Privacy

Privacy Notice: For Customers

Summary

  • We don’t snoop on your traffic
  • We keep to a minimum the information we hold about you
  • We use your data to provide our services to you, meet our legal obligations and protect our legal position, and improve and secure our network and services
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have lots of privacy rights
  • We record calls
  • We are happy to answer your questions about any of this

Details

We don’t snoop on your traffic

We care about your privacy, and we do not snoop on your traffic.

We do not have, in our network, any equipment installed to filter access to any part of the public Internet for our customers as a whole. We aim to give 12 months notice if we ever add any such filtering.

We provide a means for you to do a packet dump of headers if you need, and we can look at your traffic if you ask us to, or we need to, in order to help diagnose issues with the service.

What data we hold

As our customer, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about the services you buy from us, login and security information, and configuration data
  • Records of communications with you, including contact with our support team
  • Billing and payment information

We also generate log files from various servers: this will include an IP address assigned to you or, more probably, to your account. We keep logging to a minimum.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Providing you with the services you buy from us

We use the information we hold about you to provide our services to you.

We also use your information to bill you, and keep track of payments that you make.

(Basis: Art. 6(b): this is necessary to deliver the service to you.)

Accountancy and tax purposes

We retain information about you, and your payment history, for accountancy and taxation purposes.

(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)

Staff training and quality assurance

We use recordings of communications you have with our staff, including call recordings, for staff training and quality assurance purposes.

(Basis: Art. 6(f): we do this for the legitimate interest of providing the best possible service to you.)

Securing our services

We use the information we hold about you to verify you when you contact us, and to defend our networks and services from attacks.

(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)

Evidencing contracts and protecting our legal risks

We use information we hold, including any call recordings, to help demonstrate the existence or content of contracts, prevent and detect fraud, and for establishing and defending our legal rights.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Engaging with courts or alternative dispute resolution services

If we are need to do so as part of a court or ADR process, we will process your personal information to either bring a claim, or defend a claim or dispute.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Responding to binding requests from courts, law enforcement and other agencies, or regulators

If we are served with a binding order (for example, a court order, a notice or warrant under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which relates to you, we will be required to process your personal data to be able to comply with it.

(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)

Technical data

We may use the logs from our servers to assist with A&A’s security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Securing our premises

We operate CCTV, covering public internal and external areas of our premises.

(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)

Mailing lists

We run some mailing lists, to which you can subscribe if you wish.

(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).

What if you don’t give us your data?

We cannot force you to provide us with data, and it is your choice whether you give us everything we need to provide our services to you or not. If you choose not to provide us with the data we need, we may not be able to provide you with the service.


Your rights

You have lots of rights in respect of our processing of your personal data, and you can exercise most of them yourself:

  • the right to information about our processing of your data, as set out in this notice
  • the right of access to personal data we hold about you, and the right to data portability. You can download copies of invoices from our accounts system, and you can get CDRs and copies of information we hold about you from our control system. If you host a website with us, you can copy this data from the server via sFTP, and you can download the content of any email accounts hosted with us via either IMAP or POP.
  • the right to have inaccurate data corrected. If we cannot correct your data yourself through the accounts or control systems, feel free to contact support
  • the right to erasure of your data, the right to restrict processing, and the right to object to processing, in some situations. Please check Articles 17 and 18 of the GDPR to make sure the rights apply to what you are wanting to do before contacting us. Note that we do not process your personal data for profiling or automated decision-making (such as credit vetting), and we do not do direct marketing
  • the right to complain to a supervisory authority, although we will obviously try to put right anything we have got wrong long before you need to do that

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission.

There are four exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Similarly, if we end up in litigation or ADR with you, we will need to disclose information to the court or the ADR provider.
  • If you request a service from us which requires us to share your data with a third party, such as a domain name registration (e.g. we have to give owner information to Nominet if you register a domain for which they are responsible), a broadband installation (where we have to give BT, TalkTalk, or other upstream provider information so they can connect your service), a payment services provider, or a postal service or courier if we post equipment or letters to you. Similarly, we use peering (LINX, LONAP) and transit providers (such as NTT and others) to connect our network to the Internet.
  • We have a small number of companies providing services to us, such as accountants and lawyers. We do not share personal information with them unless we need to do so to use the service in question.

If you have arranged for a dealer to handle any of your services with us, they will be able to access certain information about those specific services as well as carrying our some tests and other minor technical actions relating to those service. This is so they can assist you with the service, help diagnose any issues, and provide added value to you as a dealer. Contact them, or us, to change this arrangement for any of your services.

Contact Sales

email sales@aa.net.uk
phone 03333 400222
(Mon-Fri 9am-5pm)
sms 01344 400222

Contact Support

email support@aa.net.uk
phone 03333 400999
(Mon-Fri 8am-6pm,
Sat 10am-2pm)
sms 01344 400999