The Bermuda Telephone Company Home Page | At Home | In Business | About BTC | Customer Service  
About BTC
Bermuda's proud supplier of communication services
Privacy Code
Corporate Overview
Executive Structure
Message From the President & CEO
Scholarships
Privacy Code


1 OBJECTIVE AND SCOPE
BTC is a Bermuda telecommunications company providing a full range of telecommunications and electronic transmission services to individuals located both in and outside of Bermuda. To be able to provide its services, BTC gathers certain confidential information about its Customers and other Data Subjects. While the gathering of such confidential information is a necessity, BTC respects the privacy of its Customers and their communications and has established as a priority the protection of the confidentiality of all Customer Data and Personal Data.

This Privacy Code complies with the requirements of Bermuda laws as well as to be consistent with the fair information practices and transparency principles set out in the 1980 OECD Guidelines for the Protection of Privacy and Transborder Flows of Personal Data. The privacy principles set out in the OECD Guidelines have been widely adopted throughout the world by telecommunications carriers and other businesses in privacy codes and in those jurisdictions that have made laws affecting the collection, processing, use and transfer of personal data. Some jurisdictions may have additional or more restrictive requirements that apply where personal data is transferred to or from such jurisdictions.

As a telecommunications carrier, we must maintain the confidentiality of customer information as well as respect the privacy of their communications under the Telecommunications Act 1986. As both an intermediary and e-commerce service provider that collects and processes personal data contained in electronic records, we must also follow the "Standard for Electronic Transactions" appointed by the Minister under Bermuda's Electronic Transactions Act 1999. Although not yet made, the latter Act does contemplate additional regulations prescribing standards for the processing of personal data consistent with EU's safe harbour principles for the transborder flow of personal data. These statutes are the primary, although not the only, sources of law with which we must comply.

2 APPLICATION SUBJECT TO LAWS
This Privacy Code sets out the Company's privacy principles and procedures for collecting, using and protecting Customer Data and Personal Data. The application of these privacy principles and procedures is subject at all times to applicable legislation, regulations, tariffs, and the orders of courts or other lawful authorities, and may be subject to some agreements (such as intercarrier agreements).

BTC will continue to review this Privacy Code to ensure that it continues to comply with all applicable laws and regulations and remains current with changing technologies and the needs of BTC's customers.

3 DEFINITIONS
In this Privacy Code:

"BTC" means the Bermuda Telephone Company, Limited and its subsidiary companies;

"Company", "we", "our", 'us" means BTC and its agents and contractors;


"consent" 		means a voluntary agreement by a Data Subject for the collection, use and disclosure of personal or confidential information for the purposes and in the situations set out in this Privacy Code. Consent may be either express or implied and can be provided by the Data Subject or its authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of BTC. Implied consent is consent that can reasonably be inferred from a Data Subject's action or inaction.

"Customer"

means any identified or identifiable person or entity who or which subscribes to or applies to subscribe to BTC's telecommunication services or purchase BTC's goods;

"Customer Data" means any information in any form provided by a Customer, whether or not a natural person, associated with his, her or its telecommunication service or application for telecommunication service;

"Data Subject" means any identified or identifiable party, including a Customer, who is the subject of Personal Data

"Personal Data" means any information relating to an identified or identifiable natural person by which such person can be identified, whether directly or indirectly.

4 PRIVACY PRINCIPLES

4.1 BE RESPONSIBLE

We are responsible for the Personal Data and Customer Data under our control, including data transferred to or from a third party for processing on our behalf, and for establishing effective mechanisms to ensure compliance with applicable privacy principles.

BTC shall be responsible to the Data Subjects for the Customer Data and Personal Data under its control.

BTC's senior management has overall responsibility for ensuring the Company's compliance with this Privacy Code and all other applicable privacy restrictions necessary to protect the confidentiality of the Personal Data and the Customer Data. These responsibilities include:

implementing and maintaining procedures to protect Personal Data and Customer Data in a manner consistent with this Privacy Code and commensurate with the sensitivity of the particular data;
ensuring these privacy principles and practices are considered when developing and marketing new services;
ensuring that this Privacy Code is reviewed periodically by its legal advisors for consistency with the current law.
educating employees about the privacy principles and practices;
requiring third parties to have a comparable level of protection when handling Personal Data or Customer Data on our behalf.


