The safeguarding of our customers’ personal identifying information that is on record with Whidbey Telecom is a priority to the company and its employees. The security of all customers’ personal information must be maintained regardless of whether it is contained in written records, electronic data, or in any other medium. Employees must be knowledgeable regarding the Company’s Privacy Policy and remain vigilant so that efforts can be made to identify, report, and mitigate any attempted or actual breach in the security of personal identifying information. This is important in order to take the steps needed to safeguard our customers from fraud, identity theft, or other harm.
Policy & Rules Regarding Telecommunications Services
The two primary federal rules that address the safeguarding of a customer’s right to confidentiality relative to telecommunications service are:
- the Federal Communications Commission’s (FCC’s) Customer Proprietary Network Information (CPNI) rules; and
- the joint Federal Trade Commission’s (FTC’s) and other agencies Red Flag Rules.
Although the CPNI rules and Red Flag Rules are separate and distinct and issued by different federal regulatory authorities, the rules complement each other. The CPNI rules, originally designed to safeguard certain customer information from being shared for marketing purposes, were eventually revised to include provisions to safeguard each customer’s call detail records from being obtained through pretexting (unauthorized access to records by a person pretending to be the customer or the customer’s duly authorized agent). While the CPNI rules address pretexting, which is one form of identity theft, the Red Flag Rules are broader and address all forms of identity theft. This document addresses the Company’s policy regarding prevention of identity theft in accordance with the Red Flag Rules.
Customer Proprietary Network Information (CPNI)
In providing services to you, Whidbey Telecom may collect certain information that has been made available to us by virtue of our relationship with you, as our customer. Some of this information includes details of the telecommunication services you purchase from us, including technical configuration and amount of use of those services. This information can also be information included on your telephone bill related to services you’ve purchased, including long distance call detail information.
The Federal government has defined this information as Customer Proprietary Network Information (CPNI). Federal rules and regulations of the Federal Communications Commission (“FCC”) require telecommunications carriers to verify the identity and appropriate authorization of anyone requesting access to certain customer account information (also known as CPNI). Whidbey Telecom considers customer account information to be confidential including any information classified as CPNI. CPNI does not include Subscriber List information.
Information You Provide to Whidbey Telecom
In our continued commitment to safeguarding our customer account information and in alignment with these federal rules, Whidbey Telecom has established the following procedures when we collect information on your behalf.
- When you visit one of Whidbey Telecom’s Customer Service Centers, you will need to present a valid government-issued photo ID. Whidbey Telecom will review the account information to verify the name of the requestor as having authorization to discuss the relevant account information or make changes to the account. The FCC does not allow for any exceptions to this rule. Even if our customers are known to us, we are still required to review photo ID in order to release account information and/or make changes to accounts.
- When you access your account information online, you’ll need to have an established Whidbey Telecom eBilling account with a specific online Username and Password. If you’d like to establish a Whidbey Telecom eBilling account, contact our Customer Experience Center for more information and assistance.
- When you call us, Whidbey Telecom will verify your name against the authorized name(s) listed in the relevant account record. You must then provide the correct, pre-established Subscriber Verification Code (SVC) or correct answers to the pre-established Security Questions listed in the relevant account record before we will proceed with discussing the subject account information.
If you call us to discuss long distance call information and you are verified as an authorized contact but unable to supply us with the correct SVC or answers to the back-up Security Questions, we may still be able to assist you with your request. If you have the call detail information that you’d like to discuss with you, we can discuss only the specific call detail information you provide to us during that call. We can also mail a copy of your invoice to either the postal or email address of record or call you back at the telephone service telephone number of record (either of which must have been on record for at least the past 30 days). If we call you back at the service telephone number of record, we will request you to verify other account information before supplying the requested call detail information.
Policy & Rules Regarding Targeted Advertising
Whidbey Telecom automatically collects certain information about your device and how your device interacts with our website for the purposes of targeted advertising. For example, analytics services, such as Google Analytics, may use tracking technologies on our website to help us analyze your use, compile statistic reports, and provide other services relating to website activity and usage.
The types of information we automatically collect include your device’s IP address and other device identifiers; the type of internet browser you are using on your device; the type of operating system application software and peripherals you are using on your device; the domain name of the website from which your device linked to our website, such as Google; and your browsing habits on and usage of our website through your device.
