Last updated December 2023
Overview: key information you should be aware of
1. Who we are
We are Box Broadband Limited, a broadband provider based in England. If you need it, our company number is 10498823 and our registered office is 57a Broadway, Leigh On Sea, Essex, England, SS9 1PE. All references in this policy to “Box Broadband”, “our”, “us” or “we” refer to Box Broadband Limited, or our group companies and suppliers which provide services to us, as appropriate. All references in this policy to “our website” are a reference to the website owned by Box Broadband at www.boxbroadband.co.uk
2. Our values and what this policy is for
We have a strong commitment to protect your privacy, and so we follow the following rules to the letter:
• we only collect information that we strictly need for our relationship for you
• we will do our best to keep your information secure and to prevent unauthorised
access to it
• we will tell you what information we hold about you
• we will only keep your information for as long as we need it
In line with our commitment, this privacy policy tells you how your information is collected and used by us and shared with others, how we keep it safe and the rights you have to access and control its use. We have tried to make it easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.
3. Who this policy applies to
This policy applies to:
• visitors to our website
• customers
• prospective customers (who we send marketing communications to)
• people who contact us with enquiries or that we contact in relation to fibre
broadband
• installation works
• our suppliers and employees of our suppliers
• job applicants
Depending on our relationship, we will collect and use your information in different ways. Please see In detail: Key information you should be aware of, section 2 to find out the information that we collect about you and how we use this information.
4. What this policy contains
This privacy policy describes the following important topics relating to your
information:
• How we obtain your personal information
• What information we collect about you and how we use it
• Our legal basis for using your personal information
• How and why we share your personal information
• How long we store your personal information
• Your rights
• Children
• Marketing
• Where we may transfer your personal information
• Risks and how we keep your personal information secure
• Links to other websites
• Changes to this privacy policy
• Further questions and how to make a complaint
• Your rights to object
5. Your rights to object
You may ask to us stop using your personal information for direct marketing and where we use of your personal information on the basis of our, or another person’s, legitimate interest. You can find out more information in section 6.
6. What you need to do and your confirmation to us
Please read this privacy policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.
In detail: key information you should be aware of
1. How we obtain your personal information
1.1 You may provide us with your personal information voluntarily. However, we may also receive information about you from third parties such as marketing agencies, market research companies, our suppliers, contractors and consultants, group companies, planning authorities, public websites and public agencies, which we refer to as “third party sources” or “suppliers” throughout this policy. We may also collect personal information from you using a variety of technologies that automatically and passively collect information when you use our website (usage data).
1.2 You may give us personal information by completing forms on our website, paper order forms, registering for an account, when enquiring about or ordering broadband services from us, entering a competition, completing customer satisfaction surveys or otherwise providing feedback on the services received (including via social media channels such as Facebook or Twitter), or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive information or services from us. If you are a supplier, you may also give us personal information about you when you are offering or providing services to us.
2. What information we collect about you and how we use it
Please go to the section or sections below that best describe our relationship with you to find out what information we collect about you and how we use this information. We refer to this as “personal information” throughout this policy.
2.1 Visitors to our website
2.1.1 What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
• your name
• your postal address
• your email address
• your telephone number
• information provided when you correspond with us
• any updates to information provided to us
• personal information we collect about you or that we obtain from our third party sources
• the following information created and recorded automatically when you visit our website
i) Technical information. This includes: the Internet protocol (IP) address used to connect your computer to the internet address or other unique identifier for the computer or other electronic device that you use to access the website; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system and platform; and
ii) Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.
2.1.2 How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
• to allow you to access and use our website
• to receive enquiries from you through the website about our broadband services
• to ensure that content from our website is presented in the most effective manner for you and for your computer or other electronic device
• to understand how you access and use our website
• to understand you better and tailor our website content and services to your needs and interests
• to allow you to take part in interactive features we may provide from time to time
• to administer and improve our website and broadband services, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our
• webpages
• to give you an overall better user experience on our website.
Please see sections 2.7 and 2.8 for more details about how we use your personal information.