All BTC employees have been made aware of this Privacy Code and are responsible for maintaining the confidentiality of all Personal Data and Customer Data to which they have access. Employees shall not be permitted to access and use Personal Data or Customer Data other than as required to perform their duties. When contracting with third parties, we will use appropriate means to provide a comparable level of protection, as is contained within this Privacy Code, to the Data Subjects where Personal Data or Customer Data is collected or processed by a third party on our behalf. For instance, we will provide only the data required in the circumstances and ensure contracts with the third parties contain limitations as to access, mandate that the information may only be used for the purposes stipulated and require the third parties acknowledge their strict obligation to maintain the confidentiality of the Personal Data and Customer Data to the same extent as is required of BTC.

4.2 IDENTIFY AND SPECIFY PURPOSES
We will identify (and, where appropriate, use reasonable efforts to make known to the Data Subject) the purposes for which Personal Data or Customer Data is collected at the time or before collecting it. We will not use Personal Data or Customer Data for non-related purposes without obtaining, unless inappropriate, the Data Subject's consent.

BTC may collect and use your Personal Data or Customer Data only if relevant:

(1) to establish and maintain responsible commercial relations with you;
(2) to understand your needs and preferences;
(3) to determine your eligibility for goods and services;
(4) to provide you with information concerning our goods and services or about your service;
(5) to develop, enhance, market, provide or bill goods and services;
(6) to manage, develop and plan our business and operations;
(7) to protect us against error and fraud;
(8) to meet legal or regulatory requirements; and
(9) as otherwise disclosed prior to its collection or for any other purpose to which you consent;


(collectively called the "Purposes").

Unless required or authorised by law or clearly compatible with the Purposes, we will not use or disclose for any new purpose Personal Data or Customer Data that has been collected without first specifying the new purpose and obtaining the consent of the Data Subject.

Notwithstanding anything in this Privacy Code, BTC has the express right to release Personal Data and Customer Data to third parties who have contracted with BTC to assist BTC in providing any of the foregoing Purposes. Such third parties, as a term of their contract with BTC and prior to the release of any Personal Data or Customer Data to them by BTC, shall agree to be bound by this Privacy Code.

The Purposes, and any new purposes for which BTC may use or disclose the Personal Data or Customer Data may be specified in various ways, such as in legislation, by regulation, by governmental or administrative directive, in our published Conditions of Service or tariff for a specific telecommunication service, in our Company forms executed by the Data Subject, in an agreement between BTC and a Customer, in this Privacy Code, as amended from time to time, or by reference to a specific policy or document available to the Data Subject.

Purposes by which BTC may use or disclose the Personal Data or Customer Data may be disclosed to the Data Subjects orally, electronically or in other writing as BTC considers appropriate in the circumstances prior to the use or disclosure of the Personal Data or Customer Data.

4.3 LIMIT COLLECTION
We will limit the collection of Personal Data and Customer Data to that which is relevant for the purposes we have identified and will obtain such data by lawful and fair means and, where appropriate, with the knowledge or consent (express or implied) of the Data Subject.

We will collect Personal Data and Customer Data only if the data is relevant for BTC to provide the goods, services or information the Data Subject requires or as we otherwise disclose before collecting the Personal Data or Customer Data. For instance, we will take reasonable steps to ensure that our Company forms - e.g., order forms, application forms, questionnaires, surveys and contest forms - do not seek data that is not relevant for the identified purpose. If any Personal Data or Customer Data requested is not relevant for the goods, services or information required but is relevant for some other purpose, we will disclose the purposes and endeavour to make and explain that provision of such data is optional.

We will limit collection to Personal Data or Customer Data that is not prohibited by law in Bermuda from being collected. In all circumstances, we will use lawful means when collecting Personal Data and Customer Data. We will also use professional and appropriate means when collecting Personal Data and Customer Data and, where appropriate, with the knowledge or consent of the individual. This means we will: (1) take care not to mislead or deceive the individual from whom we collect Personal Data and Customer Data about the purpose; and (2) collect Personal Data or Customer Data primarily from the Data Subject. We may collect Personal Data and Customer Data from other sources such as credit bureaus, employers, references or third parties that represent that they have the right to disclose the information, providing that we collect such Personal Data or Customer Data with the knowledge or express or implied consent, where required, of the Data Subject.

4.4 LIMIT USE AND DISCLOSURE FOR IDENTIFICATION PURPOSES
We will not use or disclose Personal Data or Customer Data for purposes incompatible with the identified purposes without the consent (express or implied) of the Data Subject or as required by law.

We may use Personal Data or Customer Data for direct marketing, billing or other purposes necessary for the provision of BTC services and goods.

With the Customer or Data Subject's consent, we may disclose Personal Data or Customer Data:

(a) where we wish to transfer certain classes of services to another Carrier and that Carrier is bound by its Privacy Code;
(b) in respect of public telecommunications services which are directly connected with the delivery of emergency services;
(c) as permitted under the Bermuda Telecommunications Act 1986 or the Standard for Electronic Transactions;
(d) to a person who in the reasonable judgment of BTC is seeking the information as an agent of the Customer;
(a) to another telecommunications company for the efficient and cost-effective provision of telecommunications services;
(b) to a company involved in supplying the customer with communications or communications directory related services;
(c) to a company or individual employed by BTC to perform functions on its behalf, such as research or data processing;
(d) to another company or individual for the development, enhancement, marketing or provision of any of BTC's products or services;
(e) to an agent used by BTC to evaluate the Customer's creditworthiness or to collect the Customer's account;
(f) to a credit reporting agency (if properly authorised);
(g) to a public authority or agent of a public authority, if in the reasonable judgment of BTC, it appears that there is imminent danger to life or property which could be avoided or minimised by disclosure of the information; and
(h) to a third party or parties, where the Customer's consent to such disclosure is required by law.


In certain circumstances the Company may use or disclose Personal Data or Customer Data without the knowledge or consent of the Data Subject. Examples where we may be authorised or required by law to disclose Personal Data or Customer Data are as follows:

As directed by search warrant, court order or order of a governmental authority pursuant to law;
As necessary for us to provide our services to you, or as required by legal process or law, or to enforce this Privacy Code, or in the case of imminent physical harm to you or others; and
We may sell or transfer Personal Data or Customer Data as part of the sale or transfer of our business or assets or services, in whole or in part, but shall ensure that, to the best of our ability, the Purchaser will be bound and abide by the terms of this Privacy Code.

When we use other agents, contractors or companies to perform services on our behalf, we will require them to use the Personal Data or Customer Data only for the purposes of performing such services and to maintain it in confidence, subject to legal requirements.

Except as authorised by law and with the consent of the Data Subject, we may not sell or transfer Personal Data or Customer Data of Data Subjects to another person for the purpose of sending bulk, unsolicited electronic records to persons other than Data Subjects who consented to the forwarding of such records.

Without the consent of the Data Subjects, we will not permit third parties who collect or process Personal Data or Customer Data on our behalf to use on their own behalf or sell or transfer the Personal Data or Customer Data to others for the purpose of sending bulk, unsolicited electronic records in contravention of the Standard for Electronic Transactions.

4.5 ENSURE ACCURACY OF PERSONAL DATA AND CUSTOMER DATA
We will take reasonable care to ensure that Personal Data or Customer Data is, to the extent necessary for the purposes for which the data is to be used, accurate, complete and kept up to date.

If Personal Data or Customer Data is found inaccurate, incomplete or not up to date, we will endeavour to destroy, erase or rectify the records of such Personal Data or Customer Data as appropriate.

4.6 LIMIT RETENTION
We will take reasonable care to destroy, erase or make irreversibly anonymous Personal Data or Customer Data when it is no longer reasonably required.

We will implement reasonable and systematic records retention and destruction policies, procedures and schedules for Personal Data and Customer Data that are no longer necessary or relevant for the specified purposes. Such policies and procedures will generally contemplate minimum and maximum retention periods, taking into account any retention periods imposed by legislation and allowing for preservation when Personal Data or Customer Data is related to the subject of a dispute as required by law. Once Personal Data or Customer Data is no longer required or the retention period has expired, the Personal Data or Customer Data shall be destroyed, erased or made irrevocably anonymous.

4.7 EFFECT SECURITY SAFEGUARDS
We will ensure that Personal Data and Customer Data are protected by reasonable security safeguards appropriate to the type and sensitivity of the Personal Data and Customer Data.

We will protect Personal Data and Customer Data against such risks as loss, unauthorised access, theft, disclosure, improper use, copying, modification or destruction through reasonable security safeguards.

The nature of safeguards will vary depending on the type, format and sensitivity of the Personal Data and Customer Data.

We will protect Personal Data and Customer Data collected by or disclosed to third parties for processing on our behalf by agreements stipulating the confidentiality of the Personal Data or Customer Data and the purposes for which it is to be used.

As a condition of employment, we require employees with access to Personal Data or Customer Data to respect the confidentiality of the Personal Data or Customer Data.

Such safeguards as may be required by jurisdictions other than Bermuda through which Personal Data or Customer Data may travel shall be governed, where applicable and such safeguards are reasonable, by such jurisdictions transborder data flow regulations. BTC shall endeavour wherever possible to ensure that such data flow regulations meet the minimum standards set out within this Privacy Code.

4.8 BE OPEN ABOUT POLICIES
We will make information readily available to those from whom we collect data the general principles we intend to observe with respect to the collection and processing of Personal Data and Customer Data.

