Privacy Notice

Privacy Policy for omaxtelecom.com (OMAX Group Ltd)

Last Updated: April 8, 2025

Introduction

OMAX Group Ltd (“OMAX,” “we,” “us,” or “our”) is committed to protecting your privacy. OMAX is a private limited company registered in England and Wales (Company No. 16125244) with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom​. We understand that privacy is important to you, and we do everything possible to respect your privacy when you use our platform, our services, or otherwise interact with us​. This Privacy Policy describes how OMAX collects, uses, and protects personal data as a data controller, and outlines the rights you have regarding your personal information. It applies to all users of the omaxtelecom.com platform (the “Platform”) and related services worldwide, in compliance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act.

In this Privacy Policy, “OMAX” (as well as “Company,” “we,” “us,” or “our”) refers to OMAX Group Ltd and any of its affiliates or employees​. “You” or “User” refers to the individual using our Website or Services, whether in your personal capacity or on behalf of an organization​. This includes both direct customers of OMAX and individuals whose personal data may be processed by OMAX as part of providing services (for example, end-users who receive communications via our platform).

Scope of This Privacy Policy

This Privacy Policy covers personal data that we collect and process in a variety of contexts, including:

  • Website and Platform Use: When you visit our publicly accessible websites or use our online portals/dashboards​.
  • Service Provision: When we provide telecommunications and related services to you (or your end users) via the Platform​– for example, eSIM data services, SMS messaging (including via SMPP), cloud phone/VoIP services (vPBX, DID numbers, SIP trunks), email and domain services, payment and billing services, and client support tools​.
  • Business Communications: When you interact with us as a business contact – e.g. as a representative of a corporate customer, supplier, or partner, including communications by email, phone, at events, or when visiting our offices​.
  • Recruitment and Employment: When you apply for a job with OMAX or become an OMAX employee​. This includes personal data of job applicants and staff as part of our recruitment and HR processes.

OMAX operates globally, providing services in over 180 countries. This Policy is intended to meet worldwide privacy standards and explains how we handle personal data whether you are in the UK, the EU, or any other country. Additional privacy notices may apply in certain jurisdictions or to specific services (for example, notices for California residents or other regions), but unless superseded by a more specific policy, this Policy applies.

OMAX as Data Controller and Data Processor

Depending on the context, OMAX may act either as a data controller or a data processor of personal data:

  • Data Controller: In most cases described in this Policy, OMAX is the data controller. This means we determine the purposes and means of processing your personal data – for example, when you create an account, use our services for your own purposes, visit our website, or apply for a job with us​. We are responsible for handling and protecting personal data in those contexts.
  • Data Processor: In certain service scenarios, particularly in business-to-business (B2B) contexts, OMAX processes personal data on behalf of our customers. For instance, if a business customer uses our Platform to send communications (such as SMS messages) to their end users or to provision eSIM profiles for end users, OMAX will be processing those end users’ personal data under the instructions of the business customer​. In such cases, the business customer is the data controller and their privacy policy will govern how personal data is handled; OMAX acts only as a data processor. We will adhere strictly to our customer’s instructions and ensure the confidentiality and security of the data in accordance with applicable data protection laws and contractual obligations​. If you are an end user receiving services via an OMAX customer, please refer to the privacy notice of the organization that provided you the service for details on how your data is used. OMAX will only process such data as needed to deliver the service and will not use it for our own purposes.

Personal Data We Collect and How We Use It

We collect personal information from you (and, in some cases, from third parties) to operate our website, provide our services, and communicate with you. The types of personal data and the purposes for which we process it can vary based on your interactions with us, as explained below.

  1. When You Visit Our Website or Platform

Information You Provide Voluntarily: If you contact us through our website (e.g. by filling out a contact form, signing up for newsletters, or registering for an account), we collect the personal information you choose to provide. This may include: your name and job title, your company or organization, your contact details (such as email address and telephone number), demographic information like your postal address or country, your preferences or interests, information relevant to your inquiry or to the services you request, and any other information you voluntarily submit​. For example, when you create an account on our Platform, we will ask for details like your name, email, and phone number, and if you are representing a company, we may also collect your company name and your role.

Information We Collect Automatically: When you visit our websites or use our online platform, we collect certain information automatically from your device. This includes data such as your IP address, device type, unique device identifiers, browser type, operating system, and broad geographic location (e.g. city or country level)​. We also gather information about how your device interacts with our site or platform – for instance, which pages are accessed and which links are clicked​. This automatic collection is done through cookies and similar tracking technologies (like web beacons and pixels)​.

Use of Cookies and Similar Technologies: OMAX uses cookies and related technologies to ensure our website and portal function properly, to understand and improve your user experience, and to support our marketing efforts. Cookies are small text files stored on your browser that allow us to recognize your device and collect data such as browser type, referring website, pages visited, and time stamps​. Some cookies are essential for the site to operate (for example, to keep you logged in or remember your settings), and we use these based on our legitimate interest in providing a functional, secure website​. Other cookies (like analytics or advertising cookies) are non-essential and help us analyze traffic or provide customized advertising; we obtain your consent where required before using these​. You have control over cookies through our cookie consent banner and your browser settings. For more details, please see our Cookie Policy (if available) or contact us as described below.

