Privacy Policy Version 2.1

This Privacy Policy is dated 8 June 2020 and supersedes all previous published.

Content

  1. ABOUT US
  2. PERSONAL DATA
  3. INFORMATION WE COLLECT ABOUT YOU
  4. HOW WE COLLECT YOUR PERSONAL DATA
  5. HOW WE USE YOUR PERSONAL DATA
  6. DISCLOSURES OF YOUR PERSONAL DATA
  7. DATA RETENTION
  8. CHILDREN’S PERSONAL DATA
  9. YOUR LEGAL RIGHTS
  10. CHANGES TO THIS PRIVACY POLICY
  11. CONTACT

PRIVACY POLICY

1. ABOUT US

County Broadband (“County Broadband Limited”, “we” “us”, and “ours”) is an internet service provider (“ISP”) and infrastructure company. We are a limited company registered in England and Wales under company number 04666043 and our registered office and main trading address is at Old Bourchiers Hall, New Road, Aldham, Colchester, Essex, CO6 3QU. Our VAT number is 295 3657 59.

We are regulated in the UK by Ofcom and are registered with Ombudsman Services (www.ombudsman-services.org) who are our Alternative Dispute Resolution Provider.

2. PERSONAL DATA

County Broadband is the data controller responsible for processing any personal data that you have given us and that we hold on you. This Privacy Policy lets you know how we collect and use your personal data and tells you about your privacy rights. When we refer to “personal data” in this Privacy Policy, we mean information which can identify you as an individual. It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your data. County Broadband are committed to protecting your data and respecting your privacy.

We will only use your personal data if we have a legal basis to do so, and when we do we will only use of your information under the terms of this Privacy Policy. If you do not agree to the data practices set out in this Privacy Policy, we will not be able provide you with our services.

3. INFORMATION WE COLLECT ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: This includes your name and any identities that you may have been created to use our services (such as usernames, WiFi station id, and so on).

Contact Data: This includes billing address, delivery address, email address, social media username (if given) and telephone numbers.

Financial Data: This includes bank account and payment card details.

Transaction Data: This includes details of the services that you subscribe to, and any equipment that we have supplied to provide those services. It also includes any information that we obtain during our installation process, such as photos of the installation and any information that you give to our engineers at your property. It also includes information on any financial transactions in relation to services we provide to you, such as invoices and payments against those invoices.

Usage Data: This includes information about how you use our services, our network and our websites. It also includes records of telephone calls made and received by you through our telephone service.

Technical Data: This includes internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites and our network. It may also include details of any of your devices registered with equipment provided to you as part of our service. It also includes information generated by any of the equipment that we use to provide our service and to ensure that it is correctly functioning.

Profile Data: This includes your username and password (if made available to us), orders made by you, your interests, preferences, feedback and survey responses, and a history of any consents that you have given us in relation to how we use your personal data. It also includes information that relates to how you use our services, in relation to each other. For example, the order in which you view the information on our web site, or information about which of our marketing messages you might have responded to before you registered an interest in our services.

Marketing and Communications Data: This includes your preferences in receiving marketing from us and our third parties, and any information that we retain regarding which emails and printed material that we might have sent you.

We also collect, use and share “Aggregated Data” (this means statistical or demographic data derived from your personal data, or your usage of our services). Aggregated Data is not considered personal data in law as this data does not directly or indirectly reveal your identity.

4. HOW WE COLLECT YOUR PERSONAL DATA

Identity Data, Contact Data and Financial Data

You may give us your Identity, Contact and Financial Data in a number of ways:

  • By placing an order, or pre-order, for any of our services on our website, or verbally with one of our customer service agents (“Telesales Team”), or by submitting a paper order form to us.
  • By registering an interest to potentially become a customer in the future, either on our web site, or with one of our County Broadband staff members or representatives.
  • By completing a direct debit or credit card mandate with one of our payment providers.
  • By giving us consent to send you marketing information about our products and services, or information about our network build activities in your area.
  • By giving us your details for us to contact you in relation to our services or business development. This includes the email address you sent an email to us from and the phone number you called us from, when communicating with us.
  • By responding to any marketing messages or promotions that we may post from time-to-time on social media, or other internet sites.

We may also collect information that you give us when you only partially fill-out an online form, and exit before completing it. We will never use partially collected personal information unless we have a legal basis to do so.

We may also ask you to provide financial payment details, such as bank account or credit card number, in relation to payment for goods or services. These will only ever be used to set up recurring mandates or to pay an invoice under your instruction, and this information will be deleted once the mandate or payment has been set-up on your behalf.

When you contact us (by phone, email or via our websites), we may keep a record of it and what you say to us.

When you order services from us, we may make enquiries about you for credit reference purposes. These enquires include searching your records held by any credit reference agencies or any fraud prevention scheme. Where we receive information about you from them, we’ll always protect it in accordance with this Privacy Policy and keep it secure.

