1. ABOUT US
Fibrus is a full fibre internet service provider. We are a limited company registered in Northern Ireland under company number NI612703 and our registered office and main trading address is at Lanyon Plaza, West Tower, 8 Lanyon Place, Belfast, BT1 3LP
We are regulated in the UK by Ofcom. We are also a member of the UK Internet Service Providers Association (“ISPA”) and Ombudsman Services
Fibrus is the controller and responsible for your personal data.
2. INFORMATION WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address, social media username (if given) and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details of payments made by you, any equipment we will supply, and services you have subscribed to.
Usage Data includes information about how you use our services, our network and our Website. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our network.
Profile Data includes your username and password (if made available to us), orders made by you, your interests, preferences, feedback and survey responses.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. HOW WE COLLECT YOUR PERSONAL DATA
Identity Data, Contact Data and Financial Data You may give us your Identity, Contact and Financial Data by corresponding with us by via our Website, systems or communicating with our Customer Support online, by email, on the telephone or by post. This includes personal data you provide when you:
fill in electronic forms or online forms on our Website
register to use our Website
record your registered interest in becoming our customer in the future
give us your details for us to contact you in relation to our services
post any material on our Website
place an order for our services by telephone
request any additional services or upgrades
ask for help or advice or report a problem with our services
request marketing communications to be sent to you
enter a competition, promotion, or survey
give us feedback
This also includes information you enter even when you only partially fill out an online form, and exit before completing it.
When you contact us (by phone, email or via our Website), we may keep a record of it and what you say to us.
We may also hold your Identity, Contact and Financial Data, if you have agreed for us to have this, in connection with you (as a third party) consenting to manage a Fibrus customer’s billing arrangements (at that customer’s request).
We will collect and hold details of orders you make through our Website, by telephone or on electronic forms and details of any payments you have made, and any products/equipment supplied – e.g. routers.
Usage and Technical Data
When you use our services, we will automatically collect your Usage Data. When you (or someone using your Fibrus broadband or telephone service) use Fibrus’s network to make a telephone call or connect to the internet, we keep a record of that call (including the number called) so we can charge for it. We also receive information from other operators about calls made over our network, where we need that information for connecting and billing purposes. We will also collect information about your use of our services (such as the amount of time you spend online), which we will use to manage our network and for billing.
If someone abuses or damages the Fibrus telephone network, for example by making offensive or nuisance calls, we may keep information relating to that abuse.
If a customer abuses our internet service or any other services we provide, for example by not following any part of our Acceptable Usage Policy, we may keep any information relating to that abuse.
We will also collect information on which devices have accessed your Home Hub router (e.g. type of device, brand, model, operating system, and browser) in order to monitor and better understand how our services are used.
We may collect information about your computer, including your IP address, operating system, and browser type, to help keep our network running smoothly. Unless this information is needed for a service enquiry specific to your service, this is used as aggregated statistical information about our users’ browsing actions and patterns, and does not identify any individual.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. We may ask you questions, from time to time, about how you use the services we provide, other services you would like us to provide in the future and about other things, such as information about your lifestyle.
Marketing and Communications Data
We will keep a record of whether you have opted out of receiving marketing from us. We will also keep a record of your communication preferences.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform a contract, we are about to enter into or have entered into with you
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
Where we need to comply with a legal or regulatory obligation
Performance of Contract means using your data as necessary for us to provide a quote to you or fulfil a contract to provide our services to you.
Legitimate Interest means using your data as necessary for the commercial interests of our business, allowing us to conduct and manage our business to give you the best possible service and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
Comply with a legal or regulatory obligation means using your personal data to the extent necessary for us to comply with a legal or regulatory obligation that we are subject to.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below a description of the ways we use your personal data. Note that we may use your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.
Type of data
Lawful ground for processing
To register you as a new customer
Perform our contract with you
To process your order and provide our services including:
(a) Making the services available to you and performing any necessary installation work
(b) Managing payments and charges
(c) Providing billing information to you
(d) Collecting and recovering money owed to us
(f) Marketing and Communications
(a) Perform our contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To monitor your usage of our services and maintain records of your usage (including provide billing information to you)
(a) Perform our contract with you
(b) Necessary to comply with our legal obligations
(c) Necessary for our legitimate interests (to understand how customers use our service, maintain, and develop our service provision and protection of the network and service)
To monitor and record our communications with you
(a) Perform our contract with you
(b) Necessary for our legitimate interests (for training and quality purposes)
To manage our ongoing relationship with you which will include:
(a) Maintaining your account
(b) Responding to any questions
(c) Notifying you about changes to our services
(e) Asking you to leave a review or complete a feedback survey
(d) Marketing and Communications
(a) Perform our contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated, maintain, and develop our service provision and to understand how customers use our services)
To administer and protect our business, network, and Website (including troubleshooting, data
(a) Necessary for our legitimate interests (for running our business, provision of
To deliver relevant Website content and advertisements in the most effective manner to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Website, services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
To enable you to manage (as a third party) the billing arrangements of a Fibrus customer who has requested that you be permitted to do this.
(a) To perform our contract with the customer on whose behalf you are acting
(b) May be necessary to comply with our regulatory obligations to allow a third party to manage the billing arrangements for a customer with special accessibility requirements
To get our install partners to contact you to arrange your installation
(b) Email address and phone number
(a) &(b) Perform our contract with you
To request a voucher from the Government Department for Digital, Media, Culture and Sport
(b) Email address and phone number
a) (a) &(b) Necessary for our legitimate interests (To be able to offer free installation to you with the help of government funding)
If you are a customer, we may also use your Identity, Contact, Technical, Usage, Profile and Marketing and Communications Data to form a view on what services and offers may be relevant for you and to send you recommendations about services that we think may be of interest or to invite you to participate in prize draws or competitions (“marketing communications”).
If you have given us your details to record your registered interest in becoming our customer in the future or for us to contact you in relation to our services or business development (including to receive our newsletter), we may use your Identity Data to keep you up to date about our services and coverage.
You will only receive marketing communications from us if you have registered an interest in receiving our services (whether current services or in the future when your building or location is connected to our network), requested information from us in relation to our services or purchased services from us and, in each case, you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing communications at any time by contacting us by telephone on 02890 993230 or send us and email to email@example.com
If you opt out of receiving marketing communications, we will still send you service-related communications, as necessary.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may sometimes need to share your personal data with the types of third party listed below:
Our partner organisations and subcontractors who provide some of the services on our behalf
Credit reference agencies (to carry out credit checks) and debt recovery agencies (if you do not pay your bills)
Analytics and search engine providers that assist us in the improvement and optimisation of our Website
IT and system administration services service providers
Professional advisers including lawyers, auditors, and insurers
Third parties to whom we may choose to sell, transfer or merge parts of our business with
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If, as a Fibrus customer, you have requested and/or consented to a third party managing your Fibrus billing arrangements, you agree that this may involve that third party (i) having online access to your Fibrus account details (through Fibrus’s website) insofar as they relate to your bills and/or (ii) being given details of your billing arrangements when calling Customer Support or writing to us in connection with managing these arrangements and/or (iii) arranging for any of your bills to be paid. You have informed us which of these options you have chosen and given your consent accordingly. We accept no responsibility in relation to you choosing that third party to manage your billing arrangements or in relation to their use or misuse of such of your personal information to which they have access under these arrangements.
6. INTERNATIONAL TRANSFERS
We might share your personal data within Fibrus’s organisation which involves transferring your data outside the European Economic Area (EEA). We ensure your personal data is protected by requiring all our divisions to follow the same rules when processing your personal data to ensure its security. These rules are called "binding corporate rules".
In addition, some of our third-party suppliers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
The third-party country has been deemed to provide an adequate level of protection for personal data by the European Commission;
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe
The service provider has provided adequate safeguards to ensure that individuals rights are enforceable and legal remedies are available
7. DATA SECURITY
We have in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We also have in place procedures to deal with any suspected personal data breach and will notify you and the ICO (the UK supervisory authority) of a breach where we are legally required to do so.
