stores and processes personal data within the United Kingdom or European Economic Area (EEA) unless otherwise instructed by the Data Controller.
CHS does not transfer personal data outside the UK or EEA as part of its standard service provision.
Where international data transfers are required by customer instruction, CHS will ensure that appropriate safeguards are in place in accordance with UK GDPR, including the use of:
- International Data Transfer Agreements (IDTAs)
- UK Addendum to EU Standard Contractual Clauses
Data Retention
CHS retains personal data only for as long as necessary to fulfil contractual, legal, or operational requirements.
Typical retention periods include:
- Call recordings: 45 days (unless otherwise agreed)
- Call transcripts: retained in line with call recording retention
- Interaction records: up to 3 years
- Agent account data: retained while active
Secure deletion methods include:
- certified deletion
- encryption key destruction (crypto-shredding)
Data Security
CHS implements appropriate technical and organisational measures to protect personal data in accordance with Article 32 UK GDPR. These include:
- encryption of data at rest and in transit
- role-based access controls
- multi-factor authentication
- network segregation
- vulnerability scanning and patch management
- incident detection and response procedures
- secure remote access controls
Independent assurance of CHS’ information security and quality management practices is provided through:
- ISO 27001:2022 Information Security Management System certification
- ISO 9001 Quality Management System certification
- Cyber Essentials Plus certification
- Annual independent penetration testing conducted by a CREST-accredited auditor
CHS is registered with the UK Information Commissioner’s Office (ICO) under registration number Z9772929 and has appointed a Data Protection Officer responsible for overseeing compliance with applicable data protection legislation. The Data Protection Officer can be contacted via:
clientsupport@callhandling.co.uk
Your Rights
Individuals have the right to:
- access personal data
- request rectification
- request erasure
- restrict processing
- object to processing
- request data portability
- withdraw consent (where applicable)
Requests may be submitted to:
clientsupport@callhandling.co.uk
Complaints
If you have any concerns about how CHS processes your personal data, we encourage you to contact our Data Protection Officer in the first instance so that we can investigate and attempt to resolve the matter promptly:
clientsupport@callhandling.co.uk
You also have the right to lodge a complaint with the UK supervisory authority for data protection matters, the Information Commissioner’s Office (ICO):
Review & Approval
This statement is approved by the Board of Directors and will be reviewed at least annually, or sooner where there are material changes to CHS operations, legal obligations, or regulatory requirements.
Available on the our website at:
https://www.callhandling.co.uk/privacy-policy/