bOnline

Privacy & Cookie Policy

Introduction

Bonline Ltd takes your privacy very seriously. This privacy policy has been prepared in line with the EU’s General Data Protection Regulation (GDPR) which takes effect on 25 May 2018. The GDPR promotes fairness and transparency for all individuals in respect of their personal data. This privacy policy applies to all data we process, and by using Bonline Ltd you consent to our collection and use of such data. If you would like to get in touch about anything in this policy or about your personal data then please contact us at sar@bonline.com

For the purpose of this Privacy Policy “you” or “your” means any end user accessing the Website, “we” or “us”“our” means bOnline Ltd. with registered office at Terminal House, 52 Grosvenor Gardens, London SW1W 0AU and registration number 07710947.

This Privacy Policy (together with the Website Terms and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Privacy Policy also sets out how you can instruct us if you prefer to limit the use of that personal data and the procedures that we have in place to safeguard your privacy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the EU’s General Data Protection Regulation (GDPR), we are the data controller. By using the website www.bonline.com (the “Website”) or submitting information to us (through or in connection with the Website or our Services) you signify your consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Website or submit information to us through or in connection with the Website or otherwise.

1 Data We Collect From You

As a data controller we collect a variety of data in order to deliver our services. We ensure that we collect and manage your personal data transparently, fairly and securely. Whenever we collect Personal Information from you, we let you know and you will be able to access the following precise information:

data we have collected from youthe basis on which we are holding it (e.g. because you gave us consent)what we will do with ithow long we will hold it forwhere it is storedwho it might be shared withyour rights in relation to the data, andinformation on how you can access and manage this data.We have provided further detail below about the specific types of data we collect and our reasons for doing so.

We have provided further detail below about the specific types of data we collect and our reasons for doing so.1.1 What data do we ask you to provide to us, and why?

We may collect and process the following information about you:
1.1.1 Information that you provide by filling in forms and submitting information, over the phone, by post, email, fax or on the Website. This includes information provided on registration, on placing an order, subscribing to any one of our services, through surveys, by posting material on the Website or by requesting further services. We may also ask you for information when you enter any promotion sponsored by us.

1.1.2 Records of communications between you and us relating to services provided by us to you. If you contact us, whether through the Website or otherwise (for example, by post, fax, phone, text message) we may keep a record of that correspondence. For example, if you submit a query, a complaint, report a problem with our service or Website, or otherwise liaise with our customer service, technical support or any other department in our company.

1.1.3 Details of transactions you carry out in connection with any of our products or services, both through our Website or otherwise, and of the fulfillment of your orders.

1.1.4 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

1.1.5 Details of your visits to our Website (including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise) and the resources that you access.

The above information may include any personal information that relates to and identifies you, including but not limited to your name, postal address, e-mail address, telephone number, bank account details, and any other information collected as set out in the above list.

2 How We May Use The Information Collected From You

To provide and improve our products — we process the information we collect given our legitimate interest in improving the bOnline Service, and in order to fulfil the contract we have with you:

2.1 We may process this information for the purpose of:

2.1.1 administering registration records (including reminders, e.g. update your payment details);

2.1.2 providing and personalising our products or services;

2.1.3 providing you access to all parts or features of our services or the Website;

2.1.4 dealing with your inquiries and requests, including contacting you where necessary;

2.1.5 carrying out our obligations arising from any contracts entered into between you and us;

2.1.6 processing your payment;

2.1.7 contacting you for your views on our services and notifying you occasionally about important changes or developments to our services or the Website;

2.1.8 notifying you about changes to our services;

2.1.9 carrying out market research campaigns;

2.1.10 improving and developing our services or the Website;

2.1.11 ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device; and

2.1.12 debt recovery or debt tracing, crime, fraud and money laundering compliance.

2.2 If you are an existing customer or new customer, we will only contact you with information about goods and services similar to those which were the subject of a previous sale to you and are of a legitimate interest.

