vale

We treat your privacy and the security of your personal information very seriously. We are open and transparent and the aim of this statement is to provide you with information on how we collect and process / use your personal data when you use our website and / or our services and / or interact with us. This includes any data you may provide to us through this website, over the phone, by email or letter (or other means of communication), when you contact us in relation to our network or infrastructure or if you purchase a product or service from us.

This statement also aims to inform you how we look after any personal information we collect from you or that you provide to us. It will also tell you about your privacy rights, how the law protects you and how you can exercise your rights (section 9).

This document is important. We would ask that you take the time to read both this privacy statement and any other privacy statements or notices we provide to you when we are collecting or processing your personal data. Our objective is to make sure that you are fully aware of how and why we are collecting and using your personal data.

From time to time we may make changes to this statement (for example to keep pace with best practices or changes in legislation), so we suggest that you check back every now and again to make sure you are happy with any changes we may make.

Should you have any questions or queries about this privacy statement, we would be happy to assist. Please direct your queries to
dataprotection@valeinfrastructure.com. Our full contact details can be found in section 10 below.

This statement applies to anyone who visits our website, customers, supplier contacts and members of the public who interact with us in relation to our network operations. By visiting our website, or by interacting with us, you are agreeing to this statement and, importantly, to us using your information in the ways described in this privacy statement.
Please note that our website uses cookies. For more information you can read our Cookie Policy.

Personal data’, or ‘personal information’, means any information about a natural person from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, store and use personal data including:

Identity Data – your full name and designation or title.
Contact Data – your full postal address, landline and/or mobile contact numbers and email address.
Technical Data – including your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Financial Data: bank account/payment details.
Profile Data: including the nature of your contact or inquiry.
Transaction Data: including communications relating to a contractual arrangement and/or our network and or apparatus.

We also collect, use and share aggregated data for statistical purposes. Aggregated data, whilst it may be derived from your personal data, is not considered personal data as it does not reveal your identity. For example, to find out, the number of visits to our websites, the number of views of the individual pages and the time spent on the websites. This helps us in a number of ways, including improving the website user experience. If we were to combine or connect aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this privacy notice.

We do not collect any sensitive personal data about you. For example, we do not collect details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

We collect data from and about you in the following ways: When we or one of our agents interact with you directly You may give us your identity and contact data by corresponding with us by post, phone, email or otherwise or by completing an online form in the ‘contact’ section of our website. Circumstances in which you provide this personal data include when you contact us to inquire about our network or network apparatus or the services that are available on our network. You may also provide us with your personal data when you request promotional material, subscribe to updates or alerts, enter competitions, promotions or surveys or when you contact us to provide feedback or make a complaint.

Interactions through our websites

When you visit and interact with our website, we may automatically collect technical data (Technical Data) about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Our Cookie Policy provides further and more detailed information.

Data we may receive from third parties

We may receive personal data about you from various third parties and public sources as set out below:

Technical data from third-party analytics providers such as Google.
Your name (Identity Data) and contact details (Contact Data) from Local Authorities or other third parties you have contacted with feedback or comments in relation to our network roll out and/or positioning of our apparatus.
Your name (Identity Data), address (Contact Data) and property ownership details from searches made of the Land Registry.
Your name and address from publicly available sources such as Companies House and the Electoral Register.

Your personal data will be used or processed by us only when we have a lawful basis for doing so. In some instances, we may have more than one lawful basis for using or processing your personal data.

Most commonly we will use or process your personal data in the following circumstances:

Performance of a contract: where we use your data in anticipation of entering a contract with you (e.g., providing you with a quote or offer) and thereafter for the purposes of performing our obligations under a contract with you.

Legitimate Interests: where the use or processing of your data is necessary for the commercial interests of our business, including allowing us to conduct and manage our business but only when this does not override your fundamental rights and interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.

Compliance with legal or regulatory obligations: where we use or process your personal data to the extent necessary for us to comply with a legal or regulatory obligation that we are subject to.

We will not generally rely on your consent as a lawful basis for processing your personal data, unless it is in relation to the sending of direct marketing communications to you via SMS, email, post or telephone.

By way of general example, we have set out below a description of the ways we use your personal data but note that we may, depending on the purpose, have more than one lawful basis for using and processing your personal data.

