Last updated: February 2021
Privacy Policy
Thank you for using the GSMA Fraud Intelligence Service powered by RoamsysNext. The protection of your personal data such as your IP number, your date of birth, your name, telephone number and your address, etc. is important to us.
The purpose of this Privacy Policy is to inform you about the personal data we collect when you visit our site and how we use it.
Our data protection practice complies with the legal regulations, in particular those of the law of 1 August 2018 relating to the organization of the Commission Nationale pour la Protection des Données and on the general system of data protection (the “Law of 1 August 2018”), the law of 30 May 2005 relating to the protection of privacy in the electronic communications sector as amended (the “Law of 30 May 2005”) and the General Data Protection Regulation of the EU (the “GDPR”).
This means that we will only process your personal data insofar as it is necessary for the functional provision of this website and our contents and services, as well as for the processing of enquiries and, if applicable, for the processing of orders/contracts, but only insofar as there is a justified interest within the meaning of art. 6 (1) (f) GDPR or any other valid legal ground for the processing of personal data.
Your personal data will be used for other purposes than the one defined in this Privacy Policy only to the extent that you have given your prior and specific consent separately, e.g. for the sending of promotional information by newsletter.
1. Controller
The controller regarding this web software within the meaning of art. 4(7) GDPR and other national data protection laws of the Member States and other provisions under the GDPR is:
ROAMSYS S.A.
13, Fausermillen
6689 Mertert
Luxembourg
E-Mail: info@roamsys-next.com
Fax: +352 26740 540
2. Name and Address of the data protection officer
With regard to art. 37 GDPR we have designated a data protection officer. You can communicate with our data protection officer using the following contact details:
Name: DURY Compliance & Consulting GmbH
Address: Obertorstraße 1, D-66111 Saarbrücken
E-Mail: dsb@datenschutz-compliance.de
3. Creation of log files
Each time you access our website, our system automatically collects data and information of your accessing device. The processing of personal data carried out in this context is as follows:
- Scope of the processing and personal data processed
-
- Information concerning the browser type and the Browser version used
- The operating system of the accessing device
- The IP address of the accessing device
- Date and time of access
- Websites and resources (images, files, additional page content) which were accessed
- Websites which refers to our website and which directed the users device to our website (referrer tracking)
-
This data is stored in the log files of our system. This data is not stored together with personal data of a specific user in such a way that individual users can be identified.
- Legal basis for the processing of personal data
Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the following, outlined purpose.
- Purpose of data processing
Logging is carried out for maintaining compatibility as far as possible, for combating misuse and for troubleshooting reasons. In order to achieve those purposes it is necessary to log the technical data of the accessing devices. We also use this technical data to optimize the website and to ensure the security of our IT systems.
- Duration of storage
The aforementioned technical data is erased as soon as it is no longer required to achieve the aforementioned purposes, but at the latest three (3) months following the use of our website.
- Possibility to object and demand deletion
You may object to this processing according to art. 21 GDPR and demand deletion of data according to art. 17 GDPR by following the indications under section 9 of this privacy policy.
4. Special functions
Our site offers different functions which collect personal data as follows:
4.1 Login area
- Scope of the processing of personal data and personal data processed
The registration and login data you have entered with us.
- Legal basis for the processing of personal data
art. 6(1)(a) GDPR (consent by clear confirmatory act or conduct)
- Purpose of data processing
On our website you have the possibility to use a separate login area. If you have forgotten your password or your user name for this area, you have the option of having this data sent to you again after entering your contact data (e-mail address). We collect, store and process the data that arises within the scope of using the login area only for the purpose of combating misuse and eliminating faults or maintaining functionality. The data will not be used for other purposes or passed on to third parties.
- Duration of storage
The collected data is stored as long as you maintain a user account with us.
The data collected as part of the ‘Forgotten user name or password’ function will only be used to resend forgotten access data.
- Possibility to withdraw consent and demand deletion
You may demand deletion of data according to art. 17 GDPR and withdraw your consent according to article 7(3) GDPR by following the indications under section 9 of this privacy policy.
- Characteristics of the provision of personal data
The provision of personal data is a contractual requirement for the usage of the service protected through the authentication. It is not a requirement necessary to enter into a contract. If you are not providing the personal data required, you are not able to use the service that is protected through the authentication.
5. Integration of external web services and processing of data outside the EU
On our website we use active JavaScript content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. In this case, it may be possible that they process data outside the EU. You can prevent this by installing a JavaScript blocker such as the browser plug-in ‘NoScript’ (www.noscript.net or www.ghostery.com) or by deactivating Java Script in your browser. This may result in functional restrictions on Internet pages that you visit. We use the following external web services:
6. Information concerning the use of cookies
- Scope of the processing of personal data
On various pages, we and the web services integrate and use cookies to enable certain functions of our website. The so-called ‘cookies’ are small text files that your browser can store on your accessing device. These text files contain a characteristic string of characters that uniquely identify the browser when you return to our site. The process of storing a cookie file is also called ‘setting a cookie’. Details are given in the table below.
- Legal basis for the processing of personal data
Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in maintaining the full functionality of our website, increasing its usability and enabling a more individual approach to our customers. We can only identify individual website visitors with the help of cookie technology if the website visitor has previously provided us with corresponding personal data on the basis of a separate consent.
