Our Privacy policy

This policy sets out how we handle the information we receive from customers and everyone who uses our products and services. We take this seriously and will always treat this information with the utmost respect and care.

Our Privacy policy

This policy sets out how we handle the information we receive from customers and everyone who uses our products and services. We take this seriously and will always treat this information with the utmost respect and care.

Consumer Privacy Policy    Business Privacy Policy

Welcome

We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it. This has been written in line with our obligations under the General Data Protection Regulation 2016 and the Data Protection Act 2018 as they apply in the UK.  There may be local law variationsrequirements within and outside the EU which apply instead. 

The reasons we collect information are set out in this privacy policy, but we are not telling you all this just because we have to. As a communications provider, most of what we do – from connecting calls to developing and promoting our services – involves using personal information. And we believe that it is very important for our customers to trust us with that information. We want you to be confident that we will keep it secure and use it both lawfully and ethically, respecting your privacy. 

Our support for the right to privacy, as part of our broader commitment to human rights, is stated in our human rights policy. And our privacy policy explains in detail how we use your personal information. It describes what we do (or what we may do) from the moment you ask for a service from us, when we may use your information for credit-checking purposes, through to providing and billing for that service. It also applies to marketing other products that we think will interest you. 

But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it. 

Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We tend to need permission when what is proposed is more intrusive (for example, sharing your contact details with other organisations so they can market their own products and services to you).

But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks). But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, or to ‘profiling you’ for marketing purposes, we must then stop.   

This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.

Please read this policy carefully as it applies to the products and services we provide to you (such as your phone, mobile, wi-fi, TV and broadband), our apps and our websites. It applies to our consumer customers only. If you are a business customer (including sole traders and partnerships) please see our business privacy policy.  

It also applies even if you’re not one of our customers and you interact with us as part of running our business, such as by: 

  • using one of our products or services – paid for by someone else; 
  • taking part in a survey or trial; 
  • entering a prize promotion; 
  • calling our helpdesk; or
  • generally enquiring about our services. 

If you need to give us personal information about someone else in relation to our products and services, the privacy policy will also apply. And if we need the permission of the other person to use that information, we’ll ask you to check they are OK with this.

Technology is a fast-changing area and can be complicated. We’ve included a glossary which explains the meaning of any technical terms we use. 

This policy doesn’t apply to information about our employees or shareholders.  It also doesn’t cover other companies or organisations (which advertise our products and services and use cookies, tags and other technology) collecting and using your personal information to offer relevant online advertisements to you.  Read our cookie policy here for information about how we use cookies on our website. 

You can link to other organisations’ websites, apps, products, services and social media from our websites. This privacy policy doesn’t apply to how those other organisations use your personal information.   

You should review their privacy policies before giving them your personal information.

At BT, we’re part of a larger group of companies. Some other companies and parts of the BT Group have their own privacy policies. And they’ll apply if you buy your product or service direct from them, but the EE and Plusnet policies are broadly similar to this one. 

If you have purchased our Encircle product, details of how we process your personal data (whether you are a Carer, Cared For or Care Circle member) are set out in a separate privacy policy, which you can find here.

All other parts of the BT Group are covered by this privacy policy.

We review our privacy policy regularly. It was last updated on 27 September 2022. And we’ll tell you if we change the policies, as set out here.

 

A summary of the updates made on 27 September 2022:

We have added a section to provide further details on the information that is shared with our TV partners.

In our section title “To prevent and detect crime and fraud” we have provided more information about the type of information we check. 

Accessing and updating how we use your information

As allowed by law, you can access and update the information we hold about you using our online form. Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.

We’ll always try to help you with your request but we can refuse if we believe doing so would have a negative effect on others or the law prevents us.  And even though we have to complete your request free of charge, we are allowed to reject requests if:

  • they’re repetitive;
  • you don’t have the right to ask for the information; or
  • the requests made are excessive.

If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.

 

You can change your marketing preferences by following the unsubscribe links in any email or text marketing that we send you.

Alternatively, you can give us a call and let us know whether you’re happy to hear from us by email, text, post or telephone.   
If you're a residential customer, please contact us on 0800 800 150. 
If you're a business customer, please contact us on 0800 800 152. 

You can use the same contact details to let us know whether you want us to stop using information about how you use our products and services (including your call, browser and TV records) for marketing purposes or profiling you for marketing purposes. For more information about how we use your information for marketing purposes, please see below.