Purposes for Website/Platform Data Processing:

  • Responding to Inquiries: If you reach out via a contact form, chat, email or phone, we use your provided information (such as your name, contact details and the content of your inquiry) to respond to and follow up on your request​. Legal Basis: It is in our legitimate interest to effectively respond to prospective customers or user inquiries and keep business communications. In some cases, responding to your request may also be necessary as a pre-contractual step if you are inquiring about our services.
  • Account Registration and Management: When you register for a client Account on our Platform, we process your registration data (name, email, phone, login credentials) along with any profile information you provide, and assign you a customer account ID. We use this to create and administer your account, authenticate you when you log in, and enable you to use our Services via the dashboard​. We also collect data on your use of the account (e.g. actions you perform in the dashboard) to provide the service and support you. Legal Basis: This is necessary for the performance of a contract – i.e. providing the platform services you requested​.
  • Providing the Website and Services Features: We automatically collect and use technical information (like IP address, device and browser info, and cookies) to display the website correctly, maintain security, and understand how users navigate our site. This helps us troubleshoot issues, protect against fraud or misuse, and improve site functionality and user experience​. Legal Basis: Our legitimate interests in ensuring the stability, security and performance of our website and platform​. Where required by law (in some jurisdictions), we rely on consent for certain analytics or tracking activities – in those cases, we will obtain your consent through the cookie banner or similar tools.
  • Marketing and Newsletters: If you subscribe to a newsletter or opt-in to marketing communications, we will use your contact information to send you updates about our products, services, and promotions. Legal Basis: Consent (for email/SMS marketing to new subscribers) or legitimate interests (for communications to existing customers about similar products/services, as permitted by law). You can opt out of marketing messages at any time by using the unsubscribe link or contacting us.
  1. When You Use Our Telecom and Cloud Services (Service Provision)

OMAX offers a range of telecommunications and related services through the Platform​. When you use these Services (whether as an individual customer or as a business user), we need to collect and process certain personal data to deliver the service, bill you, and maintain our operations. This category covers services such as eSIM mobile data, SMS messaging, voice-over-IP (VoIP) calls, virtual PBX, DID numbers, SIP trunks, email hosting, domain registration, and associated payment and support services.

Account and Subscriber Information: To provision and administer services, we use the information in your Account profile, which typically includes your name (or your company name and contact person), address, email, phone number, and customer account ID. For business customers, we may also record your job title, department, or business contact details of your users. This information is used to identify you in our system, provide customer support, and associate your usage with your account for billing. Legal Basis: Contract performance (we need this info to provide the service to you) and our legitimate interests in effective customer service.

 

 

Service Usage Data: When you use our telecom services, we process data generated through your use of those services:

  • For eSIM Data Services – we will handle information such as the eSIM profile details (e.g. ICCID, IMSI numbers), device identifiers (like IMEI of your device if provided), network usage records (data session timestamps, duration, and data volume used), and possibly your general location (country or region) as derived from network access. We do not actively track precise GPS location, but the service will inherently involve processing location-related data (for example, connecting to local networks abroad). If certain countries’ laws require mobile user identification (KYC/SIM registration), we may collect additional identity information (such as a copy of your ID or proof of address, or even biometric data for eKYC) to comply with those requirements​. Such information will be processed only for that legal purpose with appropriate safeguards and your consent where required.
  • For SMS Messaging Services – we process the content of SMS messages and the associated metadata needed to transmit them. This includes the sender and recipient phone numbers, the time the message is sent, and the message body (text). Our systems use this data to route messages to the intended mobile networks worldwide. We generally do not retain the content of messages longer than necessary to deliver them, except if required for logging (metadata) or if you use any message storage feature. SMS message logs (e.g. numbers, date/time, status) are stored in your account for your reference and billing. Special Note on Message Content: We act as an intermediary carrier; we do not access message content except as needed for technical delivery or troubleshooting. Sensitive personal data should not be sent via our SMS service unless properly consented by the data subject or encrypted, as appropriate.
  • For Voice/VoIP Services (Cloud Phone, vPBX, SIP Trunk, DID Numbers) – we process call detail records which include the caller and callee phone numbers (or SIP addresses), the start and end time of calls, and routing information (such as which trunk or channel was used). If you use features like voicemail or call recording on our platform, we will store the audio recordings and any associated transcripts as needed to provide those features (typically accessible to you in your account). Voice content of calls is not monitored by OMAX; any analysis of call audio is only performed if you have enabled a specific service that requires it (e.g., voicemail transcription) or for troubleshooting network quality with your consent. Call logs and recordings may contain personal data about the callers or recipients (names, voices, phone numbers), and we handle this data as confidential on your behalf.
  • For Email and Domain Services – if we provide you with email hosting, we will process the content of emails that you send/receive and store them on our servers until you delete them. We also process email addresses of senders/recipients and metadata (time, IP addresses, etc.) as part of email transmission logs. For domain registration services, we collect the domain registrant’s contact information (such as name, organization, address, email, phone) as required by domain registries. We share required registrant data with the domain registry and/or registrar to register the domain in your name. In many cases, personal data in WHOIS records is redacted or privacy-protected by default due to ICANN and GDPR policies; where it is not, we offer privacy protection services to shield your contact information.
  • Payment and Billing Information: When you make a purchase or payment for our services, we (or our third-party payment processors) collect billing details. This typically includes your billing name and address, the payment method details (e.g. credit/debit card number and expiration, or bank account for direct debit), and transaction details. Payment card information is usually handled directly by accredited payment processors and not stored on our systems, or if stored, we adhere to PCI-DSS standards. We maintain records of your invoices, payment history, and any relevant correspondence (like receipts or support issues related to billing). Legal Basis: Processing payment information is necessary to perform our contract (to bill you for services)​, and to comply with legal obligations (financial record-keeping, fraud prevention).

