Privacy Policy.

This privacy policy will help you understand what information we collect and use at Tariffmatch, how we protect the information we hold and the choices you have associated with that information.

Where we refer to “Tariffmatch”, “we”, or “us” in this policy, we are referring to Tariffmatch Global Ltd which provides the services to you and your organisation.

The “Services” refers to the applications, services and website provided by Tariffmatch.

Tariffmatch may from time to time introduce new products and services. To the extent that these new products and services affect this policy, we will notify you of any significant changes, however you are welcome to come back and check it at any time.

If you have any questions about this policy or our practices, please contact us at click to reveal.

Item 1. What information do we collect and why?

Item 1.1. Visitors to our website (non-registered users)

Tariffmatch Global Ltd is the acting data controller for information collected from the Tariffmatch website.

Item 1.1.1. Website Enquiries

When you submit an enquiry through our website, we collect your contact details such as the ones listed below:

• Full Name.
• Company.
• E-Mail Address.
• Telephone Number.

We will use these details with your consent to contact you and send you information in response to your enquiry.

If you have provided your consent and “opt-in”, we may also send you sales & marketing e-mails on the Tariffmatch products and services from time to time. You can opt-out of these using the “Unsubscribe links / functions” at any time.

Item 1.2. Registered users & employees of our contracted customers

Tariffmatch only collect and hold the necessary information required, which is used in order to provide the agreed and contracted services to you and our customers.

When you are using Tariffmatch analytics services, Tariffmatch Global Ltd is acting as the joint data controller and processer on behalf of your organisation.

Item 1.2.1. Account Management Information

We may collect and hold the following information either directly from you or it may be passed to us by your organisation so that we may create a login and account in order for you to use our services:

• Full Name.
• Business Email Address.
• Tariffmatch Username.
• Password.
• Business Phone Number .
• Business Mobile Number.
• Country & Language.
• Position / Job title.
• Business Group / Department.
• IP Address.

The information is used in order to authenticate you to our services, for account management and for us to contact you in conjunction with the services that we are providing to you or your organisation.

Examples of use:

• When logging in to our services, we may send a unique pin code to your registered e-mail address in order to perform multi-factor authentication.
• We will send you notifications to your e-mail address and mobile telephone number in order to send you updates on job progress.
• Our analytics team may contact you in regards to a specific job in order to request further information or to resolve a query.
• Our support team may contact you in regards to support issues.

We may also use your contact details in order to supply you with important information about our products and services such as:

• Training and instructional materials to help you get the most from the services we provide, including invites to webinar and training sessions.
• Information on functionality updates and changes to existing products and services.
• Information about additional tools, products, features and services that we introduce as part of your subscription.

Item 1.2.2. Usage information

When you use our sites and services, Tariffmatch collects information about the pages you visit and the analytical and reporting functions & services used.

Examples of the information we collect for auditing purposes:

• UserID/ UserName.
• Page Name.
• Request Date Time.
• Function Description.
• IP Address.

This information may be used for the following reasons:

Security: Our systems monitor user activity in order to detect any unusual or suspicious activity. This information is used to both help prevent and investigate any information security incidents or data breaches.

Support: Activity logs help our support and technical teams deliver support to you and your organisation. The logs may help to identify how and why a particular issue has occurred.

Capacity Management: Activity logs help our systems and engineers monitor and manage load on our sites, services and processing systems.

We may also collect and record information about the analytics jobs you run such as the following, in order to provide usage statistics to you and your organisation:

• Customer.
• Bill.
• Tariff.
• Processing Author.
• Existing Spend.
• Projected Spend.
• Processing Date Time.
• Margin.
• Margin %.
• Connection Types and Quantities.
• Total usage data according to traffic type e.g Mins, Megabytes, Messages.
• Total line or channel quantities according to line or service type.

Item 1.2.3. Customer Data

When you submit customer billing to us on behalf of your organisation, we ask you for and collect information about the customer, which may include information such as:

• Business Name.
• Branch Name(s).
• Country.
• Industry Sector.
• Primary Business Contact Name.
• Primary Business Contact E-mail.
• Business Address.

We collect and use this information for the following reasons:

Reporting: So that the customer and branch name can be displayed on the reporting that you and our systems generate for this customer.

Organisation: Tariffmatch systems allow you to analyse different types of billing and produce various different types of reports for customers. Our system groups and organises all of this information by customer so it is easier for you to work with.

Usage Statistics: We may also use customer details such as the customer name and industry sector in order to provide categorised opportunity based usage statistics to you and your organisation.

Item 1.2.4. Customer Itemised Billing Data

When you submit customer billing to us for analysis, we collect and use the information contained within the electronic data files to provide the analysis and reporting services and functions requested and we are contracted to provide to you or your organisation.

Depending on the type of electronic billing and the origination of the electronic data, the information contained in the files may vary, however the following information is normally used and collected as part of our analysis:

Item 1.2.4.1. Itemised Call Data

• Origination CLI / Number.
• Billing Account Name.
• Billing Account Number.
• Billing Entity Number.
• Destination / Dialled Number.
• Call Time.
• Call Cost.
• Call Duration.
• Providers Call or Item Description, Category / Classification.
• Call / Traffic Type.
• Originating Country.
• Network.

Item 1.2.4.2. Invoice Data

• Origination CLI / Number.
• Billing Account Name.
• Billing Account Number.
• Billing Entity Number.
• Description / Username.
• Rental Period.
• Rental Date.
• Rental Charges.
• Rental Discounts.
• Price Plan.
• Tariff.
• Cost Centre / Reporting Level.
• Item Description.
• Cost.
• Discounts.
• Invoice Totals.

