Privacy Policy

1. Introduction

This Privacy Policy:

1.1 Explains how Onecom uses your personal data, what we do to ensure the safety and security of it, and who we share it with. It also informs you of your rights and how the law protects you.
1.2 Applies when you visit our website, or if you (or your business) are a customer, supplier or partner of Onecom.
1.3 Applies to former employees/staff of companies/businesses which have been acquired by Onecom.

2. Our Privacy Promise

We promise:

2.1 to keep your personal data safe and secure;
2.2 to give you ways to manage your marketing choices; and
2.3 not to sell your data.

3. Who we are

3.1 Onecom is a UK-based independent business telecommunications provider delivering fixed line, mobile, unified communications and connectivity solutions.
3.2 Onecom is a data controller, and is responsible for deciding how it holds and uses your personal data. Certain parts of our business are managed by other companies within the Onecom group, who may also act as a data controller in some circumstances. When we use the expressions “Onecom”, “we” “us” and “our” in this Privacy Policy, this refers to the applicable data controller within the Onecom group. Please see our list of Onecom group companies.
3.3 If you are applying for a role with the Onecom group, please see our Privacy Notice – Applicant.
3.4 Additionally, in some circumstances, Onecom may process your personal data as a data processor acting on behalf of a data controller. In those situations, the applicable data controller is responsible for deciding how your personal data is collected and used.
3.5 You can find out more about us by visiting the About Us

4. Your rights

4.1 At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
4.1.1 Right of access – you have the right to request a copy of the personal data that we hold about you.
4.1.2 Right of rectification – you have a right to correct personal data that we hold about you that is inaccurate or incomplete.
4.1.3 Right to be forgotten – in certain circumstances, you can ask for the personal data we hold about you to be erased from our records. Bear in mind, if you ask us to erase your personal data from our records, we may purchase data in the future that contains your information. We can however mark it as “do not contact” therefore stopping any contact we may make to you.
4.1.4 Right to restriction of processing – where certain conditions apply, you have a right to restrict our processing of your personal data.
4.1.5 Right of portability – you have the right to have the personal data we hold about you transferred to another organisation.
4.1.6 Right to object – you have the right to object to certain types of processing of your personal data, such as direct marketing.

4.2 To help us respond more quickly should you wish to exercise any of these rights, please use the contact form. We may on occasion need to verify your identity before addressing your request, in which case we will contact you to request the relevant information.
4.3Should there be a third party involved in the processing of your personal data, we will inform them of your request. If we are not the data controller in relation to your personal data but are a data processor, it will be the data controller’s responsibility to respond to your request.

5. How the law protects you

5.1 As well as our Privacy Promise, your personal data is protected by law. This section explains how that works.
5.2 Data protection law states that we are allowed to use personal data only if we have a proper reason to do so. This includes sharing it outside Onecom. The law says we must have one or more of the following reasons:
5.2.1 to fulfil a contract we have with you;
5.2.2 you have given us your consent;
5.2.3 it is necessary for compliance with a legal obligation that we are subject to; and/or
5.2.4 it is in our legitimate interest.

5.3 A legitimate interest is when we have a business or commercial reason to use your personal data, We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

6. Types of personal data we collect

6.1 Personal data means any information about an individual from which that person can be identified.

6.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
6.2.1 Identity Data includes title, first name, last name, username or similar identifier.
6.2.2 Contact Data includes billing address, delivery address, email address and telephone numbers.
6.2.3 Financial Data includes bank account and payment card details.
6.2.4 Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
6.2.5 Technical Data includes internet protocol (IP) address, your login data, time zone setting and location, device ID and other technical information we may have access to as a result of your use of our website and the products and services you have purchased from us.
6.2.6 Profile Data includes your username and password, purchases or orders made by you.
6.2.7 Usage Data includes information about how you interact with and use our website, products and services.
6.2.8 Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

6.3 We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

7. Where we collect personal data from

We may collect personal data about you from these sources:

7.1 personal data you give us:
7.1.1 when you talk to us on the phone, in person or via the web;
7.1.2 when you use our websites or interact with us through social media;
7.1.3 in emails and letters;
7.1.4 when you buy our products and services – this includes banking details for billing; and
7.1.5 when we buy your products and services;

7.2 personal data from third parties:
7.2.1 companies and people that pass us your personal data;
7.2.2 credit reference agencies; and
7.2.3 reputable data suppliers;

7.3 personal data from companies/businesses which have been acquired by Onecom; and
7.4 personal data from publicly available sources such as information held in Companies House, and information about you that is openly available on the internet.

8. Who we share your personal data with

8.1 Onecom will not pass on your personal data to third parties unless at least one of the following applies:
8.1.1 it is a requirement of the service or product you have with us, where this will be detailed within the contract;
8.1.2 it is a prerequisite of a prospective service or product you intend to have with us, where you will be notified beforehand;
8.1.3 we wish to undertake marketing to you with your consent or under our legitimate interests; and/or
8.1.4 it is a legal requirement to do so.