Purposes for Service Data Processing:

  • Service Delivery and Operation: We use the data outlined above to actually provide you the service you requested. For example, we use phone numbers and message content to route SMS messages across networks, or use your eSIM profile and device data to connect you to mobile data service. We also use usage data (minutes, messages, data used) to calculate charges and ensure you receive the agreed service quality. Legal Basis: Performance of a contract – these uses are essential to deliver the services as per our agreement with you​.
  • Service Administration and Quality Assurance: We process service usage data to monitor the performance of our platform and network (e.g., to detect outages, congestion, or delivery failures), to troubleshoot issues you report, and to improve our services. We may analyze aggregated usage patterns to plan capacity (for instance, ensuring we have enough voice channels or data bandwidth in a certain region). We also use certain data to enforce our Terms and Conditions – for example, to prevent abuse of our services, detect fraud or unauthorized use (such as spamming via SMS, or detecting when a SIM is used in violation of our policies). Legal Basis: Legitimate interests – it is in our legitimate interest to maintain high quality and secure services for all customers​. In some cases, we may also invoke legal obligation or public interest grounds (for instance, detecting and preventing crime or fraudulent activity is both our legitimate interest and may be required under anti-fraud/telecom laws).
  • Billing and Account Management: We use your usage records and subscription information to generate invoices or charge your payment method, to track your account balance, and to address billing inquiries or disputes. We also use contact information to send billing notices or alerts (e.g. low balance warnings for prepaid accounts, or receipts for payments). Legal Basis: Contract performance (billing is part of providing the service) and legal obligation (we must maintain financial records, and comply with tax laws).
  • Legal Compliance (Telecom Regulations): As a provider of electronic communications services, OMAX may be subject to specific laws requiring data retention or disclosure. For example, in some jurisdictions, telecom operators must retain call detail records or internet session logs for a certain period for law enforcement purposes. Where such laws apply, we will retain and provide the required data in compliance with the law. We may also be required to verify the identity of customers purchasing telecom services (Know Your Customer rules) in certain countries. Legal Basis: Legal obligation – we process and retain the data strictly to the extent required by applicable law or government orders.
  • OMAX as Data Processor for Your End Users: If you are a business customer using our platform to process personal data of third parties (for example, sending SMS to your customers, or hosting phone calls for your users), OMAX will use that personal data only to provide the service to you. We will not use your end users’ data for our independent marketing or other purposes. In this scenario, you are responsible for having a valid legal basis to collect and share that data with OMAX. We will act in accordance with our Data Processing Agreement and your instructions, and we will assist you in facilitating your end users’ rights requests as needed.
  1. When You Are a Business Contact or Prospect

In the course of our business, OMAX may collect and use personal data of individuals who are not direct users of our Services, but who interact with us in a business or professional capacity. This includes:

  • Representatives and Contacts of Corporate Customers: If you work for a company that is an OMAX customer or partner, we may have your business contact details (name, work email, work phone, job title, company name, office address). We use this information to communicate with your company about service updates, contract matters, billing issues, or opportunities that may be relevant to the business relationship​. For example, if you are the designated account manager or technical contact for your company’s account, we will use your contact info to send operational emails or reach out regarding the account.
  • Suppliers and Partners: If you are a vendor or partner of OMAX, or a contact person at such a third-party company, we similarly process your contact information in order to manage our relationship with your company (e.g. to place orders, pay invoices, coordinate services, or invite you to meetings).
  • Prospective Customers and Marketing Contacts: We may collect information about individuals who are potential leads or interested in our services. This could happen if you give us your business card at an industry event, if you fill out a form to download a whitepaper, or if we otherwise identify you as someone who might benefit from our Services (for instance, via professional networking platforms or referrals). The personal data in these cases is typically limited to business contact info and perhaps notes of our interactions. We may send marketing communications to such contacts on a business-to-business basis. You can opt out of receiving marketing emails or calls from us at any time.
  • Office Visitors: If you visit an OMAX office or facility, we may ask you to sign in and provide your name, contact, company, and purpose of visit. We may also capture your image on CCTV if our premises are monitored for security.