2.2 Customers
2.2.1 What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
• your name
• your postal address
• your email address
• your telephone number
• your age
• your gender
• information provided when you correspond with us
• any updates to information provided to us
• information about the current broadband providers you use
• information you provide to help us provide you with improved broadband services, for example if we ask you to fill in a survey or questionnaire
• information about your preferences
• your payment details
• information about broadband services and equipment we provide to you:
i) information needed to provide the broadband services and equipment to you (including information on completed forms, order details,
ii) information about your property or access to your property, order history and payment details)
iii) customer services information and
iv) customer relationship management and marketing information;
2.2.2 How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
• to provide you with our broadband services and related equipment, including installation of equipment
• to carry out our obligations under any contracts we have entered into with you
• to deal with any enquiries or issues you have about our broadband services or equipment
• to ensure that content from the broadband services is presented in the most effective way for you and your computer or other electronic device
• to provide support for any faults in our broadband services
• to send you certain communications (including by email or post) about our broadband services such as service announcements and administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges)
• quality assurance of our broadband services
• to carry out statistical analysis and market research on people who may be interested in our broadband services; and
• if you have consented or, otherwise, if it is in our legitimate interests, for marketing purposes, to contact you (including by email or post) with information about our broadband services and related equipment which either you request, or which we feel will be of interest to you (including newsletters).
Please see sections 2.7 and 2.8 for more details about how we use your personal
information.
2.2.3 Special categories of data
Some of the personal information that you provide to us about you or your family members may be information about physical or mental health which is a special category of data. You may give us this type of personal data to ensure we can make suitable arrangements when visiting your home to carry out installation of our broadband services (for example, if you are a wheelchair user and are unable to answer the door).
2.2.4 Information we need to provide services to you
We need certain types of personal information so that we can provide services to you and perform contractual and other legal obligations that we have to you. If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to receive our broadband services.
2.3 Prospective customers who we send marketing communications to
2.3.1 We, or third parties on our behalf, may collect and use any of the following information about you:
• your name;
• your postal address;
• your email address;
• your telephone number;
• information about your preferences;
• your property type;
• how you heard about us; and
• your building management contact details.
2.3.2 How we use your personal information
We will collect, use and store the personal information listed above, if you have consented or, otherwise, if it is in our legitimate interests, for marketing purposes, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you.
Please see sections 2.7 and 2.8 for more details about how we use your personal information.
2.4 People who contact us with enquiries or that we contact in relation to fibre broadband installation works
2.4.1 We, or third parties on our behalf, may collect and use any of the following
information about you:
• your name
• your postal address
• your email address
• your telephone number
• information provided when you correspond with us
• any updates to information provided to us
2.4.2 How we use your personal information
We will collect, use and store the personal information listed above to: (a) deal with any enquiries or issues you have about our business, broadband services or works to install new fibre broadband, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you; and (b) to obtain and share information we need to carry out installation works for new fibre broadband. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes, for the carrying on our business or to meet our customer and future customer demand for fibre broadband.
Please see sections 2.7 and 2.8 for more details about how we use your personal information.
2.5 Our suppliers and employees of our suppliers and other third parties who work for or with us
2.5.1 We, or third parties on our behalf, may collect and use any of the following information about you:
• your name
• work contact information (phone number and email address)
• your job title
• your gender
• your date of birth
• your emergency contact information
• information provided when you correspond with us
• any updates to information provided to us
• personal information we collect about you from third party sources such as LinkedIn
• work place accident information
• company name
• office address
• CVs, pitch and tender information
• proof of identification and address
• visa or work permit documentation
• details of compensation, expense claims and bank details
• information required to access company systems and applications (such as system ID)
• work hours (overtime and hours worked)
• if you attend our sites, CCTV recordings
2.5.2 How we use your personal information
We will collect, use and store the personal information listed above for general communication between us, including the following:
• to enable us to receive and manage services from you (including supplier due diligence, payment and expense reporting and financial audits)
• to assess your working capacity
• to confirm information on CVs and performance reference checks, to assess you or your employer’s suitability to work for us
• for equal opportunities monitoring
• for health and safety records and management
• to contact your next of kin in an emergency
• for security vetting and criminal records checks (where applicable and allowed by law)
• for CCTV monitoring and other security of company facilities
Please see sections 2.6 and 2.7 for more details about how we use your personal information.
2.5.3 Source of personal information.
We may receive some of your personal information from third party sources, such as your employer or your employer’s company website. We may also collect this personal information from publicly available sources, such as LinkedIn.
