We use cookies to give you the very best experience. By using our website you consent to our cookie policy.

Privacy and
cookie policies

Privacy policy

This privacy notice is here to tell you how we use and look after the personal information that we collect, who is responsible for it and who we may share it with over the course of providing our service to you. We understand that privacy and the security of your personal information is an important human right and our promise to you is that we will always take all measures within our control to keep your information safe.

The information we collect about you will be held by UK Broadband Limited, who trade as Three Broadband.

Where we refer to Three Broadband, we, us or our in this privacy notice, it means UK Broadband Limited. You can find out more about UK Broadband Limited here. If you have any questions about how we use your personal information, you can contact us here or call us on 0330 686 8000.

Where we refer to you or your, it means the person using our services or website.

Services means the broadband services that we make available to you.

Reference to our website means the website found at www.threebroadband.co.uk.

How the law protects you

In the United Kingdom the General Data Protection Regulation (GDPR) is in place to protect your privacy. This privacy notice lets you know your rights under these laws and how we manage your data in accordance to them.

These laws say that companies can only use your personal information if they have a lawful reason to do so. The reasons that Three Broadband use personal information are:

  • To fulfil a contract that we have with you to provide a broadband service, or
  • When you consent to it, or
  • When it is necessary for us to comply to the law, or
  • When we have a legitimate interest to do so.

A legitimate interest means a business or commercial reason that does not go against what is fair and right for you. If we are relying on a legitimate interest only when using personal information, we will always let you know what that is.

Who is responsible for the personal information we collect?

We are the data controller for the purpose of data protection law, in respect of your personal information collected and used when you use our services and our website. This is because we decide how we use your personal information.

The personal information we collect

We will always be open and transparent about the personal information that we collect and process. In most cases we obtain your information when you provide it to us, but we may also obtain some information from third parties and hold some information that we learn about you over the course of providing you a service.

We require certain personal information in order to enter into a contract with you, so if you choose not to provide us with some information, we may not be able to provide you with a service.

Information that you give us:

Types of personal information Examples
Contact information Name, address, email and telephone number
Contact information for individuals (that are not the account holder) that receive the Services Name, address, email and telephone number
Identification Date of birth
Financial information and account details Payment card number, bank account number, or other financial account numbers and account details
Marketing preferences, marketing activities and customer feedback Your preferences for receiving marketing information, information we have sent to you and feedback you have provided us in customer satisfaction surveys

Information we gather by having you as a customer:

Type of information Examples
Information about your Three Broadband equipment Technical information about your equipment so we can supply the Services. This includes your IP address, IMEI number, IMSI number, service number, port information, logical network address, MAC address, SIM serial number, or similar operational or technical information about your equipment or of each device you use to access it.
Using cookies and online tracking technology

Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognise your device and to collect information such as internet browser type, time spent using our website, pages visited, language preferences and relevant country website.

For more detailed information about the cookie and tracking technology we use, see our Cookie Policy below.

Order history

Information regarding the Services that we provide to you

Information we gather from third parties:

Type of information

Examples

Credit profile information

Equifax credit scores

Information you provide us about other people

You may at times provide us with information about other people, for example somebody who is not the account holder but receives services from Three Broadband, or somebody receiving a delivery from Three Broadband on your behalf. We will use this information in accordance to this privacy policy and if you provide us with personal information about another person, you confirm you have made the information in this Privacy Notice available to them.

How we use your information

We use your personal information in connection to the services that we provide to you. In particular, your personal information may be used by us, our employees, service providers, and disclosed to third parties for the following purposes. For each of these purposes, we have set out the legal basis on which we use your personal information.

Purpose

Lawful basis

To provide you the products and services you have signed up to, including taking payments and carrying out general account management

To fulfil the obligations in the contract you have with us

To carry out credit reference checks

Three Broadband has a legitimate business interest to check the credit profile of people before entering into a contract

To provide you with information about the services we offer (including details of our products and services which we believe may be of interest to you) in accordance with your preferences you make, including any marketing consent preferences

This processing is carried out for our legitimate business purposes, because it furthers our commercial aims and objectives and enables us to present you with offers that are relevant and of interest to you

Define groups of audiences to send adverts to, based on a profile we may develop including factors like interests, age, location and more, so we can show adverts to the people most likely to be interested in the products and services being promoted

This processing is carried out for our legitimate business purposes, because it furthers our commercial aims and objectives and enables us to present you with offers that are relevant and of interest to you

To carry out satisfaction surveys, market research and analysis

This is carried out for our legitimate business purposes, because it furthers our commercial aims and objectives and enables us to improve our products and services we provide you

To notify you about changes to our Services

This forms part of us fulfilling the contract we have with you to provide you with the service

To manage our products and Services and traffic across our network

This forms part of us fulfilling the contract we have with you to provide you with the service

To improve the quality of our products and services

This processing is carried out for our legitimate business purposes, because it furthers our commercial aims and objectives and enables us to improve our products and services

To comply with any legal or regulatory obligations (including in connection with a court order)

This processing is necessary for us to comply with the law

For analytical services including analytics in order for Three Broadband to determine the effectiveness of certain marketing methods

This processing is carried out for our legitimate business purposes, because it furthers our commercial aims and objectives to understand most appropriate forms of marketing and will not be conducted in any way that will adversely affect your rights or freedoms under data protection laws

To enforce or apply the agreements in our contract with you (such as the collection of unpaid fees or establishing, exercising or defending legal claims)

Depending on the circumstances, the processing is carried out for our legitimate business purposes in order to conduct and manage our business or in connection with legal proceedings

Automated decision making

When you apply for a Three Broadband service, we will obtain information from Equifax, which will be used in an automated decision process to determine whether we can enter into an agreement with you. If you wish for your information not to be used by an automated decision process, you can sign up with us over the phone and request for a credit assessment be made by a person instead. If an automated decision has already been made and you would like it to be reassessed by a person, you may do so by calling our Customer Service Team.

If you would like to stop receiving marketing material

If you no longer wish to receive marketing material from us, you can contact our Customer Service Team and we will remove you from our mailing list.

Protecting your information

We incorporate privacy by design when designing our network and systems. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to your personal information.

We regularly audit our security measures internally, as well as engage third parties to carry out regular tests on our security infrastructure. We are PCI-DSS and ISO 27001:2013 certified.

Who we may share your personal information with

We work with a number of service providers who play a part in bringing you your Three Broadband service. Some of these partners will process your personal information as part of the tasks they carry out. All of our service providers are subject to comply with the same data protection laws as Three Broadband (whether they are located within the European Economic Area or not).

The third parties that we may share your information are:

Type of third party

Examples

Our parent company

Three Broadband is a wholly owned subsidiary of Hutchison 3G UK Limited

Our service providers and business partners

Our business partners, suppliers and sub-contractors who contribute to providing the services we provide as per the contract we have with you, for example:

  • Our outsourced contact centre;
  • Third party payment service providers that we use to process your debit or credit card payments;
  • Providers of third party information technology systems and services;
  • Business partners we work with to offer joint promotions (such as our “refer a friend” offer);
  • Outsourced partners who manage our social media accounts;
  • Advertising providers who perform analytics on effectiveness of advertising campaigns;
  • Credit reference agencies;
  • Debt recovery agencies (if your account is overdue); and
  • Third parties that send you communications or our behalf (such as updates regarding your service and customer satisfaction surveys).

Our professional advisers

Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities

Police and law enforcement agencies

We may share personal information with the police and other law enforcement agencies in connection with the prevention and detection of crime

Regulatory bodies

We may share personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or instructions of a regulatory body (including situations involving a court order), or in order to enforce or apply the terms of any agreements we have with you, or to protect our rights, property or safety of our clients, employees or other third parties

We may also disclose your personal information to other third parties, for example:

  • In the event we sell or buy any business or assets we may disclose your personal information to the seller or buyer.
  • If we or our assets are acquired by a third party (or are subject to a reorganisation within our corporate group), personal information held by us may be one of the transferred assets.
Sending information outside of the European Economic Area (EEA)

We may transfer your information to partners within and outside the European Economic Area (EEA) in order to provide our services. If we do transfer outside the EEA, we will only do so after conducting a formal assessment and ensuring appropriate safeguards are in place to keep your information safe.

Types of safeguards include:

  • Contractual agreements enforcing the safety of your information.
  • Certification to internationally recognised operating standards (such as PCI DSS, ISO 27001 or Privacy Shield).
  • Continuous performance monitoring and audits by Three Broadband.
  • Technical controls to limit the flow of information to only what is required.
  • Dedicated links and encryption to ensure the safety of information in transit.

For further information on the safeguards we have in place, please contact us on our details below.

Your rights

You have rights under the law which allow you to manage how your personal information is used. The following sections outline the requests you can make to us, in order to stay in control of how we use your information.

Keeping your information up to date

Three Broadband will always work to ensure that the information we hold is accurate and up to date. You can notify us of any updates or corrections to your personal information by updating your information in My Account or contacting our Customer Service Team.

If you would like to know what information we hold on you

If you would like to find out what personal information we hold, you can make a ‘subject access request’. If we do hold information about you and you make a subject access request to us, we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information.

You can make a subject access request by sending a written request to our Data Protection Officer at the address provided below.

If you wish for us not to process your personal information

You may choose not to provide your personal information or withdraw your consent for us to process your personal information at any time. In this case we may not have the information we require to provide services and run your account, and may need to cease the services we provide. If under contract an early termination fee may be applicable.

If you wish for us to erase your personal information (Right to erasure)

If you would like us to remove your personal information from our systems and records and you are no longer a customer, you can request us to erase your data. There are some conditions that we will assess (like if there is any debt owing or open disputes). If approved we will remove your information from our systems and records after 90 days of your account being closed. The information we need to keep for legal reasons will then be stored in a secure and restricted archive file, where we will hold it for seven years from the date you finished being a customer.

Transferring your data in an electronic format

You have the right to obtain certain types of your data and for it to be provided in a commonly used and machine readable format and for it to be transferred to another organisation.

How long we will keep your information

We’ll keep your personal information for as long as you are a customer of our products and services, and seven years after you stop being a customer. This is so we can respond to any questions or complaints and to maintain the records we are required to keep under UK laws.

Changes to this Privacy Notice

If we make any changes to this Privacy Notice we will post them on this page and where appropriate we will notify you by email. The updated Privacy Notice will take effect as soon as it has been updated or otherwise communicated to you.

Contacting us or making a complaint

If you have any questions or if you are unhappy with how we are processing your personal information, please get in touch with us.

You can write to us at:

Data Protection Officer
Three Broadband
Hutchison 3G UK Limited,
450 Longwater Avenue,
Green Park,
Reading,
Berkshire, RG2 6GF.

You can call us on 0330 686 8000 or chat to us online at www.threebroadband.co.uk.

You also have the right to complain to the Information Commissioner’s Office. You can find out on their website how to report a concern.

This Privacy Notice was last updated in May 2018.