We care about your privacy, and we do not snoop on your traffic.
We do not have, in our network, any equipment installed to filter access to any part of the public Internet for our customers as a whole. We aim to give 12 months notice if we ever add any such filtering.
We provide a means for you to do a packet dump of headers if you need, and we can look at your traffic if you ask us to, or we need to, in order to help diagnose issues with the service.
As our customer, we will hold the following information about you:
We also generate log files from various servers: this will include an IP address assigned to you or, more probably, to your account. We keep logging to a minimum.
References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
We use the information we hold about you to provide our services to you.
We also use your information to bill you, and keep track of payments that you make.
(Basis: Art. 6(b): this is necessary to deliver the service to you.)
We retain information about you, and your payment history, for accountancy and taxation purposes.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We use recordings of communications you have with our staff, including call recordings, for staff training and quality assurance purposes.
(Basis: Art. 6(f): we do this for the legitimate interest of providing the best possible service to you.)
We use the information we hold about you to verify you when you contact us, and to defend our networks and services from attacks.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We use information we hold, including any call recordings, to help demonstrate the existence or content of contracts, prevent and detect fraud, and for establishing and defending our legal rights.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
If we are need to do so as part of a court or ADR process, we will process your personal information to either bring a claim, or defend a claim or dispute.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
Responding to binding requests from courts, law enforcement and other agencies, or regulators
If we are served with a binding order (for example, a court order, a notice or warrant under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which relates to you, we will be required to process your personal data to be able to comply with it.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We may use the logs from our servers to assist with A&A’s security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)
We operate CCTV, covering public internal and external areas of our premises.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
We run some mailing lists, to which you can subscribe if you wish.
(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)
We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).
What if you don’t give us your data?
We cannot force you to provide us with data, and it is your choice whether you give us everything we need to provide our services to you or not. If you choose not to provide us with the data we need, we may not be able to provide you with the service.
You have lots of rights in respect of our processing of your personal data, and you can exercise most of them yourself:
As a general principle, we will not transfer your personal data to third parties without your permission.
There are four exceptions to this:
If you have arranged for a dealer to handle any of your services with us, they will be able to access certain information about those specific services as well as carrying our some tests and other minor technical actions relating to those service. This is so they can assist you with the service, help diagnose any issues, and provide added value to you as a dealer. Contact them, or us, to change this arrangement for any of your services.