Transaction Data

We hold sales and account information about any orders that you have placed with us, and any financial transaction data generated from them. This will be in the form of pre-orders, sales orders, and invoices detailing charges raised against those orders – and records of payments that you have made against those charges.

We collect details of any activity that we undertook to deliver our services to you, such as appointments, surveys and installations of equipment at your property. As we do this any additional information that you provide may be recorded and stored on your file, and we may also take photos of aspects of the delivered service (such as the position of the cables and provided equipment) so that we can support you better and ensure that we can provide you with the highest quality of service.

You may also provide us with information about any previous supplier account that you may have had, so we can migrate to us any previous services that you ask us to, such as porting in your previous telephone number for use with your County Broadband phone service.

If we provide you with equipment, either as part of our services, or sold to you for your own use, we will retain information about that equipment such as serial numbers and vendor information. We will use this to support the services, and to manage replacement or fixes under warranty.

Usage and Technical Data

When you use our services, we will automatically collect your Usage Data. When you (or someone using your County Broadband broadband or telephone service) use County Broadband’s network to make a telephone call or connect to the internet, we keep a record of that call (including the number called) so we can charge for it. We also receive information from other operators about calls made over our network, where we need that information for connecting and billing purposes. We will also collect information about your use of our services (such as the amount of time you spend online), which we will use to manage our network and for billing.

If someone abuses or damages any services supplied by County Broadband, for example by making offensive or nuisance calls, we may keep information relating to that abuse.

If a customer abuses our internet service or any other services we provide, for example by not following any part of our Acceptable Use Policy, we may keep any information relating to that abuse. Details of our Acceptable User Policy are published on our main website (www.countybroadband.co.uk) and made available via the ‘legal’ link at the bottom of the homepage.

Profile Data

We may collect Aggregated Data about which services our customers use on the internet so that we can optimise our network traffic flows to make sure we have enough bandwidth to satisfy our service contracts with our customers. We may also collect information about your computer, including your IP address, operating system and browser type. Unless this information is needed for a service enquiry specific to your service, this is only used as aggregated statistical information to help us keep our network running smoothly and does not identify any individual.

As part of the normal function of the equipment that provides our services, information may be generated about its operational processes, such as when a customer service is powered on or off, or in the event of a service failure. This information will be logged for a period and may be used to improve your service. We may contact you from time-to-time in relation to the correct functioning of your services, in relation to information generated in this way which alerts us to an issue

We automatically collect Technical Data about your visits to our websites (including, but not limited to, traffic data, location data, weblogs and other communication data) and the websites and other products and services you access through it, and any of our marketing messages that you engaged with before visiting our site. We collect this personal data by using cookies, server logs and other similar technologies. Details of our Cookie Policy are published on our main website (www.countybroadband.co.uk) and made available via the ‘legal’ link at the bottom of the homepage.

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. We may from time-to-time ask you questions about how you use the services we provide, other services you would like us to provide in the future and about other things, such as information about your lifestyle.

Marketing and Communications Data

We keep a record of any consents that you have given us in relation to receiving marketing and network build information from us, so that we only provide you with information that is relevant to your specified interests. If you subsequently remove your consent, we also record when you did that, so we can ensure that we comply with any legal or regulatory requirements to do so. If you subsequently remove all of your consents, where you are not in a contract with us, we will purge your personal data from our records after a short period.

5. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when we have legal grounds to do so, which will be in one of the following circumstances:

  • Where you have given us explicit consent, in relation to allowing us to communicate with you.
  • Where you are considering entering or have entered into a contract with us to take our products or services.
  • Where it is necessary for our legitimate interests and where your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Consent means that you have explicitly granted us permission to use your personal data to contact you. We may ask you for consent when you register an interest or place an order for our services on our web site. We may also ask you for consent when you speak with us, either in person, or on the phone. You can withdraw your consent at any time by emailing consent@countybroadband.co.uk and requesting an email which allows you to adjust your personal communication preferences.

Contract means that we are using your personal data as necessary to provide a quote to you or fulfil a contract to provide our services to you. Once you have placed a pre-order or order with us we will use your personal information on the legal basis of Contract to communicate with you about how we intend to deliver the service to you. We will contact you using any Contact Information that you have provided us with to deliver your service, and subsequently communicate with you about the billing and support aspects of that service. You may opt out of any Consent that you have previously granted us, if you want to stop receiving marketing information. You may not opt out of service related correspondence in relation to the Contract. You may, however, let us know your preferences on how you would like to be contacted.

Legitimate Interest means using your data as necessary for the commercial interests of our business, allowing us to conduct and manage our business to give you the best possible service and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.

Comply with a legal or regulatory obligation means using your personal data to the extent necessary for us to comply with a legal or regulatory obligation that we are subject to.

