BeFibre (“Be Fibre Limited”, “we” “us”, and “ours”), an internet service provider (“ISP operating under brand name BeFibre”), are a limited company registered in England and Wales under company number 13406629. Our registered office and main trading address is at BeFibre Ltd, Sankey Valley Industrial Estate, Anglezake Road, Newton-Le-Willows, United Kingdom, WA12 8DJ.
We are regulated in the UK by Ofcom and are registered with Ombudsman Services (www.ombudsman-services.org) who are our Alternative Dispute Resolution Provider.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: This includes your name and any identities that you may have created to use our services (such as usernames, WiFi station id, and so on).
Contact Data: This includes billing address, delivery address, email address, social media username (if given) and telephone numbers.
Financial Data: This includes bank account and payment card details.
Transaction Data: This includes details of the services that you subscribe to, and any equipment that we have supplied to provide those services. It also includes any information that we obtain during our installation process, such as photos of the installation and any information that you give to our engineers at your property. It also includes information on any financial transactions in relation to services we provide to you, such as invoices and payments against those invoices.
Usage Data: This includes information about how you use our services, our network and our websites. It also includes records of telephone calls made and received by you through our telephone service.
Technical Data: This includes internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites and our network. It may also include details of any of your devices registered with equipment provided to you as part of our service. It also includes information generated by any of the equipment that we use to provide our service and to ensure that it is correctly functioning.
Profile Data: This includes your username and password (if made available to us), orders made by you, your interests, preferences, feedback and survey responses, and a history of any consents that you have given us in relation to how we use your personal data. It also includes information that relates to how you use our services, in relation to each other. For example, the order in which you view the information on our web site, or information about which of our marketing messages you might have responded to before you registered an interest in our services.
Marketing and Communications Data: This includes your preferences in receiving marketing from us and our third parties, and any information that we retain regarding which emails and printed material that we might have sent you.
We also collect, use and share “Aggregated Data” (this means statistical or demographic data derived from your personal data, or your usage of our services). Aggregated Data is not considered personal data in law as this data does not directly or indirectly reveal your identity.
Identity Data, Contact Data and Financial Data
You may give us your Identity, Contact and Financial Data in a number of ways:
We may also collect information that you give us when you only partially fill-out an online form, and exit before completing it. We will never use partially collected personal information unless we have a legal basis to do so. We may also ask you to provide financial payment details, such as bank account or credit card number, in relation to payment for goods or services. These will only ever be used to set up recurring mandates or to pay an invoice under your instruction, and this information will be deleted once the mandate or payment has been set-up on your behalf.
When you contact us (by phone, email or via our websites), we may keep a record of it and what you say to us.
We hold sales and account information about any orders that you have placed with us, and any financial transaction data generated from them. This will be in the form of pre-orders, sales orders, and invoices detailing charges raised against those orders – and records of payments that you have made against those charges.
We collect details of any activity that we undertook to deliver our services to you, such as appointments, surveys and installations of equipment at your property. As we do this any additional information that you provide may be recorded and stored on your file, and we may also take photos of aspects of the delivered service (such as the position of the cables and provided equipment) so that we can support you better and ensure that we can provide you with the highest quality of service.
You may also provide us with information about any previous supplier account that you may have had, so we can migrate to us any previous services that you ask us to, such as porting in your previous telephone number for use with your Be Fibre phone service.
If we provide you with equipment, either as part of our services, or sold to you for your own use, we will retain information about that equipment such as serial numbers and vendor information. We will use this to support the services, and to manage replacement or fixes under warranty.
Usage and Technical Data
When you use our services, we will automatically collect your Usage Data. When you (or someone using your BeFibre broadband or telephone service) use BeFibre’s network to make a telephone call or connect to the internet, we keep a record of that call (including the number called) so we can charge for it. We also receive information from other operators about calls made over our network, where we need that information for connecting and billing purposes. We will also collect information about your use of our services (such as the amount of time you spend online), which we will use to manage our network and for billing.
If someone abuses or damages any services supplied by BeFibre, for example by making offensive or nuisance calls, we may keep information relating to that abuse.
If a customer abuses our internet service or any other services we provide, for example by not following any part of our Acceptable Use Policy, we may keep any information relating to that abuse. Details of our Acceptable User Policy are published on our main website here.
We may collect Aggregated Data about which services our customers use on the internet so that we can optimise our network traffic flows to make sure we have enough bandwidth to satisfy our service contracts with our customers. We may also collect information about your computer, including your IP address, operating system and browser type. Unless this information is needed for a service enquiry specific to your service, this is only used as aggregated statistical information to help us keep our network running smoothly and does not identify any individual.
