Privacy Policy
Last updated: February 2026
Badenoch Broadband understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers, employees, members and partners and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Information About Us
Badenoch Broadband and Communications CiC
- Community Interest Company registered in Scotland under company number SC408055
- Registered address: Railway Station, Ruthven Road, Kingussie PH21 1EN
- Data protection contact: support@badenochbroadband.com
- Telephone number: 0845 463 1480
- Postal Address: c/o Rowan Cottage, Laggan, By Newtonmore PH20 1AH
2. What Does This Notice Cover?
This Privacy Notice explains how we collect, use, store and protect your personal data when you use our website, broadband services, telephone (VoIP) services, or contact us. It also explains your rights under data protection law.
We are a provider of electronic communications services and are therefore subject to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and relevant provisions of the Communications Act 2003.
3. What is Personal Data?
Personal data is defined by the UK General Data Protection Regulation (UK GDPR) as any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as IP addresses, device identifiers, location data, and online identifiers.
4. What Are My Rights?
Under the UK GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more using the details in Section 13.
- The right of access to the personal data we hold about you. See Section 12 for how to make a subject access request.
- The right to rectification if any of your personal data held by us is inaccurate or incomplete.
- The right to erasure (the right to be forgotten), i.e. the right to ask us to delete any of your personal data that we hold, where there is no compelling reason for us to continue processing it.
- The right to restrict processing of your personal data in certain circumstances.
- The right to object to us using your personal data for a particular purpose, including direct marketing.
- The right to data portability. You can ask us for a copy of your personal data in a structured, commonly used, machine-readable format to re-use with another service.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
To exercise any of these rights, please contact us using the details provided in Section 13. We will respond within one month.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
5. What Personal Data Do We Collect?
Personal details
We may collect some or all of the following, depending on your relationship with us:
- Name
- Date of birth
- Home or business address (including postcode for coverage checks)
- Email address
- Telephone number(s)
- Business name, job title, or profession
Service and technical data
When you use our broadband or VoIP services, we also process:
- Connection data: IP addresses assigned to your connection, MAC addresses of customer premises equipment, connection session times and durations
- Traffic data: Data volumes (upload/download) for network management and fair usage purposes. We do not monitor or record the content of your communications
- Telephone data: Call records for VoIP services, including numbers dialled, call duration, and time of call (required for billing and regulatory purposes)
- Billing and payment data: Bank account or payment card details, billing history, and payment records
Website data
When you visit our website or submit a contact form:
- Information you provide via forms (name, email, postcode, message)
- Your IP address and browser type (in server logs, retained for security purposes)
How we obtain your data
- Directly from you when you contact us, subscribe to our services, or submit a form on our website
- Automatically through the provision of our broadband and VoIP services
- From your previous provider when porting a telephone number
6. How Do We Use Your Personal Data?
Under the UK GDPR, we must always have a lawful basis for processing your personal data. The table below sets out how we use your data and the lawful basis for each activity:
| Purpose | Lawful Basis |
|---|---|
| Providing and managing your broadband or VoIP service | Contract — necessary to fulfil our contract with you |
| Billing, invoicing, and processing payments | Contract — necessary to fulfil our contract with you |
| Network management, fault diagnosis, and maintaining service quality | Legitimate interest — to operate and improve our network |
| Responding to your enquiries and support requests | Contract / Legitimate interest |
| Processing coverage check and survey requests | Legitimate interest — to assess service feasibility |
| Complying with legal and regulatory obligations (e.g. Ofcom, HMRC) | Legal obligation |
| Sending you service updates and maintenance notifications | Legitimate interest — to keep you informed about your service |
| Marketing communications about our services | Consent — you may opt out at any time |
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK GDPR and PECR, and you will always have the opportunity to opt out by contacting us or clicking the unsubscribe link in any marketing email.
7. Cookies and Website Tracking
Our website does not currently use cookies for analytics, advertising, or tracking purposes. We do not use any third-party tracking services such as Google Analytics.
If we introduce cookies in the future, we will update this Privacy Notice and provide clear information about what cookies are used and how to manage your preferences, in accordance with PECR.
Our website uses Google Fonts, which are loaded from Google's servers when you visit our site. Google may receive your IP address as a result. Google's privacy policy applies to this data processing.
8. How Long Do We Keep Your Personal Data?
We will not keep your personal data for longer than is necessary. Our retention periods are as follows:
- Active subscribers: Data is held for the duration of your service agreement.
- Former subscribers: Data is retained for up to 5 years after your service ends, to comply with tax and accounting obligations (HMRC requires 6 years for financial records), to resolve any billing disputes, and to meet our regulatory obligations as a communications provider.
- Enquiries and survey requests: If you contact us but do not become a subscriber, we will retain your data for up to 12 months unless you ask us to delete it sooner.
- Marketing contacts: Data is held until you withdraw consent or ask to be removed.
- Call records (VoIP): Retained for up to 12 months for billing purposes, in line with Ofcom requirements.
- Server logs: Retained for up to 90 days for security and fault diagnosis purposes.
9. How and Where Do We Store Your Personal Data?
Your personal data is stored within the United Kingdom. Our servers and data storage systems are located in the UK.
In limited circumstances, some data may be processed by third-party service providers who operate within the UK or countries that the UK government has determined provide an adequate level of data protection. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with the UK GDPR.
10. Do We Share Your Personal Data?
We will never sell your personal data or share it with third parties for their marketing purposes.
We may share your data with the following categories of service providers who assist us in operating our business. These processors act only on our instructions and are contractually bound to protect your data:
- Network and infrastructure providers: Upstream connectivity providers who help deliver your broadband service
- VoIP platform providers: Our telephony partner who provides the underlying VoIP service
- Payment processors: Companies that process your payments securely on our behalf
- Email service providers: For sending service notifications and, where you have opted in, marketing communications
We may also be required to share your personal data in the following circumstances:
- To comply with a legal obligation, court order, or regulatory request
- To comply with lawful requests from law enforcement agencies under the Investigatory Powers Act 2016
- To protect the rights, property, or safety of Badenoch Broadband, our customers, or others
11. Payment Card Data
When you make payments, your card details are processed securely by our payment processor. We do not store your full payment card details on our own systems. Our payment processing arrangements comply with the Payment Card Industry Data Security Standard (PCI DSS).
12. How Can I Access My Personal Data?
You have the right to request a copy of the personal data we hold about you. This is known as a "subject access request" (SAR).
To make a request, please contact us using the details in Section 13. We will respond within one month. In complex cases, we may extend this by up to two further months, but we will inform you if this is necessary.
There is normally no charge for a subject access request. If your request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse the request, and we will explain why.
13. How Do I Contact Us?
To contact us about anything to do with your personal data, data protection, or to exercise any of your rights, please use the following details:
- Email: support@badenochbroadband.com
- Telephone: 0845 463 1480
- Post: Badenoch Broadband & Communications CiC, c/o Rowan Cottage, Laggan, By Newtonmore PH20 1AH
14. Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by the UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, explaining what has happened and what steps we are taking.
15. Changes to This Privacy Notice
We may update this Privacy Notice from time to time, for example if the law changes or if we change our business in a way that affects how we process personal data. The date at the top of this page shows when it was last updated.
This privacy notice is always available at badenochbroadband.com/privacy