2.3 If you do not want us to use your information in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (e.g. the order form or registration form).

2.4 Aggregated Data — we may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes. This is not considered personal data under GDPR as it can’t be used to directly or indirectly identify you.

2.5 If you choose to post messages on any online forum or other message areas that we may make available for this purpose, we may collect that information you provide to us. We may retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.

2.6 If you stop using our services or the Website or your permission to use the Website or our services is terminated, we may continue to use and disclose your personal information in accordance with this Privacy Policy (as amended from time to time) and as permitted by law. However, if you wish us to stop e-mailing you with information in connection with the Website or our services, please send your request in accordance with paragraph 10 below.

2.7 We may contract out part of our services plus other ancillary services such as hosting, credit checking, billing, and verification of sales. We may disclose your personal information to these organisations but only so that they can provide you with the services that we have contracted out.

3 What data do we collect when you visit our website, and why?

We collect cookies. Cookies are small pieces of data that websites send to a user’s computer and are stored on the user’s web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart for example.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier.

Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies. We use Session Cookies to operate our Service.Preference Cookies. We use Preference Cookies to remember your preferences and various settings.Security Cookies. We use Security Cookies for security purposes.

4 Others we share your data with

Your information may, for the purposes set out in this Privacy Policy, be disclosed for processing to: our employees; our affiliates; our group companies and their employees; successors in title to our business; prospective seller or buyers of our business or any of our assets; third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us; government bodies and law enforcement agencies and in response to other legal and regulatory requests; auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes; to any third party where such disclosure is required in order to enforce or apply our Website Terms or our terms and conditions and/or other agreements; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;

Service providers — In order to fulfil the contract we have with you, we use certain trusted service providers. These providers will each handle your personal data in accordance with their own Privacy Policy. The most important service providers are highlighted below:

TalkTalk Business – If you’re a telecoms customer we may share your personal data with Talk Talk Business in order to provide you with broadband/fibre connectivity and support.

BT Openreach – If you’re a telecoms customer we may share your personal data with BT Openreach in order to provide you with broadband/fibre connectivity and support.

BT Wholesale – If you’re a telecoms customer we may share your personal data with BTWholesale in order to provide you with broadband/fibre connectivity and support.

Wavenet – If you’re a telecoms/VoIP customer we may share your personal data with Wavenet in order to provide you with telecoms/VoIP connectivity and support.

Cisco (Broadcloud) – If you’re a telecoms/VoIP customer we may share your personal data with Cisco (Broadcloud) in order to provide you with telecoms/VoIP connectivity and support.

Enreach – If you’re a telecoms/VoIP customer we may share your personal data with Enreach in order to provide you with telecoms/VoIP connectivity and support.

Wazo – If you’re a telecoms/VoIP customer we may share your personal data with Enreach in order to provide you with telecoms/VoIP connectivity and support.

Gamma – If you’re a telecoms/VoIP customer we may share your personal data with Gamma in order to provide you with telecoms/VoIP connectivity and support.

GDPRLocal.com – If you make a SAR request or other GDPR related queries we share you data with our GDPR consultants to ensure your request is handled.

Strategic Imperatives – If you’re a telecoms/VoIP customer we may share your personal data with Strategic Imperatives in order to provide you with accurate billing and support.

Google Apps for Business & Google App Engine – If you are website customer, we may share your personal data with Google App Engine in order to provide you with website hosting services and support.

FreshDesk- share your data with FreshDesk to manage our customer communications and provide the best service possible to our customers.

C.A.R.S – (Creditlink Account Recovery Solutions Ltd) is a Debt Collection Agency regulated by the Financial Conduct Authority (firm reference number 716456) and is a member of the Credit Services Association we may share your details if your account is in arrears.

Asknicely – share your data with Asknicely to manage our customer satisfaction and provide the best service possible to our customers.

Checkout – we will share your information with Checkout to take monthly payments based on your services with us.

