Privacy Policy

Phone Usage

This privacy policy explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.

The most important fact is that it’s your personal data. We have complete respect for your rights and we will only use it where necessary to deliver, protect and improve our services, to keep you up to date about developments in our products, and to fulfil any legal or regulatory obligations we may have.

We review this policy regularly and may update it from time to time. The latest version will always be available here.

About The Data Controller
The data controller for the purpose of this policy is 3X Cloud Ltd (t/a WigWag), Martindale House, The Green, Ruddington, Nottinghamshire, NG11 6HH. Our company number is 12342271.

If you want to contact us about any of the points on this policy, or just generally about how we protect your privacy, please email us at

If you’re someone who doesn’t have a direct relationship with us, but believe that a WigWag customer or partner has entered your personal data into our websites or services, you’ll need to contact that customer or partner regarding any questions you have about your personal data (including where you want to access, correct, amend, or request that your personal data be deleted). See “Information for End Users” below for more information.

Whose Information We Collect
We collect information from three types of individuals:

  • Customers are individuals and businesses who have signed up or requested to use one of our services directly.
  • Partners are individuals and businesses who use our white-label platform for onward-provision of the services, under their own brand and terms, to their own customers.
  • End users are individuals and businesses that interact with our services but do not have a contractual relationship with us. This could be, for example, our Customers’ employees, or our Partners’ customers and their employees.
    You are not required to provide any data to us. However, if you do not do so, you may not be able to make full use of our services.

    Purpose And Lawful Basis For Processing Your Personal Data
    The personal data we process depends on how you interact with WigWag and your relationship with us (see above).

    To provide you with services. We need to use your personal data in order to perform our obligations under contract to provide the services to you. We will:

  • Use your contact details and other information to confirm your identity. This could include details such as your name, address, telephone number, email address, passwords, and payment/financial information. For your security, we do not store credit card or bank details on our own systems;
  • Store personal data to enable you to access the services;
  • Contact you for legitimate account-related purposes such as sending invoices, service announcements and other alerts such as low-credit warnings, voicemail notifications etc;
  • Provide your information to other communication providers where necessary to provide services to you.
  • To comply with regulatory obligations. Where we have a legal duty, we may:

  • Retain contact details (name, address, telephone number) to provide data to the BT EHA (Emergency Handling Authority) in the event of a call to 112 or 999 in accordance with General Condition 4;
  • Use personal data to provide number portability services in accordance with General Condition 18; and
  • as otherwise necessary to meet our requirements within the General Conditions of Entitlement, The Communications Act 2003, and other relevant legislation.
  • To market relevant products to you. We may use your personal data to send you marketing information that may be of interest to you, but only if you have consented. If this is the case, we will:

  • Use your contact details including your name, address, phone number, and email address, to communicate with you;
  • Use information about how you use our services to tailor the communications we send to you;
  • Recommend other products or services that may be appropriate to you;
  • In each marketing message we send, provide the means to opt-out from that type of message, or all further communication for marketing purposes.
  • To prevent fraud. We will use personal data for the legitimate interest of detection and prevention of fraud. We will:

  • Retain any information submitted in an account application including your name, address, telephone number, email address, IP address etc, even where that application for an account is unsuccessful;
  • Where appropriate, disclose information identified as fraudulent to fraud prevention, law enforcement agencies, and other industry bodies.
  • To recover debt. If you do not pay your invoices on time, we may instruct our solicitors or debt recovery agencies to recover what is owed. We will provide them with your personal data necessary to effect this. This processing is for the legitimate interest of running our business.

  • End Users
    Where we have a legitimate interest. We will process personal data if it is in our legitimate interests to do so. We will:

  • Retain records of calls made by or to an End User using our service, including telephone numbers, which may be considered personal data;
  • Use End User information for the purposes of detection and prevention of fraud and to protect our network.
  • Create aggregated and anonymised information for analysing the use made of our services and networks to inform business decisions and strategy.
  • To comply with regulatory obligations. Where we have a legal duty, we may:

  • Retain contact details (name, address, telephone number) to provide data to the BT EHA (Emergency Handling Authority) in the event of a call to 112 or 999 in accordance with General Condition 4;
  • Use personal data to provide number portability services in accordance with General Condition 18; and
  • as otherwise necessary to meet our requirements within the General Conditions of Entitlement,
  • The Communications Act 2003, and other relevant legislation.
  • We do not use End User information for marketing purposes.