If you want a copy of your billing information, log in to your MyBT account or call 0800 800 150 and we’ll send it to you. (You must be the account holder to ask for this information). If you're a business customer, the number to call is 0800 800 152.

If you want to see what contact information we hold about you, you can also log in to your account. It’s quick and simple to access it this way.

You can also ask us for a copy of the information we hold about you using our online form here.

If you work for one of our corporate customers, where possible, please ask your employer – they’ll ask for this on your behalf.

It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or you send us a lot of requests at once.

You can ask us to correct, complete, delete or stop using any personal information we hold about you by using our online form here.

If you’re worried about how we send you marketing information, have a look at the section above on how to check or change those settings.

If you want us to stop using personal information we’ve collected via cookies on our website or apps, you should either change your cookie settings here or change the settings for your app. In some cases, we might decide to keep information, even if you ask us not to. This could be for legal or regulatory reasons, so that we can keep providing our products and services, or for another legitimate reason. For example, we keep certain billing information to show we have charged you correctly.  But we’ll always tell you why we keep the information.

We aim to provide our products and services in a way that protects information and respects your request.  Because of this, when you delete or change (or ask us to delete or change) your information from our systems, we might not do so straight away from our back-up systems or copies on our active servers. And we may need to keep some information to fulfil your request (for example, keeping your email address to make sure it’s not on our marketing list). 

Where we can, we’ll confirm any changes. For example, we’ll check a change of address against the Postal Address File, or we might ask you to confirm it.

If we’ve asked for your permission to provide a service, you can withdraw that permission at any time.  It’ll take us up to 30 days to do that.  And it only applies to how we use your personal information in the future, not what we’ve done in the past (for example, if we’ve run a credit check at the start of your contract).

If we provide you with our products and services, or you’ve said we can use your information, you can ask us to move, copy or transfer the information you have given us.  You can ask us to do this using our online form here.

We’ll send your personal information electronically.  And we’ll do our best to send it in another format if needed.

We’ll always try to help you with your request. But we can refuse if sharing the information would have a negative effect on others, for example because it includes personal information about someone else, or the law prevents us from doing so.

It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or you send us a lot of requests at once.

What information we collect and what we use it for

What kinds of personal information do we collect and how do we use it?

The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information below.

We’ll use your personal information to provide you with products and services. This applies when you register for or buy a product or service from us. Or if you register for an online account with us or download and register on one of our apps.

This means we’ll

  • record details about the products and services you use or order from us;
  • send you product or service-information messages (we’ll send you messages to confirm your order and tell you about any changes that might affect your service, like when we have infrastructure work planned or need to fix something);
  • update you on when we’ll deliver, connect or install your products and services; 
  • let you create and log in to the online accounts we run;
  • charge you and make sure your payment reaches us;
  • filter any content you ask us to, through your Parental Controls settings (or any content our partners ask us to, such as for a wi-fi hotspot);
  • give information to someone else (if we need to for the product or service you’ve ordered) or to another communications provider if you’re buying some services from them and us (if we do this, we still control your personal information and we have strict controls in place to make sure it’s properly protected); and
  • support you more if you are a vulnerable customer. 

We use the following to provide products and services and manage your account.

  • Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as the security questions and answers we have on your account).
  • Your payment and financial information.
  • Your communications with us, including emails, webchats and phone calls.  We’ll also keep records of any settings or communication preferences you choose.
  • Details of the products and services you've bought within the BT Group, how they are performing and how you use them – including your call, browser (including IP address) and TV records.
  • Information from cookies placed on your connected devices that we need so we can provide a service.

We use this information to carry out our contract (or to prepare a contract) and provide products or services to you.  If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.

If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable customer, but only if you give your permission or if we have to for legal or regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information so we don’t repeatedly ask you about it.  We will also record the details of a Power of Attorney we have been asked to log against your account.

We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business.  We use your information to:

  • Identify, and let you know about, products and services that interest you;
  •  share within the BT Group for administrative purposes and to tailor the offers we make to you;
  • create aggregated and anonymised information for further use;
  •  detect and prevent fraud including sharing with other companies so they can protect you against fraud and maintain accurate records; and
  •  secure and protect our network. 

To market to you and to identify products and services that interest you

We’ll use your personal information to send you direct marketing and to better identify products and services that interest you. We do that if you’re one of our customers or if you’ve been in touch with us another way (such as entering a prize promotion or competition).