Purpose/Activity	Type of Data	Lawful basis
To communicate with you (including responding to contact received from you) and to record and monitor our communications with you.	Identity Data and Contact Data.	(a) Legitimate Business Interests (training and quality purposes and to be responsive to comments and feedback in relation to our network and provide information about our network and services available on our network). (b) Compliance with a legal or regulatory obligation (to respond to complaints and objections). (c) Performance of a Contract. Depending upon the nature of the contact.
Negotiating and/or entering into a contract with you and performing our contractual obligations / exercising our contractual rights thereunder / managing payments and charges including in relation to way leave agreements.	(a) Identity Data (b) Contact Data (c) Financial Data	(a) Performance of Contract (including making payments and arranging and exercising access rights). (b) Legitimate Interests (including recovering monies that may be due to us). (c) Necessary to comply with our legal or regulatory obligations in relation to our network.
To manage an ongoing relationship with you including: (a) Maintaining an account. (b) Responding to communications from you. (c) Contacting you in relation to a contract we have with you. (d) Notifying you about changes to our terms or privacy statement. (e) Asking you to leave a review or complete a feedback survey.	(a) Identity Data (b) Contact Data (c) Financial Data	(a) Perform our contract with you and / or exercise our contractual rights. (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (to keep our records, etc.).
To administer and protect our business, network and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	(a) Identity Data (b) Contact Data (c) Technical Data	(a) Necessary for our legitimate interests (for running our business, provision of our network, network security, to prevent fraud and in the context of a corporate transaction including a sale (in whole or in part) or reorganisation or group restructuring exercise). (b) Necessary to comply with our legal obligations.
To use data analytics and deliver relevant content in the most effective manner to you and to measure or understand the use of our websites so that we can improve user experience.	Technical Data	Necessary for our legitimate interests (to study how visitors use our websites, to keep our website updated, improve user experience, to grow our business and to inform our marketing strategy).
To make contact with you in relation to infrastructure works concerning our network (existing or proposed).	(a) Identity Data (b) Contact Data	(a) Necessary for our legitimate interests (to maintain our network and/or plan the expansion or our network). (b) Necessary to comply with our legal and/or statutory obligations including as a statutory undertaker and/or Code Operator and/or Electronic Communications Network Provider.

Note that we may use your personal data for more than one lawful ground, depending on the specific purpose for which we are using your personal data.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. You may also be given the option to manage your cookie preferences using any cookie manager on our websites. Please note if certain cookies are disabled some parts of or features of this website may become inaccessible or not function properly. For more information about the cookies we use, please refer to our Cookie Policy.

Change of purpose

We will only use your personal data for the purpose we collected it for, unless we consider that we need to use it for another reason that is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We will not sell your personal data to third parties. There may be instances however, where we do need to share your personal data with the parties for the purposes described in section 5 above.

SHARING YOUR DATA WITH THIRD PARTIES

Service providers based inside and outside the UK who provide IT and system administration services.
Professional advisers including lawyers, bankers, finance providers, planning consultants, auditors and insurers based inside or outside the UK who provide legal, accounting, consultancy, banking, insurance or other professional services to us.
HM Revenue & Customs, Local Authorities regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. We may also seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Third party contractors/service providers we may engage with in relation to our network and infrastructure (including the roll out of our network).
Companies that are within our corporate group (including but not limited to Vale Broadband Limited and Total Care and Support Limited) to whom we may outsource certain business functions relating to our business.

We require all third parties (including companies within our corporate group) to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes unless you have given your consent to us doing so and only permit them to process your personal data for specified purposes and in accordance with our instructions.

INTERNATIONAL TRANSFERS

There may be occasions when third parties to whom we transfer your personal data are outside the UK / European Economic Area in countries whose laws may not afford the same level of protection of data as those in the European Economic Area or the United Kingdom.

Should these occasions arise, we will ensure that your personal data is not shared until a contract is in place that ensures the personal data is adequately protected and that appropriate measures are in place with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. For further information on the transfer mechanisms in place, please get in touch using the details below.

The security of your personal data is treated with the utmost importance. We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited only to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality and will only process your personal data on our instruction.

Procedures have been implemented to deal with any suspected personal data breach. Should a breach occur, we will notify you and, where we are legally required to do so, any applicable regulator.

