1 WHO ARE WE?
1.2 We have a data protection officer who is responsible for all of our issues relating to the protection of personal data.
The data protection officer can be contacted at the below:
The Data Protection Officer FACTCO
2nd Floor Cains Brewery Courtyard
Cains Brewery Village
(b) Prospective customers;
(c) Individuals that use our websites;
(d) Former customers;
(e) Nominated users or individuals acting under a power of attorney; and
2.2 Our services are not intended for children, unless we expressly state otherwise, and we do not knowingly collect or process personal data relating to children or anyone aged under 18 years.
2.3 It is important that the personal data we hold about you is accurate and current. It’s your responsibility to keep us up to date if you make any changes to your personal data please contact our data team – firstname.lastname@example.org
3 WHAT INFORMATION DO WE COLLECT?
3.1 Personal data is any information that can identify a natural person. We may collect, use, store and transfer different categories of personal data to enable us to deliver our services, as follows:
(a) Data about your Identity including first name, last name, title, date of birth and gender;
(b) Data about your contact details including service address, correspondence, company name, billing address, email address, landline telephone number and mobile phone number;
(c) Financial data including your bank account details for a direct debit and payment card details and your credit rating;
(d) Data relating to a transaction including details about payments to and from you and about the products and services that you have purchased from us;
(e) Technical data including IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, online chat logs and other information on the devices you use to access our services;
(f) Data about your usage on our network on all of our products and services;
(g) Data relating to your marketing and communications choices including what method you would like to receive marketing;
3.2 We may also collect and use non-personal data such as statistical or demographic data. This data may be derived from your personal data but is not considered personal data as this data cannot identify you.
4 HOW DO WE COLLECT INFORMATION?
4.1 Information you give us
(a) When you place an order with us for any of our services (for example over the phone, online or through a third-party affiliate), we will need certain information to process your order.
(b) When you contact us to discuss your services, we may ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately.
(c) If you take part in any trials, complete any survey or enter any competitions we may ask for information about you, which we will make clear to you at the time and for the purpose we will be using this information.
4.2 Information we automatically collect
(a) We will automatically collect information:
(i) when you use our services; and
(ii) when you visit our website, we may collect and process information about your usage of these by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available.
(iii) when you download content from our website, where applicable, have requested or consented to location services, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as search results, and other personalised content. Most mobile devices allow you to turn off location services. Our mobile application does not collect precise information about the location of your mobile device.
4.3 Information we receive from other sources
(a) We may receive personal data about you from third parties or publicly available sources in the following categories:
(i) companies contracted by us to help us provide services to you;
(ii) other telecommunications operators when transferring services;
(iii) marketing organisations;
(iv) credit reference agencies or fraud prevention agencies.
5 HOW DO WE USE INFORMATION?
5.1 The information we collect helps us to better understand what you need from us and to improve the provision of our services to you.
5.2 We use the information collected for example to:
(a) verify your identity when you use our services or contact us;
(b) process your enquiries, orders or applications, for example when assessing an application, we may use automated decision-making systems;
(c) carry out credit checks and to manage your accounts (click here to see our Credit Reference Agency Information Notice);
(d) monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations;
(e) where you have agreed, provide you with information about other TalkTalk services, offers or products which you may be interested in;
(f) to tell you about changes to our websites, services or terms and conditions;
(g) carry out any marketing analysis, profiling or create statistical or testing information to help us personalise the services we offer you and to understand what our customers want;
(h) recover any monies you may owe to us for using our services;
(i) analyse our services with the aim of improving them;
(j) prevent or detect a crime, fraud or misuse of, or damage to our network, and to investigate where we believe any of these have occurred;
(k) and monitor network traffic from time to time for the purposes of backup and problem solving, for example our automated system may monitor email subjects to help with spam and malware detection.
5.3 Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law.
5.4 We may supplement the information directly collected by us with data from third parties (for example socio-demographic data) to further improve the services or products we offer customers.
6 WHEN WILL WE SHARE YOUR DATA WITH OTHERS?
6.1 We may need to share your information with organisations outside FACTCO e.g. to help us provide our services to you.
6.2 The categories of non-FACTCO parties that we would share your details with are:
(a) Third party suppliers who help FACTCO to perform our services;
(b) Professional advisors;
(c) Law enforcement agencies;
(d) Other companies as part of the process of selling one or more of our businesses or part of those businesses; and
(e) Regulators (such as Ofcom or the ICO).
6.3 Where instructions in respect of the use of your personal information and they must comply with all applicable UK data protection laws to protect your information and keep it secure.
7 PROTECTING INFORMATION
7.1 We take protecting your data seriously, and will do our utmost to employ appropriate organisational and technical security measures to protect you against unauthorised disclosure or processing.
7.2 Unfortunately we cannot guarantee the security of transmitting information via the internet. We have tried to create a secure and reliable website and mobile application for our users in line with industry standards. However, we have no responsibility or liability for the security of personal information transmitted via the internet.
8 WHY DO WE PROCESS YOUR DATA?
8.1 We process each type of personal data for one the following reasons:
(a) We need to process the data under our contract with you for our services;
(b) We have a legitimate interest as a business in processing your data;
(c) We have a legal obligation to process the data; or
(d) We have your consent (which you can withdraw at any time).
8.2 If you don’t provide us with the data we need then we may not be able to perform our contract with you and may need to terminate the contract. If this happens we will notify you as set out in our Terms and Conditions.
9 TRANSFERS OF DATA OUTSIDE THE EEA
9.1 From time to time the third parties we share our data with may be outside the European Economic Area (EEA) in countries that do not always have the same standard of data protection laws as the UK. However, we will have a contract in place to ensure that your information is adequately protected and we will remain bound by our obligations under applicable UK data protection laws we share your information with third parties they are required to follow our express even when your personal information is processed outside the EEA. The sorts of measures we use to protect your data in this instance are security reviews of the organisations, contractual model clauses approved for use by the European Commission or other approved transfer mechanisms, such as the Privacy Shield for transfers to the USA.
10 HOW LONG DO WE HOLD YOUR INFORMATION FOR?
10.1 Unless there is a specific regulatory or legal requirement for us to keep your information longer, we will keep your information for as long as it is necessary for the purpose for which it was collected.
11 YOUR RIGHTS
11.1 As a data subject you have a number of personal rights under data protection laws in relation to your personal data. These are:
(a) Subject access requests – You have a right to access personal data that we hold as a data controller.
(b) Right to be forgotten – In certain circumstances you have a right to request that your personal data be erased from the systems within our control.
(c) Rectification – You have a right to correct your personal data that we hold as a data controller.
(d) Withdraw consent – Where we have offered you the right to consent to giving us your data, for instance with your marketing preferences, you have the right to withdraw your consent at any time.
(e) Objection and restriction of processing – In certain circumstances, you have a right to object to or request we restrict our processing of your personal data.
(f) Right to port – You have a right to receive certain information about you in a machine-readable format.
12.1 If you would like to make a complaint about our use of the personal data you should contact our Data Protection Officer at the details above. If we have not resolved your complaint, you can contact the UK data protection regulator, the Information Commissioner’s Office (ICO)
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
(www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance