This privacy statement sets out how CityFibre Holdings Ltd, CityFibre Limited and Entanet International Limited (referred to in this statement as CityFibre / we / us) use and protect any personal data that you give us when you use this website or that we hold in connection with any of our products, services or offerings.
This privacy statement applies to users of our websites, customer contacts, supplier contacts and residential householders whose personal data is collected or used when you are accessing or using our websites or interacting with us.
We are part of the CityFibre Group of companies. CityFibre Holdings Ltd is our corporate function and CityFibre Limited and Entanet International Limited are our operational companies. To the extent that they are joint controllers, their respective responsibilities for data protection compliance are set out in this privacy statement.
We are committed to ensuring that your privacy is protected. We also want to ensure you are properly informed about how your information is used and that you receive certain information that we are required to give you by law, which is why provide this privacy statement.
We may change this statement from time to time by updating this page. You should check this page from time to time to ensure that you are aware of and understand any changes.
The information we collect
We may collect, store and use personal data including:
- Information about your device and about your visits to and use of the website including IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;
- Information provided when you register with us, subscribe to our website services and email notifications, or that you may send us via our website, email address or our business premises, for example when you make an enquiry;
- For business contacts at our existing and prospective customers, partners and suppliers / third party service providers, basic contact details such as name, address, telephone number, email address, Skype / messenger service details, LinkedIn profile details, job title and other information, such as details contained in commercial bid documentation;
- For residential householders, basic contact details such as name, address, telephone number, email address and details contained in wayleave access documentation;
- Information that you may provide to our sales representatives, customer service team, trusted partners (as defined below) and third party service providers, for example, when they attend premises to carry out installations, when you contact us for pre or post-sales support, or at corporate events.
We may also obtain some information relating to you from trusted third parties such as our wholesale channel partners, our installation partners, our service provider partners and also providers of lead generation services. We carry out due diligence and have contracts in place with such third parties to ensure they have obtained your information lawfully and can pass it on to us to use.
Using your information
We collect and securely store information about individuals for legitimate business purposes and in accordance with applicable data protection laws (including the General Data Protection Regulation (GDPR)) or the relevant national legislation.
Your personal data will be used for the purposes stated in this statement or such other purposes as we may notify you of from time to time, for example, on other parts of the website or in other relevant documentation.
Your personal data may be required by us from time to time in order to provide you with the best possible service and experience when using our website or our products or services, or to assess which products or services may best suit your needs or those of your business.
Specifically, information held about you may be used by us for the following reasons:
- To ensure that content from our website is presented in the most effective manner for you and for your device and to gain insights into how website users are using our website and to improve user experience;*
- To provide you with information (including information about network updates), products or services or take actions that you request;
- To provide you with promotional material which we feel may interest you (subject to the appropriate marketing permissions) – see ‘Marketing to business contacts’ below;*
- To provide third parties with statistical information about our web users (for example Google Analytics);*
- To allow you to participate in interactive features of our products and services (such as the availability checker), when you choose to do so;
- To notify you about changes to our products and services;
- For sales and lead generation, including for organising and attending corporate events and for marketing planning;*
- To undertake segmentation and demographical analysis to predict areas of demand;*
- To perform our obligations arising from or related to any contracts entered into between your business and us, and for effective customer account management, partner management and supply chain management, including performance monitoring and management;*
- To perform our obligations arising from any contracts between us and your service provider to deliver the connectivity requirements you have signed up to;
- To maintain risk and compliance records, and carry out compliance monitoring, incident management and investigations of relevant suppliers and third party service providers;
- For internal administration, governance and recordkeeping and for business analytics, financial and accounts management and reporting purposes;*
- To help us prevent, detect and investigate fraud;*
- To meet our legal obligations or to bring or defend legal claims;
- To maintain the security of our websites, services, systems and assets, as well as to detect and investigate activities that may be illegal or prohibited;*
In more legal terms, we process your personal data where you have consented to this or where this is necessary to provide services or take actions that you have requested, to perform our legal and regulatory obligations or for the purposes of our legitimate interests. We have legitimate interests in those uses of personal data indicated with a “*” above.
We consider the risk to your rights of data protection is not excessive or overly intrusive, and is overridden by our legitimate interests. We have also implemented protections for your rights by ensuring proper retention periods and security controls, and your other rights under this privacy notice (if applicable).
*You can object to processing on this basis at any time by contacting us using the contact details below. See also “Your rights” regarding your right to object below.
Visiting our premises in person
When you sign in we will process your personal data for the purpose of site security and fire safety. The legal basis for this processing is that it is necessary for compliance with a legal obligation to which we are subject.
We will store personal data relating to your visit for 12 months, or longer if required in relation to a legal claim. We will share your personal data with other third parties only to the extent that the disclosure is reasonably necessary for the purposes of investigating incidents occurring on our premises.
We intend to transfer your personal data to a recipient in a country outside the EEA, namely the United States of America. The European Commission has decided that transfers to the United States will be protected by appropriate safeguards, namely the EU-U.S. Privacy Shield Framework.
When accessing our data centres we will hold Photo ID for the duration of your visit.
Our data centres may be protected by fingerprint ID. The finger image is never stored nor distributed; rather, it is converted into a mathematical description, called a ‘fingerprint template’, encrypted using the Blowfish algorithm. The local database in which these templates are stored is AES encrypted.