2.5.4 Special categories of data.
Some of the personal information that we collect about you or which you provide to us about you or your employees may be special categories of data. Special categories of data include information about your physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data.
2.5.5 Information we need to provide services to you.
Please note that we need certain types of personal information so that you or your employer can provide services to us. If you do not provide us with such personal information, or if you or your employer ask us to delete it, you may no longer be able to provide services to us.
2.5.6 Use of your family and next of kin information
Separately, we may process personal information about your family and next of kin so that we may contact them in an emergency. We will only process your or your family/next of kin’s personal information for this specific purpose or for any other purposes specifically permitted by law.
2.6 Job applicants
2.6.1 We, or third parties on our behalf, may collect and use any of the following
information about you:
• your name
• your contact information (phone number, postal address, mailing address, email
address)
• gender
• date of birth
• your career history (usually in the form of a CV)
• personal information we collect about you from third party sources such as LinkedIn
• information provided when you correspond with us
• any updates to information provided to us
• visa or work permit documentation
• if you attend our sites, CCTV recordings
2.6.2 How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
• to facilitate any application you make to us, including inviting you to and conducting interviews
• if you have asked us to keep you informed of other opportunities at with us, we may periodically
• contact you to tell you about these for up to 6 months
• to respond to your queries and requests
• to communicate with you
• to provide you with updates about your application
• to confirm information on CVs and performance reference checks, to assess your suitability to work for us
• for equal opportunities monitoring
• for security vetting and criminal records checks (where applicable and allowed by law)for CCTV monitoring and other security of company facilities
2.6.3 Source of personal information
We may receive some of your personal information from third party sources, such as your employer, your employer’s company website or a recruitment agency. We may also collect personal information from publicly available sources, such as LinkedIn.
2.6.4 Special categories of data
Some of the personal information that we collect about you or which you provide to us about you may be special categories of data. Special categories of data include information about your physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data.
2.7 Other reasons we may store your personal information
Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:
• to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests
• for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so
• to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so
• to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.
2.8 Further processing
We will not use your personal information in any way that is incompatible with the purposes set out in this section 2. Please contact us using the details in section 13 if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with these purposes.
2.9 Aggregated and anonymous information
We may use your personal information and combine it with the personal information of others to identify trends and share or provide this trend information in an aggregated and anonymous form with third parties. For example, we may use information about your browsing habits as part of an aggregated number to identify which are our most popular website pages.
3. Legal basis for use of your personal information
3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:
• our use of your personal information is necessary to perform our obligations under any contract with you (for example, to sell and provide you with broadband services and related equipment, to fulfil an order which you place with us, to comply with the terms of use of our website which you accept by browsing our website and/or to comply with our contract to provide services to or receive services from you or your employer); or
• our use of your personal information is necessary for complying with our legal obligations (for example, for health and safety purposes); or
• where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:
i) run, grow and develop our business
ii) select appropriately skilled and qualified suppliers
iii) marketing, market research and business development
iv) provide broadband services to our customers, make and receive payment and provide customer services
v) invest in and roll out fibre broadband to benefit the communities in which we operate
vi) place, track and ensure fulfilment of orders with our suppliers
vii) for internal group administrative purposes.
If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.
3.2 We may use your special categories of data (such as health information) where you have provided your consent (which you may withdraw at any time after giving it, as described below).
3.3 We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).
3.4 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us https://www.boxbroadband.co.uk/contact-us/ we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide
broadband services to you.
4. How and why we share your personal information with others
4.1 We will share your personal information with the following third parties or categories of third parties:
• our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of broadband services to our customers, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance)
• our partners and joint venture partners (“Partners”), where we provide the broadband service or our website to you as part of a partnership or joint venture. Our Partners will process your information in accordance with their privacy policy and it is your responsibility to read our Partner’s privacy policies;
• our service providers and sub-contractors, including but not limited to payment processors, utility providers, suppliers of technical and support services, insurers, and cloud service providers, for example Amazon Web Services
• public agencies and the emergency services
• companies that assist us in our marketing, advertising and promotional activities
• analytics and search engine providers that assist us in the improvement and optimisation of our website.
4.2 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.
4.3 We will also disclose your personal information to third parties:
• where it is in our legitimate interests to do so to run, grow and develop our business:
i) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets
ii) if substantially all of Box Broadband’s or any of its affiliates’ assets are acquired by a third party, in which case personal information held by Box Broadband will be one of the transferred assets
• if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity
• in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
• to protect the rights, property, or safety of Box Broadband, our staff, our customers (including residents) or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.
4.4 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.
4.5 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us,
and we will stop doing so.
5. How long we store your personal information
We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. For example, our policy is to only keep customer data for 3 years from the end date of your contract with us unless we need to keep it for longer (for example to establish, exercise or defend our legal rights).
6. Your rights
6.1 You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us https://www.boxbroadband.co.uk/contact-us/ at any time. You have the following rights:
6.1.1 Right of access.
You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area (“EEA”).
6.1.2 Right to update your information.
You have a right to request an update to any of your personal information which is out of date or incorrect.
6.1.3 Right to delete your information.
You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13. We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 13.
6.1.4 Right to restrict use of your information
You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13. We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contract details in section 13.
6.1.5 Right to stop marketing
You have a right to ask us to stop using your personal information for directmarketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
6.1.6 Right to data portability
You have a right to ask us to provide your personal information to a third party provider of services.
6.1.7 Right to object.
You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
6.2 We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.
6.3 If an exception applies, we will tell you this when responding to your request. We may request you to provide us with information necessary to confirm your identity before responding to any request you make.
7. Children
7.1 You must be aged 18 or over to purchase broadband services from us. Our website and broadband services are not directed at children and we do not knowingly collect any personal information from children.
7.2 If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible.
7.3 Please contact us https://www.boxbroadband.co.uk/contact-us/ if you are aware that we may have inadvertently collected personal information from a child.
8. Marketing
8.1 We may collect and use your personal information for undertaking marketing by email telephone and post.
8.2 We may send you certain marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing purposes.
8.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.
8.4 If you wish to stop receiving marketing communications, you can contact us by contacting us https://www.boxbroadband.co.uk/contact-us/.
9. Where we may transfer your personal information
9.1 Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us, other members of our group, our Partners or our suppliers. For example, our customer data is hosted by Amazon Web Services which may transfer your personal data to the United States. Further details on to whom your personal information may be disclosed are set out in section 4. If we provide any personal information about you to a third party operating outside of the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following permitted in Articles 45 and 46 of the General
Data Protection Regulation:
• in the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
• in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
9.2 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us at https://www.boxbroadband.co.uk/contact-us/ any time.
10. Risks and how we keep your personal information secure
10.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.
10.2 For this reason, Box Broadband is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures. We ensure that:
• all information you provide to us is stored on our secure servers;
• all communications will be encrypted using SSL technology; and
• your Box Broadband account will be password protected. You are responsible for keeping this password confidential. Please do not share your password or your account with anyone.
10.3 In the course of provision of your personal information to us or using our broadband services, your personal information may be transferred over the internet. Although we make every effort to protect your personal information, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website or using our broadband services and that any such transmission is at your own risk. Once we have received your personal
information, we will use strict procedures and security features to prevent unauthorised access to it.
10.4 Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
11. Links to other websites
The Website and Services may contain hyperlinks to and from the websites of our partner networks, advertisers and affiliates or other third parties. Any hyperlinks we provide are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.
12. Changes to our privacy policy
We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or in another appropriate manner.
13. Further questions and how to make a complaint
13.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us https://www.boxbroadband.co.uk/contact-us/
We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
13.2 In accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the Information Commissioner’s Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
Our cookies
We use cookies when you visit our site, but you can control these through your browser settings. You can find out how to manage cookies on your devices below.
What are cookies?
Cookies are data files that can hold small amounts of info and are stored on your device (computer, smartphone etc) when you first visit a website.
How do we use them?
We use cookies for:
• essential operations, like site navigation
• allowing you to save your address within ‘your details’ during the checkout
• analysing visitor numbers and behaviours, such as what pages are frequently visited
• assessing the success of our advertising campaigns, offers and communications
• targeting suitable advertising messages
• understanding which Affiliates have helped us reach out to new customers, or have promoted our products on their websites
For full information on how we use your data,
see https://www.boxbroadband.co.uk/privacy-policy/
What types of cookies do we use?
There are three main types.
1. Site functionality cookies – these allow you to navigate the site and use our features, such as saving your address within your and your details during the checkout. This data is only stored for the duration of your session.
2. Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your experience.
