FPS Privacy Notice
The Fax Preference Service (FPS) is a central opt out register whereby individuals can register their wish not to receive unsolicited sales and marketing fax. It is a legal requirement that companies do not send such fax to numbers registered on the FPS, under the Privacy and Electronic Communications (EC Directive) Regulations 2003.
The FPS collects and processes data in order to maintain the FPS Register. This Fair processing notice outlines how we protect your privacy and outlines our methods and responsibilities to protect your data.
If you have any questions about our use of your personal data, please contact us via one of the following methods:
- By Email: email@example.com
- By Phone: 020 7291 3330
- By Post: FPS, DMA House, 70 Margaret Street, London, W1W 8SS
Information Provided During Registration
When you sign up for the Fax Preference Service, you provide the FPS with your name, Fax number to be registered and your contact details, such as email address and postal address, in order to enable us to administer the FPS register , manage complaints about unwanted sales and marketing fax and make the register available to organisations engaging in unsolicited direct marketing fax so they know which numbers that they must not fax. You can register your number through multiple channels, each channel collects different amounts of personal data:
- Online - We collect the fax number to be registered, your email address, your postal address and the name associated with the fax number (the bill payer)
- Post - We collect the fax number to be registered, your postal address and the name associated with the fax number (the bill payer)
- Telephone - When you register over the phone, the FPS will ask for your name, email address, postal address and the fax number you wish to be registered.
Information provided when making complaints about unsolicited Fax
As a Value-Added service, TPSL collects complaint data from registered users to assist the regulator, the Information Commissioner’s Office, in their duty to investigate and enforce possible breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This complaint data is collected in order to register a complaint and provide an opportunity for investigation and a response by the organisation alleged to have sent the unsolicited direct marketing fax.
The information collected for complaint handling may contain name, postal address, email address, fax number registered with FPS, date and time the fax was received.
Information provided to access the register
In order to know numbers to which unsolicited direct marketing fax must not be sent organisations are required to apply for a FPS licence. The information collected includes:
Name of organisations, postal address of organisation, contact name, contact email address, contact telephone number.
TPSL only shares data with organisations to fulfil our legal obligations and to provide the services subscribed to.
The FPS register is available to organisations who send direct marketing faxes to enable the organisation to screen their data and ensure that such faxes are not sent to FPS registered numbers. This is conducted under license to ensure compliance with relevant laws and best practice guidance. The file only contains fax numbers. No other details are transferred to licensees for the purpose of screening.
When a Fax Preference Service user makes a complaint about receipt of an unsolicited sales and marketing fax, the FPS writes to the alleged offending organisation informing them of their obligation under the Privacy and Electronic Communications (EC Directive) Regulations 2003 to screen against the register and provide the organisation with information about the complaint to enable them to respond with a reason why the fax was sent. This is collated into a report that TPSL sends to the regulator, the Information Commissioner’s Office, to enable investigation and possible enforcement.
From time to time, FPS may be required by law to share complaint and registration data with police, the courts or another enforcement body.
The TPSL also use processors to run our service. Information on our data processors can be seen below.
- Acxiom- administer registrations of fax numbers onto the “Do Not Fax” register
- MIQ Solutions- host our websites and complaints management systems
- Aspire Technology Solutions- File System management and email hosting platform
- Kura– Fulfilment services such as call handling in relation to receipt of an unsolicited direct marketing Fax
How the FPS safeguard my information?
The FPS take data security seriously. Data is held on servers located within the European Economic Area (EEA) with appropriate technical and organisational safeguards in place to prevent data loss and unauthorised access.
FPS is part of the DMA Group. The DMA Group holds a Cyber Essentials Plus Certification. This certification demonstrates that appropriate safeguards are in place to protect our systems against common cyber-attacks. The scheme is backed by the UK Government.
All staff handling personal data have had data protection training and receive regular refresher courses.
Legal basis for processing your personal data
The legal basis upon which FPS relies is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
TPSL administers the service on behalf of the ICO and in doing so are joint controller. The relevant regulation is the Privacy and Electronic Communications (EC Directive) Regulations 2003.
How long does the FPS hold my data?
The FPS has a documented data retention policy. All data is held and managed in accordance with this retention policy.
Numbers registered on the FPS “Do Not Call List” remain on the list until the FPS are informed that the number is no longer active.
The service is only intended for live fax numbers as such, as part of our process we will remove from the register fax numbers that are inactive.
Our retention period for complaints reported about receipt of an unsolicited direct marketing fax is 6 years as is data in relation to access to the register.
In relation to organisations who purchase a licence to enable screening against the register in order to identify fax numbers to which unsolicited direct marketing fax must not be sent, we have a statutory obligation to keep financial information.
Our retention period is 7 years for financial auditing purposes.
How do I update the information held by the FPS?
To inform us of a change in any of your personal details, including number changes, change of address etc, please email firstname.lastname@example.org. This is known as your right to rectification, it enables you to correct any incorrect personal information that we hold about you.
How Do I find out what data the FPS holds about me?
To request a copy of some or all of your personal information, please call or write to us (by post or email) using the contact details provided in this policy. This is known as your right to access.
The FPS may ask for confirmation of your identity. Once the FPS has confirmed your identity, we will provide you with a description of the information we hold, why we are holding it, who it may be shared with, and a clear and accessible copy of the information we hold.
How do I ask the FPS to suppress or remove my details?
We would only contact you in direct relation to registration, complaint handling or administering the licence for access to the register.
Should you wish to restrict processing or remove your information entirely from our records (and assuming we have no other obligation to keep it) then please contact us notifying us of your wish. Contact details can be found at the top of this notice.
We may need to hold for the purpose of suppression only. These are known as your rights to restriction and also your right to erasure.
Transfer to countries outside of the European Economic Area (EEA)
The FPS register is available to any organisation that wishes to conduct telemarketing activities to numbers registered within the UK.
Organisations who are based abroad including outside the European Economic Area who send direct marketing fax to UK subscribers are obliged to comply with PECR and screen against the FPS register.
The register is a fax number only file which is provided for suppression purposes only. The file is obtained via our secure licensee portal and is transferred under the safeguards in place within our licensee agreement. This is to ensure that the data is protected to the level expected within the UK.
What to do if you have a complaint about our use of your personal information?
If you have a complaint regarding your personal information please contact us at email@example.com
If after our response you remain unsatisfied with the way your complaint was handled, it is your right to contact the Information Commissioners Office (ICO) the Information Commissioners Office (ICO).
This privacy notice does not apply to 3rd party websites or links that you may access using our site. We recommend referring to the privacy notice on the 3rd party website.
Should TPSL be sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers’ advisers, passing it onto the new owners of the business. We will notify you should this occur, and you will have the opportunity to request suppression or deletion at that time.
We are The Telephone Preference Service Limited (TPSL), referred to in this notice as the Telephone Preference Service, The TPS or TPSL.
- Our company registration number is 3729928
- TPSL is a subsidiary of the Data and Marketing Association (UK) Limited, registration number 2667995
- Our Office is registered at DMA House, 70 Margaret Street, London, W1W 8SS
- Our ICO registration number is Z6261147
Changes to this policy
This notice is reviewed regularly. This policy last updated in June 2020.