BTC shall make information about its policies and practices easy to understand, including:

(a) providing contact information in regard to questions originating from BTC's compliance with the BTC Privacy Code;
(b) the means of gaining access to personal information held by BTC; and
(c) a description of the type of personal information held by BTC, including a general account of its use.

We will make readily available information or provide notice of the principles we intend to observe with respect to Personal Data or Customer Data.

At the time of collection, we will point out when the provision of Personal Data or Customer Data is optional and the consequences of not providing the Personal Data requested.

4.9 ALLOW REVIEW AND RECTIFICATION OF PERSONAL DATA OR CUSTOMER DATA
We will allow Data Subjects to review their Personal Data or Customer Data that is subject to processing, where appropriate and on reasonable request and terms, to verify accuracy. If shown to be inaccurate or incomplete, data subjects may have their Personal Data or Customer Data rectified as appropriate.

Upon reasonable request from a Data Subject and if appropriate in the circumstances, we will:
(a) confirm whether or not we have Personal Data or Customer Data relating to them;
(b) communicate to them their Personal Data or Customer Data:
(i) within a reasonable time;
(ii) at a charge, if any, that is not excessive;
(iii) in a reasonable manner; and
(iv) in a form that is readily intelligible (i.e., explains codes or abbreviations).
We will give reasons if we deny a request. Some reasons for denying a request include where:
(a) disclosure would reasonably be expected to:
(i) reveal Personal Data or Customer Data about a third party;
(ii) threaten the life, health or security of a third party;
(iii) reveal our or a third party's confidential or proprietary information;
(iv) be unlawful;
(v) prejudice an investigation or prosecution of possible unlawful activity; or
(vi) prejudice the prevention, detection, investigation, prosecution of criminal or statutory offences;
(b) the information:
(i) is about or collected in relation to any investigation of a contravention of any law, a tort or a breach of an agreement;
(ii) is protected by attorney-client privilege;
(iii) is made in connection with or in contemplation and for the purpose of legal or dispute resolution proceedings; or
(iv) would prejudice negotiations between us;
(v) the request is frivolous or vexatious; or
(vi) such denial is specifically authorised by law.

To safeguard Personal Data and Customer Data, we may require Data Subjects to provide satisfactory proof of identification and/or to submit their request in writing.

Upon request from the Data Subject, BTC shall provide an account of the use and disclosure of the Data Subject's personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, BTC shall provide a list of organisations to which it may have disclosed personal information about the Data Subject.

If we agree or are directed by an authority having jurisdiction that Personal Data or Customer Data is inaccurate or incomplete, we will destroy, erase, or rectify such records. Customers can get access to their personal information by contacting a representative at BTC's business offices.

4.10 PROVIDE COMPLAINT RESOLUTION PROCEDURES
We will advise Data Subjects of the procedures available to raise complaints concerning compliance with the above principles and to address complaints in an effective manner.

We will maintain procedures for addressing and responding to complaints about the handling of Personal Data and Customer Data. We will make readily available information about such procedures. These procedures may or may not be the same ones BTC has developed for handling other types of complaints, such as those concerning telecommunication services, Web site use, or employment.

If a complaint is found to be justified, we will take appropriate measures to resolve the complaint. Our procedures aim to respond to complaints quickly and effectively and without prohibitive cost to either party.

Where it appears that disputes cannot be resolved between the parties, consideration should be given to alternative dispute procedures. This may include advising the Data Subject of the availability of any relevant dispute resolution procedures applicable. Some regulatory bodies have procedures for handling certain types of complaints within their jurisdiction. For instance, the Telecommunications Act 1986 provides the Telecommunications Commission with jurisdiction to accept complaints from customers alleging a breach of a carrier's statutory duty to maintain the confidentiality of information provided by them in connection with their telecommunication service.

Persons accountable for ensuring compliance with these privacy principles may seek external advice where appropriate before responding to complaints.

5 CONTACTING BTC
For more information on BTC's Privacy Code or if you wish to review or discuss the handling of your own Personal Data or Customer Data, please contact a BTC Representative at 441-295-1001 8:00 am - 6:00 pm Atlantic Standard Time or e-mail: customersupport@btc.bm

You may also fax us at (441) 292-1192 or write to The Bermuda Telephone Company Limited,
P.O. Box HM 1021, Hamilton HM DX, Bermuda.

Back to Top of Page


 
Establish New Service
Modify Existing Service
View & Manage Your Services
Check Your Order Status
Track Repair Request . . . ONLINE!
 
Establish New Service
Modify Existing Service
     Contact Us | Conditions of Service | Rates and Charges | Site Information @ The Bermuda Telephone Company 2010