Privacy statement
This Statement describes our practices for the data processing activities set out below. This Privacy Statement applies to all customers and prospective customers of nexfibre as well as to any visitors to or users of our website (“Website”), or any person that engages with us whether or not customers of nexfibre. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process your Personal Data (as defined below), and to learn about your rights and choices regarding our processing of your Personal Data.
A reference to nexfibre is a reference to nexfibre Networks Limited and all its subsidiary undertakings and member entities (collectively, “nexfibre”, “nexfibre Group”, “we” or “us”).
Personal data we collect
For the purposes of this Privacy Statement, “Personal Data” means any information that identifies you, that could be used to identify you or that relates to you, and that you submit about you when interacting with us and/or is otherwise collected by us when you visit the Website, by phone, e-mail, writing or in another manner. During our relationship with you we may collect and process your Personal Data, such as your name, address, telephone, email and other contact details, and any other data relating to you which you may provide, in the following cases:
Visit our Website
Complete the ‘let’s start the conversation today’ form on our Website
Enquire about our services or contact us
Enter into a contract with us and purchase our services
Access our locations
Participate in a promotion, event, survey or other marketing campaign we organise
Sign up for any promotional materials
Personal Data that you provide us
The types of Personal Data we may obtain in connection with the previous cases are as follows:
- Identity data:
- Your identity data (such as name, address, title, telephone, mobile numbers, email address) and details contained in wayleave access documentation;
- Identity data of third parties you provide to us (such as name, address, /title, telephone, mobile numbers , email address)
- Identity and message data, e.g. through the ‘let’s start the conversation today’ form on our Website, the data included in the request (e.g. your name, e-mail address and message).
- Business details:
- Account details
- Business profile
- Services provided
- Financial data: Financial and payment data such as banking details, invoices and payment terms as well as any Personal Data for fulfilling and legitimate processing billing information
- Account details
We may also obtain some information relating to you from trusted third parties such as our wholesale channel partners, our installation partners, our service provider partners and also providers of lead generation services. We carry out due diligence and have contracts in place with such third parties to ensure they have obtained your information lawfully and can pass it on to us to use.
We do not knowingly collect Personal Data from anyone under the age of 18.
Personal Data collected by automated mean
When you visit our Website or use our services, subject to your prior consent where required by law, we may process Personal Data without you actively submitting such information, by automated means, using technologies such as cookies, web server logs, web beacons, and similar technologies on our Website or CCTV recordings in our locations. nexfibre may collect data in the following ways through information automatically gathered:
- On our website: To the extent permitted under applicable law and, where required, subject to your explicit consent, nexfibre uses cookies and other technologies to collect amongst others navigational information about where visitors go on this Website, how many visits are made to this Website, when this Website is visited, and other data. To learn more about our use of cookies and type of cookies collected please read the cookie statement
- In our locations: Security at nexfibre offices includes security measures such as restricted access and the use of CCTV in line with applicable data protection laws. We may process CCTV footage of personnel for the purposes of ensuring safety and security
Personal Data collected by third partie
nexfibre may also receive information about customers from other sources, including third parties from whom we have purchased data, and combine this information with data we already have about you. This helps us to update, expand and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. We will ensure that any marketing campaigns are aligned to GDPR requirements or any other applicable law.
Use of collected Personal Data
nexfibre as the Data Controller shall only process your Personal Data for the purposes described in this Privacy Statement or as otherwise permitted under applicable law. The processing of your Personal Data by nexfibre for the purposes described hereunder is based on:
- Performance of contract;
- Your explicit consent;
- Compliance with a legal obligation;
- To protect the vital interests of you and others
- Public interest; or
- Our legitimate interests, provided that they are not overridden by your interests
as provided by Article 6.1 of the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”). Where we rely on your consent to process your Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Your Personal Data may be processed by nexfibre for purposes including:
- to provide the services;
- to monitor and analyse network build performance and to benchmark our business processes and performance data;
- to provide you with information (including information about network updates), products or services or take actions that you request;
- administer our relationship with you, including to respond to your inquiries or complaints;
- to provide any services or information you have requested and information about our services;
- to undertake segmentation and demographical analysis to predict areas of demand;
- to perform our obligations arising from or related to any contracts entered into between your business and us, and for effective customer account management, partner management and supply chain management, including performance monitoring and management;
- to administer, operate, maintain, and improve the Website and our services;
- for efficient customer management relationship;
- to provide operational maintenance and support;
- to provide a secure service;
- to perform fraud detection and prevention;
- to respond to requests from administrative or judicial authorities; an
- to comply with applicable laws and regulations.
Providing Personal Data for these purposes is necessary and refusal would make it impossible for nexfibre to manage its contract or other business relationship with you or to comply with its contractual and legal obligations. Subject to your consent where required by law, we may also use your Personal Data in order:
- to evaluate the effectiveness of our website, to analyse trends, and to administer the website;
- to market and improve the services that we offer;
- to provide communications to keep customers informed of our services;
- to conduct promotions campaigns, survey and other marketing initiatives in accordance with the “How do we use your Personal Data for marketing purposes?” section to follow;
- let you know about offers and discounts; and
- carry out research and statistical analysis including to monitor how all customers use our services on an anonymous or business by business basis.
Providing Personal Data for marketing purposes is optional and refusal will have no consequence on the performance of any contract by nexfibre.
In order to provide you with a better experience and to improve the quality of our services, to the fullest extent permitted by applicable law, we may combine the information you submit to us with other information that we may receive from you, from third parties, or with other public demographic information.
Privacy Statement – Residents And Wayleave Access Information
This privacy statement sets out how nexfibre and its subsidiary undertakings (we / us) use and protect your personal data. It applies specifically to residential householders whose information is shared with us by councils and local authorities (“authorities”) so that we can carry out build work for our network.
We are committed to ensuring that your privacy is protected. We also want to ensure you are properly informed about how your information is used and that you receive certain information that we are required to give you by law, which is why we provide this privacy statement.
We may collect, store and use personal data including:
- Your address, which is disclosed by your authority to us so that we can facilitate multi dwelling unit wayleaves in areas where our fibre to the home build is taking place; and
- Information that you may provide to trusted partners and third party service providers.
A wayleave is a contractual agreement between a landowner and a telecommunications provider, where the landowner grants the network provider a licence with the right to access property, to install and/or maintain electronic communications equipment. For further information about wayleaves, see: https://www.gov.uk/guidance/guidance-on-access-agreements
How long do we keep your Personal Data for
This website contains links to other websites, which may be operated by other third parties. The websites to which nexfibre provides links may use cookies, and may collect information about your browsing and internet navigational history. The linked websites may also allow opportunities for you to voluntarily provide personal data. Therefore, before you provide any personal data, we recommend that you review the Privacy Statement associated with the website. We only retain information for as long as is necessary and in accordance with any legal requirements that we are required to meet.
What happens when you provide us with Personal Data about third parties
If you provide us with Personal Data about third parties, you warrant, represent, and undertake that you have complied with applicable data protection laws including informing and obtaining all necessary consents and approvals for the provision of such Personal Data to nexfibre and the processing by nexfibre of this Personal Data as described in this Privacy Statement.
How do we use your Personal Data for marketing purposes
We may use your Personal Data to conduct marketing, promotional and informational activities and to perform business analytics, satisfaction surveys or market research and direct marketing purposes in general, including sending notifications about updates to the Website, information on our services we think may be of interest to you, initiatives or events by mail, e-mail, phone, SMS or other electronic means. We will only do so in accordance with GDPR requirements and/or subject to relevant legal requirements. When you request to be removed from certain marketing offers, you will, in accordance with applicable data protection laws, be added to the relevant internal suppression list(s) to ensure your request is complied with. Please note, nexfibre does not share, sell, rent or trade Personal Data with third parties.
Do we share your Personal Data?
Our policy is to not give, sell or otherwise distribute Personal Data we collect to third parties outside of nexfibre, except where required with your explicit consent or where this is necessary and in accordance with applicable law. In line with this, we share Personal Data with the recipients listed below.
nexfibre Group members.
We may share your Personal Data with members of the nexfibre Group, and shall also include the VMO2 Group, Liberty Global, InfraVia Capital Partners and Telefónica.
Third party service providers
Your Personal Data may be disclosed to third party service providers, acting on our behalf, in connection with managing services, data analytics, finance, accounting or other administrative services and information technology support. These third party service providers will have access to – and process – Personal Data only on our behalf and under our instructions and will be held to appropriate security obligations.
Other data recipients
For the above purposes or where otherwise required by law, we may also need to make Personal Data available to third parties such as advisors, professionals, independent consultants, potential or existing investors, acquirers and/or Joint Venture partners (in connection with a merger, acquisition, sale or Joint Venture involving all or any part of the nexfibre Group or as part of a corporate reorganization, stock or asset sale, or other change in corporate control), regulatory and/or administrative authorities, courts, police authorities.
You should also be aware that we may disclose specific information about you if necessary to do so by law, or based on our good faith belief that it is necessary to conform or comply with the law, or it is necessary to protect the users of this Website, of our services or the public. nexfibre may provide information, in response to properly made requests, for the purposes of the prevention and detection of crime, and the apprehension or prosecution of offenders, when required to do so by law, for example under a court order, or in response to properly made court or administrative demands. nexfibre may also provide information for the purpose of safeguarding national security. In either case, nexfibre will act in accordance with applicable data protection law.
We may also disclose Personal Data about you when you explicitly consent to such transfer or when we believe disclosure is necessary or appropriate for our legitimate interests (or those of the third party to whom we disclose your data), provided that they are not overridden by your interests or fundamental rights and freedoms, in accordance with applicable laws.
We may share with third parties certain pieces of aggregated, anonymized data, such as how our customers use our services or Website. Such information would not identify you individually.
Third party management
nexfibre ensures third party privacy compliance through a third party risk assessment process to ensure appropriate privacy checks are done. Once the privacy due diligence is positively completed, prior to sharing any Personal Data with third parties, a data processing agreement containing requirements stipulated in Article 28 of the GDPR is executed between the parties. If it concerns a transfer of Personal Data outside the EEA, the “International Data Transfers” section below provides more information on how we deal with this. Furthermore, nexfibre may carry out audits to check third party privacy compliance.
International Data Transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information as set out in this privacy statement, in particular to provide you with our products or services. Currently this is only within the UK.
Some of our trusted partners and third party service providers who have access to your personal data may be located or transfer or host data outside the UK and/or the European Economic Area (EEA). If this is the case, we will ensure your personal data is processed under strict organisational and contractual controls.
In these circumstances, we will ensure your personal data is processed under strict organisational and contractual controls, specifically using the International Data Transfer Agreement as well as the International Data Transfer Addendum. For more information about these control, please visit the ‘International transfers’ section of the ICO website: https://ico.org.uk or contact us using the contact details below.
When using our website, nexfibre utilises attack protection solutions. Due to the nature of the internet and these security systems your connection might be routed through any server worldwide. However, information you provide (for example in the ‘let’s start the conversation today’ Form) will only be processed in the UK.
Security procedures
We establish and maintain adequate security procedures to protect the security and integrity of your Personal Data. nexfibre will ensure that appropriate policies and technical and organizational measures in place, reflecting the current security landscape, to safeguard and protect your Personal Data against unlawful or unauthorised access, accidental loss or destruction, damage, unlawful or unauthorised use and disclosure. We will also take reasonable precautions to ensure that our employees who have access to Personal Data about you have received adequate training.
Your rights
In accordance with applicable data protection law, you have the following rights:
- Right to Access your data: Obtain confirmation of the existence of, and to request a written copy of the Personal Data nexfibre holds about you;
- Right to Rectification: Have any inaccurate information about you corrected;
- Right to Information: Receive information on how nexfibre processes your data
- Right to Erasure: Have Personal Data we hold about you deleted, blocked or removed;
- Right to Object: Object to the use of your details for marketing activities and other promotional activities, as described under the “How do we use your Personal Data for marketing purposes?” section previous;
- Rights related to Automated Decision-making and Profiling: Right not to be subjected to automated decision-making or profiling that produces legal effects or significantly affects you;
- Right to Restrict: Restrict the processing we make in relation with your Personal Data;
- Right to Data Portability: Receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format in order to transmit them to another data controller; and
- Right to Lodge a Complaint: Lodge a complaint with a Supervisory Authority, if you consider that the processing of your Personal Data by nexfibre infringes applicable data protection law.
In case you wish to exercise any such rights, please send a request to [email protected].
To find out more about these rights, visit the UK Information Commissioner’s Office (ICO) website: https://www.ico.org.uk
If you are not satisfied with our response to your request or believe our processing of your information does not comply with data protection law, you can make a complaint to the ICO: https://ico.org.uk/concerns/.
Links
This Website contains links to other websites, which may be operated by members of the nexfibre Group or third parties. The Website to which nexfibre provides links may use cookies, and may collect information about your browsing and internet navigational history. The linked website may also allow opportunities for you to voluntarily provide Personal Data. Therefore, before you provide any Personal Data, we recommend that you review the Privacy Statement associated with the website where you will be submitting your information.
Contact
If you have any questions or queries about how we process your Personal Data, or if you wish to exercise your Rights (e.g. to access, delete or to object to the processing of your Personal Data) you can contacts us sending an email to [email protected].
Changes to this Statement
If elements of our Privacy practices change, we will inform you by updating the Privacy Statement in this Website.
This statement was last updated: 09 April 2024