Privacy Policy

We may use information about you to:

Improve our products and services

• Enhance and personalise the products and services that we offer you and to develop new products and services;
• Perform analysis and research and monitor usage behaviour;
• Manage our network and your use of our network;
• Aggregate information about you, your spending and your use of the services with information about other users of the services in order to identify trends;
• Analyse information about you including your calling, searching, browsing and location data on a personalised or aggregated basis.

Provide you with services and information

• Provide you with the products and services you have selected and to manage your account with us;
• Provide you with access to parts of this site;
• Contact you if necessary;
• Tell you about any new services or functionality (eg: the introduction of a new messaging service);
• Market our products and services to you;
• Send you information about our products and services by email or other means if you have opted in to receiving relevant marketing communications;
• Send you information about products and services offered by other companies that we think you might be interested in if you have opted in to receiving relevant marketing communications.

Satisfy our legal, regulatory and business requirements

• Help us keep your account safe, eg: checking your identity;
• Investigate any complaints or other enquiries that you raise;
• Check whether you or members of your household qualify for credit (this may be because you and/or one of your family members has applied for a loan through giffgaff gameplan or you have chosen to purchase a device on giffgaff.com with a loan through giffgaff gameplan);
• Assess credit risk, assess the provision of loans, debt tracing, debt recovery, credit management and crime, fraud and money laundering detection and prevention.

We may also disclose your personal information or information about your usage of our services to certain third parties. This data may identify you personally or may be included in aggregated and anonymised data (which means you will not be identified). These third parties may use this information:

• To provide you with targeted giffgaff or third party offers, promotions, adverts or commercial communications if you have opted in to receiving relevant marketing communications;
• To give them a better understanding of our business; and/or;
• To provide you with products and services or to improve the products or services you are already receiving.

See “Who do you share my personal information with (and why)” for further details about the types of third parties your information may be disclosed to.

We are allowed to use your information in these ways because:

1. We need it to provide you with products and services and to manage your account with us;
2. We need to use some of your information to comply with legal and regulatory obligations (such as legal obligations to keep details of calls made by customers for a certain period of time);
3. We have a legitimate business interest in some uses of your information (such as conducting market research); and/or;
4. You may have given your consent to us to use your data for certain activities, eg: marketing communications.

We have a legal obligation to keep data about your communications (calls and texts) for 12 months. This includes the number calling, the number called and the time and duration of the call. We do not retain the content of the call or text. Law enforcement agencies are entitled to access this data in support of the investigation, detection and prosecution of serious crime.

We may share your information:

• With our current and prospective partners, agents and subcontractors (for example, advertisers and content providers) who are involved in delivering products or services used or ordered by you;
• With other companies in the giffgaff group, including their respective partners, agents and sub-contractors;
• With any relevant public authority or law enforcement agency;
• With any debt collection agency or credit reference agency;
• Where there is a change (or prospective change) in the ownership of giffgaff to new or prospective owners. In these circumstances we would require them to keep it confidential;
• Where we (or an affiliate processing your data on our behalf) are required to do so by law, regulation or legal proceedings;
• Where we believe it is necessary to protect giffgaff or third-party rights and property;
• Where you give us false or inaccurate information and/or we identify or suspect fraud;
• In response to a valid, legally compliant request by a competent authority;
• During emergencies when we believe physical safety is at risk;
• In response to a complaint that you have breached the services terms & conditions or any other product or service terms.

We collect such information as:

• Your contact information including name, address, email address and telephone number;
• Your order history including top-ups and goodybag purchases;
• Your payment details including debit or credit card details, banking details and Paypal details;
• Your account settings including adult content, auto top-up and recurring goodybags;
• Your Community interactions including posts and comments;
• Your communications with us including requests and complaints;
• Your activity/interactions on our website;
• Your device location data and Internet Protocol (IP) address;
• Your use of our services including but not limited to;
• Phone numbers and/or email addresses of calls, texts, MMS, emails and other communications made and received by you and the date, duration, time and cost of such communications;
• Usage data to check compliance with our fair usage policy;
• Credit report information if you have taken up the credit check service through our website or applied for a loan through giffgaff gameplan;
• Loan information and loan application data including employment details, relationship details and homeowner status if you have applied for a loan through giffgaff gameplan or you have chosen to purchase a device on giffgaff.com with a loan through giffgaff gameplan);
• Bank transaction data if you have signed up to this service within giffgaff gameplan;
• Product application data if you have accessed products through product comparison services via giffgaff gameplan.

How we collect information:

We collect information directly from you when you are asked to provide personal details about yourself, including but not limited to when you:

• Purchase products or services from us;
• Register to become a giffgaff customer;
• Submit enquiries or comments to us or contact us;
• Enter any promotions, competitions or prize draws via the services;
• Join any of our schemes including our Participation scheme;
• Use any giffgaff products and services (including where you participate in the giffgaff community by posting on our Blogs and Forums);
• Take part in market research; and/or;
• When you make changes to or terminate your account with us.

We collect information about you indirectly:

• When you use any giffgaff products and services, including but not limited to when you visit orbrowse this site or use our mobile network;
• From third parties including but not limited to those who provide our financial services, take payments and manage product orders and dispatch;
• We may also collect information about you from other sources, including but not limited to: credit reference agencies, fraud prevention agencies and business directories and other commercially or publicly available sources;
• Our website uses a website recording service which records mouse clicks, mouse movements and page scrolling. Data collected by this service is used to improve our website usability. The information collected is stored and anonymised and then used for aggregated and statistical reporting. You will not be personally identified;
• We use cookies and similar technologies to provide us with information about your usage of our website, to support our functionality and to give you the best possible on-line experience. Read our Cookie Policy to learn more.

To exercise any of your rights, you will need to contact our member services team (on-line request forms for this will be available from the 25th May 2018). You will need to provide the following information so that we can verify your identity:

• a colour copy of the account holder's passport, driving licence, birth certificate or utility bill;
• SIM serial number (SSN) (if your request is related to your phone account).

giffgaff are required to respond to your request within 1 month. Where requests are complex and excessive, giffgaff is permitted an additional 2 months to process your request. However, in these circumstances we would provide an update on your request within 1 month of receiving it.

When requesting a copy of your personal data, you can also do this via post.

giffgaff reserve the right to charge an admin fee or refuse a request where requests for data are clearly unreasonable or excessive, particularly if they are repetitive.

Security of Communications
Please be aware that communications over the Internet, such as e-mails and webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered - this is the nature of the World Wide Web/Internet. giffgaff cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

giffgaff Blogs, Chat rooms and Forums
You are reminded that chat rooms and opinion forums are for public discussion. Any personal information that you choose to supply when you participate in these discussions is widely accessible. Never reveal any personal information such as your telephone number, postal or email address when you participate in these discussions.

Users 13 and under
If you are aged 13 or under, please get your parent or guardian's permission before providing any personal information or before taking part in any www.giffgaff.com discussion. Users without this consent are not allowed to provide us with personal information.

Co-Branded Micro Sites and Third Party Sites
Some web pages and Micro Websites included within giffgaff's websites may be co-branded with third party names, logos, or properties. These Micro Websites are operated or maintained by or on behalf of giffgaff. While such third parties are sponsors of these web pages or Micro Websites, the third parties do not share in any personally identifiable information collected within those web pages or Micro Websites unless otherwise stated.

This policy does not apply to third party sites that you may access via our Portals. You should therefore ensure that you are familiar with the applicable third-party privacy policy before entering any personal information on a third party site.

This policy does not apply to third party sites operated by those promoting giffgaff, including Super Recruiters. Whilst giffgaff provides guidance to Super Recruiters in respect of their use and protection of personal data, giffgaff requires such third party sites to maintain a privacy policy. You should, therefore, review relevant policies to learn about how your personal data will be treated.

Non-EEA Use of Information
The information you provide to us may be passed to third parties located outside the European Economic Area. Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy. This can be done in a number of different ways, for instance:

• The country that we send the data to might be approved by the European Commission;
• The recipient company might have signed up to a contract obliging them to protect your information; or;
• The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme.

In other circumstances the law may permit us to otherwise transfer your information outside the EEA. In all cases, however, we will ensure that any transfer of your information is compliant with data protection law.