Privacy Notice

Customer Privacy Notice

Last updated 22nd January 2026

1. Introduction

This notice applies to Olilo UK & Ireland Ltd (herein after referred to below as "Olilo", "we", "us" and "our"). We are a limited company registered in England and Wales under registration number 16352417 and we have our registered office at 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE. We are registered with the UK supervisory authority, Information Commissioner's Office ("ICO") in relation to our processing of personal data.

Unless we notify you otherwise, we are the controller of the personal data we process about you. This means that we decide what personal data to collect and how to process it.

Olilo respects your privacy and is committed to meeting our legal obligations when it comes to protecting your personal data, including how and why we collect and use your data, and how we safeguard your personal information. This privacy notice will inform you as to:

the types of personal data that Olilo may collect
why Olilo may collect and use your data
when and why, we will share personal data within Olilo and other organisations
the rights and choices you have when it comes to your personal data

If you have any questions, you can contact us using the information provided below under the 'Contact Us' section.

What this Notice does not apply to

This notice does not apply to other organisations' websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our website(s) and/or apps, we encourage you to read the privacy policies and/or notices of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.

2. What data will we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which is known as anonymous data).

There are different ways in which we collect your information both directly from you and from third parties. For example:

2.1 Information we receive directly from you:

When you register your interest, apply for, use and/or purchase products and/or services from us, or contact us with queries, we may ask you to give us, where necessary, personal and contact details including your name, address, email address and phone number, as well as your financial transaction history. You may also wish to tell us about yourself if you consider that you are a vulnerable customer, or if you require any extra help or support, or have any specific accessibility or customer service needs.

We may collect and record data pertaining to vulnerability to assess whether a customer should be placed on a priority fault repair list. We encourage you to inform us if you believe that you may qualify as a vulnerable customer or require extra assistance during the sign-up process or at any other time. A vulnerability could include your age, any disabilities or health conditions or any financial circumstances of you or a member of your household. Additionally, we may collect information to determine if a customer relies on their landline for emergency calls, especially if they lack a mobile phone or experience poor coverage within their residence, or if they are dependent upon a telecare device.

When you write to us, talk to us on the phone, email or communicate with us via electronic messaging (such as SMS or live chat tools) or via any app that we operate, we may collect personal and contact details including your name, address, phone number, email address, as well as any other information that you provide to us via such communications.

If you are invited to participate in our customer surveys which will help us provide you with improved services, we will collect the information you provide to us including your name, phone number, email address and information about how you use our website, apps, products and/or services.

We may also collect your personal data, which could include your name, address, phone number, and email address, via online forms that appear on our website and/or third-party platforms.

2.2 Information we collect about you when you use our products and services:

When you visit our website(s) and/or apps, we'll use cookies (which are stored on your device(s) – your laptop, mobile phone, tablet etc.) to collect information about your use of our online services. See our Cookies Policy for more details.

When you use our services, we may collect information about your use of those services including the following:

Usage data - including frequency, time and data used per month
Billing, payment and transaction data – including your financial details, bills and its components
Technical data related to your internet usage such as time and duration of usage, information on the content accessed, MAC/IP address, the quality of the connection
Interactive data including apps usage data, websites usage / visits data
Device data including IP address, device make and manufacturer, browser information and other similar identifying information required from your devices to communicate with websites and applications on the internet.

We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service, especially to address your specific needs if you are a vulnerable person and/or for training, operational and compliance purposes.

2.3 Information collected from others:

We may supplement the information that we collect from you and about your use of our products and/or services, with information that we receive from third parties.

This may include:

Data we collect from other members of your household in relation to your use of our products or services
Data we receive from someone who refers you for our products and services
Data we receive from our referral partners
Data from other organisations who have obtained your permission to share information about you with us
Data accessible to us from publicly available sources such as councils, company registers, land registry, electoral rolls and online search engines
Information we get from reporting agencies, such as credit reference agencies. They may give us information about your financial history so we can assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity
Financial and transaction data from providers of technical and payment services

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

3. Why we may collect data about you

There are many reasons why we may legitimately collect and process your personal information and data, including:

3.1 Contractual obligations

We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract.

Examples of these situations include:

To provide you with a quote for our products and/or services
To determine your eligibility for our products and/or services / whether they are available in your area
To process and manage your order
To install, activate and provide our products and/or services to you
To manage your account and provide customer support
To process payments and manage billing
To communicate with you about your account and our services

3.2 Legal obligations

We may process your personal information where it is necessary for us to comply with a legal obligation. Examples include:

To comply with our regulatory obligations (for example, to Ofcom)
To comply with tax and accounting requirements
To comply with court orders or other legal processes
To prevent fraud and money laundering
To ensure network security and integrity

3.3 Legitimate interests

We may process your personal information where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Examples include:

To improve our products and services
To conduct market research and analysis
To develop new products and services
To prevent fraud and abuse
To ensure network security and prevent unauthorised access
To manage and improve our website and apps
To send you marketing communications (where you have not opted out)
To recover debts