Queries and complaints
We collect information when:
- You contact us to ask for information
- You bring a complaint to us, including about our build projects
- We are looking at a complaint and need more information to resolve a query
- You ask us to review any decision we’ve made
We will normally let you know what types of information we are asking for and why. For example this may include:
- Your name
- Your contact details
- Information you tell us about your complaint or query
We use this information to:
- Provide you with information
- Refer back to the information if you contact us again
- Investigate and make decisions on complaints
- Respond to complaints about our work
- Bring and defend legal claims or investigations by regulators or enforcement agencies
- Monitor and assess the quality of complaint handling and service provision by our teams
- Report on trends and statistics
- Learn more about our users and what their needs are
- Ask you about our service in the form of a customer satisfaction survey
Responding to surveys
We may from time to time ask you to complete an optional survey if you make a complaint or in relation to other aspects of our operations, such as our door knocking activities. When you respond to any surveys we will collect and analyse the responses you give us to help us improve our service or for compatible purposes.
The survey will be anonymous unless you include any additional information from which you can be identified in the optional comments sections, in which case your information will be used in accordance with this Privacy Statement, including to respond to any specific issues that you have raised. Otherwise, personal data contained in surveys will be erased or deidentified at the earliest opportunity.
We may use third party services to conduct surveys such as Survey Monkey – their privacy notice is here: https://www.surveymonkey.com/mp/legal/privacy-policy/
Marketing to business contacts
As a wholesale fibre network infrastructure provider, we may periodically send promotional information to business contacts by email, phone or mail about new products, special offers, network updates, local events or other information from us, our affiliate companies (including our sister companies CityFibre Metro Networks Limited and Entanet International Limited) or our approved third party internet service provider partners which we think you may find interesting and relevant, using the contact details which you have provided.
In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.
Please follow the “unsubscribe” or opt-out process in any of our communications or email email@example.com at any time with “Unsubscribe” in the subject line if you do not wish to receive such information.
Third Party Services and Websites
We may, from time to time, engage the services of other parties for the provision of services related to payment handling, delivery of purchased items or services, search engine facilities, hosting and IT services, advertising and marketing and network activities (such as installation, testing, repair, upgrade or removal). The providers of such services may be granted access to certain personal data to the extent strictly necessary for them to perform the services that we request. Any personal data that is processed by third parties must be processed in accordance with data protection laws and subject to contractual obligations, including regarding security and confidentiality.
Where our website contains links to other websites, we are not responsible for the privacy policies or practices of such third party websites.
We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy statement. We may also disclose your personal data:
- To other companies in our corporate group for the purposes of internal administration, governance and recordkeeping, business analytics, financial and account management and reporting purposes;
- To other companies that provide essential support to our network, such as (where relevant) our network integrators and resellers, our approved third party internet service provider, data centres and mobile operators / “fibre to the home” providers, such as Vodafone and other internet service providers, and our broadcasting partners, including Entanet, our wholesale channel partner (“trusted partners”);
- To authorised third parties providing a service on our behalf or in connection with our business, including our insurers and professional advisors;
- To the extent that we are required to do so by law, including by regulators, courts or law enforcement agencies;
- In connection with any legal proceedings or prospective legal proceedings;
- In order to establish, exercise or defend our legal rights;
- For the purposes of fraud prevention and reducing credit risk;
- To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information,
or as otherwise set out in this privacy statement.
International data transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information as set out in this privacy statement, in particular to provide you with our products or services. Currently this is only within the UK.
Some of our trusted partners who have access to your personal data may be located or transfer or host data outside the European Economic Area (EEA). Additionally, some of the third party service providers we use who have access to your personal data may be located or transfer or host data outside the EEA.
In these circumstances, we will ensure your personal data is processed under strict organisational and contractual controls, specifically EU model clauses or the EU-US Privacy Shield framework for transfers to the U.S. For more information about these controls and how to access a copy, please visit the ‘International transfers’ section of the ICO website: https://ico.org.uk or contact us using the contact details below.
Security of your personal information
We are committed to ensuring that your information is secure. We have put in place appropriate technical and organisational measures to safeguard and secure your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access.
You are responsible for keeping your password and user details for any restricted areas of our websites confidential and for implementing your own security measures to protect your information, network and devices. We will not ask you for your password (except when you log in to the website).
Retaining your personal data
We will retain your personal data for as long as we are obliged, under relevant legislation and regulation, or otherwise for no longer than it is necessary for our lawful purposes. We securely erase it once no longer needed.
The retention period of your personal data may need to be extended where we require this to bring or defend legal claims. We may also retain data for longer periods for statistical purposes, and if so we will anonymise or pseudonymise this.
You have the following rights regarding your information (each of which is subject to various exceptions and limitations):
|Rights||What does this mean?|
|1. The right to be informed
|You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this privacy statement.|
|2. The right of access||You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this privacy statement).
This is so you are aware and can check that we are using your information in accordance with data protection law.
|3. The right to rectification||You are entitled to have your information corrected if it is inaccurate or incomplete.|
|4. The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. Eg, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between one provider’s IT systems and another’s safely and securely, without affecting its usability. However, we consider this right would only have very limited application in respect of the type of data that we would typically hold.|
|7. The right to object||You have the right to object to certain types of processing that is based on legitimate interests. Where you object, we may continue to process your information where we can show compelling legitimate grounds for the processing which override your rights and interests or where we need to use your information to bring or defend legal claims.
However, if you object to direct marketing, we will stop this as soon as possible (although there may sometimes be a short delay while your request is processed).
To make a request to exercise any of your rights in relation to your information, please contact:
Attention: Company Secretary
CityFibre Holdings Limited
15 Bedford Street, London, WC2E 9HE
To find out more about these rights, visit the UK Information Commissioner’s Office (ICO) website: www.ico.org.uk
If you are not satisfied with our response to your request or believe our processing of your information does not comply with data protection law, you can make a complaint to the ICO: https://ico.org.uk/concerns/.
If you have any questions about this privacy statement or our treatment of your personal data, please contact us:
Attention: Company Secretary
CityFibre Holdings Limited / CityFibre Limited
15 Bedford Street, London, WC2E 9HE
This statement was last updated on 23 May 2018.