This means we’ll:

  • create a profile about you to better understand you as a customer and tailor the communications we send you (including our marketing messages);
  • tell you about other products and services you might be interested in;
  • recommend better ways to manage what you spend with us, like suggesting a more suitable product based on what you use;
  • try to identify products and services you’re interested in; and
  • show you more relevant online advertising (both on our and other parties’ apps and sites) and work with other well-known brands to make theirs more suitable too.

We use the following for marketing and to identify the products and services you’re interested in, where applicable.

  • Your contact details. This includes your name, gender, address, phone number, date of birth and email address.
  • Your payment and financial information.
  • Information from cookies and tags placed on your connected devices.
  • Information from other organisations such as aggregated demographic data, data brokers (such as Acxiom and Edit), our partners and publicly available sources like the electoral roll and business directories.
  • Details of the products and services you've bought within the BT Group and how you use them – including your callbrowser (including IP address) and TV records.

We’ll send you information (about the products and services we provide) by phone, post, email, text message, online banner advertising or a notice using our apps or on your TV set-top box.  We also use the information we have about you to personalise these messages wherever we can as we believe it is important to make them relevant to you.  We do this because we have a legitimate business interest in keeping you up to date with our products and services, making them relevant to you and making sure you manage your spending with us.  We also check that you are happy for us to send you marketing messages by text or email before we do so. In each message we send, you also have the option to opt out.

Sometimes, we use supplier tools to find likely matches of customers on our database (at an aggregated level) with those of our trusted publisher partners. Sharing the results from this process allows our partners to identify customers we may have in common so that we can show you relevant advertising when you're using their platforms, sites or applications. Those partners may also use their own tools techniques to identify additional customers of theirs who share similar characteristics to any group we are targeting to help extend the reach of our personalised advertising.

We’ll only use your call, browser and some TV records (such as programmes you watch on channels we provide that are produced by other organisations) to personalise our offers as long as you are happy for us to do so. 

We’ll only market other organisations’ products and services if you have said it is OK for us to do so.

You can ask us to stop sending you marketing information or withdraw your permission at any time, as set out above.

Read our cookie policy for more details on how we use cookies.

To enable Personalised Content & Recommendations and Targeted Ads

We have arrangements in place with YouView and our TV Partners (currently only ITV) to enable them to personalise the content and viewing recommendations in their Apps and deliver targeted adverts you see when viewing their channels on our TV services. 

To do this we generate an ID which relates to your Set Top Box. We generate the ID and share it with our TV Partners based on our legitimate interest to ensure you get the most out of using our TV service. This ID, together with the viewing activity collected from the Partner channel you watch on our TV service, enables our TV Partners to create a profile of your household  and identify groups of audiences. Our TV Partners can then deliver targeted ads on your TV and to personalise content and viewing recommendations in their Apps. This will include programmes that may interest you and adverts for products and services that our TV Partners think you would like to hear about. In certain scenarios (with certain TV Partners) we may also share the address linked to your Broadband Account to improve the accuracy of the relevant ads. See the TV Partners privacy policy for more information.

You can tell our TV Partners to stop providing you with targeted ads at any time by visiting the Privacy Settings in your Set Top Box (if you ask for targeted ads to be turned off, you will still see adverts but they won’t be tailored to you). You can find out more about how and why your personal data and viewing history is used and shared in each Partner’s privacy policy.

https://www.itv.com/terms/articles/privacy

https://www.youview.com/policies/privacy-policy/ 

 

To create aggregated and anonymised data

We’ll use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:

  • make sure our network is working properly and continuously improve and develop our network and products and services for our customers;
  • run management and corporate reporting, research and analytics, and to improve the business; and
  • provide other organisations with aggregated and anonymous reports

We use the following to generate aggregated and anonymised information.

  • Your gender, address and date of birth.
  • Information about what you buy from us, how you ordered it and how you pay for it, for example, broadband ordered online and paid for on a monthly basis.
  • Information from cookies and tags placed on your computer.
  • Information from other organisations who provide aggregated demographic information, data brokers (such as Acxiom and Edit), our partners and publicly available sources like the electoral roll and business directories.
  • Details of the products and services you’ve bought and how you use them – including your callbrowser (including IP address) and TV records.

We may have a legitimate interest in generating insights that will help us operate our network and business or would be useful to other organisations. 