3. Targeting or advertising cookies – these are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
Advertising cookies
The information below lists all third party advertising and analytics partners we work
with.
List of third party advertising & analytics partners:
• Awin
• Facebook (including Instagram)
• Google Ads
• Google Analytics
• Google Optimise
• HotJar analytics
• LinkedIn
• Microsoft Advertising
• Twitter
How to manage cookies
Most browsers allow you to manage cookies saved on your device, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website. In addition, we may not be able to tailor the services as well as we would be able to if you had not blocked the cookies.
To find out more about cookies, please visit www.allaboutcookies.org
Data processing
If Box Broadband Limited (the “Supplier”) processes Personal Data on behalf of the Customer under the Contract and in connection with the Services (such Personal Data being referred to in this Addendum as “Relevant Personal Data”), this Addendum shall form part of and shall be incorporated into the Contract.
1. Definitions
1.1 In this Addendum, unless the context requires otherwise:
(a) capitalised expressions defined in the Supplier’s Standard Terms for the Supply of Services (“Standard Terms”) and used in this Addendum have the meaning set out in the Standard Terms and the rules of interpretation set out in the Standard Terms shall apply; and
(b) the terms: “Data Subject”, “Personal Data Breach”, “Supervisory Authority” “controller” and “process”, shall have the meanings set out in the GDPR.
2. Responsibilities in relation to Relevant Personal Data
2.1 The Appendix to this Addendum sets out details of the processing of the Relevant Personal Data.
2.2 Where the Customer transfers Personal Data to the Supplier, the Customer shall have sole responsibility for:
(a) the accuracy, quality and legality of the Personal Data; and
(b) providing all notices and obtaining all consents as may be required under Data
Protection Laws in order for the Supplier to process the Personal Data for the purposes of providing the Services and in connection with the Contract.
2.3 To the extent the Supplier processes Relevant Personal Data, then in relation to such processing, the Supplier shall:
(a) process such Relevant Personal Data only in accordance with the Customer’s written and lawful instructions (which are exclusively set out in the Contract and the Supplier’s Privacy Policy available on the Website) and save for processing which the Supplier is otherwise required to do pursuant to any Applicable Law in which case the Supplier shall inform the Customer of that requirement;
(b) take commercially reasonable steps to ensure its personnel who are authorised to have access to Relevant Personal Data are committed to confidentiality or are under an appropriate statutory obligation of confidentiality when processing such Relevant Personal Data;
(c) taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, implement technical and organisational measures and procedures to ensure a level of security for such Relevant Personal Data appropriate to the risk, including the risks of accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, dissemination or access;
(d) only transfer Relevant Personal Data outside the European Union in compliance with Data Protection Laws;
(e) inform the Customer without undue delay upon becoming aware of any such Relevant Personal Data (while within the Supplier’s or its subcontractors’ possession or control) being subject to a Personal Data Breach.
(f) except as required by Applicable Law, for internal governance or administration or in order to establish, exercise or defend any actual or possible legal claims (in which case the Supplier shall become the controller of the Personal Data), if requested by the Customer, take reasonable steps to return or irretrievably delete all Relevant Personal Data on termination or expiry of this Contract (at the Customer’s cost);
(g) provide to the Customer and any Supervisory Authority such information and assistance as is reasonably required to demonstrate or ensure compliance with the obligations in this Addendum and/or the Data Protection Laws;
(h) take such steps as are reasonably required to assist the Customer (at the Customer’s cost) in ensuring compliance with its obligations under Articles 30 to 36 (inclusive) of GDPR;
(i) notify the Customer as soon as reasonably practicable if it receives a request from a Data Subject to exercise its rights under the Data Protection Laws in relation to that person’s Relevant Personal Data;
(j) provide the Customer (at the Customer’s sole cost) with reasonable co-operation and assistance in relation to any request made by a Data Subject to exercise its rights under the Data Protection Laws in relation to that person’s Relevant Personal Data; and
(k) subject to clause 2.5, permit the Customer or its representatives to access any relevant premises, personnel or records of the Supplier on 30 days’ notice to audit (no more than once a year and at the Customer’s sole cost) and otherwise verify compliance with this clause 2.3, provided that the Customer and its representatives do not disrupt the Supplier’s business.
