This policy is effective from 14 February 2022
This policy applies to People’s Fibre. People’s Fibre is a trading name of Swish Fibre Limited or, as the case may be, a subsidiary company of Swish Fibre Limited.
When we refer to “you” or “your” in this policy, we are referring to any individual in respect of whom we process personal data as a controller which may include where:
· You are a customer or prospective customer of ours who has purchased, or is looking to purchase, any of our products and/or services;
· You are an employee of one of our customers and have been authorised by your employer to access and/or use our products and/or services;
· You otherwise use and/or access any of our products and/or services;
· You visit our website(s) and/or apps; and/or
· You communicate with us by phone, email or otherwise.
· the types of personal data that we may collect
· why we may collect and use your data
· when and why we will share personal data within People’s Fibre and other organisations
· the rights and choices you have when it comes to your personal data
What this Policy does not apply to
This policy does not apply to other organisations’ websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our website(s) and/or apps, we encourage you to read the privacy policies and/or notices of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.
2. WHAT DATA WILL WE COLLECT?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which is known as anonymous data).
There are different ways in which we collect your information both directly from you and from third parties. For example:
2.1 Information we receive directly from you:
When you register your interest, apply for, use and/or purchase products and/or services from us, or contact us with queries, we may ask you to give us, where necessary, personal and contact details including your name, address, email address, phone number, gender and date of birth, as well as your financial details including your bank account, payment method, and credit card number. We would also ask you to let us know if you consider that you may be a vulnerable customer or if you require any extra help or support.
When you write to us, talk to us on the phone, email or communicate with us via electronic messaging (such as SMS or live chat tools), we may collect personal and contact details including your name, address, phone number, email address, as well as any other information that you provide to us via such communications.
If you are invited to participate in our customer surveys which will help us provide you with improved services, we will collect the information you provide to us including your name, phone number, email address and information about how you use our website, apps, products and/or services.
When you provide commercial services to us, we may ask you to give us, where necessary, personal and contact details including your name, address, phone number, as well as your financial details including your bank account, and payment method.
2.2 Information we collect about you when you use our products and services:
When you use our services we may collect information about your use of those services including the following:
· Usage data – including frequency, time and data used per month
· Call data – including time, duration, originating and destination number
· Billing, payment and transaction data – including your financial details, bills and its components
· Technical data related to your television viewing such as time and duration of watched content, information on the content recorded/watched, MAC/IP address, the quality of the connection
· Interactive data including apps usage data, websites usage / visits data
· Device data including IP address, device make and manufacturer, browser information and other similar identifying information required from your devices to communicate with websites and applications on the internet.
We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service, especially to address your specific needs if you are a vulnerable person and/or for training, operational and compliance purposes.
2.3 Information collected from others:
We may supplement the information that we collect from you and about your use of our products and/or services, with information that we receive from third parties.
This may include:
· Data we collect from other members of your household in relation to your use of our products or services
· Where you have been authorised by your employer to access and/or use our products and/or services, data we receive from your employer about you and your use of our products or services
· Data we receive from someone who refers you for our products and services
· Data from other organisations who have obtained your permission to share information about you with us
· Data accessible to us from publicly available sources such as councils, company registers, land registry, electoral rolls and online search engines
· Information we get from reporting agencies, such as credit reference agencies. They may give us information about your financial history so we can assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity
· Financial and transaction data from providers of technical and payment services
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. WHY WE MAY COLLECT DATA ABOUT YOU
There are many reasons why we may legitimately collect and process your personal information and data, including:
3.1 Contractual Obligations
We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract.