Item 1.2.4.3. Line Rental Data

• Origination CLI / Number.
• Line, Item, Service Type.
• Line, Item, Service Description.
• Rental Period.
• Rental Date.
• Quantity.
• Cost.
• Discounts.

Tariffmatch systems and data analysts use the itemised information contained in these files in order to identity all the lines, connections, items and services to a granular level and associated charges.

Detailed reporting and itemised tariff comparisons will be produced on the data by both Tariffmatch systems and through use of the Tariffmatch analytics tools in conjunction with the contracted services that we provide to you and your organisation.

All customer electronic billing data, itemised call data files and all associated reports will be held for a maximum retention period of 12 months upon receipt / upload of the data, after which, the data will be securely deleted automatically.

Certain associated meta-data, usage and audit data associated with the customer billing may be retained after this period for audit, security purposes and used to provide usage statistics to your organisation.

Item 1.3. Registered and non-registered users of our sites and services

Item 1.3.1. Cookies

Cookies are very small text files that are stored on your computer when you visit certain web pages. We use cookies on our site to:

• Help you navigate our website.
• Facilitate the sign up and login process for our services.
• Personalize your experience.
• Analyse which pages our site visitors visit.
• Measure advertising and promotional effectiveness.

Videos and other multimedia features, used on our site for delivery of training material and video guides may also rely on cookies to collect and store your preferences. These cookies are different from browser cookies because of the amount of, type of, and how data is stored.

Please note that some cookies may be placed by a third party service provider who performs some of these functions for us.

Item 2. Information Sharing

The information and data that we hold about you, our users, is held in the strictest of confidence, however in certain circumstances (e.g by law) we may be required to disclose or provide access to your personally identifying information to a third party. We will only disclose this information:

• As required by law such as to comply with a subpoena, or similar legal process to the extent we are legally permitted to do so. We will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process.
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a written government request.
• If Tariffmatch becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personally identifying information becomes subject to a different privacy statement.

We will share your personally identifying information with third parties only in the ways that are described in this Privacy Statement. We do not otherwise sell your personally identifying information to third parties.

Item 3. Data Protection

Tariffmatch is committed to protecting personal data and ensuring lawful processing in compliance with the General Data Protection Regulation (GDPR). We implement robust technical and organizational measures to safeguard data during transmission, storage, and processing.

Primary data storage and processing occur within the United Kingdom in accordance with GDPR.

Tariffmatch services are hosted on Microsoft Azure, providing a secure, reliable, and resilient environment.

Access to applications and services is protected by multi-factor authentication (MFA) and Microsoft Entra B2C identity management, ensuring secure authentication and authorization over encrypted channels.

All traffic to and from our applications, including the secure data upload portal, is encrypted using industry-standard protocols (TLS).

Data is encrypted at rest using AES-256 encryption within databases and file storage.

Role-Based Access Control (RBAC) and Privileged Identity Management (PIM) enforce strict access permissions.

All user access is logged and monitored for security and compliance.

Systems and networks are continuously monitored by dedicated security services to protect against malware, ransomware, and intrusion.

Automated error tracking and reporting systems ensure rapid detection and resolution of issues.

Multi-level backup systems and disaster recovery processes ensure service resilience and business continuity.

Automated systems securely remove data in accordance with our data retention policy.

All employees receive regular training on data protection, security best practices, and GDPR compliance.

Item 4. Your Rights

Item 4.1. Subject Access Requests

At your request, we can provide you with details and a copy of the personal information / data that we hold about you which we will aim to deliver within 30 days of the request.

Tariffmatch will not charge for complying with a subject access request.

We will aim to ensure that the data we will provide in response to a subject access request will be delivered in a structured, readable and widely compatible format.

Tariffmatch will explain their lawful basis for processing data when answering a subject access request.

Requests may be refused only if they are manifestly unfounded or excessive. On refusal of a request, you will be notified of the reason within 30 days of the request and you have the right to complain to the supervisory authority and to a judicial remedy.

You can submit an access request by sending your contact details and detailing the reason for the request to click to reveal.

Item 4.2. Consent

You have the right to withdraw consent at any time where relevant. In order to withdraw consent, please send the details of your request to click to reveal

item 4.3. Right to be Forgotten

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

You have the right to have your personal data erased if:

• Your personal data is no longer necessary for the purpose which we collected or processed it for;
• We are relying on consent as our lawful basis for holding the data, and you, the individual withdraws consent;
• We are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing;
• We are processing the personal data for direct marketing purposes and you object to that processing;
• We have processed the personal data unlawfully.
• We have to do it to comply with a legal obligation.

If you would like to submit an erasure request, please send the details of your request to click to reveal. We will aim to respond to erasure requests within 30 days.

In order to comply with our policy requirements and contracted terms for data protection and business continuity, your data may reside in our backups for up to 12 months following successful completion of an erasure request.

You can be assured that Tariffmatch take steps to ensure your personal data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the personal data may be restored from backups, but we will take the necessary steps to honour the initial request and erase the primary instance of the data again.

Backup archives containing personal data will be protected with strong encryption, so that even if criminals were able to steal the archive, its contents would remain useless to them.

Retention rules have been put in place so that personal data in backup archives is retained for as short a time as necessary before being automatically deleted.

Records of all data subject requests regarding their personal data will be retained, as will audit logs that record all activities on backup archives containing personal data. This means that you can be confident that your personal data has been backed up in accordance with GDPR principles of security by design and by default, as well as data minimization, and that your rights, including the right to be forgotten, have been honoured.

Item 4.4. Complaints

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

If you think your data has been misused or that it hasn’t kept it secure, you should first contact us and tell us by sending the details of your complaint to us at click to reveal.

If you’re unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). More information on how to do this can be found at gov.uk/data-protection/make-a-complaint.

This document was last updated on the 02 December 2025