8.2 We may share your personal data with the following parties for the purposes set out in section 9 below:
8.2.1 companies within the Onecom group;
8.2.2 network service providers, or other sub-contractors engaged by us, who provide the service agreed in your contract
8.2.3 other service providers if purchased through us, e.g. insurance companies;
8.2.4 if you use direct debits, we will share your data with the Direct Debit scheme;
8.2.5 debt collection agencies or other debt recovery organisations;
8.2.6 law enforcement agencies, regulatory organisations, courts or other public authorities if we have to, or are authorised to do so by law and;
8.2.7 in the event that we sell or buy any business or assets or any third party invests in our business, in which case we may disclose your personal data to the prospective or actual seller, buyer or investor of such business or assets as part of the process of evaluation and to ensure continuity of service.

8.3 Some of the personal data that we collect from you may be transferred to, and stored at, a destination outside the UK This includes to our staff in India or to service providers that carry out certain functions on our behalf. We will take all steps necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and data protection laws.
8.4 Where we process your personal data as a data processor, we may share your details with sub-processors. Please see our current List of Sub-processors.

9. Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose of processing	Categories of individuals	Types of personal data	Our reasons (purpose for collection)	Lawful basis for processing	Retention period
Marketing and responding to enquiries	Prospective customers / enquirers	Name(s), email address, telephone number(s), work address, call recordings, IP address, email communications, social media communications	Commercial proposition to sell telecommunication products and associated services/products	Legitimate interests	Up to 6 years
		Business email address		Legitimate interests	After 90 days if it’s not edited or being used in any active campaigns
		Billing data	Reviewing historical mobile phone data	Legitimate interests	30 days
Marketing	Business customers	Name(s), email address, telephone number(s), work address, call recordings, IP address, email communication	Commercial proposition to sell telecommunication products and associated services/products	Legitimate interests	Up to 6 years
Marketing	Business customers	Business email address		Legitimate interests	After 90 days if it’s not edited or being used in any active campaigns
Customer orders	Customers	Name(s), email address, telephone number(s), call recordings, IP address, telephone numbers, xDSL, 4G routers, banking details, date of birth, passwords, tokens and 2nd factors of authentication, user login ID, MAC address, email communication, CCTV	Credit checks, fulfilling orders	Performance of contract	7 years + length of contract
Customer orders	Customers	Name(s), email address, telephone number(s), call recordings, IP address, telephone numbers, xDSL, email communication	Protect our commercial interest against bad debt	Legitimate interests	7 years + length of contract

10. Credit Checks

10.1 When you make a request for the supply of any products or services from us or any of our business partners and during the course of any such supply we may carry out credit checks on you at any time. We will only use licensed credit references agencies but such agencies will keep a record of our search on your credit record.
10.2 We may search the electoral roll to verify your address.
10.3 We may use credit searches and other information, which is provided to us or the credit agencies, about you and those who are linked financially to you, if credit decisions are made about you, or other members of your household.

10.4 We will use this data to:
10.4.1 assess whether you or your business is able to afford to make payments;
10.4.2 make sure what you’ve told us is true and correct;
10.4.3 manage accounts with us; and
10.4.4 trace and recover debts

10.5 If at any time during the provision of any goods and services to you, you fail to meet our credit conditions, we will contact you.
10.6 You can request a copy of your credit record by writing directly to the credit agencies.

11. Automated Decision Making

Onecom does not use automated processes for decision making. We may use a credit reference agency to perform credit checks when you apply for products or services with us however this is not an automated process; we use the credit reference agency’s recommendations and then we will manually review and make our decision based on this and other factors.

12. How long we hold your personal data for

12.1 The length of time we retain your personal data is dependent on what we are holding and why we are holding it. We will not keep your personal data for longer than is necessary for our business or legal requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

12.2 We may store your personal data in paper or electronic formats, both of which are stored securely and based on the guidelines as specified in ISO/IEC standards 17799, 27001 and 27002.

12.3 We also have processes in place to securely dispose of personal data we no longer require.

13. Marketing

13.1 We may use your personal data to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.
13.2 The personal data we have for you is made up of what you tell us and data we collect when you use our services or from third parties we work with.
13.3 We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
13.4 We can only use your personal data to send you marketing messages via email or text either if we have your consent to do so, or (if you are a business) it falls under our ‘legitimate interest’.
13.5 We may phone or email you to offer these services using our ‘legitimate interest’. That is when we have a business or commercial reason to use your data. It must not unfairly go against what is right and best for you.
13.6 You can of course tell us if you wish to opt out of these calls or emails at any time, either verbally whilst on the phone or by using the contact form on this page.
13.7 You can ask us to stop sending you marketing messages by contacting us. Or, if it’s an email marketing message you can simply click on the unsubscribe link at the bottom of the email.
13.8 Whatever you choose, you still may occasionally receive other important customer service information relating to your existing products and services.
13.9 If you change your mind, you can update your choices at any time by contacting us.

14. If things go wrong and you wish to make a complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact our Data Protection Officer in the first instance using the below details, or via this contact form.

15. Website & Live Chat

15.1 With regard to each of your visits to our website we will automatically collect technical information, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs). However, we do not collect the Internet protocol (IP) address used to connect your computer to the Internet.
15.2 Live Chat currently collects and stores your IP address.

16. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.