2.4 To the extent that the Supplier is processing Relevant Personal Data on behalf of the Customer, the Customer acknowledges that the Supplier is reliant on the Customer alone for direction as to the extent the Supplier is entitled to use and process the Relevant Personal Data. Consequently, the Customer shall be entitled to relief from liability in circumstances where a Data Subject makes a claim or complaint with regards to the Supplier’s actions to the extent that such actions result from: (a) instructions received from the Customer; or (b) a breach by the Customer of its obligations under this Addendum.
2.5 The Supplier shall only be required to permit the Customer or its representatives to access any relevant premises, personnel or records of the Supplier pursuant to clause 2.3(j) if: (a) the Customer knows or has reasonable grounds to suspect that Relevant Personal Data which is processed by the Supplier pursuant to clause 2.3 is subject to a Personal Data Breach or is otherwise lost or destroyed, damaged, corrupted or unusable; (b) the Customer and, if applicable, its representatives commit to such confidentiality obligations as the Supplier may reasonably require; and (c) it takes place on Business Days during the Supplier’s usual business hours.
2.6 The Customer acknowledges and agrees that the Supplier may subcontract its processing of the Relevant Personal Data on behalf of the Customer. The Supplier shall procure that any such sub-contractors enter into a written contract with the Supplier which contains obligations for the protection of the Relevant Personal Data which are substantially similar to those set out in this Addendum.
2.7 By entering into the Contract, the Customer is deemed to have approved the use of the Supplier’s current sub-processors as at the date of the Contract (“Current SubProcessors”).
2.8 If, after the date of the Contract, the Supplier engages a new Sub-Processor (“New Sub-Processor”) (which is not a Current Sub-Processor):
(a) the Supplier shall inform the Customer of the engagement by sending an email notification to the Customer or publishing the name of the New Sub-Processor on the Website;
(b) the Customer may object to the engagement of such New Sub-Processor by notifying the Supplier within 10 days of the Supplier’s email, provided that such objection must be on reasonable, substantial grounds, directly related to such New Sub-Processor’s ability to comply with substantially similar obligations to those set out in this Addendum, and:
(i) if the Customer does not so object, the engagement of the New Sub-Processor shall be deemed accepted by the Customer; and
(ii) if the Customer makes an objection in accordance with clause 2.8(b), the Supplier will use reasonable efforts to make available to the Customer an alternative solution or arrangement to avoid the processing by the relevant sub-contractor of any Relevant Personal Data provided by the Customer, provided that:
(A) the Supplier shall not be required to implement an alternative solution or arrangement which unreasonably burdens Supplier; and
(B) the Supplier shall be entitled to make a reasonable additional charge to cover the costs of implementing and operating the alternative solution or arrangement.
2.9 If the Supplier is unable to make available an alternative solution or arrangement within a reasonable period of time (which shall not exceed sixty (60) days) or the Customer is unwilling to pay any charge by the Supplier to cover the costs of implementing and operating the alternative solution or arrangement, the Customer may, by written notice to the Supplier:
(a) discontinue its use of that part of the Services which is impacted by the Customer’s objection; or
(b) terminate the Contract, but only in such circumstances as it is not technically possible to discontinue only part of the Services pursuant to clause 2.9(a), and in either case the Customer shall be entitled to receive a pro rata refund of any prepaid fees and other applicable charges for the period following the effective date of the relevant part of the Services being discontinued or termination (as applicable) and shall not be liable to pay the Cancellation Fee.
2.10 The Customer shall reimburse the Supplier for all reasonable costs incurred by the Supplier and payable by the Customer pursuant to this Addendum, in accordance with clause 6.3 of the Standard Terms.
2.11 Nothing in this Addendum shall prevent the Supplier from using Relevant Personal Data for business analytics purposes (including sharing Relevant Personal Data with third parties for such purposes, provided that the Relevant Personal Data is shared in a form that does not enable the third party to identify a Data Subject).
Appendix to Data Processing Addendum
The Personal Data processing activities carried out by the Supplier under the Contract may be described as follows:
Subject matter of processing |
Data captured from the order placed and process to onboard and supply service. |
Nature and purpose of processing |
To provide our services and ensure we can support it and improve the quality. |
Categories of Personal Data |
Account details for the customer and the premise for which the service is provided. |
Categories of data subjects |
Individuals and organisations. |
Duration |
For a minimum of the initial contract term. |