 

To develop our business and build a better understanding of what our customers want

This means we’ll:

  • maintain, develop and test our network (including managing the traffic on our network), products and services, to provide you with a better service;
  • train our people and suppliers to provide you with products and services (but we make the information anonymous beforehand wherever possible);
  • create a profile about you to better understand you as our customer;
  • share personal information within the BT Group for administrative purposes, such as sharing contact details so we can get in touch with you and details of what you buy from different companies within our Group; and
  • make and defend claims to protect our business interests.
  • run surveys and market research about our products.

We could use the following information to do this.

  • Your contact details.
  • Your payment and financial information.
  • Your communications with us, including emails, webchats and phone calls (and any recordings made).
  • Information from cookies placed on your connected devices.
  • Details of the products and services you’ve bought and how you use them – including your callbrowser (including IP address and static IP address, if it applies) and TV records.

If we use this information for market research, training, testing, development purposes, defend or bring claims, or to create a profile about you, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our customers’ needs. 

We create a profile about you based on what you have ordered from us and how you use our products and services.  This helps us tailor the offers we share with you.  You can ask us to stop profiling you for marketing purposes at any time, as set out above.

 

To run credit and fraud prevention checks

Before we provide you with a product or service (including upgrades or renewals), or sometimes when you use our products and services, we’ll use personal information you have given us together with information we have collected from credit reference agencies (such as Experian or Equifax), the Interactive Media in Retail Group (IMRG) security alert, or fraud prevention agencies (such as Cifas).  We use this information to manage our credit risk, and prevent and detect fraud and money laundering.  We’ll also use these organisations to confirm your identity. When they get a search from us, a 'footprint' goes on your file which other organisations might see. We might also share the information with other organisations. We do this because it’s in our, and the organisations’, legitimate interests to prevent fraud and money laundering, and to check identities, to protect our business and to keep to laws that apply to us.

Details of the personal information that will be used include your name, address, date of birth, contact details, financial information, employment details and device identifiers, including IP address and vehicle details.

If you don’t become one of our customers, we’ll still keep the result of our credits checks about you if we have a legal obligation and it’s in our legitimate interests to help prevent or detect fraud.  Fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held by us and the organisations we share it with for up to six years.

If you give us false or inaccurate information which we identify as fraudulent, we’ll pass that on to fraud prevention agencies. We might also share it with law enforcement agencies, as may the agencies we have shared the information with.

If you tell us you’re associated with someone else financially (for example, by marriage or civil partnership), we’ll link your records together.  So you must make sure you have their agreement to share information about them. The agencies we share the information with also link your records together and these links will stay on your and their files – unless you or your partner successfully asks the agency to break that link.

If we, a credit reference or fraud prevention agency, decide that you are a credit, fraud or money laundering risk, we may refuse to provide the services or financing you have asked for, or we may stop providing existing services to you.

As part of running credit and fraud prevention checks using your personal information, decisions may be made by automated means.  This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making, if you have any questions about this please contact us using the details below.

The credit reference and fraud prevention agencies will keep a record of any fraud or money laundering risk and this may result in other organisations refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details below.

We send credit reference and fraud prevention agencies information about applications, and they keep that information. We might also give them details of your accounts and bills, including how you manage them. This includes telling them about your account balances, what you pay us and if you miss a payment (going back in the past, too).  So if you don't pay your bills on time, credit reference agencies will record that. They, or a fraud prevention agency, might tell others doing similar checks – including organisations trying to trace you or recover money you owe them.

There are different credit reference agencies in the UK (for example, Callcredit, Equifax and Experian). Each one might hold different information about you. If you want to find out what information they have on you, they may charge you a small fee.

Whenever credit reference and fraud prevention agencies transfer your personal information outside of the European Economic Area, they place contractual responsibilities on the organisation receiving it to protect your information to the standard required in the European Economic Area. They may also make the organisation receiving the information subscribe to ‘international frameworks’ aimed at sharing information securely.

Here are links to the information notice for each of the three main Credit Reference Agencies.
Callcredit
Equifax
Experian


To collect debt

If you don’t pay your bills, we might ask a debt-recovery agency to collect what you owe. We’ll give them information about you (such as your contact details) and your account (the amount of the debt) and may choose to sell the debt to another organisation to allow us to receive the amount due.

 

To prevent and detect crime and fraud

We’ll use your personal information to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment.  We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks.

To do that we use the following information, but only where strictly necessary.

  • Your contact details and other information to confirm your identity and communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (for example, security questions).  We do not store the original copy of your password. Instead we keep it in a form that allows us to authenticate you but does not allow us to work out what your original password is.
  • Your payment and financial information.
  • Information from credit reference and fraud prevention agencies.
  • Details of the products and services you’ve bought and how you use them – including your:
    • Call records the date, time, length and cost of your communications, device information, the location of your device from Cell Site data (the antennae and communications equipment that we use to create the cellular network) , where  the call was made to and from, the network used and the type of communication, including when you make calls abroad.
    • Browser records-the types and nature of websites that you visit, as well as the date, time, length of your internet session, cell site and network used, device information, your data usage and your IP address. .
    • TV records- details of the devices you use (including the device information – identifiers such as MAC address or IMSI), the channels, programmes and adverts you watch on them, the services you access, how long you watch and what actions you take when doing so, including how you view, record and fast-forward programmes
  • Content of SMS you send and receive using our network.
  • CCTV footage in our shops and buildings.

We use this personal information because we have a legitimate interest in protecting our network and business from attacks and to prevent and detect crime and fraud. We also share it with other organisations (such as other communications providers and banks) who have the same legitimate interests.  Doing this helps make sure our network works properly and helps protect you from attacks.

If you call the emergency services, we’ll give them information about you and where you are so they can help. We do this because it is necessary to protect you, or another person, and because it is in our interests to help the emergency services in providing help to you.

We may share your personal information with other companies who you have a relationship with – like your bank – or with those companies' that process information on their behalf – so that they can ensure that their customer records are up to date, and also in some cases prevent fraud – for example by checking whether a transaction, such as an online payment or a cash withdrawal, is definitely being requested by you, and not a fraudster.

We might have to release personal information about you to meet our legal and regulatory obligations.

 

To law enforcement agencies

Under investigatory powers legislation, we might have to share personal information about you to government and law-enforcement agencies, such as the police, to help detect and stop crime, prosecute offenders and protect national security. They might ask for the following details.

  • Your contact details. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us.
  • Your communications with us, such as calls, emails and webchats.
  • Your payment and financial information.
  • Details of the products and services you’ve bought and how you use them – including your callbrowser (including IP address) and TV records.

The balance between privacy and investigatory powers is challenging. We share your personal information when the law says we have to, but we have strong oversight of what we do and get expert advice to make sure we’re doing the right thing to protect your right to privacy. You can read more about our approach to investigatory powers in our report on Privacy and free expression in UK communications. And you can see the terms of reference for our oversight body here.

We’ll also share personal information about you where we have to legally share it with another person. That might be when a law says we have to share that information or because of a court order.

In limited circumstances, we may also share your information with other public authorities, even if we do not have to. However, we would need to be satisfied that a disclosure of information is lawful and proportionate (in other words, appropriate to the request). And we would need appropriate assurances about security and how the information is used and how long it is kept. 

 

For regulatory reasons

We’ll also use your callbrowser (including IP address) and TV records to find the best way of routing your communications through the various parts of our network, equipment and systems as required by our regulator.

If you order a phone service, we’ll ask if you want your details included in our directory services such as our Phone Book. If you do, we’ll publish your details and share that information with other providers of directory services. Ex-directory numbers aren’t included and will not appear in The Phone Book.

Sharing your information

In this section we detail how, why and with whom we share your information. We also explain the safeguards we’ve put in place to protect your information.

We share your personal information with other companies within the BT Group. We have a group-wide arrangement, known as binding corporate rules, to make sure your personal information is protected, no matter which company in the BT Group holds that information. 

We also share your personal information with other companies – such as your bank - so they can protect you against fraud and maintain accurate records.

We also use other service providers to process personal information on our behalf. Details of how they handle your personal information are set out below.

We use other providers to carry out services on our behalf or to help us provide services to you. We also use them to: 

  • provide customer-service, marketing, infrastructure and information-technology services; 
  • personalise our service and make it work better; 
  • process payment transactions; 
  • carry out fraud and credit checks and collect debts; 
  • analyse and improve the information we hold (including about your interactions with our service); 
  • assist with fraud prevention and detection; and 
  • run surveys.

Where we use another organisation, we still control your personal information. And we have strict controls in place to make sure it’s properly protected. Finally, the section above describes the situations in which your personal information is shared to other organisations, government bodies and law-enforcement agencies.  When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.

If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as 'adequate' by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.

If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.