Information Collected Automatically
Unless you have opted-out or have otherwise refused to provide consent, the following is data that we collect from your device automatically:
- Cookies A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain various types of information, including a user ID that the site uses to track the pages you have visited.
- Pixels. A pixel (also known as a web beacon) is code embedded in a website, video, e-mail, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, e-mail, or advertisements that contains a pixel, the pixel may permit us or another party to drop or read cookies on your device. Pixels are used in combination with cookies to track activity by a particular browser on a particular device.
- Location-identifying Technologies. Location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location.
How We Use the Data We Collect
We generally use the data we collect to help us better identify your needs and engage with you. For example, when you supply your email address to Whidbey Telecom you are authorizing it to be added to your account records for future reference and as a method to contact you. We may use your email address to send you important notices regarding your account and to update you on Company news and promotions.
Our business purposes for collecting and using information include:
- To perform services requested by you, such as to respond to your comments, questions and requests, and provide customer service;
- To send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages;
- To prevent and address fraud or breach of policies or terms;
- To monitor and analyze trends, usage, and activities for the purpose of improving our Marketing efforts;
- To improve Whidbey Telecom’s website, applications, and product services to better serve our Customers;
- To provide you with advertisements about our products, services, promotions, and events;
- To fulfill any other business or commercial purposes disclosed to you and with your consent.
Data Sharing
Whidbey Telecom may share information we collect through our website in accordance with the practices described in this Privacy Policy. This only pertains to data collected for the purposes of targeted advertising, and does not include CPNI. The types of entities we may disclose information to include:
- Affiliates: We may share your information with our affiliates to support our business operations (e.g., for example, fraud prevention, reporting, marketing, and email delivery), as well as billing, collections, tech, customer and operational support. Our corporate affiliates will only process your data for the purposes already explained in this Privacy Policy.
- Vendors and Other Parties: We may share information with vendors and other parties for business and commercial purposes, including analytics and advertising technology companies.
Your Choices and Opting-Out
Email Communications
You may opt out of news and promotional emails at any time by replying to one of the emails with “Unsubscribe” in the subject line or by contacting our Customer Experience Team.
Analytics and Interest-Based Advertising
We recognize how important your online privacy is to you, so we offer the following options for controlling the interest-based ads you receive and how we use your data. Opting-out of this type of advertising will not prevent you from seeing ads, rather those ads will likely be less relevant. This is because they will not be tailored to your specific interests but will instead be based on the context of the Digital Property in which they are displayed.
Some actions you can take to control how we use this data include:
- You may exercise choice regarding the use of cookies from Google Analytics by visiting https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.
- Some of the parties that collect information from or about you on our website in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about the DAA and your opt-out options for their members, please visit the DAA website.
- Some of the above parties may be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, please visit the NAI website.
Please note that if you opt-out of online behavioral advertising using any of the above methods, the opt-out will only apply to the specific browser or device from which you opt-out. We are not responsible for effectiveness of, or compliance with, any other parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
Whidbey WiFi Mobile Application for Managed WiFi
This Privacy Policy applies to the App described in the Whidbey WiFi Mobile Application End User License Agreement (the “Agreement”). Please read Whidbey Telecom’s privacy notice and this Privacy Policy carefully to understand how information collected by the App will be treated. If you do not agree with Whidbey Telecom’s privacy notice and this Privacy Policy, you should not install, use, or access the App. The App is a product of Calix, Inc. and Whidbey Telecom is a Broadband Service Provider (BSP) that subscribes to Calix, Inc. services.
Children Under the Age of 16
The App is not intended for children under 16 years of age, and on behalf of its BSPs, Calix does not knowingly collect personal data of children under 16, without parental consent. If Calix learns that personal data from a child under 16 has been obtained or received without verification of parental consent, Calix will delete that information. If you believe Calix might have any information from or about a child under 16, please notify Calix by completing a Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).
How Calix Collects Your Information
On behalf of your BSP, Calix collects and processes information provided directly by you when you install the App and register for an account to use the App. Specifically, this information includes:
• Your name, email address, password/pin, preferred language, and your account number with your BSP;
• Information about the equipment deployed at your premises that you choose to connect to the App such as the MAC address, serial number or other unique identifier for your router;
• Data insights Calix attains based on correlation and analytics of your information collected in providing the App, and user-associated analytics to improve the quality of the app experience.
