- the types of personal data that JFL may collect
- why JFL may collect and use your data
- when and why we will share personal data within JFL and other organisations
- the rights and choices you have when it comes to your personal data
The Data Controller as defined under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) in relation to your personal data is JFL. JFL is registered as a data controller with the UK Information Commissioner’s Office and our registration number is ZA506987.
What this Policy does not apply to
This policy does not apply to other organisations’ websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our website and/or apps, we encourage you to read the privacy notice of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.
2.What data will we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which is known as anonymous data).
There are different ways in which we collect your information both directly from you and from third parties. For example:
2.1 Information we receive directly from you:
- When you apply for, use and/or purchase products and/or services from us, or contact us with queries we may ask you to give us, where necessary, personal and contact details (name, address, phone number, date of birth); your financial details (i.e. bank account, payment method, credit card number)
- When you sign up to use our apps, we may ask you to give us, where necessary, personal and contact details (name, address, phone number, date of birth); your financial details (i.e. bank account, payment method, credit card number)
- When you write to us, talk to us on the phone, email or communicate via electronic messaging (such as SMS, live chat tools), we may collect personal and contact details including your name, address, phone number, email address, as well as the information that you provide to us via such communications
- In customer surveys from time to time, to help us provide you with improved services, when we will collect the information you provide to us including your name, phone number, email address and information about how you use our website, apps, products and/or services
2.2 Information we collect about you when you use our products and services:
- When you use our broadband service we may collect information about your use of those services including the following:
- Usage data (i.e. frequency, time, data traffic used per month)
- Billing, payment and transaction data (your financial details, bills and its components)
- Technical data related to your television viewing such as time and duration of watched content, information on the content recorded/watched, MAC/IP address, the quality of the connection o Interactive data (apps usage data, websites usage / visits data)
- Device data (IP address, device make and manufacturer, browser information and other similar identifying information required from your devices to communicate with websites and applications on the internet)
- We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service and/or for training, operational and compliance purposes
- When you use our apps, we may collect personal data including location, usage and device data using cookies and other similar technologies.
2.3 Information collected from others:
We may supplement the information that we collect from you and about your use of our products and/or services, with information that we receive from third parties.
This may include:
- Data we collect from other members of your household in relation to your use of our products or services
- Data we receive from someone who refers you for our products and services
- Data from other organisations who have obtained your permission to share information about you with us
- Data accessible to us from publicly available sources such as councils, company registers, land registry, electoral rolls and online search engines
- Information we get from reporting agencies, such as credit reference agencies. They may give us information about your financial history so we can assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity
- Financial and transaction data from providers of technical and payment services.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3.How,why and when we may collect data about you
There are many reasons why we may legitimately collect and process your personal information and data, including:
3.1 Contractual Obligations
We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract.
Examples of these situations include:
- To provide you with a quote for our products and/or services
- To determine your eligibility for our products and/or services / whether they are available in your area
- To process your orders for our products and services and to bill you for the same
- To provide you with the products and services you have ordered from us
- To respond to any questions or complaints you may have regarding our products and services
- To administer, operate, facilitate and manage the products and services JFL provides to you
- To manage the best way of routing your data usage through the various parts of our network, equipment and systems
- To contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account
- To provide you with information relating to our products and/or services
Examples of your personal information that we may process under this legal basis include:
- Your contact details, including name, address, phone number, date of birth, email address, passwords and credentials (such as your security questions and answers), and other information needed to confirm your identity and your communications with us
- Your communications with us, such as calls, emails and webchats
- Your payment and financial information
- Details of the products and services we have provided to you, such as data usage, routers and apps
3.2 Legal Compliance
If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator. However, we would need to be satisfied that a request for information is lawful and proportionate and we would need appropriate assurances about security, how the information is used and how long it is kept.
3.3 Legitimate Interest
We may also use your personal data where it is necessary to pursue our legitimate interests (or those of a third party) but only in a way which might reasonably be expected as part of running our business and only where such interests are not overridden by your fundamental rights, freedoms or interests.
We may process your personal data under this basis for the legitimate running of our business, to facilitate our internal business operations including assessing and managing risk, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
We may also use your personal information for the legitimate interest of helping to prevent and detect crime and fraud and to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.
To do that, we may use the following information:
- Your contact details and other information to confirm your identity and communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (for example, security questions).
- Your payment and financial information
- Information from credit reference and fraud prevention agencies
- Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records
- CCTV footage in or around company premises
In specific situations, we may collect and process your data with your consent including the following:
- If you intend to use our apps, we will request your consent to download the apps and register you as a new user of our apps
- If you download our apps, or contact us via our website with queries about our service, we may we request your consent to process your location data to determine your eligibility for our products and services and, in particular, whether and when our products and services may be available in your area
- We may request your consent in order to send marketing communications regarding our services and/or products via our apps, website or otherwise.
However, if we do so, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you do withdraw your consent, we may not be able to provide certain information, products or services to you.
4.Who do we share your information with?
Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data with them. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance and only for the purposes set out in paragraph 3 of this policy.
We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law.
Other organisations with which we may share your information include:
4.1 Contracted Partner Companies
We may share your personal information with Partner companies with whom we have contracts for certain products and/or services. The reasons we may share your information in this way include:
- To further develop and improve our infrastructure and network services
- Provide customer-service, marketing and information-technology services
- Personalise our service and make it work better
- Process payment transactions
- Carry out fraud and reference checks and collect debts
- Analyse and improve the information we hold (including about your interaction with our service); and
- Run surveys
4.2 Credit Reference Agencies
We may share your personal information with credit reference agencies, for example we may provide them with information about how you conduct your account with us and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of a credit agency to assess creditworthiness and product suitability, check your identity, trace and recover debts, prevent criminal activity or to gather information about your financial history. This is so that we can confirm your eligibility for our products and/or services and guarantee your ability to make regular payments for such product and/or services.
We do not sell or share your personal information and/or data to or with third parties for third party direct marketing purposes.
4.3 Other third parties
We may share your personal information with the following:
- Professional advisers including lawyers, bankers, auditors and insurers
- Regulators and other authorities who require reporting of processing activities in certain circumstances.
5.Sharing your data outside the european economic area
The data and information that we collect and process may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). We will only transfer your personal data outside the EEA on the basis that anyone to whom we transfer it protects your data and information in a similar way to us.
In the event that we transfer your information to countries outside the EEA, we will only do so where:
- the European Commission has decided that the country to which we are transferring your data is deemed to provide an adequate level of protection for your information
- we have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information on such terms as approved by the European Commission to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses in such contracts, please contact us at [email protected]
6.How we protect your data
The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet. Our security measures include:
- Encryption of data where appropriate
- Regular penetration testing of systems
- Security controls which protect the entire JFL Information Technology infrastructure from external attack and unauthorised access
- Regular cyber security assessments of all service providers who may handle your personal data
- Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
- Internal policies setting out our data security approach
- Training for employees on security and privacy
7.How long we keep your information
By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in a number of formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.
We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.
If you would like more information about how long we keep your information, please contact us at [email protected]
8.What are your rights?
We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights, and the circumstances in which they apply, in the table below:
|Access: You have the right to get access to the information and/or data that we hold about you.||If you would like a copy of the information and/or data that we hold about you please contact us at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT|
|Rectification: You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.||If you believe that any of the information and/ or data that we hold about you is inaccurate, you have a right to request that we rectify any such data. For any rectification requests please email us at [email protected]|
|Erasure: You have a right to request that we delete your information and/or data.||You may request that we delete your information and/or data in certain circumstances including where:we no longer need to process your information and/or data for the purposes for which it was provided;we have requested your consent to process your information and/or data and you wish to withdraw your consent;we are relying on legitimate interests as our basis for processing your data, you object to such processing and we do not have an overriding legitimate interest to continue this processing; orwe are not using your information and/or data in a lawful manner.For any deletion requests please email us at [email protected]|
|Restriction: You have a right to request that we restrict the processing of your information and/or data.||You may request that we restrict or limit the way that we process your information and/or data in certain circumstances including where:you want us to establish the data’s accuracy;our use of the data is unlawful but you do not want us to erase it;you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; oryou have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.For any restriction requests please email us at [email protected]|
|Portability: You have a right to data and/or information portability.||Where we are processing your data by automated means and either we have requested your consent to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. If you would like to request the information you provided to us in a portable format, please contact us at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT|
|Objection: You have a right to object to our processing of your data and / or information.||You have a right in certain circumstances to object at any time to processing of your information and/or data including where the processing is for:direct marketing purposes; oryour legitimate interests (or those of a third party).If you would like to object to our processing of your data please contact us at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT|
|Lodge Complaints: You have a right to lodge a complaint with the regulator.||If you wish to raise a complaint on how we have handled your information, you can contact us, and we will investigate the matter, via e-mail at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT. We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk|