Badenoch Broadband

Privacy Policy

Last updated: February 2026

Badenoch Broadband understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers, employees, members and partners and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

1. Information About Us

Badenoch Broadband and Communications CiC

2. What Does This Notice Cover?

This Privacy Notice explains how we collect, use, store and protect your personal data when you use our website, broadband services, telephone (VoIP) services, or contact us. It also explains your rights under data protection law.

We are a provider of electronic communications services and are therefore subject to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and relevant provisions of the Communications Act 2003.

3. What is Personal Data?

Personal data is defined by the UK General Data Protection Regulation (UK GDPR) as any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as IP addresses, device identifiers, location data, and online identifiers.

4. What Are My Rights?

Under the UK GDPR, you have the following rights, which we will always work to uphold:

To exercise any of these rights, please contact us using the details provided in Section 13. We will respond within one month.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

5. What Personal Data Do We Collect?

Personal details

We may collect some or all of the following, depending on your relationship with us:

Service and technical data

When you use our broadband or VoIP services, we also process:

Website data

When you visit our website or submit a contact form:

How we obtain your data

6. How Do We Use Your Personal Data?

Under the UK GDPR, we must always have a lawful basis for processing your personal data. The table below sets out how we use your data and the lawful basis for each activity:

Purpose Lawful Basis
Providing and managing your broadband or VoIP service Contract — necessary to fulfil our contract with you
Billing, invoicing, and processing payments Contract — necessary to fulfil our contract with you
Network management, fault diagnosis, and maintaining service quality Legitimate interest — to operate and improve our network
Responding to your enquiries and support requests Contract / Legitimate interest
Processing coverage check and survey requests Legitimate interest — to assess service feasibility
Complying with legal and regulatory obligations (e.g. Ofcom, HMRC) Legal obligation
Sending you service updates and maintenance notifications Legitimate interest — to keep you informed about your service
Marketing communications about our services Consent — you may opt out at any time

You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK GDPR and PECR, and you will always have the opportunity to opt out by contacting us or clicking the unsubscribe link in any marketing email.

7. Cookies and Website Tracking

Our website does not currently use cookies for analytics, advertising, or tracking purposes. We do not use any third-party tracking services such as Google Analytics.

If we introduce cookies in the future, we will update this Privacy Notice and provide clear information about what cookies are used and how to manage your preferences, in accordance with PECR.

Our website uses Google Fonts, which are loaded from Google's servers when you visit our site. Google may receive your IP address as a result. Google's privacy policy applies to this data processing.

8. How Long Do We Keep Your Personal Data?

We will not keep your personal data for longer than is necessary. Our retention periods are as follows:

9. How and Where Do We Store Your Personal Data?

Your personal data is stored within the United Kingdom. Our servers and data storage systems are located in the UK.

In limited circumstances, some data may be processed by third-party service providers who operate within the UK or countries that the UK government has determined provide an adequate level of data protection. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with the UK GDPR.

10. Do We Share Your Personal Data?

We will never sell your personal data or share it with third parties for their marketing purposes.

We may share your data with the following categories of service providers who assist us in operating our business. These processors act only on our instructions and are contractually bound to protect your data:

We may also be required to share your personal data in the following circumstances:

11. Payment Card Data

When you make payments, your card details are processed securely by our payment processor. We do not store your full payment card details on our own systems. Our payment processing arrangements comply with the Payment Card Industry Data Security Standard (PCI DSS).

12. How Can I Access My Personal Data?

You have the right to request a copy of the personal data we hold about you. This is known as a "subject access request" (SAR).

To make a request, please contact us using the details in Section 13. We will respond within one month. In complex cases, we may extend this by up to two further months, but we will inform you if this is necessary.

There is normally no charge for a subject access request. If your request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse the request, and we will explain why.

13. How Do I Contact Us?

To contact us about anything to do with your personal data, data protection, or to exercise any of your rights, please use the following details:

14. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, as required by the UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, explaining what has happened and what steps we are taking.

15. Changes to This Privacy Notice

We may update this Privacy Notice from time to time, for example if the law changes or if we change our business in a way that affects how we process personal data. The date at the top of this page shows when it was last updated.

This privacy notice is always available at badenochbroadband.com/privacy