All information you provide to us is stored on our secure servers. Any payment information will be stored securely. Where we have given you (or you have chosen) a customer ID, password(s), or logins to allow you to can access certain parts of our Website, you are responsible for keeping these confidential. You are responsible for how our services are used from your account and for keeping your account information secret. Please keep this information safe, and do not share it with others.
Unfortunately, sending information using the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data you send to our Website; you take the risk for this. Once we have received your information, we will try our best to keep it secure. This includes using strict procedures and security features to try to prevent unauthorised access.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and others associated with us. If you follow a link to any of these websites, please note that these websites have their own privacy and cookie policies. Fibrus accepts no responsibility or liability for these policies. Please check these policies before you send any personal data to these websites.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least 7 years after they cease being customers for tax purposes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
You have various rights in relation to your personal data – these are set out in detail below. If you wish to exercise any of these rights, please email us: firstname.lastname@example.org
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete your personal data when we no longer need it. You may also ask us to delete your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with a legal obligation. However, we may not be able to comply with your request of erasure, for example, if we are required to retain your personal data for legal reasons. We will let you know if this is the case.
Object to processing of your personal data where we are processing your personal data for direct marketing purposes. You also have the right to object where we are relying on a legitimate interest, but you feel the processing impacts on your fundamental rights and freedoms.
Request restriction of processing of your personal data. You may ask us to suspend the processing of your personal data in the following scenarios: (a) if you do not think the data we hold is accurate, whilst we verify its accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process it but you require us to store it in relation to a legal claim; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will if feasible practically provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information which we process by automated means and use to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data (for example, for marketing purposes). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, if we feel that your request is unfounded, repetitive, or excessive, we may charge a reasonable fee, or we may let you know that we are refusing to comply with your request. If we refuse your request, we will explain why, and you will be entitled to raise the issue with the ICO.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to all legitimate requests within 30 days of receipt and, if possible, achieve a satisfactory resolution within that time period. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Post: The Data Protection Officer, Fibrus Networks Ltd, Lanyon Plaza, West Tower, 8 Lanyon Place, Belfast, BT1 3LP
We use these types of cookies:
Essential cookies: These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website.
Functionality cookies: These are cookies we use to recognise you when you return to our Website. They enable us to personalise our content for you and save your preferences in a cookie on your device (for example, your choice of language or region or, if you select the ‘Remember me on this computer’ box, your username and password). This means that the next time you log on to our Website using that device you will not need to re-enter those details. We suggest you do not select the ‘Remember me’ box if you use a shared device or publicly available computer. The cookie file itself will not store your personal information.
Except for essential cookies, all cookies will expire after 12 months.
13. HOW TO BLOCK COOKIES
If you want to delete any cookies that are already on your computer, you should check the instructions for your file management software to locate the file or directory that stores cookies.
You can learn about and opt out of a number of commercial third-party cookies (including some used by us) at www.optout.networkadvertising.org. Some of the opt-outs used by our commercial service providers require a cookie to be placed on your computer. This “opt-out” cookie is only used to tell the relevant cookie servers not to send you any more cookies. If you keep deleting cookies (including “opt-out” cookies) from your temporary internet files, you might need to repeat the opt-out process, the next time you visit our Website.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
15. GOOGLE ANALYTICS
Fibrus use Google Analytics' 3rd-party audience data such as age, gender and interests to better understanding the behavior of our customers. We work with companies that collect information about your online activities in order to provide advertising that is targeted to suit your interests and preferences. For example, you may see ads on our website or on other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means, such as cookies and web beacons. These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.
You may opt out of the automated collection of information by third-party ad networks, by visiting the consumer opt- out page for the Self-Regulatory Principles for Online Behavioral Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads' preferences at http://www.google.com/ads/preferences/
This Policy is effective from 14th of June 2021