6. DISCLOSURES OF YOUR PERSONAL DATA

We may sometimes need to share your personal data with the types of third party listed below:

  • Our partner organisations and subcontractors who provide some of the services on our behalf.
  • Credit reference agencies (to carry out credit checks) and debt recovery agencies (if you do not pay your bills).
  • IT and system administration services service providers.
  • Emergency Services (including police, fire and ambulance services)
  • Professional advisers including lawyers, auditors and insurers.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business with.
  • Regulators, ombudsmen, government/industry bodies and authorities for the purposes of resolving disputes, complying with regulatory requirements and reporting and in connection with obtaining grants or funding directly or on your behalf.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data on our behalf for specific purposes, as if we were processing it ourselves and only in accordance with this privacy policy.
Some of our third-party suppliers are based outside the EEA so their processing of your personal data may involve a transfer of data outside the EEA, although we will only transfer data to servers within the EEA where possible. Should we need to transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The third-party country has been deemed to provide an adequate level of protection for personal data by the European Commission;
  • The service provider is based in the US and is part of the Privacy Shield framework which requires they provide a set of robust and enforceable protections for the personal data of EU individuals.

We may also disclose your personal data to a third party if we are under a duty to do so in order to comply with a legal obligation or in order to enforce or apply any of our terms of use. This includes exchanging information with other companies and organisations for the purposes of law enforcement, fraud protection and credit risk reduction.

7. DATA RETENTION

We will only keep your personal data on file whilst we need it for the purposes we collected it for. As well as for servicing your contract, we might also need to retain it to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least 7 years after they cease being customers for tax purposes.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. CHILDREN’S PERSONAL DATA

We do not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our websites or services. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this notice by instructing their children never to provide Personal Data through our services or websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our websites or services, please contact us and we will endeavour to delete that information and terminate the child’s account from our databases.

9. YOUR LEGAL RIGHTS

You have various rights in relation to your personal data – these are set out in detail below. If you wish to exercise any of these rights, please contact us by telephone on 01376 562002 or email us: support@countybroadband.co.uk

Access to Personal Data
You have the right to access the personal data we hold on you (commonly known as a “data subject access request”).

Correction of Personal Data
You have the right to request correction of the personal data that we hold on you. If you are aware of any information that we hold that is incorrect or incomplete, please let us know and we will correct it. We may first need to verify the accuracy of the new data you provide to us, and then we will make the correction.

Removal of Personal Data
You have the right to request the erasure of your personal data (commonly known as “the right to be forgotten”). This enables you to ask us to delete your personal data when we no longer need it. You may also ask us to delete your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with a legal obligation. However, we may not be able to comply with your request of erasure, for example, if we are required to retain your personal data for legal reasons, or if that data is required to provide you with a service you have requested. We will let you know if this is the case.

Request Restriction of Processing
Your have the right to request we restrict processing your personal data. You may ask us to suspend the processing of your personal data in the following scenarios:
a) if you do not think the data we hold is accurate, whilst we verify its accuracy;
b) where our use of the data is unlawful but you do not want us to erase it;
c) where we no longer need to process it but you require us to store it in relation to a legal claim; or
d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Transfer Request
You have the right to request your personal data is transferred to you or to a third party. We will if feasible practically provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information which you have provided us, and which we process by automated means and use to perform a contract with you.

Object to Processing
You have the right to object to to us processing your personal data for direct marketing purposes. You also have the right to object where we are relying on a legitimate interest but you feel the processing impacts on your fundamental rights and freedoms.

Withdrawal of Consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal data that is not related to providing a service you have requested (for example, for marketing purposes). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, if we feel that your request is unfounded, repetitive or excessive, we may charge a reasonable fee or we may let you know that we are refusing to comply with your request. If we refuse your request, we will explain why and you will be entitled to raise the issue with the ICO (www.ico.org.uk).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to all legitimate requests within 30 days of receipt and, if possible, achieve a satisfactory resolution within that time period. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. CHANGES TO THIS PRIVACY POLICY

Any changes we may make to this Privacy Policy in the future will be published on our main website (www.countybroadband.co.uk) and made available via the ‘legal’ link at the bottom of the homepage. You should check that link from time-to-time for any changes we may have made. We may also email you about these changes, if you are a customer of County Broadband.

11. CONTACT

If you have any questions, comments and requests regarding this Privacy Policy, including any requests to exercise any of your legal rights under it, please contact us using the details set out below:
Email: info@countybroadband.co.uk
Telephone: 01376 562002
Post: County Broadband, Old Bourchiers Hall, New Road, Aldham, CO6 3QU.

If you have any complaint about how we are using your personal data or otherwise in relation to this Privacy Policy, please contact us in the first instance and will we do our best to resolve it. If we do not resolve it to your satisfaction, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).