Purposes for Business Contact Data Processing:

  • Managing Business Relationships: We process business contact information to maintain communication with our customers, suppliers, and partners – for example, to discuss service delivery, negotiate contracts, send service-related announcements, or gather feedback. Legal Basis: Legitimate interests – we have a legitimate interest in managing and growing our business relationships by contacting the appropriate individuals at other companies​. If you represent a Customer, processing your data may also be necessary for performance of the contract with that Customer (e.g. using the billing contact’s email to send an invoice).
  • Professional Networking and Marketing: For prospects or leads, we use your contact information to send you information about OMAX services that may be of interest to your organization. We do so in a manner consistent with applicable direct marketing laws. For example, if you are in a jurisdiction that requires opt-in consent for B2B marketing emails, we will only email you if you have consented. Otherwise, we rely on legitimate interest to inform you about our services, balanced with your rights – and will always provide a clear opt-out mechanism in such communications.
  • Security and Access Management: If you visit our offices or have access to our online portals as a business partner, we may process your information to authenticate you and ensure our premises and systems are secure​. Legal Basis: Legitimate interests in protecting our business, staff, and assets.

OMAX does not sell business contact data or share it with third parties for their independent marketing. We use and share it only as needed for the purposes above, as further detailed in the Data Sharing section.

  1. When You Apply for a Job at OMAX or Become an OMAX Employee

OMAX collects personal data in the context of recruitment and employment. This section explains how we handle information about job applicants, as well as a high-level overview of employee data processing.

Job Applicants: If you apply for a position with OMAX (through our website, a third-party job platform, or via email), we will collect and process the information you provide in your application. This typically includes your name and contact details (address, email, phone number), your resume/CV which may contain educational background, employment history, skills and qualifications, and any other information you choose to submit (such as a cover letter, references, portfolio, or salary expectations). We may also collect information from interviews or communications with you, and if applicable, from any assessments or background checks (we would obtain your consent or notify you as required by law before conducting background screening). In some cases, we receive personal data about applicants from recruitment agencies or headhunters who introduce you to us, or through referrals. We use applicant data to evaluate your candidacy and to communicate with you through the recruitment process​.

Employees: When you join OMAX as an employee (or contractor), additional personal information will be collected and processed for HR and administrative purposes. This includes your date of birth, government identification numbers (like National Insurance or Social Security number for payroll, visa/work permit information), bank account details for salary payments, emergency contact information, and any benefits enrollment information. During the course of employment, we keep records related to your performance, compensation, benefits, and any disciplinary or grievance procedures, in accordance with employment laws. Health-related information may be processed if you provide sick notes or require workplace accommodations (such data is kept confidential and processed only in accordance with law). We treat our employee’s personal data with care and only use it as needed to administer the employment relationship and comply with legal obligations (e.g. paying taxes, reporting to authorities, ensuring workplace safety, etc.). Note that detailed internal handling of employee data is governed by our internal employee privacy policies, which are consistent with the principles in this external Privacy Policy.

 

Purposes for Recruitment/Employment Data Processing:

  • Recruitment and Selection: We process applicant data to assess qualifications, verify information, and decide whether to extend a job offer​. We may contact references or perform background verification where relevant and lawful. Legal Basis: Legitimate interest – we have a legitimate interest in evaluating and selecting qualified talent to join our team​. In some cases, legal obligations also apply (for instance, confirming a candidate’s legal right to work in a country, or implementing equal opportunity monitoring).
  • Hiring and Onboarding: If you accept a job offer, the personal information you provided (and additional details you give during onboarding) will be used to prepare your employment contract, set up your payroll and benefits, and register you as an employee in our systems. Legal Basis: Contract – processing is necessary to enter into and perform the employment contract, and legal obligations – e.g. submitting tax and social security information to authorities.
  • Ongoing Employment Administration: We use employee data for day-to-day HR management – paying salaries, managing work schedules and leaves, evaluating performance, providing training, etc. Legal Basis: Contract performance and legitimate interests in running efficient staffing operations​. Many aspects are also legal obligations (e.g. withholding taxes, occupational health and safety record-keeping, compliance with labor regulations).
  • Protecting Rights and Interests: We may process applicant or employee data as needed to protect our rights or in connection with legal claims (for example, retaining interview notes to defend against discrimination claims, or reviewing company emails if necessary for an internal investigation consistent with law). Legal Basis: Legitimate interests or legal obligations (depending on context, such as cooperation with law enforcement or exercising legal rights in employment law contexts).