3.4 Consent

In some cases, we may ask for your consent to process your personal information. Where we rely on consent, you have the right to withdraw that consent at any time. Examples include:

Marketing communications (where you have opted in)
Cookies and similar technologies (where consent is required)
Sharing your data with third parties for marketing purposes

4. Who we share your data with

We may share your personal data with the following categories of recipients:

Service providers: We may share your data with third-party service providers who perform services on our behalf, such as payment processing, IT services, customer support, and network infrastructure providers
Business partners: We may share your data with our network partners (such as CityFibre and Openreach) who provide the infrastructure for our services
Credit reference agencies: We may share your data with credit reference agencies to assess creditworthiness and manage your account
Regulatory authorities: We may share your data with regulatory authorities (such as Ofcom) where required by law
Legal and professional advisers: We may share your data with our legal and professional advisers where necessary
Debt collection agencies: We may share your data with debt collection agencies if you fail to pay amounts due
Other parties: We may share your data with other parties where required by law or where necessary to protect our rights or the rights of others

We do not sell your personal data to third parties for their marketing purposes.

5. International transfers

We do not normally share personal data outside the UK, but if we do, we will ensure that data protection is to the same standard as within the UK. We may transfer your personal data to countries outside the UK where:

The country has been deemed to provide an adequate level of protection for personal data by the UK government
We have put in place appropriate safeguards (such as standard contractual clauses) to ensure your data is protected
The transfer is necessary for the performance of a contract with you
You have given your explicit consent to the transfer

6. How we protect your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our security measures are industry-standard ensuring data is safeguarded. Our security measures include:

Encryption of data where appropriate
Regular penetration testing of systems
Security controls which protect the entire Olilo Information Technology infrastructure from external attack and unauthorised access
Regular cyber security assessments of all service providers who may handle your personal data
Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
Internal policies setting out our data security approach
Training for employees on security and privacy

The transmission of information via the internet is not completely secure and although we will do our best to protect your information and/or personal data, we cannot guarantee the safety of any personal information you transmit to us using online methods.

7. How long we keep your information

By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in a number of formats.

We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.

Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.

We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.

8. What are your rights?

We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights, and the circumstances in which they apply, in the table below:

Rights	Description
Access	You have the right to get access to the information and/or data that we hold about you. If you would like a copy of the information and/or data that we hold about you, please contact us by email at privacy@olilo.co.uk
Rectification	You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you. If you believe that any of the information and/or data that we hold about you is inaccurate, you have a right to request that we rectify any such data. For any rectification requests please email us at privacy@olilo.co.uk
Erasure	You have a right to request that we delete your information and/or data. You may request that we delete your information and/or data in certain circumstances including where: we no longer need to process information and/or data for the purposes for which it was provided; we have requested your consent to process your information and/or data and you wish to withdraw your consent; we are relying on legitimate interests as our basis for processing your data, you object to such processing and we do not have an overriding legitimate interest to continue this processing; or we are not using your information and/or data in a lawful manner. For any deletion requests please email us at privacy@olilo.co.uk
Restriction	You may request that we restrict or limit the way that we process your information and/or data in certain circumstances including where: you want us to establish the data's accuracy; our use of the data is unlawful but you do not want us to erase it; you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. For any restriction requests please email us at privacy@olilo.co.uk
Portability	Where we are processing your data by automated means and either we have requested your consent to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. If you would like to request the information you provided to us in a portable format, please contact us by email at privacy@olilo.co.uk or write to us at Data Protection, Olilo UK & Ireland Ltd, 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE.
Objection	You have a right in certain circumstances to object at any time to processing of your information and/or data including where the processing is for: direct marketing purposes; or your legitimate interests (or those of a third party). If you would like to object to our processing of your data, please email us at privacy@olilo.co.uk

How to complain

If you wish to raise a complaint on how we have handled your information, you can contact us, and we will investigate the matter. See Section 9 below for how to do this.

We hope that we can address any concerns you may have, but you also have the right to lodge a complaint with the relevant supervisory authority if you are concerned about the way in which we are handling your personal data.

The supervisory authority in the UK is the Information Commissioner's Office who can be contacted online at ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.

9. Contact us

We can be contacted by post at the following address:

Data Protection

Olilo UK & Ireland Ltd

3rd Floor, 86-90 Paul Street

London, England, United Kingdom

EC2A 4NE

Our Data Protection Officer can be contacted by email at dpo@olilo.co.uk

For general privacy questions, please contact us at privacy@olilo.co.uk

Last updated: January 2026

© 2025 Olilo UK & Ireland Ltd is a company registered in England and Wales (No 16352417). Our registered address is 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE. Our VAT number is 497589701. Olilo UK & Ireland Ltd is regulated by Ofcom.

Questions about privacy?

We're here to help

Get clarity fast - choose the option that suits you.

Email privacy

privacy@olilo.co.uk • 24h response

Data Protection Officer

dpo@olilo.co.uk • 24h response