Examples of these situations include:
· To provide you with a quote for our products and/or services
· To determine your eligibility for our products and/or services / whether they are available in your area
· To process your orders for our products and services and to bill you for the same
· To provide you with the products and services you have ordered from us
· To respond to any questions or complaints you may have regarding our products and services
· To administer, operate, facilitate and manage the products and services we provide to you
· To analyse your data for the purpose of improving your experience and protecting you on-line
· To manage the best way of routing your data usage through the various parts of our network, equipment and systems
· To contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account
· To provide you with information relating to our products and/or services
Examples of your personal information that we may process under this legal basis include:
· Your contact details, including name, address, phone number, date of birth, gender, email address, passwords and credentials (such as your security questions and answers), and other information needed to confirm your identity and your communications with us
· Your communications with us, such as calls, emails and webchats
· Your payment and financial information
· Details from the products and services we have provided to you, such as data usage, connected device details, routers, calls made and received.
3.2 Legal Compliance
If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator. However, we would need to be satisfied that a request for information is lawful and proportionate and we would need appropriate assurances about security, how the information is used and how long it is kept.
We must consider the needs of vulnerable people, e.g. people with disabilities, the elderly and those on low incomes. We will take steps to identify and record information about our vulnerable customers’ needs so that we can provide them with the help and support that they need to use our services effectively. Please see our Vulnerable Customer Policy for more details.
If you order a voice service (e.g. call forwarding), we will ask if you want your details included in any telephone directory services, so your details can be included in phone books and be found using publicly available directory enquiry services. If you do, we will share that information with regulated providers of directory services. Ex-directory numbers will not be included and will not appear in any directory service database.
For health and safety compliance purposes and subcontractor assurance, we may be required to obtain training and competency records of sub-contractor staff deployed in the installation of our services.
3.3 Legitimate Interest
We may also use your personal data where it is necessary to pursue our legitimate interests (or those of a third party) but only in a way which might reasonably be expected as part of running our business and only where such interests are not overridden by your fundamental rights, freedoms or interests.
We may process your personal data under this basis to understand how customers use our service, maintain and develop our service provision, to grow our business and for training and quality purposes.
We may also process your personal data under this basis for the legitimate running of our business, to facilitate our internal business operations including assessing and managing risk, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
We may also use your personal information for the legitimate interest of helping to prevent and detect crime and fraud and to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.
Examples of the personal information that we may process under this legal basis include:
· Your contact details and other information to confirm your identity and communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (for example, security questions).
· Your payment and financial information
· Information from credit reference and fraud prevention agencies
· Details of the products and services you’ve bought and/or use, and how you use them – including your call, browser (including IP address) and TV records
· CCTV footage in or around company premises.
· Call recordings
· Technical data
· Interactive data
· Device data
· Building condition survey video recordings which may, accidentally and on rare occasions, capture individuals on our or our sub-contractors’ videos.
In specific situations, we may collect and process your data with your consent including the following:
· If you contact us via our website with queries about our service, we may we request your consent to process your location data to determine your eligibility for our products and services and, in particular, whether and when our products and services may be available in your area.
· We may request your consent in order to send marketing communications regarding our services and/or products via our apps, website or otherwise.
However, if we do so, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you do withdraw your consent, we may not be able to provide certain information, products or services to you.
4. WHO DO WE SHARE YOUR INFORMATION WITH?
Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data with them. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance and only for the purposes set out in paragraph 3 of this policy.
We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law.
As well as sharing your information within the “Swish” group of companies, other organisations with which we may share your information include:
4.1 Contracted Partner Companies
We may share your personal information with partner companies with whom we have contracts for certain products and/or services. The reasons we may share your information in this way include to:
· Further develop and improve our infrastructure and network services
· Provide customer-service, marketing and information-technology services
· Personalise our service and make it work better
· Process payment transactions
· Carry out fraud and reference checks and collect debts
· Analyse and improve the information we hold (including about your interaction with our service)
· Run surveys
· Process your Direct Debit payments through GoCardless. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/
4.2 Credit Reference Agencies
We may share your personal information with credit reference agencies, for example we may provide them with information about how you conduct your account with us and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of a credit agency to assess creditworthiness and product suitability, check your identity, trace and recover debts, prevent criminal activity or to gather information about your financial history. This is so that we can confirm your eligibility for our products and/or services and guarantee your ability to make regular payments for such product and/or services.
