Privacy Policy

Your Right to Privacy

We value your privacy rights. We are serious about protecting your information and have
established policies and procedures to safeguard it. This notice outlines how we collect, use, and
protect your information.

Who We Are

We are Aritel Limited. A company registered in England and Wales under
registration number 14563319 at 34-35 Suite 2993, Unit 3a, Hatton Garden, London, England,
EC1N 8DX.

Our websites are www.aritel.co.uk.

Categories of Information We Collect

Personal data means any information that can identify a specific individual. While completing a
survey, we collect several types of personal data from you, which can be categorised into the
following types:

Demographic: Information such as gender, name, date of birth, and contact details.
Life Stage Lifestyle: Information related to marital status, employment type, household income,
and presence of children.

Information We Hold About You

When you enquire about or use our services, we collect personal information about you. Personal
information we collect and hold may include:

• Name, address, and email address.
• Telephone number.
• Information about services you use and other related information.
• Information needed to process payments, such as bank and credit or debit card details.
• Records of contact with you, such as system notes, emails, and letters.
• Campaign-specific data discussed with you before collection or processing.
• Details of your travel preferences, including holidays, hotels, airlines, and travel bookings.
• Lifestyle information.

We never ask for special category data, which includes medical history, religious or political beliefs,
and union membership. You always have the right to refuse to answer any question.

How We Use Your Information

We use your information in line with this Privacy Policy and the lawful reasons set out in data
protection legislation:

• • Contract: We use your personal information to process your orders and payments, give you
    a refund, and complete Trade-Ins and cashback offers. We also enter into a contract with
    you when you use one of our services or facilitate an agreement with mobile network
    partners.
  • Consent: We use email and text messages to communicate with you about our products
    and services, competitions, offers, promotions, or special events. For example, providing a
    free mobile phone upgrade reminder service or sending a renewal notice. We also use your
    consent to personalise your experience on our Online Services and enter you into
    competitions.
  • Legitimate Interest: For customer support, responding to queries, ensuring smooth
    experience on our Online Services, and marketing activities. This includes checking our
    records are right and sending relevant ads based on collected information. We also monitor
    ATEL0013.2 – Aritel Privacy Notice v1.2 24.06.24 Page 2 of 4
    email marketing campaigns, personalize email content, and ensure emails are not spoofed
    by fraudsters.
  • Legal Obligation: To identify you when you contact us, verify the accuracy of the data we
    hold, assist public authorities like HMRC and the Police, and comply with Financial Conduct
    Authority (FCA) obligations.
  • Vital Interest: We may contact you if there are urgent safety or product recall notices or to
    prevent or reduce potential harm to you.

Credit Reference Agencies (CRAs) and Insurance

We work with Credit Reference Agencies (CRAs) and will exchange information with them. This
includes information from your order and about your financial situation and history. CRAs will supply
us with both public and shared credit, financial situation and financial history information, and fraud
prevention information. We will use this information to:

• • • Assess your creditworthiness and whether you can afford the contract.
    • Verify the accuracy of the data you have provided.
    • Prevent criminal activity, fraud, and money laundering.
    • Trace and recover debts.

Direct Marketing Customer Charter

When you buy a product or service, whether it’s online or in a store, we gather personal details on
you so that we can keep you informed about our newest products, services, or offers. We might
reach out to you through the mail, email, text, online platforms, or social media.

We will only use your personal information to send you marketing messages if we have a legal basis
to do so. This could be with your explicit consent or in cases where there is a ‘legitimate interest’,
such as when we have a business or commercial reason to use your information. We will always
give you the chance to opt-out of receiving marketing materials when we initially collect your contact
details and in every subsequent message.

If you buy new products or services from us in the future, we may ask you to confirm or update your
preferences for receiving marketing materials. We will also ask you to do this if there are changes in
the law, regulation, or our business structure.

Bought-in Lists

We will only use purchased lists for sending texts, emails, or recorded calls when we have
documented opt-in consent that specifically mentions our company.