How Calix Uses the Information
On behalf of your BSP, Calix uses the information collected as described in this Privacy Policy, to:
• Provide you with the App and the Services/notifications provided through the App as described in the Agreement;
• Implement, improve and/or enhance the App or to provide App features, including to make future releases available to you;
• Carry out Calix’s obligations as described or authorized in the Agreement, your BSP’s privacy notice, and this Privacy Policy;
• Enforce Calix’s rights arising from the Agreement between you and Calix; and
• Fulfill any other purpose authorized by you and reasonably required for the App.
Your BSP may also use the information collected as described in this Privacy Policy, to inform you about goods and services that may be of interest to you.
Disclosure of Information
Calix does not sell or otherwise distribute or disclose your information to third parties other than as described or authorized in the Agreement, including this Privacy Policy.
Calix discloses the information to its subsidiaries, affiliates and certain third-party vendors and contractors that provide development, integration, web hosting and consulting services to Calix to provide you with the App, to maintain, support, develop, improve and/or enhance the App and to fulfill Calix obligations associated with the App.
Calix may be required to disclose information under certain circumstances:
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• To enforce Calix’s rights arising from the Agreement entered into between you and Calix;
• If Calix believes disclosure is necessary or appropriate to protect the rights, property, or safety of Calix, its customers or other third parties; or
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Calix’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information and/or your subscriber information held by Calix are among the assets transferred.
Your Choices About Our Collection, Use, and Disclosure of Information
The provision of the information described in this Privacy Policy is necessary for you to use the App.
Your information is retained and used as described in this Privacy Policy. If you delete your account for the App in accordance with the terms of the Agreement, your information will be deleted within 30 days of the deletion of such account or within such other timeline as may be mandated by applicable law. You will no longer be able to access the App when your account is deleted.
Accessing and Correcting Information
You can (a) access and review your contact information, and (b) correct your contact information, by logging into the App and visiting the settings page. To access, review or correct any other information, please reach out to your BSP.
Data Security
All information you provide to us is stored on our secure servers behind firewalls. Calix utilizes mechanisms such as intrusion detection systems, intrusion prevention systems, firewalls and encryption to secure information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Calix deploys Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to alert and proactively contain potential threats. Enhanced security visibility and coverage is enabled through added layers of firewall and IDS beyond the network perimeter. Management connections to servers are always authenticated and encrypted via Secure Shell (SSH) when administration access is required for troubleshooting, patch management, and upgrades.
Calix runs automated vulnerability scanning on all perimeter systems to identify potential security risks. Scanning applications are regularly updated to remain current and up to date on important security vulnerabilities. Patches are applied to all relevant systems unless a compensating control is implemented.
Calix uses a variety of industry-standard security technologies and best practices to help protect information from unauthorized access, use, or disclosure. All data stored on the Calix systems is encrypted following industry standards using the strongest keys and ciphers. All communications with the App are protected with industry standard security protocols.
You control access to your account. You must keep your login credentials and passwords secure and protected and maintained as confidential. Calix is not responsible for any circumvention of any privacy settings or security measures provided.
Changes to this Privacy Policy
The date the Privacy Policy was last revised is identified at the end of this Privacy Policy. You are responsible for periodically visiting this Privacy Policy to check for any changes.
Contact Information
For questions about your service, please contact your BSP directly. To ask questions or comment about this Privacy Policy and Calix’s privacy practices for the Cloud Services provided to your BSP, contact your BSP or complete this Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).
Data and Privacy Protection Contact Information
If you have any questions about this Privacy Notice, please contact us at:
Whidbey Telecom
Attn: Privacy & Legal Department
14888 SR525
Langley, WA 98260
Or contact us by email at: support@whidbey.net
Changes to this Privacy Policy
We may amend our Privacy Policy at any time and will post those changes on this page, so you can understand what information we collect, how we use it, and under what circumstances we may disclose it. Any changes will be effective immediately. However, if we plan to materially change the way in which we use or disclose your information, we will provide you with prior notice and a chance to opt-out of such differing uses.
Last updated: May 2023