4.3 Other third parties
We may share your personal information with the following:
· Where you have been authorised by your employer to access and/or use our products and/or services, we may share your personal information with your employer
· Professional advisers including lawyers, bankers, auditors and insurers
· Regulators and other authorities who require reporting of processing activities in certain circumstances.
We do not sell or share your personal information and/or data to or with third parties for direct marketing purposes.
5. SHARING YOUR DATA OUTSIDE THE UK
The data and information that we collect and process may be transferred to, and stored at, a destination outside of the UK. We will only transfer your personal data outside the UK on the basis that anyone to whom we transfer it protects your data and information in a similar way to us.
In the event that we transfer your information to countries outside the UK, we will only do so where:
· the UK Government has decided that the country to which we are transferring your data is deemed to provide an adequate level of protection for your information, or
· we have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information on such terms as approved by the UK Government or the ICO to ensure your information is adequately protected.
6. HOW WE PROTECT YOUR DATA
The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded. Our security measures include:
· Encryption of data where appropriate
· Regular penetration testing of systems
· Security controls which protect our entire Information Technology infrastructure from external attack and unauthorised access
· Regular cyber security assessments of all service providers who may handle your personal data
· Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
· Internal policies setting out our data security approach
· Training for employees on security and privacy
The transmission of information via the internet is not completely secure and although we will do our best to protect your information and/or personal data, we cannot guarantee the safety of any personal information you transmit to us using online methods.
7. HOW LONG WE KEEP YOUR INFORMATION
By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in a number of formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.
We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.
8. WHAT ARE YOUR RIGHTS?
We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights, and the circumstances in which they apply below:
Access: You have the right to get access to the information and/or data that we hold about you.
If you would like a copy of the information and/or data that we hold about you please contact us. Please see Section 9 for how to do this.
Rectification: You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.
If you believe that any of the information and/or data that we hold about you is inaccurate, you have a right to request that we rectify any such data.
For any rectification requests please contact us. Please see Section 9 for how to do this.
Erasure: You have a right to request that we delete your information and/or data.
You may request that we delete your information and/or data in certain circumstances including where:
· we no longer need to process your information and/or data for the purposes for which it was provided;
· we have requested your consent to process your information and/or data and you wish to withdraw your consent;
· we are relying on legitimate interests as our basis for processing your data, you object to such processing and we do not have an overriding legitimate interest to continue this processing; or
· we are not using your information and/or data in a lawful manner.
For any deletion requests please contact us. Please see Section 9 for how to do this.
Restriction: You have a right to request that we restrict the processing of your information and/or data.
· you may request that we restrict or limit the way that we process your information and/or data in certain circumstances including where:
· you want us to establish the data's accuracy;
· our use of the data is unlawful but you do not want us to erase it;
· you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
· you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
For any restriction requests please email us. Please see Section 9 for how to do this.
Portability: You have a right to data and/or information portability.
Where we are processing your data by automated means and either we have requested your consent to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible.
If you would like to request the information you provided to us in a portable format, please contact us. Please see Section 9 for how to do this.
Objection: You have a right to object to our processing of your data and/or information.
You have a right in certain circumstances to object at any time to processing of your information and/or data including where the processing is for:
· direct marketing purposes; or
· legitimate interests (or those of a third party).
If you would like to object to our processing of your data please contact us. Please see Section 9 for how to do this.
Lodge Complaints: You have a right to lodge a complaint with us and/or the Information Commissioner’s Office.
If you wish to raise a complaint on how we have handled your information, you can contact us, and we will investigate the matter. Please see Section 9 for how to do this.
We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit https://ico.org.uk/make-a-complaint/.
9. CONTACT US
We can be contacted by post at the following address.
Swish Fibre Ltd,
13 Salisbury Place,
Our Data Protection Office can be contacted by email at firstname.lastname@example.org.