Power Comms Privacy Policy For UK Broadband Services

Last updated: November 2021

Power Comms (“us”, “we”, or “our”) operates this Powercomms Website (the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service from this website which is https://fixedbroadband.uk or our associated website at https://broadbandbroker.uk. We conform to the requirements as laid down by the European GDPR (EU General Data Protection Regulation 2016/679) which came in to force in May 2018. More information about how we adhere to this Regulation is contained in the Addendum below.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this Policy. 

Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information (“Personal Information”) may include, but is not limited to:

  • Name
  • Email address
  • Telephone number

Log Data

We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

Google AdSense & DoubleClick Cookie

Google, as a third party vendor, may use cookies to serve ads on our Service.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Security

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

Compliance With Laws

We will disclose your Personal Information where required to do so by law or subpoena.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please  contact us.

Addendum – European GPDR

This Data Processing Agreement (“DPA”) is an addendum to our Privacy Policy.  The DPA will be effective and replace any previously applicable data processing and security terms as from 25th May 2018 and will continue for as long as we provide the services.

Definitions

“Customer Data” means data provided by or on behalf of Enquiries or Customer End Users via the Services under the account.

“Data Controller” means the entity that determines the purposes and means of the processing of Personal Data.

“Data Processor” means the entity that processes Personal Data on behalf of the Data Controller.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including the GDPR.

“Data Subject” means the individual to whom the Personal Data relates.

“EEA” means the European Economic Area.

“GDPR” means EU General Data Protection Regulation 2016/679.

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under GDPR.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

Sub-Processor” means any third party authorised under this DPA to have logical access to and process Customer Data to provide parts of the Services.

“Services” means any product or service provided to Customer following the completion of our  Data Form

Data Processing

We will only act and process Customer Data in accordance with the documented instruction from Customer (the “Instruction”), unless required by law to act without such Instruction. The Instruction at the time of entering into this DPA is that we may only process Customer Data with the purpose of delivering Services as described on this website and any product-specific agreements. Subject to the terms of this DPA and with agreement of the parties, Customer may issue additional written instructions consistent with the terms of this Agreement. Customer is responsible for ensuring that all individuals who provide instructions are authorised to do so.

We will inform Customer of any instruction that it deems to be in violation of GDPR and will not execute the instructions until they have been confirmed or modified.

When Customer Data is processed by us both parties acknowledge and agree that:

– Power Comms is a Data Processor of Customer Data under the GDPR
– Customer is a Data Controller of Customer Data under GDPR.

Confidentiality

We shall treat all Customer Data as strictly confidential information. Customer Data may not be copied, transferred or otherwise processed in conflict with the Instruction from Customer unless required by law.

Our employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all Customer Data under this DPA with strict confidentiality and only process Customer Data in accordance with the Instruction.

Sub-Processing

Customer authorises us to engage third-parties to process Customer Data (“Sub-Processors”) without obtaining any further written, specific authorisation. We will restrict Sub-Processor access to Customer Data to what is necessary to provide the Service.  

We shall complete a written agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable under this DPA. It remains accountable for any Sub-Processor in the same way as for its own actions and omissions.

We will inform Customer of any new Sub-Processor engagements at least 30 days before the new Sub-Processor processes any Customer Data. Notifications of such engagements will be delivered to the account email address and/or through the control panel interface. It is Customer’s sole responsibility to ensure account information is correct and kept up to date.

Customer has the right to object to a use of a Sub-Processor by terminating this Agreement and  informing us by email. 

Security

We will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access as set out Annex 2 of this Addendum and in accordance with GDPR, article 32. The security measures are subject to technical progress and development and Customer acknowledges that we may update or modify the security measures from time-to-time provided that such updates and modifications do not result in the degradation of the overall security. In addition, we will make controls available to Customer to further secure Customer Data inside any control panel if such a control panel is provided.

Data Breach Notifications

If we becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by us, Power Comms agrees to notify Customer without hesitation or delay. Notifications of such incidents will be sent to the account email address as set by Customer. It is Customer’s sole responsibility to ensure this information is correct and kept up to date inside any control panel that may be assigned.

We will make reasonable efforts to identify the cause of any breach and take necessary steps to prevent such a breach from re-occurring.

Customer agrees that Data Breach Notifications will not include unsuccessful attempts or activities that do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

Data Subject Rights

If Power Comms directly receives a request from a Data Subject to exercise such rights in relation to Customer Data, it will forward the request to Customer. Customer must respond to any such request within the timeframes specified within GDPR.

We will assist Customer in fulfilling any obligation to respond to requests by data subjects, which may include providing controls via the control panel to help comply with the commitments set out under GDPR.

Data Transfers

Power Comms stores and processes data in secure datacentres located inside the European Economic Area (“EEA”). Data may be transferred and processed outside the EEA to countries where Sub-Processors maintain their own data processing operations. Customer hereby agrees to the transfer, storing or processing of data outside the EEA. We will take all steps reasonably necessary to ensure that Customer Data is treated securely and in accordance with the relevant Data Protection Laws.

Compliance and Audit Rights

Power Comms agrees to maintain records of its security standards and, upon written request by Customer, we shall make available all relevant information necessary to demonstrate compliance with this DPA. Customer agrees any audit or inspection shall be carried out with reasonable prior written notice of no less than 30 days and shall not be conducted more than once in any 12-month period. If Power Comms declines the request, Customer is entitled to terminate this addendum and Services.

Return or Deletion of Data

Power Comms only retains Customer Data for as long as required to fulfil the purposes for which it was initially collected. Termination of this Addendum or Services will result in all Customer Data being deleted, unless otherwise required by law. For Customer Data archived on back-up systems, we shall securely isolate and protect from any further processing.

Limitation of Liability

The total liability of each part under this addendum shall be subject to the limitation of liability as set out below. For the avoidance of doubt, in no instance will Power Comms be liable for any losses or damages suffered by Customer where Customer is using Services in violation of its Terms & Conditions, regardless of whether Power Comms terminates or suspends a service or an account due to such violation.