Privacy Policy
1. Who we are
Mi Connect is operated by Mi Telecom Limited, a company registered in England and Wales. We are the data controller for personal data collected through the Mi Connect platform and website.
When Mi Connect is installed on a third-party website (a customer's site), Mi Telecom acts as a data processor on behalf of that website owner, who is the data controller for their visitors' data.
2. What data we collect
Mi Connect account holders (businesses and agencies)
| Data | Why we collect it |
|---|---|
| Name, email address, company name | Account registration and communication |
| Password (hashed โ never stored in plain text) | Account authentication |
| Billing details (processed by Stripe โ we do not store card numbers) | Payment processing |
| IP address, browser information | Security and fraud prevention |
| Widget configuration preferences | Service delivery |
Website visitors requesting callbacks (end users)
| Data | Why we collect it |
|---|---|
| Name | Identifying the caller during callback |
| Phone number | Placing the callback call via Mi Telecom |
| Email address (if provided) | SMS/email confirmation of scheduled callbacks |
| Page URL at time of request | Providing context to the receiving agent |
| Pre-call message / department selection | Routing and context for the callback |
| Date and time of request | Scheduling and reporting |
| Session ID (anonymous) | Analytics โ connecting impression/open/submit events |
Website analytics (widget impressions)
When the Mi Connect widget is loaded on a customer's website, we record anonymous events (widget seen, widget opened, callback submitted). These events are linked to an anonymous session ID and the page URL. We do not use tracking cookies for this purpose.
3. How we use your data
We use account holder data to provide and improve the Mi Connect service, process payments, send service communications, and comply with legal obligations.
We use visitor callback data solely to facilitate the callback request โ placing the call via Mi Telecom's API, and providing context to the business receiving the call. We do not use visitor data for marketing, profiling, or any other purpose.
4. Legal basis for processing
- Contract โ processing necessary to provide the Mi Connect service to account holders
- Legitimate interests โ analytics, fraud prevention, and service improvement
- Consent โ where the widget includes a GDPR consent checkbox, visitor data is processed on the basis of that consent
- Legal obligation โ retaining billing records as required by HMRC
5. Who we share data with
| Recipient | Purpose | Location |
|---|---|---|
| Stripe Inc. | Payment processing | USA (adequacy basis) |
| Mi Telecom Limited telephony infrastructure | Placing callback calls | United Kingdom |
| DigitalOcean LLC | Hosting and data storage | United Kingdom (LON1) |
| Agency partners (where applicable) | Widget management on behalf of customers | United Kingdom |
We do not sell personal data to third parties. We do not share data with advertising networks.
6. How long we keep data
- Account data โ retained for the duration of your subscription plus 90 days after cancellation
- Billing records โ retained for 7 years as required by HMRC
- Callback records (visitor data) โ retained for 12 months by default; account holders may request earlier deletion
- Analytics events โ aggregated after 90 days; raw events deleted after 12 months
7. Your rights
Under UK GDPR you have the right to:
- Access โ request a copy of the personal data we hold about you
- Rectification โ request correction of inaccurate data
- Erasure โ request deletion of your data (subject to legal retention requirements)
- Portability โ receive your data in a machine-readable format
- Object โ object to processing based on legitimate interests
- Restrict โ request restriction of processing in certain circumstances
- Withdraw consent โ where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, email privacy@mi-telecom.co.uk. We will respond within 30 days.
8. Security
We take data security seriously. Our measures include: encrypted data transmission (TLS), hashed password storage (bcrypt), encrypted database backups, restricted access controls, and regular security reviews.
No system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.
9. Cookies
See our Cookie Policy for full details. In summary, we use cookies for authentication (keeping you logged in) and Stripe's payment cookies. We do not use advertising cookies.
10. Children
Mi Connect is not intended for use by children under 13. We do not knowingly collect data from children. If you believe a child has submitted data through a widget, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated to account holders by email with at least 14 days' notice.
12. Contact and complaints
For privacy-related questions or to exercise your rights:
Mi Telecom Limited
Company no. 02668468
14 Hemmells, Laindon, Basildon, Essex, SS15 6ED
Email: privacy@mi-telecom.co.uk
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
This policy applies to Mi Connect and mi-connect.co.uk. It does not apply to third-party websites where the Mi Connect widget is installed โ those sites have their own privacy policies.