Effective date: 1 January 2026 · Version: 1.0
Controller: Lunatoria Prime LTD (Company No. 16859261), trading as Callivex, registered at 13 Hawley Crescent, London NW1 8NP, United Kingdom.
1. Scope
This policy describes how Callivex processes personal data when you visit our website, contact us about services, become a customer, or generate traffic over our network. It covers personal data of website visitors, customer representatives, end-users of customer services where Callivex acts as processor, and individuals whose data appears in caller-line identification or call records.
2. Personal data we collect
2.1 Website and contact
- Contact form submissions: name, company, business email, your message.
- Server logs: IP address, user agent, request URL, timestamp. Retained for 30 days for operational and security purposes.
- Cookies: see our Cookie Policy.
2.2 Customer onboarding
- Legal entity details (company name, registration number, address).
- Beneficial-ownership identification where required by KYC.
- Authorised contacts (name, role, email, phone).
- Billing details (bank account / card / VAT number).
2.3 Service operation
- Call detail records (CDRs): calling number (CLI), called number (DNIS), date/time, duration, codec, disposition, cost. CDRs are personal data when they identify or relate to identifiable individuals.
- SIP signaling and metadata: session identifiers, IP addresses of customer endpoints, user-agent strings, codec negotiation. May be captured for fraud investigation and incident response.
- Voice content: Callivex does not record call audio in the ordinary course of service. Where a customer requests recording or where lawful intercept is mandated by competent authority, separate provisions apply.
- Number assignment data: end-user name and address-of-use as required by national regulators for DID issuance.
3. Lawful basis for processing
- Performance of contract: processing necessary to deliver the Service and bill it.
- Legitimate interest: network security, fraud prevention, anomaly detection, operational improvement. We balance these interests against your rights.
- Legal obligation: retention of CDR and identity data where required by UK, EU, or other applicable law (telecommunications retention, regulator KYC, sanctions screening, lawful intercept).
- Consent: where processing is not covered by another lawful basis (e.g. marketing communications). Consent may be withdrawn at any time.
4. Retention
- CDRs: retained for twelve (12) months for billing dispute, fraud investigation, and regulator enquiry. Aggregated, non-personal CDR data may be retained longer.
- SIP capture: retained for fourteen (14) days for incident response; longer where required for active fraud or regulator investigation.
- Customer records: retained for the duration of the customer relationship plus six (6) years for legal, tax, and audit purposes.
- Server logs: 30 days.
- Marketing contacts: until consent is withdrawn or contact becomes inactive (typically 24 months).
5. Sharing personal data
We share personal data only with:
- Upstream carriers for the purpose of routing calls and reconciling traffic.
- Service providers we engage as data processors (hosting, payments, accounting, fraud-detection vendors), bound by data-processing agreements.
- Regulators and law enforcement where lawful intercept, retained-data requests, or compelled disclosure applies.
- Professional advisors (legal, audit) under confidentiality.
- Successors in interest in connection with a merger, acquisition, or transfer of assets, with notice and continuity of these protections.
We do not sell personal data and do not use it for cross-context behavioural advertising.
6. International transfers
Personal data is hosted in the European Economic Area (primary) and the United Kingdom (failover). Where transfers to other jurisdictions are necessary for the Service (e.g. routing a call to a destination outside the EEA/UK), they take place under one of the safeguards available under UK GDPR / EU GDPR — adequacy decision, standard contractual clauses, or other approved mechanism.
7. Your rights
Under UK GDPR / EU GDPR you have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erasure ("right to be forgotten") subject to legal-retention exceptions.
- Restrict processing in certain circumstances.
- Data portability for data you have supplied.
- Object to processing based on legitimate interest.
- Withdraw consent where consent is the lawful basis.
- Lodge a complaint with the supervisory authority (Information Commissioner's Office in the UK).
Requests should be sent to compliance@callivex.com. We respond within one (1) calendar month, extendable by two (2) months for complex requests with notification.
8. Security
We apply technical and organisational measures appropriate to the risk, including:
- TLS encryption in transit on all customer-facing surfaces.
- Encryption at rest for personal data stores.
- Role-based access controls with audit logging.
- Mandatory two-factor authentication on administrative interfaces.
- Network segmentation between customer-facing services and back-office systems.
- Periodic vulnerability scanning and penetration testing.
- Incident-response procedures with regulator notification within 72 hours of becoming aware of a personal-data breach where required.
9. Children
The Service is provided to legal entities and adults acting in a business capacity. We do not knowingly collect personal data of children under sixteen (16). Where we become aware of such collection in error, we will delete the data without delay.
10. Changes
We may update this policy to reflect operational, legal, or regulatory changes. Material changes will be notified by email to customer-of-record contacts and posted on this page at least fourteen (14) days before taking effect.
11. Contact
Privacy and data-protection enquiries: compliance@callivex.com
Postal: Lunatoria Prime LTD, 13 Hawley Crescent, London NW1 8NP, United Kingdom.
UK supervisory authority: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.