8:30am to 5:30pm Mon-Fri+44 (0) 1427 700 700


General Principles

The General Data Protection Regulation (GDPR) protects personal information held by organisations on computer and relevant filing systems. It enforces a set of standards for the processing of such information. In general terms it provides that all data shall be used for specific purposes only and not used or disclosed in any way incompatible with these purposes.

In the course of its activities the Company will collect, store and process personal data, including the recording of all telephone calls, and it recognises that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.

The Company is registered with the Information Commissioner for all necessary activities under the GDPR.

Call Recording Overview

Purposes of call recording

The purpose of call recording is to provide an exact record of the call which can:

  • The development of The Company’s policies and procedures
  • The development of The Company’s products, services and solutions
  • The training and development of our employees and contractors
  • Disproving or Proving matters relating to Disciplinary Procedures
  • Detection of criminal activity or breaches of The Company’s exemptions or licenses
  • Detection of non-compliance with our Contractual Arrangements, Service Level Agreements of Non-Disclosure Agreements with our Contractors, Clients, Suppliers or Providers
  • Maintaining standards and availability of The Company’s IT Systems
  • Maintaining compliance with Quality Control Procedures and Business Continuity Plans
  • Maintaining compliance with Regulations stipulated by external entities
  • Disproving of Proving enquiries or queries with regards to business transactions, contracts or agreements

The telephone call recording system in operation will record incoming and outgoing telephone calls and recordings may be used to investigate compliance with our policies and procedures, to provide further training, to support the investigation of complaints or enquiries, to ensure we comply with regulatory procedures and to provide evidence for any regulatory investigation.

The Company will record telephone conversations from its central telephone system. All call recordings are encrypted and stored on secure servers hosted in the system provider’s ISO27001 accredited data centre.

Communicating the Call Recording System

The Company will inform the caller that their call is being monitored/recorded for the reasons stated above so that they have the opportunity to consent by continuing with the call or terminating the call. This will be communicated to patients by:

  • Publishing this policy on the Company’s website
  • Referring to this policy in The Company’s Terms and Conditions and Privacy Policy

Procedures for Managing and Releasing Call Recordings

The recordings shall be stored securely, with access to the recordings controlled and managed by the Data Controller or any other persons authorised to do so by the Data Controller.

Access to the recordings is only allowed to satisfy a clearly defined business need and reasons for requesting access must be formally authorised only by a Company Director. All requests for call recordings should include the following:

  • The valid reason for the request
  • Date and time of the call if known
  • Telephone extension used to make/receive the call if known
  • External number involved if known
  • Where possible, the names of all parties to the telephone call
  • Any other information on the nature of the call

The browsing of recordings for no valid reason is not permitted.

The GDPR allows persons access to information that we hold about them. This includes recorded telephone calls. Therefore, the recordings will be stored in such a way to enable the Data Controller to retrieve information relating to one or more individuals as easily as possible.

Requests for copies of telephone conversations made as Data Subject Access Requests ( DSARs ) under the GDPR must be notified in writing to the Company immediately and, subject to assessment, he/she will request the call recording and arrange for the individual concerned to have access to hear the recording. All DSARs should be submitted in writing to gdpr-compliance@ecs-uk-ltd.co.uk.

In the case of a request from an external body in connection with the detection or prevention of crime e.g. the Police, the request should be forwarded to the Data Controller who will complete the request for a call recording.

Requests for copies of telephone conversations as part of staff disciplinary processes will only be released with the written agreement of the Data Controller, or Company Director, who will consult with the Data Controller before approval is granted.

Recordings of calls will be encrypted and stored electronically in a secure environment. Call recordings will periodically be archived.

Call recording are encrypted and provide secure user password protected logon access control. Recordings can be quickly located using multiple search criteria to ensure GDPR requirements for Right to Access, Right to be Forgotten and Data Portability can be complied with.

Any infringement of this policy is considered by the Company to be a serious offence and may result in disciplinary action. In the event that any member of staff feels they have accidentally breached the above policy will be required to inform their line manager immediately.