If you are an applicant and your application is unsuccessful, we may retain your application data for a certain period (typically defined in our retention policy, e.g. 6 months to 1 year) in case suitable opportunities arise or for record-keeping as required by law. You will have the option to object to further retention if you do not wish us to keep your resume on file. If you become an employee, your data will be retained throughout your employment and afterwards as required by our data retention policies (see Data Retention below).

We ensure that all recruitment and employment data is kept secure and is accessible only to those who need to process it (such as HR staff and the direct managers, or IT personnel for system maintenance).

Legal Bases for Processing Personal Data

OMAX will only collect and process your personal data when we have a valid legal basis to do so under applicable data protection laws. Depending on the specific context, one or more of the following legal bases typically apply:

  • Performance of a Contract: We process data that is necessary to provide our services to you or to take pre-contractual steps at your request. For example, we need to process your contact and payment information to set up your account and deliver the services you ordered​, or to fulfill our obligations in an employment contract with an employee. Without this data, we cannot perform the contract with you.
  • Legitimate Interests: We process data as needed for our legitimate business interests, provided that our interests are not overridden by your data protection rights. We have a legitimate interest in many operational purposes – such as securing and improving our platform​, responding to inquiries​, sending B2B marketing communications, preventing fraud, or managing customer relationships​. When we rely on this basis, we consider the potential impact on you and ensure there is no undue risk to your rights. You have the right to object to processing based on legitimate interests in certain cases (see Your Rights below).
  • Consent: In some situations, we ask for your consent to process your data. For instance, we will obtain your consent to send you promotional emails if you are not an existing customer, or before processing any sensitive personal data (such as biometric information for eKYC)​. Where we rely on consent, you can withdraw it at any time, which will not affect the lawfulness of processing done before the withdrawal. We do not generally process data based on consent if another legal ground applies; consent is typically used for optional uses of data.
  • Legal Obligation: We process personal data when we must comply with a legal or regulatory obligation. Examples include complying with tax and accounting rules, retaining certain communications data under telecommunications laws, responding to lawful requests from authorities, or providing information to regulators or law enforcement when required​. In such cases, our processing is strictly to fulfill those legal requirements.
  • Vital Interests/Public Task: These bases are less commonly relevant to OMAX’s typical activities. Vital interests would apply if processing is necessary to protect someone’s life or safety (e.g., emergency situations). “Public task” may apply if we are ever carrying out processing in the public interest or under official authority (generally not applicable as a private company, except possibly in fulfilling government requests under law).

If you have questions about the specific legal basis for any processing of your personal data, please contact us (see How to Contact Us at the end) and we will clarify our justifications.

How We Share Your Personal Data (Data Disclosure)

OMAX treats your personal data with care and confidentiality. We do not sell your personal information to third parties. We also do not share your data with third parties for their own marketing purposes unless you have explicitly consented to such sharing. However, in order to run our business and provide our services, we do share personal data with certain categories of recipients, as detailed below:

  • Affiliates and Group Companies: We may share your data with other companies within the OMAX Group (e.g., any subsidiaries or affiliates) for purposes consistent with this Policy​. For instance, if OMAX establishes regional subsidiaries in other countries, your data might be accessed or processed by those entities as part of providing support or service to you. All OMAX group entities will adhere to the privacy protections described here.
  • Service Providers (Processors): We use trusted third-party service providers to perform functions on our behalf, and we may need to share certain personal data with them to fulfill those functions​. This includes, for example:
    • Infrastructure and IT Providers: Cloud hosting services or data center providers where our servers are located; database and software service providers; email service platforms; and customer support tools. These providers help us store or manage data securely.
    • Payment Processors: Financial institutions and payment gateways that process credit card transactions or other payment methods for our billing​. They receive billing details as needed to process your payment.
    • Analytics and Advertising Partners: Companies that provide analytics services or assist with advertising (for our own products). They may receive online identifiers (like cookies or IP addresses) and usage data to help us understand website traffic or to serve targeted OMAX ads on third-party platforms. Such partners are limited in how they can use your data and cannot identify you for other purposes without consent.
    • Communications & Support: Contractors or platforms that help us send communications (e.g. email delivery services, SMS aggregators for sending notifications, CRM systems) or provide customer support (helpdesk software, call center service). They would process the contact info and message content necessary to deliver the communication or support service.

These third-party providers act under our instructions and are bound by data processing agreements to process data only for our purposes and to protect it. They may not use your data for their own needs. We ensure that all our processors provide sufficient guarantees to safeguard your information​.