Hubspot – we share your data with Hubspot to manage you sales and customer journey and communicates

Brevo – we share your data with Hubspot to manage you sales and customer journey and communicates

Mandrill – we will share your information with Mandrill to provide email communications and alerts.

Trustpilot Service – we may share your information with Trustpilot Service to collect reviews.

Trevor.io – we may share your data with Trevor.io for processing and data queries.

SV Enterprises – we may share your data with our partners SV Enterprises who assist with sales calls.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Behavioral Remarketing

bOnline uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google Ads

Google Ads remarketing service is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Facebook

Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

For more information on the privacy practices of Facebook, please visit Facebook’s

Data Policy: https://www.facebook.com/privacy/explanation

5 How do we keep your personal data secure?

We keep your data secure:

by following internal policies of best practice and training for staff by using Secure Socket Layer (SSL) technology when information is submitted to us online
5.1 The Internet is not a secure medium. However, we have put in place various security procedures with regards to the Website and your electronic communications with us, as set out in this Privacy Policy.

5.2 Where relevant with respect to online payments, all your credit card details will be passed from your browser for processing using encryption.

5.3 Where you have been allocated a user admin area (an “Account”), this area is protected by your user name and password, which you should never divulge to anyone else.

5.4 Please be aware that communications over the Internet, such as emails/webmails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.

5.5 We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

5.6 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

5.7 All of our employees and data processors that have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of our visitors’ information.

5.8 We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.

Where we store your data

All information you provide to us is stored on Google secure servers. Any transmission of information to our partners (including information to facilitate payments) are encrypted. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Information we deem sensitive (like your bank account number and sort code) are stored using encryption. We will only send your data outside of the European Economic Area (‘EEA’) to comply with a legal obligation, or when required to fulfil your service with us (our South African office), or our suppliers. If we do transfer your personal information outside the EEA, we will make sure that it is protected to the same extent as in the EEA.

In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we shall also inform you.

6 Retention Periods

We generally retain your information for as long as it is necessary for the performance of the contract we have with you, or to comply with our regulatory obligations. If you no longer want us to use your information you can send a request to sar@bonline.com. Please note that if you request erasure of your personal data, we will keep relevant personal information for at least 5 years to comply with our regulatory obligations.

7 Your Rights under GDPR

Getting a copy of your data — you have the right to get a copy of the data we hold about you. This is free of charge. To do this, please reach out to sar@bonline.com, or talk to our support team by phone.

Rectification of inaccurate or incomplete information — you have the right to ask us to update any information we hold which may be inaccurate, and which you can’t change yourself through the bOnline service.

Erasure of data or the ‘right to be forgotten’ — you have the right to ask us to erase personal information we hold on you, and close your bOnline account. If you do this, we might maintain personal information we hold on you which is necessary to comply with our regulatory obligations, or to reduce fraud.

Withdrawing consent, and restricting processing — to withdraw consent or restrict processing you may contact customer support sar@bonline.com. If you withdraw consent, we will be unable to provide the bOnline service to you. Some information you have provided us will be retained after you withdraw consent to comply with regulatory obligations.

You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected. Where appropriate, you may have your personal information erased, rectified, amended or completed. Please write to: bOnline Ltd, Terminal House, 52 Grosvenor Gardens, London SW1W 0AU

Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected (this helps us to more readily locate your data).

We will require proof of your identity before providing you with details of any personal information we may hold about you.

8 Changes to our privacy policy and control

We may change this privacy policy from time to time. When we do, we will let you know by changing the date on this policy, notifying customers where we are able to, adding notices to our website or mobile app, notifying customers of only significant changes. By continuing to access or use our services after those changes become effective, you agree to be bound by the revised privacy policy.

9 About us

We are Bonline Ltd and our address is Terminal House, 52 Grosvenor Gardens, London SW1W 0AU. You can contact us at sar@bonline.com