Privacy Policy

Discover how we look after your data

  1. Introduction:

    AllPoints Fibre is a brand name of AllPoints Fibre Networks Limited (referred to below as “we”, “us” and “our”). AllPoints Fibre Networks Limited is a company incorporated in England with company registration number 03401975 and whose registered office is at 6th Floor, 33 Holborn, London EC1N 2HT.

    We respect your privacy and are committed to meeting our legal obligations when it comes to protecting your personal data. Please take a moment to review the policy and understand:

    • The types of personal data that AllPoints Fibre Networks may collect.
    • Why we collect and use your data.
    • When and why we share personal data within AllPoints Fibre Networks and with other organisations.
    • Your rights and choices concerning your personal data.

    The Controller for your personal data under the UK General Data Protection Regulations (GDPR) is AllPoints Fibre Networks Limited. We are registered as a controller with the UK Information Commissioner’s Office (ICO) and our registration number is Z1783240.

    We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices or other services we offer. When changes are made, we will update the date at the bottom of this notice. Please review this privacy notice periodically to check for updates.

    Please note that this policy does not cover other organisations’ websites, apps, products, services, and social media accessed from our website. When you leave our website and/or apps, we encourage you to read the privacy notice of the websites and apps that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps.

  2. What Data Do We Collect?

    Personal data refers to any information about an individual from which that person can be uniquely identified. It does not include data where the identity has been removed (which is known as anonymous data).

    We collect information through various means, and for different purposes, described below.

    2.1   If you are a resident or business: Information we receive directly from you if you are interested in our fibre broadband services.

    • When you register your interest in our fibre broadband service using our online webform we may collect and process your name, address (residential or commercial as appropriate), email address and phone number.
    • When you write to us, talk to us on the phone, email or communicate via electronic messaging (such as SMS, live chat tools), we may collect personal and contact details including your name, address, phone number, email address, as well as the information that you provide to us via such communications.
    • When you take part in our surveys, we may collect additional information including your name, phone number, email address, responses to our questions and information about how you use our website, apps, products and/or services.
    • When you engage with one of our community focused projects we will collect and process your name, address, and details about your interactions with our team.
    • Indirectly, we may receive your personal data from other parties when
      • You subscribe to a third-party Internet Service Provider (ISP) that uses our infrastructure. In this instance we will process your personal data on behalf of the controller.
      • Someone refers you to us about our products and services or from other organisations who have obtained your permission to share information about you with us.

    2.2   If you are an Internet Service Provider or Third-Party Supplier: Information we receive directly from you in the process of providing our broadband infrastructure is described below.

    • When holding commercial discussions with us about our fibre broadband service or other contract us we may process your name, position, company address, email address, phone number.
    • When entering into a legal agreement for the supply of high-speed fibre broadband services from us, in addition to the above we will ask you to give us your organisation’s financial details and will record financial information (billing, payment and transaction data), and a record of correspondence between us.
    • When you use our network / broadband service, we may collect information about your use of those services including the following:
      • Usage data (i.e. frequency, time, data traffic used per month).
      • Technical data related to your streaming viewing such as time and duration of watched content, information on the content recorded/watched, MAC/IP address, the quality of the connection.
      • Interactive data (apps usage data, websites usage / visits data).
      • Device data (IP address, device make and manufacturer, browser information and other similar identifying information required from your devices to communicate with websites and applications on the internet).
    • We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service and/or for training, operational and compliance purposes.
    • Indirectly, we may obtain information from reporting agencies, such as credit reference agencies. They may give us information about your financial history so we can assess creditworthiness, check your identity, manage your account, trace and recover debts and prevent criminal activity.

    2.3   If you are a landlord, landowner, or other interested individual: Information we receive directly from you in the process of building our broadband infrastructure in your area is described below.

    • When discussing wayleaves agreements with you for the provision of fibre broadband services to or across your property we may process your name, address, email address, and phone number.
    • Indirectly, we may obtain your contact details from publicly available sources such as councils, company registers, land registry, electoral rolls and online search engines.

    2.4   When you apply for a job: Information we receive directly from you if you are interested in working for us is described in more detail in our job applicant privacy notice.

    2.5   When you visit our website () and/or download one of our or apps, we use cookies, some of which must be stored on your device(s) (laptop, mobile phone, tablet etc.) for our website/application to function correctly. For more details see our Cookies Policy for more details.

    2.6   When you visit our offices: You may be captured on digital video recording or door access control systems which we maintain for security and safety purposes.

  3. Purposes and Bases for Processing Your Data:

    There are many reasons why we may lawfully collect and process your personal information.

    3.1 Contractual Obligations

    We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract. Examples of these situations include:

    • To provide you with a quote for our products and/or services.
    • To determine whether our services are available in your area.
    • To process your orders for our products and services and to bill you for the same.
    • To provide you with the products and services you have ordered from us.
    • To respond to any questions or complaints you may have regarding our products and services.
    • To administer, operate, facilitate and manage the products and services we provide to you.
    • To manage the best way of routing your data usage through the various parts of our network, equipment and systems.
    • To contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account.
    • To provide you with information relating to our products and/or services.

    Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

    3.2 Legal Compliance

    If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator. However, we would need to be satisfied that a request for information is lawful and proportionate and we would need appropriate assurances about security, how the information is used and how long it is kept.

    We are required to consider the needs of vulnerable people. If you choose to provide us with details of a disability, health condition, vulnerability or accessibility issue (whether temporary or permanent), we will record this information securely and only use this to the extent necessary to ensure that we treat you fairly, give you any additional support that you need to communicate effectively with us and access our services, and comply with our legal and regulatory obligations.

    3.3 Legitimate Interest

    We may also use your personal data to pursue our legitimate interests (or those of a third party) but only in a way which might reasonably be expected as part of running our business and only where such interests are not overridden by your fundamental rights, freedoms, or interests.

    We may process your personal data for the legitimate running of our business, to facilitate our internal business operations including assessing and managing risk, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.

    We may also use your personal information for the legitimate interest of helping to prevent and detect crime and fraud and to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.

    3.4 Consent

    In specific situations, we may collect and process your data with your consent including the following:

    • If you contact us via our website with queries about our service, we may we request your consent to process your location data to determine your eligibility for our products and services and, in particular, whether and when our products and services may be available in your area.
    • We may request your consent in order to send marketing communications regarding our services and/or products via our apps, website or otherwise.

    However, if we do so, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you do withdraw your consent, we may not be able to provide certain information, products or services to you.​

  4. Who do we share your information with?

    Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data with them. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance and only for the purposes set out in Section 3 of this notice.

    We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law.

    Other organisations with which we may share your information include:

    4.1 Contracted Partner Companies

    We may share your personal information with Partner companies with whom we have contracts for certain products and/or services. The reasons we may share your information in this way include:

    • To further develop and improve our infrastructure and network services.
    • Provide customer-service, marketing and information-technology services.
    • Personalise our service and make it work better.
    • Process payment transactions.
    • Carry out fraud and reference checks and collect debts.
    • Analyse and improve the information we hold (including about your interaction with our service).
    • Manage satisfaction surveys.

    4.2 Credit Reference Agencies

    We may share your personal information with credit reference agencies, for example we may provide them with information about how you conduct your account with us and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of a credit agency to assess creditworthiness and product suitability, check your identity, trace and recover debts, prevent criminal activity or to gather information about your financial history. This is so that we can confirm your eligibility for our products and/or services and guarantee your ability to make regular payments for such product and/or services.

    We do not sell or share your personal information and/or data to or with third parties for third party direct marketing purposes.

    4.3 Other third parties

    We may share your personal information with the following:

    • Professional advisers including lawyers, bankers, auditors and insurers
    • Regulators and other authorities who require reporting of processing activities in certain circumstances.
    • Third parties to whom we may choose to transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  5. Sharing your data outside the UK

    The data and information that we collect and process may be transferred to, and stored at a destination outside of the UK. We will only transfer your personal data outside the UK on the basis that anyone to whom we transfer it protects your data and information in a similar way to us.

    If we transfer your information to countries outside the UK, we will only do so where:

    • The UK Government has decided that the country to which we are transferring your data is deemed to provide an adequate level of protection for your information.
    • We have entered a contract with the organisation, entity or individual with whom we are sharing your data and/or information on such terms as approved by the UK Government and recognised by the European Commission to ensure your information is adequately protected.
  6. How we protect your data

    The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded in transit. Our security measures include:

    • Encryption of data where appropriate.
    • Regular penetration testing of systems.
    • Security controls which protect the entire AllPoints Fibre Networks infrastructure from external attack and unauthorised access.
    • Regular cyber security assessments of all service providers who may handle your personal data.
    • Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents.
    • Internal policies setting out our data security approach.
    • Training for employees on security and privacy.
  7. How long we keep your information

    By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in several formats.

    We manage our records to help us to serve our customers well and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.

    Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.

    We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.

     

  8. What are your rights

    We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. The UK GDPR provides you with certain rights in relation to the processing of your personal data, including to:

    • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
    • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request personal data provided by you to be transferred in machine-readable format (“data portability”).
    • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
    • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
    • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on our legitimate interests.

    These rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation and the laws and regulations to which we are subject.

    If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us by email at dataprotection@apfn.uk.

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

    In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about the way in which we are handling your personal data.

    Last updated: 08/03/2024