  • Network Operators and Telecom Partners: In order to deliver telecom services worldwide, we often have to exchange certain data with other telecommunications operators or carriers. For example, if you send an international SMS or make a call to another country, we pass the recipient’s phone number (and the message or call content) to partner carriers or local operators who terminate the communication. Similarly, for eSIM services, we partner with mobile network operators in different regions to provide connectivity; this may involve sharing your IMSI or eSIM profile info and the fact that it’s assigned to your device, so that the local operator can allow your device on their network. We share only what is necessary for the performance of the service​. These parties in turn are typically independent controllers of the data we provide to them (e.g. each telecom operator has its own legal obligations for processing the data in transit). We contractually require our partners to handle any personal data appropriately and confidentially.
  • Business Partners and Resellers: If you purchased OMAX services through a reseller or partner (or if we provide services in collaboration with a business partner), we might need to share relevant data with that partner. For example, if a partner referred you to us for an eSIM service, we might share information about your activation status or usage necessary for commission calculations or support. We will only share with partners who are under a contractual obligation to protect your data, and only as needed for the joint offering or referral arrangement, or with your consent.
  • Corporate Transactions: If OMAX undergoes a business transition such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, your personal data may be disclosed to potential or actual purchasers (and their professional advisors) as part of the transaction due diligence or transfer​. We will ensure that any such parties are bound to confidentiality, and if the transaction completes, your personal data will continue to be used only in accordance with this Policy (or you will be given notice and choice if the data will be used for new purposes).
  • Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement or regulatory authorities, and our legal counsel) when we believe, in good faith, that such disclosure is necessary to:
    • Comply with applicable law, regulation, legal process, or enforceable governmental request​. For example, we may receive lawful requests to provide information for criminal investigations or national security purposes. We will carefully review each request to ensure it has a valid legal basis and will object or refuse overly broad or unlawful requests​. Where permitted, we may notify you of such requests.
    • Enforce our terms of service or other agreements, and investigate potential violations thereof.
    • Detect, prevent, or address fraud, security, or technical issues (for example, investigating a spam campaign or a network attack).
    • Protect the rights, property, or safety of OMAX, our customers, our employees, or the public. This could include sharing information with other organizations for fraud prevention or spam/malware mitigation.
  • With Your Consent or At Your Direction: In certain cases, you may explicitly request that we share your data with a third party, or consent to such sharing. For instance, if you ask us to port your phone number to another provider, we will need to share that request (including your number and associated info) with the new provider and possibly a regulatory body. Or, if you integrate your OMAX account with a third-party service (by API or otherwise), you may allow us to share data with that service at your direction. In these cases, we will share your data as needed to fulfill your request, after obtaining your consent.

Aggregated or Anonymized Data: We may share information that has been aggregated or anonymized in such a way that it no longer reasonably identifies you. For example, we might publish telecom usage statistics or share generalized trends with partners. This information is not considered personal data and may be used or shared freely. We may also pseudonymize certain data before sharing it – meaning we replace identifying fields with codes – and retain the key separately. In such cases, the receiving party cannot re-identify you from the pseudonymized data without our key​.

Except for the scenarios above, OMAX will not share your personal data with third parties. In particular, we will not share or sell your information to third parties for their own direct marketing purposes unless you have given us permission to do so​.

International Data Transfers

OMAX is headquartered in the United Kingdom, and we provide services to customers around the world. Consequently, your personal data may be transferred to, and processed in, countries other than your country of residence. These countries might have data protection laws that are different from (and in some cases less protective than) the laws of your country.

For example, if you are an EU/EEA or UK user, your data may be stored on servers in the UK or EU, but it could also be accessed by our support team in another region, or transmitted to a telecommunications partner in a non-EEA country to complete a call. Similarly, if you are outside the UK/EU, your data might be processed in the UK or in another country where our infrastructure or partners are located (which could include the United States, Canada, or countries in Asia, etc.).

Regardless of where data is processed, we apply the same high standards of privacy and security described in this Policy. When we transfer personal data out of the UK or European Economic Area (EEA), we take steps to ensure appropriate safeguards are in place to protect your information in accordance with GDPR and UK law​. These safeguards include:

  • Adequacy Decisions: Where applicable, we may transfer data to countries that have been officially determined to provide an adequate level of data protection by the European Commission or the UK government (e.g. countries on the EU/UK adequacy list)​. Transfers to such countries are permitted without additional measures.
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (for example, to the USA or India), we will use the European Commission’s approved Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum, as relevant, in our contracts with the data importer​. These clauses contractually oblige the recipient to protect the personal data to EU/UK standards. We also assess on a case-by-case basis whether any additional technical or organizational measures are needed to ensure data is protected when it reaches the destination.
  • Other Lawful Mechanisms: In certain cases, we might rely on a derogation (exception) under Article 49 GDPR for specific transfers – for instance, if a transfer is necessary for the performance of our contract with you (like routing an SMS through a foreign operator you requested) or if you have explicitly consented to the proposed transfer after being informed of any risks. However, we will typically use such derogations only as a last resort when other safeguards are not available.

You can contact us if you would like more information about the countries to which we transfer personal data, or the specific safeguards applied to an international transfer of your information. We acknowledge our responsibility for personal data under our control, and in any onward transfer scenarios, OMAX remains liable to ensure the protection of your personal data (except to the extent a third party recipient directly becomes responsible under applicable law).