For more details, or if you’d like a copy of our binding corporate rules or other information about a specific transfer of your personal information, get in touch with us here.  The fraud prevention section above provides details on the transfers fraud prevention agencies may carry out.

BT Group is a large multinational organisation. Our binding corporate rules reflect how we operate. We have a UK and EU version of the binding corporate rules because of Brexit.  Both versions include a list of countries (below) which are structured to allow us to transfer personal information to the countries where we have a presence.  For us, after the UK and wider EU, India and the Philippines are where most of our processing of personal information takes place.  Your personal information is used for customer or IT support or operations purposes in these countries.  While our UK and EU binding corporate rules allow us to transfer personal information from the UK and EU respectively to these countries, the information won’t always include your personal information in every case.

Algeria, Argentina, Australia, Bahrain,  Bangladesh, Barbados, Bermuda, Bolivia, Bosnia and Herzegovina, Botswana, Brazil, Canada, China, Colombia, Costa Rica, Cote d'Ivoire, Dominican Republic, Ecuador, Egypt, El Salvador, Ghana, Gibraltar, Guatemala, Honduras, Hong Kong, India, Indonesia, Isle of Man, Israel, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Republic of Korea, Lebanon, Macedonia, Malawi, Malaysia, Mauritius, Mexico, Moldova, Montenegro, Morocco, Mozambique, Namibia, Nicaragua, Nigeria, Norway, Oman, Pakistan, Panama, Paraguay, Peru, Philippines, Puerto Rico, Qatar, Russian Federation, Serbia, Singapore, South Africa, Sri Lanka, Switzerland, Taiwan, Tanzania, Thailand, Trinidad and Tobago, Tunisia, Turkey, Uganda, Ukraine, United Arab Emirates, United States, Uruguay, Venezuela, Vietnam, British Virgin Islands, Zambia and Zimbabwe.

Protecting your information and how long we keep it

This section is about how we keep your information secure and how long we keep hold of it for. We always follow the law and delete your information when we no longer need to keep it.

We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.

We’ll keep:

  • a summary copy of your bills for six years from the date of the bill;
  • your contact details on file while you’re one of our customers, and for six years after; 
  • SMS content for seven days; and
  • details relating to any dispute for six years after it was closed.

In other cases we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed.  And sometimes we’ll keep it for longer if we need to by law.  Otherwise we delete it. 

How to contact us and further details

You can get in touch with our data-protection officer by email cpo@bt.com or write to the address below and mark it for their attention.

If you’d like any more details, or you have comments or questions about our privacy policy, write to us at:

Data Privacy Team, BT
Floor 16
1 Braham Street
London
E1 8EE

If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you.  If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner.

Our privacy policy might change from time to time.  We’ll post any changes on this page for at least 30 days. And if the changes are significant, we’ll tell you by email, text message or on your bill. 

Country

Company Name 

Registered Address 

Registered number 

Local contact information

Belgium 

BT Limited, Belgian Branch 

1 Braham Street, London, E1 8EE, UK 

BT Branch Office in Belgium: Telecomlaan 9, 1831 Diegem, Belgium 

VAT BE RPR/RPM: 0440.036.936 

Trade register No.  HRB 529.791 

+32 27002211 

gdpr.benelux@bt.com

The Netherlands

BT Nederland N.V. 

Minerva building, Herikerbergweg 2, 1101CM, Amsterdam, Zuidoost, Netherlands

KvK 33296214

+31 88 212 8000 

gdpr.benelux@bt.com

BT Professional Services Nederland B.V. 

Minerva Building,  Herikerbergweg 2, 1101CM, Amsterdam, Zuidoost, Netherlands 

KvK 27138243

+31 88 212 8000 

gdpr.benelux@bt.com

Luxembourg 

BT Global Services Luxembourg SARL 

12 rue Eugène Ruppert L-2453 , Luxembourg, Luxembourg 

KVAT n° LU22637245 

Trade register No. B 71901

+352 40 56 37 1 

gdpr.benelux@bt.com

Denmark 

BT Denmark ApS 

Business Center Havnegade 39, 1058 Kobenhavn Denmark 

CVR 24221415 

VAT nr DK   24221415 

+45 7023 6100 

gdpr.nordics@bt.com

Norway 

BT Solutions Norway AS 

Karenlyst Allè 53, 0279 , Oslo, Norway

Munkedamsveien, 45, c/o BDO AS 0121, Oslo, Norway 

Org-nr: 982398428 
VAT-nr: NO 982398428 MVA 

+4721520000 

gdpr.nordics@bt.com

 

