Customer Privacy Policy

Did you sign up with Cuckoo Internet Ltd before February 12th 2024? If you did, your Privacy Policy can be found here

1. Introduction

This policy applies to Cuckoo Fibre Limited and, as the context requires, each of its subsidiary companies (herein after referred to below as “Cuckoo”, "we", "us" and "our"). We are a limited company registered in England and Wales under registration number 15060036 and we have our registered office at 6th Floor 33 Holborn, London, England, EC1N 2HT. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”) in relation to our processing of personal data under registration number ZB597477.

Unless we notify you otherwise, we are the controller of the personal data we process about you. This means that we decide what personal data to collect and how to process it.

Cuckoo respects your privacy and is committed to meeting our legal obligations when it comes to protecting your personal data, including how and why we collect and use your data, and how we safeguard your personal information. This privacy policy will inform you as to:

• the types of personal data that Cuckoo may collect
• why Cuckoo may collect and use your data
• when and why, we will share personal data within Cuckoo and other organisations
• the rights and choices you have when it comes to your personal data

If you have any questions, you can contact us using the information provided below under the ‘Contact Us’ section.

What this Policy does not apply to

This policy does not apply to other organisations’ websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our website(s) and/or apps, we encourage you to read the privacy policies and/or notices of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.

2. What data will we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which is known as anonymous data).

There are different ways in which we collect your information both directly from you and from third parties. For example:

2.1 Information we receive directly from you:

When you register your interest, apply for, use and/or purchase products and/or services from us, or contact us with queries, we may ask you to give us, where necessary, personal and contact details including your name, address, email address and phone number, and gender, as well as your financial transaction history. You may also wish to tell us about yourself if you consider that you are a vulnerable customer, or if you require any extra help or support, or have any specific accessibility or customer service needs.  

We may collect and record data pertaining to vulnerability to assess whether a customer should be placed on a priority fault repair list. We encourage you to inform us if you believe that you may qualify as a vulnerable customer or require extra assistance during the sign-up process or at any other time. A vulnerability could include your age, any disabilities or health conditions or any financial circumstances of you or a member of your household. Additionally, we may collect information to determine if a customer relies on their landline for emergency calls, especially if they lack a mobile phone or experience poor coverage within their residence, or if they are dependent upon a telecare device.

When you write to us, talk to us on the phone, email or communicate with us via electronic messaging (such as SMS or live chat tools) or via any app that we operate, we may collect personal and contact details including your name, address, phone number, email address, as well as any other information that you provide to us via such communications.

If you are invited to participate in our customer surveys which will help us provide you with improved services, we will collect the information you provide to us including your name, phone number, email address and information about how you use our website, apps, products and/or services.

When you provide commercial services to us, we may ask you to give us, where necessary, personal and contact details including your name, address, phone number, as well as your financial details including your bank account, and payment method.

2.2 Information we collect about you when you use our products and services:

When you visit our website(s) and/or apps, we’ll use cookies (which are stored on your device(s) – your laptop, mobile phone, tablet etc.) to collect information about your use of our online services. See our Cookies Policy (https://www.cuckoo.co/legal/cookie-policy) for more details.

When you use our services, we may collect information about your use of those services including the following:

• Usage data - including frequency, time and data used per month
• Call data - including time, duration, originating and destination number
• Billing, payment and transaction data – including your financial details, bills and its components
• Technical data related to your television viewing such as time and duration of watched content, information on the content recorded/watched, MAC/IP address, the quality of the connection
• Interactive data including apps usage data, websites usage / visits data
• Device data including IP address, device make and manufacturer, browser information and other similar identifying information required from your devices to communicate with websites and applications on the internet.

We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service, especially to address your specific needs if you are a vulnerable person and/or for training, operational and compliance purposes.​

2.3 Information collected from others:

We may supplement the information that we collect from you and about your use of our products and/or services, with information that we receive from third parties.

This may include:

• Data we collect from other members of your household in relation to your use of our products or services
• Data we receive from someone who refers you for our products and services
• Data we receive from our referral partners
• Data from other organisations who have obtained your permission to share information about you with us
• Data accessible to us from publicly available sources such as councils, company registers, land registry, electoral rolls and online search engines
• Information we get from reporting agencies, such as credit reference agencies. They may give us information about your financial history so we can assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity
• Financial and transaction data from providers of technical and payment services

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

3 Why we may collect data about you

There are many reasons why we may legitimately collect and process your personal information and data, including:

3.1 Contractual obligations

We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract.

Examples of these situations include:

• To provide you with a quote for our products and/or services
• To determine your eligibility for our products and/or services / whether they are available in your area
• To process your orders for our products and services and to bill you for the same
• To provide you with the products and services you have ordered from us
• To respond to any questions or complaints you may have regarding our products and services
• To administer, operate, facilitate and manage the products and services Cuckoo provides to you
• To analyse your data for the purpose of improving your experience and protecting you on-line
• To manage the best way of routing your data usage through the various parts of our network, equipment and systems
• To contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account
• To provide you with information relating to our products and/or services

Examples of your personal information that we may process under this legal basis include:

• Your contact details, including name, address, phone number, date of birth, gender, email address, passwords and credentials (such as your security questions and answers), and other information needed to confirm your identity and your communications with us
• Your communications with us, such as calls, emails and webchats
• Your financial transaction history
• Details from the products and services we have provided to you, such as data usage, connected device details, routers, calls made and received.

3.2 Legal compliance

If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator. However, we would need to be satisfied that a request for information is lawful and proportionate and we would need appropriate assurances about security, how the information is used and how long it is kept.

We are required to consider the needs of vulnerable people. If you choose to provide us with details of a disability, health condition, vulnerability or accessibility issue (whether temporary or permanent), we will record this information securely and only use this to the extent necessary to ensure that we treat you fairly, give you any additional support that you need to communicate effectively with us and access our services, and comply with our legal and regulatory obligations.

If we make voice services available to you and you order such a service, we will ask you if you’re a reliant on a landline or your internet connection for calls, e.g. because you do not own a mobile phone and if you have a telecare device We will also ask if you want your details included in any telephone directory services, so your details can be included in phone books and be found using publicly available directory enquiry services. If you do, we will share that information with regulated providers of directory services. Ex-directory numbers will not be included and will not appear in any directory service database.

For health and safety compliance purposes and subcontractor assurance we may be required to obtain training and competency records of sub-contract staff deployed in the installation of our services.

3.3 Legitimate interest

We may also use your personal data where it is necessary to pursue our legitimate interests (or those of a third party) but only in a way which might reasonably be expected as part of running our business and only where such interests are not overridden by your fundamental rights, freedoms or interests.

We may process your personal data under this basis for the legitimate running of our business, to facilitate our internal business operations including assessing and managing risk, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.

We may also use your personal information for the legitimate interest of helping to prevent and detect crime and fraud and to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.

3.4 Consent

In specific situations, we may collect and process your data with your consent including the following:

• If you contact us via our website with queries about our service, we may we request your consent to process your location data to determine your eligibility for our products and services and, in particular, whether and when our products and services may be available in your area
• We may request your consent in order to send marketing communications regarding our services and/or products via our apps, website or otherwise.

However, if we do so, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you do withdraw your consent, we may not be able to provide certain information, products or services to you.

4. Who do we share your information with?

Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data with them. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance and only for the purposes set out in paragraph 3 of this policy.

We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law.

As well as sharing your information within the “Cuckoo” group of companies, other organisations with which we may share your information include:

4.1 Contracted partner companies

We may share your personal information with partner companies with whom we have contracts for certain products and/or services. The reasons we may share your information in this way include to:

• Further develop and improve our infrastructure and network services
• Provide customer-service, marketing and information-technology services
• Carry out installations
• Personalise our service and make it work better
• Process payment transactions
• Carry out fraud and reference checks and collect debts
• Analyse and improve the information we hold (including about your interaction with our service)
• Run customer satisfaction surveys

Specific examples of third parties with whom we share data as at the date this policy was published include:

• GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data, and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/.
• Stripe and Braintree to process your Credit Card payments. For comprehensive information regarding the processing of your personal data and your data protection rights, including the right to object, please refer to the privacy policy of Stripe, available at https://stripe.com/gb/privacy. Additionally, details pertaining to the processing of your personal data by Braintree can be found in their privacy policy at https://www.paypal.com/us/legalhub/privacy-full.

4.2 Credit reference agencies

We may share your personal information with credit reference agencies, including TransUnion. For example, we may provide them with information about how you conduct your account with us, and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of TransUnion or other credit agency to assess creditworthiness and product suitability, check your identity, trace, and recover debts, prevent criminal activity or to gather information about your financial history. This is so that we can confirm your eligibility for our products and/or services and guarantee your ability to make regular payments for such products and/or services.​ For more information on how TransUnion handles your data, please find a copy of their CRAIN here . The Credit Reference Agency (CRA) Information Notice (CRAIN) means the industry standard policy for providing privacy information, which has been adopted by the leading UK CRAs. 

4.3 Legitimate interest

We may share your personal information with the following:

• Professional advisers including lawyers, bankers, auditors and insurers
• Regulators and other authorities who require reporting of processing activities in certain circumstances
• Our affiliates and partners, including price comparison websites, to the extent necessary to enable us to deliver our services to you
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy

We do not sell or share your personal information and/or data to or with third parties for direct marketing purposes.

We speak to many customers a day, and some of those people will be in difficult circumstances. Occasionally people will share information which indicates that they, or a member of their household, are in imminent danger or at serious risk, and in line with guidance from the Information Commissioner, in such circumstances we may refer the situation to relevant authorities or sources of assistance. In such cases we will consider first and foremost the interests of the person at risk.

5. Sharing your data outside the UK

The data and information that we collect and process may be transferred to, and stored at, a destination outside of the UK and EEA. We will only transfer your personal data outside the UK and EEA on the basis that anyone to whom we transfer it protects your data and information in a similar way to us.

In the event that we transfer your information to countries outside the UK and EEA, we will only do so where:

• the UK Government has decided that the country to which we are transferring your data is deemed to provide an adequate level of protection for your information, or
• we have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information on such terms as approved by the UK Government to ensure your information is adequately protected.

6. How we protect your data

The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded. Our security measures include:

• Encryption of data where appropriate
• Regular penetration testing of systems
• Security controls which protect the entire Cuckoo Information Technology infrastructure from external attack and unauthorised access
• Regular cyber security assessments of all service providers who may handle your personal data
• Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
• Internal policies setting out our data security approach
• Training for employees on security and privacy

The transmission of information via the internet is not completely secure and although we will do our best to protect your information and/or personal data, we cannot guarantee the safety of any personal information you transmit to us using online methods.

7. How long we keep your information

By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in a number of formats.

We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.

Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.

We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.

8. What are your right?

We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights, and the circumstances in which they apply, in the below:

How to complain

If you wish to raise a complaint on how we have handled your information, you can contact us, and we will investigate the matter. See Section 9 below for how to do this.
We hope that we can address any concerns you may have, but you also have the right to lodge a complaint with the relevant supervisory authority if you are concerned about the way in which we are handling your personal data.
The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.

9. Contact us

We can be contacted by post at the following address.

Data Protection
Cuckoo Fibre Limited,
6th Floor, 33 Holborn,
London,
EC1N 2HT

Our Data Protection Officer can be contacted by email at dataprotection@cuckoo.co

Last updated: 12th February 2024