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements​.

In general, this means:

  • Active Accounts: For as long as your user account is active or you are subscribed to our services, we will keep the personal data associated with your account. This is necessary to provide you with the services on an ongoing basis (usage history, settings, etc.).
  • Communication Data: If you contacted us, we will retain those communications (emails, support tickets, call recordings) as long as needed to address your inquiry and for a short period thereafter in case of follow-up, or longer if required by legal obligations or our internal retention schedules.
  • Transactional Data: We retain transactional records (like invoices, payments, SMS/call logs) for a minimum period required by law or by our legitimate business needs. For example, financial records are typically kept for at least 6-7 years under UK tax laws. Telecom traffic logs may be retained for a certain period (e.g., 12 months) as required by applicable data retention regulations or for resolving disputes, and then deleted or anonymized.
  • Job Applicants: Data from an unsuccessful job application may be kept for a limited period (e.g., 6 months to 1 year) after conclusion of the process, unless you consent to a longer retention for future openings. Successful candidates’ information becomes part of the employee record and will be retained accordingly.
  • Employee Data: We retain employee personal data during employment and for a post-employment period as required by law (for example, payroll records must be kept for several years after an employee leaves).

When we have no ongoing legitimate business need or legal requirement to process your personal data, we will either delete it or anonymize it​. If deletion or anonymization is not immediately feasible (for instance, because the data is stored in secure backups), we will isolate and protect the data and remove it from active use until deletion is possible​.

Some specific scenarios: If processing is based on your consent and you withdraw consent, we will stop the processing and, depending on the situation, either delete the data or keep it if we have another lawful basis that permits retention. If you object to processing and we have no overriding legitimate interest to continue, we will cease the processing challenged and remove the data. On the other hand, if a certain piece of data is needed for a legal claim or compliance, we may retain it despite a request for erasure, but we will restrict its use to that purpose.

Our retention periods are determined considering the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, and whether those purposes can be achieved by other means, as well as applicable legal requirements. We periodically review the data we hold and erase or anonymize data when it is no longer needed.

Data Security

OMAX takes the security of your personal data very seriously. We have implemented a variety of technical and organizational measures to protect your information from unauthorized access, use, alteration, or destruction​. These measures include:

  • Technical Safeguards: We use industry-standard encryption protocols (such as TLS) to protect data in transit (e.g., information exchanged between your browser and our website or between our systems and our partners). We also employ encryption and access controls to protect data at rest, especially for sensitive information. Our servers are protected by firewalls, intrusion detection systems, and continuous monitoring for vulnerabilities or breaches. We regularly update and patch our software and infrastructure to address security issues.
  • Access Controls: Personal data is accessible only to authorized personnel who require access to perform their job duties. We enforce principles of least privilege and role-based access control, ensuring that staff access to data is limited to what is necessary. Administrative access to systems that contain personal data is logged and reviewed.
  • Organizational Policies: We have internal policies and training for employees on data protection and information security. We require our staff to handle personal data confidentially and we impose disciplinary measures for any misuse. We also ensure that any third-party service providers we use are vetted for strong security practices and are contractually obligated to protect data.
  • Physical Security: To the extent applicable (for any on-premise systems or offices), we maintain physical security controls at our facilities, such as secure access controls, surveillance cameras, and alarm systems, to prevent unauthorized physical access to data.
  • Testing and Auditing: We conduct periodic security assessments, vulnerability scans, and penetration testing on our systems to identify and fix weaknesses. Our security procedures are regularly reviewed and updated to adapt to new threats and changes in technology​.

Despite our best efforts, please note that no website, internet transmission, or storage system can be guaranteed to be 100% secure​. Cyber threats continue to evolve, and while we strive to protect your data, we cannot warrant absolute security. However, we have put in place incident response plans to deal with any potential data security breach swiftly and effectively. In the unfortunate event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate supervisory authorities as required by law​. We will also take all necessary steps to mitigate the impact and prevent future occurrences.

You also play a role in keeping your data secure. We encourage you to use a strong, unique password for your OMAX account and to keep your login credentials confidential. If you become aware of any unauthorized access or suspect any security issue related to your account or personal data, please contact us immediately.