As part of the normal function of the equipment that provides our services, information may be generated about its operational processes, such as when a customer service is powered on or off, or in the event of a service failure. This information will be logged for a period and may be used to improve your service. We may contact you from time-to-time in relation to the correct functioning of your services, in relation to information generated in this way which alerts us to an issue
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. We may from time-to-time ask you questions about how you use the services we provide, other services you would like us to provide in the future and about other things, such as information about your lifestyle.
Marketing and Communications Data
We keep a record of any consents that you have given us in relation to receiving marketing and network build information from us, so that we only provide you with information that is relevant to your specified interests. If you subsequently remove your consent, we also record when you did that, so we can ensure that we comply with any legal or regulatory requirements to do so. If you subsequently remove all of your consents, where you are not in a contract with us, we will purge your personal data from our records after a short period.
We will only use your personal data when we have legal grounds to do so, which will be in one of the following circumstances:
Consent means that you have explicitly granted us permission to use your personal data to contact you. We may ask you for consent when you register an interest or place an order for our services on our web site. We may also ask you for consent when you speak with us, either in person, or on the phone. You can withdraw your consent at any time.
Contract means that we are using your personal data as necessary to provide a quote to you or fulfil a contract to provide our services to you. Once you have placed a pre-order or order with us we will use your personal information on the legal basis of Contract to communicate with you about how we intend to deliver the service to you. We will contact you using any Contact Information that you have provided us with to deliver your service, and subsequently communicate with you about the billing and support aspects of that service. You may opt out of any Consent that you have previously granted us, if you want to stop receiving marketing information. You may not opt out of service related correspondence in relation to the Contract. You may, however, let us know your preferences on how you would like to be contacted.
Legitimate Interest means using your data as necessary for the commercial interests of our business, allowing us to conduct and manage our business to give you the best possible service and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
Comply with a legal or regulatory obligation means using your personal data to the extent necessary for us to comply with a legal or regulatory obligation that we are subject to.
We may sometimes need to share your personal data with the types of third party listed below:
Some of our third-party suppliers are based outside the EEA so their processing of your personal data may involve a transfer of data outside the EEA, although we will only transfer data to servers within the EEA where possible. Should we need to transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring the following safeguard is implemented:
We will only keep your personal data on file whilst we need it for the purposes we collected it for. As well as for servicing your contract, we might also need to retain it to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least 7 years after they cease being customers for tax purposes.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We do not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our websites or services. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this notice by instructing their children never to provide Personal Data through our services or websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our websites or services, please contact us and we will endeavour to delete that information and terminate the child’s account from our databases.
You have various rights in relation to your personal data – these are set out in detail below:
Access to Personal Data
You have the right to access the personal data we hold on you (commonly known as a “data subject access request”).
Correction of Personal Data
You have the right to request correction of the personal data that we hold on you. If you are aware of any information that we hold that is incorrect or incomplete, please let us know and we will correct it. We may first need to verify the accuracy of the new data you provide to us, and then we will make the correction.
Removal of Personal Data
You have the right to request the erasure of your personal data (commonly known as “the right to be forgotten”). This enables you to ask us to delete your personal data when we no longer need it. You may also ask us to delete your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with a legal obligation. However, we may not be able to comply with your request of erasure, for example, if we are required to retain your personal data for legal reasons, or if that data is required to provide you with a service you have requested. We will let you know if this is the case.
Request Restriction of Processing
You have the right to request we restrict processing your personal data. You may ask us to suspend the processing of your personal data in the following scenarios:
a) if you do not think the data we hold is accurate, whilst we verify its accuracy;
b) where our use of the data is unlawful but you do not want us to erase it;
c) where we no longer need to process it but you require us to store it in relation to a legal claim; or
d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You have the right to request your personal data is transferred to you or to a third party. We will, if feasible practically, provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information which you have provided us, and which we process by automated means and use to perform a contract with you.
Object to Processing
You have the right to object to us processing your personal data for direct marketing purposes. You also have the right to object where we are relying on a legitimate interest but you feel the processing impacts on your fundamental rights and freedoms.
Withdrawal of Consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal data that is not related to providing a service you have requested (for example, for marketing purposes). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, if we feel that your request is unfounded, repetitive or excessive, we may charge a reasonable fee or we may let you know that we are refusing to comply with your request. If we refuse your request, we will explain why and you will be entitled to raise the issue with the Information Commissioner’s Office (ICO) (www.ico.org.uk).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to all legitimate requests within 30 days of receipt and, if possible, achieve a satisfactory resolution within that time period. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Communication of the Policy
The policy will be communicated at regular intervals, using a range of appropriate media, and providing opportunities for questions and concerns to be fully addressed. The policy will also be communicated to other stakeholders, including customers, suppliers, and joint venture partners, as opportunity or the need arise.