- Purpose of data processing
The cookies are set by our website in order to maintain the full functionality of our website and to improve usability. Cookie technology also enables us to recognise individual visitors by means of pseudonyms, e.g. an individual, random ID, so that we are able to offer more individual services. Details are given in the table below.
- Duration of storage
Our cookies are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. Details are given in the table below:
Cookie-Name | Server | Purpose | Legal Basis | Storage Duration | Type | ||
_ga | .roamsys-next.com |
Google-Analytics Used to distinguish users. |
consent | 2 years | https | ||
_gid | .roamsys-next.com | Google-Analytics
Used to distinguish users. |
consent | 1 day | https | ||
_gat | .roamsys-next.com | Google-Analytics
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_. |
consent | 1 minute | https |
- Possibility to object, withdraw consent and demand deletion
You can adjust your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on the acceptance of cookies on a case-by-case basis or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognise that your accessing device has already been connected to our website (permanent cookies) or to save recently viewed offers (session cookies). If you have given us express permission to process your personal data (art. 6(1)(a) GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.
7. Data security and data protection, communication by e-mail
Your personal data is protected by technical and organizational measures during collection, storage and processing such that they are not accessible to third parties. In case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so that we recommend encrypted communication or mail for information with a high confidentiality requirement.
8. Customer enquiries
We use the ticketing system “Zendesk”, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, to process customer enquiries. To this end, essential data such as first name, surname, postal address, phone number, email address, are collected on our website, in order to be able to respond to your need for information. Zendesk is a certified participant in the “Privacy Shield Framework” and therefore fulfils the requirements for lawful contract data processing.
You can find more detailed information about data processing by Zendesk in Zendesk’s Privacy Policy.
If you contact us by email or via the form on the website, we shall use the data transmitted by you only for processing your specific enquiry. The data provided shall be treated confidentially. The data provided and the message history with our service desk is stored for follow-up questions and contacting.
9. Right to access and correct data – deletion of data – limitation of processing -withdrawal of consents – right to object
9.1 Right of access
You have the right to request confirmation as to whether we process your personal data. If this is the case, you have a right of access and information specified in art. 15(1) GDPR, provided that the rights and freedoms of other persons are not infringed (art. 15(1) GDPR). We will also be happy to provide you with a copy of the data.
9.2 Right to correction
Pursuant to art. 16 GDPR, you have the right to have incorrectly stored personal data (such as address, name, etc.) corrected by us at any time.
9.3 Right to erasure
Pursuant to art. 17(1) GDPR, you have the right to demand that we delete the personal data collected about you in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the processing is based according to point (a) of art. 6(1), or point (a) of art. 9(2) GDPR, and there is no other legal ground for the processing
- you have objected to the processing pursuant to art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to art. 21(2) GDPR
- the personal data have been unlawfully processed
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- the personal data have been collected in relation to the offer of information society services referred to in art. 8 (1) GDPR
Pursuant to art. 17(3) GDPR, the right does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information. Moreover, it does not exist if it has been collected on the basis of a legal obligation, or if the data serve the assertion, exercise or defence of legal claims.
9.4 Right to limitation of processing
According to art. 18(1) GDPR you have the right in individual cases to demand the restriction of the processing of your personal data.
This is the case if
- the accuracy of the personal data is disputed
- the processing is unlawful
- the data are no longer required for the processing purpose but are used for the assertion, exercise or defence of legal claims
- an objection has been filed against the processing pursuant to art. 21(1) GDPR and it is still unclear which interests predominate.
9.5 Right to withdraw consent
If you have given us express permission to process your personal data (art. 6(1)(a) GDPR or art. 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.
9.6 Right to object to data processing
Pursuant to art. 21 GDPR, you may at any time object to the processing of your personal data if such processing is carried out on the basis of art. 6(1)(f) GDPR e.g. where the processing is carried out on the basis of the legitimate interests.
9.7 How can I obtain my rights?
You can obtain your rights, if you inform us:
ROAMSYS S.A.
13, Fausermillen
6689 Mertert Luxembourg
E-Mail: info@roamsys-next.com
Fax: +352 26740 540
10. Data Portability
You have the right to receive the personal data that you have transmitted to us in a structured, common and machine-readable format and transfer it to another data controller provided that:
- the processing is based on consent pursuant to art. 6(1)(a) GDPR or a contract pursuant art. 6(1)(b) GDPR ; and
- the processing is carried out by automated means.
You can also request your personal data to be directly transferred to another controller, insofar as this is technically feasible. The exercise of this right shall not adversely affect the rights and freedoms of others.
10. Right to lodge a complaint to the national data protection authority – Commission Nationale pour la Protection des Données (CNPD) – or any other competent supervisory authority
If you suspect that your data is being illegally processed on our site, you can take legal actions in order bring the problem to a judicial clarification. This option does not interfere with any other legal option you might have.
Regardless of this, you have the option of contacting the CNPD or any other competent supervisory authority. You have the right to lodge a complaint to the competent supervisory authority in the EU Member State of your place of residence, workplace and/or place of alleged infringement, i.e. you can choose the supervisory authority to which you will be lodging a complaint in the above places. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your complaint, including the possibility of a judicial remedy under art. 78 GDPR.