Your Rights as a Data Subject

Under applicable data protection laws, you have certain rights regarding your personal data. These rights may vary depending on your jurisdiction, but OMAX is committed to extending core data protection rights to all users where reasonably possible. Subject to applicable law and certain conditions/exceptions, the following rights are available:

  • Right of Access: You have the right to ask us to confirm whether we are processing your personal data, and if so, to provide you with a copy of that data, as well as information about how we use it​. This allows you to understand what personal information we hold about you. (This is commonly known as a “Data Subject Access Request”.)
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you​. We encourage you to keep your account information up to date, and you may update certain information directly via your profile settings. For any data not editable through the platform, you can contact us to have it corrected.
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances​. This right (sometimes called “the right to be forgotten”) applies, for example, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and no other legal basis for processing exists, or if you object to processing and we have no overriding legitimate grounds to continue, or if the processing was unlawful. Please note that this is not an absolute right – we may need to retain certain information as required by law or for legitimate business purposes (we will inform you if that is the case).
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain scenarios​. For instance, if you contest the accuracy of the data, you can request restriction while we verify it; or if you have objected to processing (see below) and we are determining whether our legitimate grounds override yours; or if processing is unlawful but you prefer restriction over deletion; or if we no longer need the data but you need us to keep it for the establishment, exercise, or defense of legal claims. When processing is restricted, the data will be stored but not used except for limited purposes such as consent or legal claims.
  • Right to Data Portability: For data that you have provided to us and which we process by automated means on the basis of your consent or a contract, you have the right to request a copy in a structured, commonly used, machine-readable format​, and you have the right to have that data transmitted to another data controller where technically feasible. In plain terms, this allows you to take your data to another provider. Note that this right applies to specific subsets of data (not to all data we hold).
  • Right to Object: You have the right to object to our processing of your personal data when such processing is based on legitimate interests or public interest​. You may also object at any time to the use of your personal data for direct marketing purposes. If you lodge an objection, we will evaluate whether our compelling legitimate grounds for processing override your privacy rights. In cases of direct marketing, we will stop processing your data for those purposes once you object.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time​. Once you withdraw consent, we will stop the specific processing that was based on consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal. For example, you can opt-out of marketing emails by withdrawing your consent (via the unsubscribe link or account settings) and we will stop sending them.
  • Rights Related to Automated Decision-Making: OMAX does not currently make any decisions about you that are based solely on automated processing (including profiling) that produce legal or similarly significant effects. If in future we engage in such activity, you would have the right not to be subject to a decision based solely on automated processing that significantly affects you, and to request human intervention or an explanation, as provided by law.
  • Right to Complain: You have the right to lodge a complaint about our data processing activities with a supervisory data protection authority​. If you are in the UK, this would be the Information Commissioner’s Office (ICO). If you are in another country, you can contact your local Data Protection Authority. We would, however, appreciate the chance to address your concerns before you approach a regulator, so we encourage you to contact us first with any complaint.

To exercise any of your rights, please contact us using the contact details in the How to Contact Us section below. We will respond to your request as soon as possible, and in any event within the timeframes required by law (generally one month, with extensions if allowed for complex requests). We may need to verify your identity before fulfilling certain requests​, to ensure that we do not disclose data to an unauthorized person or make changes fraudulently. For example, we might ask you to confirm some identifying details or provide ID, especially for access or deletion requests​.

Please note that some rights are subject to exceptions. There may be situations where we cannot fully comply with your request, such as when fulfilling it would conflict with our legal obligations or the rights of other individuals, or when we have overriding legitimate grounds. We will assess each request on a case-by-case basis and will inform you of the outcome, including the reasons if we cannot comply fully​. We will, however, do our best to accommodate your request to the extent possible and will always communicate any denial or partial fulfillment clearly.

Exercising your rights is free of charge. However, if a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on it – but we will provide our reasoning in such cases as required by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes, we will revise the “Last Updated” date at the top of the Policy. If any material changes are made, we will take reasonable steps to notify you, such as by posting a notice on our website or dashboard, or by sending you an email notification, prior to the change becoming effective​. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

If we make changes that significantly affect how we process your personal data, we will ensure that such changes are in compliance with applicable law. Where required, we will obtain your consent for the new processing or provide you an opportunity to opt-out (for example, if we were to start processing your data for a new purpose not initially disclosed). Your continued use of the Platform or our services after the updated Privacy Policy has come into effect will signify your acceptance of those changes, to the extent permitted by law.

How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us. You can reach out to our Data Protection Officer (DPO) and privacy team as follows:

  • By Email: moc.moceletxamoobfsctd@opd
  • By Mail: Data Protection Officer – OMAX Group Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom​
  • By Phone: Please call our main office line at +44 20 805 861 85 and request to speak with the Data Protection Officer (please note, email is usually the fastest way to reach us regarding privacy matters).

We will address your inquiry or request promptly and professionally. If you are contacting us to exercise any of your data subject rights, please clearly state your request and include sufficient information for us to verify your identity (as noted above).

Additionally, as noted in Your Rights, you have the right to contact the Information Commissioner’s Office (ICO) or your local supervisory authority about any concerns. The ICO can be contacted via their website (ico.org.uk) or by phone at +44 303 123 1113. We would appreciate the opportunity to resolve your concerns directly, but you are free to seek help from the regulators if needed​.

OMAX Group Ltd thanks you for taking the time to read this Privacy Policy. We value your trust and are dedicated to safeguarding your personal information as you use our services. If you have any questions or need further clarification, please contact us.

Log in