    Who We Share Your Personal Data With
    Data processors
    We use a number of different service providers (acting as “data processors”) to enable us to operate our business and the services we provide. For example, your personal data may be transferred to (and stored by) a third party data processor in order for us to:

  • Provide customer services, such as support ticket tracking and in-app communication;
  • Provide marketing services, such as our newsletter or other direct marketing;
  • Process payments, such as credit cards and Direct Debits;
  • Keep you informed regarding issues or planned maintenance on our network, via our status page;
  • Identify and prevent crime and/or fraudulent transactions;
  • Maintain off-site backups for the purpose of disaster recovery.
  • For security reasons (to reduce the risk of phishing attacks to our customers) we do not name all our service providers in this privacy policy. However, the types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us at if you want further information on specific data processors or the types of personal data they process for us.

    Other circumstances in which we may share personal data with third parties

    We may also share your personal data with the following third parties in certain circumstances:

  • Law enforcement or other authorities (such as tax authorities) if required by applicable law;
  • Third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy;
  • With professional advisors such as lawyers, accountants or auditors in order for them to provide legal, accounting or auditing services to us.
  • We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes other than our own marketing activity.
    International transfers of personal data, and the measures in place to protect it.

    Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Some of the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA.

  • In each case we and/or our processors use one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
    Certain processors may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where personal data is transferred outside the EEA or countries the EC deems to have adequate privacy protection, we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Providers storing data in the US may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

    Please contact us at if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.

    Your Personal Data Rights
    The personal data we hold about you is your data, so you have certain rights over them. This section summarises your rights. You can exercise any or all these rights when you choose, and the easiest way is by dropping us an email at

    Where we are processing your data based on your consent (e.g. for marketing purposes) you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated. You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. You also have the right to require us to correct any records that are wrong. You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above. We also retain the right to keep data that is needed to establish, exercise or defend a legal claim. Where we process your data based on a “legitimate interest” you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests. Finally, you may have the right to have your personal data transferred to another organisation, and we’re obliged to provide it to you in a clear and reasonable format.

    Your Right To Lodge A Complaint With The Regulator
    At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at or by calling them on 0303 123 1113.

    Of course, we hope that we can resolve your issue quickly and fairly – you can contact us at

    Updating Information
    If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

    Information For End Users
    Where our services are used by companies or organisations, the company or organisation (“the administrator”) is responsible for your use of the services and any questions with regard to your own data privacy should be addressed to that administrator, which will have its own data security and privacy policies. We have no control over any decision by any such administrator to, for example, access your account, change the nature of your account access (including termination, suspension or restriction) and/or amend your information (such as your profile or e-mail address). For the purposes of this section, an administrator may mean a company or organisation who provides you with your email address and owns the associated domain (such as an employer) who asserts control over your account or (in which case you will be advised) at some later date.

    Data Retention
    The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it – for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements.

    We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s securely deleted or anonymised.

    We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. All of our methods meet the GDPR compliance requirement.

    Our Use Of Cookies And Tracking
    Essential Cookies
    We use cookies to make interactions with our website easy and meaningful. We use cookies (and similar technologies, like HTML5 local storage) to keep you logged in, remember your preferences, and provide information for future development of our services. A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting our website; however, a cookie may store a unique identifier for each logged-in user. Some of the cookies we set are essential for the operation of our website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you may not be able to log in or use our services.

    Where we have your consent – which we will ask for on your first visit – we use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect personal information. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use our services. This helps us to compile statistical reports on activity; and improve our content and website performance. Google Analytics gathers certain simple, non-personally identifying information over time, such as your browser type, which site you were referred by, entry and exit pages, timestamp, and similar data about your use of our site. We do not link this information to any of your personal information such as your username.

    Other Cookies
    Certain pages on our site may set other third-party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimise these third party cookies, we can’t always control what cookies this third-party content sets.

    We process some personal data on the basis of consent. We obtain this consent by opt-in means only at the time of creating your account, subscribing to one or more of our mailing lists, or by specific request. You may withdraw this consent at any time.

    How To Contact Us
    If you have any questions, concerns or just want some more information about our privacy management, drop us a line at