Privacy Policy

1. Introduction

Thamesoptic Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA123456. Our registered address is 123 Tech Street, London, EC1A 1AA.

2. Information We Collect

We collect information you provide directly to us:

• Name, address, email address, and telephone number
• Payment information (processed securely by our payment provider)
• Account login credentials
• Communications you send to us
• Service usage information

We may also collect information automatically when you use our services, including IP addresses, device information, and browsing data through cookies.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and support messages
• Respond to your comments and questions
• Send marketing communications (with your consent)
• Comply with legal obligations
• Protect against fraud and abuse

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract: Processing necessary for the performance of our contract with you
• Legal Obligation: Processing necessary to comply with UK law
• Legitimate Interests: Processing necessary for our legitimate business interests
• Consent: Where you have given us explicit consent (e.g., marketing)

5. Data Sharing

We may share your information with:

• Network operators (Openreach, CityFibre) to provision your service
• Payment processors (Stripe) to handle transactions
• Customer service providers
• Legal authorities when required by law

We do not sell your personal information to third parties.

6. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (right to be forgotten)
• Restrict Processing: Request limitation of how we use your data
• Data Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected].

7. Data Retention

We retain your personal data for as long as your account is active, plus 7 years after account closure to comply with legal and regulatory requirements. Some data may be retained longer if required by law.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

9. International Transfers

Your data is primarily processed within the UK and EEA. Where we transfer data outside these areas, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.