• • • We will only use the information on the lists for marketing purposes.
    • We will delete any irrelevant or excessive personal information.
    • We will screen the names on bought-in lists against our own list of customers who say they do not want our calls, texts, or emails.
    • We will carry out small sampling exercises to assess the reliability of the information on the lists.
    • When marketing by post or email, we will include our company name, address, and telephone number in the content.
    • We will always tell customers where we obtained their details.
    • We will provide you with a link to our Privacy Policy.
    • We will undertake adequate due diligence when we first select information suppliers and in our ongoing work with them to ensure personal information was obtained and provided fairly.
    • We will make sure that adequate contractual terms are in place requiring information suppliers to ensure personal information was obtained and provided fairly and in accordance
      with the requirements of GDPR.
    • We will take all necessary steps to satisfy ourselves that the information has been properly
      sourced, permissioned, and cleaned. We will make sure that sufficient due diligence is undertaken and contractual arrangements are in place with suppliers of personal
      information.

How We Share Your Information

We may send information to, receive information from, or exchange your personal information with
partners or agents who support us in delivering our products and services to you, or that we refer
you to, or that refer you to us. This includes:

• • • Companies who perform essential services for us.
    • Third-party organisations that conduct research, analysis, and marketing activities on our
      behalf.
    • Regulators, courts, or other public authorities.
    • Emergency services in the case of an accident or emergency.

We will only share or exchange data with third parties under the protection of a written agreement
and the ability to oversee their activities unless information is required for regulatory reasons. We
may share your information with organisations based outside the UK and/or European Union.
Where this is the case, we will only do so provided that the organisation complies with local data
protection regulations and with a written agreement.

Where We Process Your Information

We may process your information outside the UK or European Union. Where this is the case, we will
only transfer your information to other countries outside the EEA if it is unavoidable to allow us to
deliver our products and services. If we do, we take care to ensure the same level of privacy and
security as the UK.

Security Measures

We protect your information by maintaining physical, electronic, and procedural safeguards in
relation to the collection, storage, and disclosure of personal data to prevent unauthorised access,
accidental loss, disclosure, or destruction. However, no data transmission over the internet can be
entirely secure, and therefore, we cannot guarantee the security of your personal information and/or
use of our sites.

How Long We Keep Your Information

We will keep your personal information only for as long as necessary in line with regulatory and
legal requirements and destroy it securely when it is no longer needed. We have a retention
schedule that we use to manage the length of time we keep personal data, and if you would like to
know any specific timescales listed on it, please contact us using the details below.

How You Can Manage the Information We Hold and How We Use It

Data protection regulations mean you have rights over how we hold and use the information we
hold about you:

• • • Your Right to Manage Consents: You have the right to give your consent to us using your
      data for any activities we do not have another lawful basis to carry out, for example, sending
      you marketing communications. You can withdraw consent at any time.
    • Your Right of Access: You have the right to request access to the information we hold
      about you; this is called a Data Subject Access Request.
    • Your Right to Know About Sharing: You have the right to know who your data is shared
      with and why.
    • Your Right to Rectification: You have the right to have your details updated if they are
      inaccurate and for information not required for lawful reasons to be deleted. You also have
      the right to ask us to complete information you think is incomplete.
    • Your Right to Erasure: You have the right to ask us to erase your personal information.
    • Your Right to Object to Processing: You have the right to object to the processing of your
      personal data in certain circumstances.
    • Your Right to Restriction of Processing: You have the right to have automated processing
      and profiling restricted. Profiling may be used to analyse or predict economic situations,
      health, personal preferences, interests, reliability, behaviour, location, or movements.
    • Your Right to Data Portability: You have the right to request that information we process by
      automated means is sent to you or another nominated data controller in a commonly used
      electronically readable format.

You are not required to pay any charge for exercising your rights. If you make a request, we will
respond to you within one month.

How to Contact Us

To exercise any of your rights or if you have any questions regarding this policy, please contact our
outsourced Data Protection Officer at Business Risk and Compliance Experts (BRACE):

• • • Email: aritel@brace-solutions.com
    • Address: Business Risk and Compliance Experts Ltd, 1 Union Street, Long Eaton,Nottingham. NG10 1HH.
    • Telephone: +44 (0)1332 720 078.

Please do not include confidential information in emails or letters.

How to Complain

If you are unhappy with how we have used your data, you can contact the Information
Commissioner’s Office (ICO):

• • • • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
        Cheshire. SK9 5AF
      • Helpline: 0303 123 1113

Changes to This Policy

We regularly review this policy. You may view the most recent version on our website. Last updated
June 2024.