Sweden 

BT Nordics Sweden AB 

Warfvinges väg 35 
104 25 Stockholm Sweden 

P.O. Box 30 005, 104 25 Stockholm, Sweden 

Org-nr: 556605-4945 
VAT-nr: SE 556605494501 

+46 8 55575000 

gdpr.nordics@bt.com

Finland 

BT Nordics Finland Oy 

Mannerheimintie 12 B, 00100 Helsinki, Finland 

FO-nr: 2575229-2 
VAT:nr: FI 25752292 

+358 207 789 340 

gdpr.nordics@bt.com

Glossary

We have included a description of how the technical terms we use are generally interpreted.  

  • Aggregated data means grouped information, for example the total number of calls made in a month or total number of minutes called.
  • Anonymised data means data which has had all personally identifiable information removed.  
  • Apps means an application, such as one you’ve downloaded to your mobile or portable device.
  • BTwe or our means British Telecommunications Plc.
  • BT Group companies and BT Group plc means EE Ltd, Plusnet plc, Openreach Ltd, BT Communications Ireland Ltd, BT Business Direct Ltd, BT Cables Ltd, Tikit Ltd, BT Fleet Ltd, Pelipod Ltd and BT Law Ltd and the areas that make-up BT: Consumer, EE, Business and Public Sector, Global Services, Wholesale and Ventures, Technology, Service and Operations, Group Functions, BT Wi-fi and BT Shop. 
  • Binding corporate rules are designed to allow multinational companies to transfer personal information from the European Economic Area (EEA) to their affiliates outside of the EEA and to keep to data-protection legislation.
  • Browser records means the types  and nature of websites that you visit, as well as the date, time, length of your internet session, cell site and network used, device information, your data usage, your IP addressCall records means the date, time, length and cost of your communications, device information, the location the call was made to and from, the network used and the type of communication, including when you make calls abroad.  
  • Call records means the date, time, length and cost of your communications, device information, the location the call was made to and from, the network used and the type of communication, including when you make calls abroad. 
  • Cell site means the place where we keep the antennae and communications equipment we use to create a cellular network over which we transmit communications.
  • Content means any part of a communication which shares the meaning of the communication.  This could be the title of an email, the content of a text message or a recording of a voicemail.
  • Cookies are small text files (up to 4KB) created by a website and stored in the user's connected device – either temporarily for that session only or permanently on the hard disk (called a persistent cookie). Cookies help the website recognise you and keep track of your preferences.
  • Data usage means the volume of data you’ve used or what’s included under your service agreement with us.  This can be a download or upload volume.
  • Device information means the MAC addressMSISDNIMEIIMSI and advertising identifiers for your device. Device information also means the hardware manufacturer, model and operating system version for the device.
  • Encryption means scrambling information into an unreadable form that can only be translated back using a special key.
  • IMEI (international mobile equipment identity) is a unique number given to every single mobile-phone handset.
  • IMSI (international mobile subscriber identity) a unique number identifying a mobile subscriber.
  • IP address is a unique string of numbers that identifies each device using the internet or a local network.
  • MAC address (media access control address) is a unique identifier assigned to a network connection made to a device.
  • MSISDN (mobile station international subscriber directory number) means a mobile phone number that uniquely identifies a service subscription.
  • Model contracts are standard contractual clauses set by the European Commission. They offer enough protection of people’s privacy, fundamental rights and freedoms when their personal information is moved from within the EEA to outside of it. The contracts keep to data-protection legislation.
  • Personal information means information that identifies you as an individual, or is capable of doing so.
  • Power of attorney refers to the option to choose a trusted friend or relative (or more than one if you want) to act on your behalf. The person you appoint, called an 'attorney', can then use your money to pay bills, sell assets on your behalf and make gifts.    In the UK an ‘attorney’ must be registered with the Office of the Public Guardian to be valid.
  • Regulatory obligations means our obligations to regulators such as Ofcom and the Information Commissioner’s Office.
  • TV records means details of the devices you use (including the device information), the channels, programmes and adverts you watch on them, the services you access, how long you watch and what actions you take when doing so, including how you view, record and fast-forward programmes.
  • Tags are an instruction inserted on a website that specifies how the site, or a part of the site, should be formatted and how it’s performing.