The length of time we retain your personal data will vary depending on the circumstances.

Where we have a contractual relationship with you, we will retain your personal information (including Identity Data, Contact Data, Financial Data and/or Transaction Data) for legal, regulatory compliance and/or tax purposes, as well as our accounting and reporting requirements.

When we determine the appropriate retention period for personal data, we will consider the amount and nature of the personal data, the potential risk of harm any unauthorised use or disclosure may cause, the purpose for which we process your personal data and whether we can achieve that purpose through other means. We also consider any applicable legal or regulatory requirements and/or limitation periods. Details of the types of data and retention is detailed in the table below, full retention policy is available on request.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

TYPE OF DATA	PURPOSE	RETENTION PERIOD
Name, contact details, email account; address; customer message	Responding to enquiries on Internet website	2 Months
Voice	Management of inbound/ outbound telephone calls	Inbound calls 2 years for noncustomer and 6 years for customers
Card payment details; bank details, account holder information; transaction's information	Collecting payments of upfront charges and/or recurring charges by card	6 years from contract end

Your legal rights

You have the following general rights under data protection laws in relation to your personal data:

Request access: this is commonly known as a “data subject access request” which, when made, enables you to receive a copy of personal data we hold about you and to check that we are processing it in accordance with the law.

Request correction: this enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.

Request erasure: you can ask us to delete or remove personal data where there is no good reason for us continuing to process it.

You also have the right to ask us to delete or remove your personal data, where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data by law. However, this is not an absolute right and we may not be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing: where we are relying on a legitimate interest (or those of a third party), you may object to us processing your personal data based on legitimate interest where there is something about your particular situation that you feel impacts on your fundamental rights and freedoms.

You also have the right to object where we are processing your personal data for direct marketing purposes. We would not be required to cease processing your personal data if we have compelling legitimate grounds to process your information, which override your rights and freedoms.

Request restriction of processing: you can ask us to suspend the processing of your personal data in the following instances: (i) you want us to establish the accuracy of your data; (ii) where we are unlawfully processing your data but you do not wish us to erase it; (iii) where we no longer require your personal data but you need us to retain it (as opposed to deleting it) because you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party where you have provided and consented to using automated information (or where we used the information to perform a contract with you) you can ask us to transfer the personal data, either to you or to a nominated third party, in a structured, commonly used, machine-readable format.

Withdraw consent: at any time where we are relying on consent to process your personal data: where you have provided your consent to the use and processing by us of your data, you can withdraw your consent to future use or processing of that personal data.

Note that this does not prevent the continued processing of your personal data where we have a lawful basis for processing your data.

You have the right to not be subject to a decision based solely on automated processing: You have the right to require human intervention where it produces legal effects or significantly affects you.

How to exercise your legal rights

Please contact dataprotection@valeinfrastructure.com

In most cases you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if we believe your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee for dealing with your request or, alternatively, we may refuse to comply with your request. In either case we will advise you. In order for us to comply with your request, we may ask you to provide specific information to help us confirm your identity and establish your right to access your personal data (or to exercise any of your other rights). We do this too for security reasons and to make sure your personal data is not disclosed to any person who has no right to receive it. In certain instances, we may also contact you asking either to confirm your request in writing or to request further information to clarify your request and/or to speed up our response.

How long do we have to respond to your request? We aim to respond to all legitimate requests within one month. Should your request be particularly complex or you have made a number of requests, it may not be possible for us to respond within one month. In these instances, we will notify you and keep you updated.

Contact details

If you wish to exercise any of the rights set out in Section 9 or you have any questions about this privacy statement or our treatment of your personal data, please contact us by letter to:

Data Protection Vale Communications Infrastructure Limited

Time Technology Park Blackburn Road, Simonstone Lancashire BB12 7TW

Or email us at: dataprotection@valeinfrastructure.com

Further information and complaints

If you wish to find out more about your rights in relation to your data, lots of useful information can be found by visiting the UK Information Commissioner’s Office (ICO) website: www.ico.org.uk

If you are not satisfied with our response to your request or believe our processing of your information does not comply with data protection law, you have the right to complain to the ICO: https://ico.org.uk/concerns/

This statement was last updated on April 2024.

Privacy Policy

Introduction and who we are

Our Privacy Policy

All Legal Documents