This Privacy Policy details how we, Netduma Limited of 9 Journey Campus, Castle Park, Cambridge, CB3 0AX and our associated companies collect, use and process personal data provided to us. If you have any questions on this Privacy Policy or otherwise relating to how we process your personal data you can contact us at netduma@netduma.com or at the address above.
This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us.
We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.
We are the controller of the personal data provided to us for the purposes of applicable data protection legislation.
By personal data we mean identifiable information about you.
The sorts of personal data we expect we might collect fall into the following categories:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identify you. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Privacy Policy. We do not knowingly obtain personal data from individuals under the age of 18.
From time to time you may provide us with personal data. This may be because you wish to:
We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request, for example to make a purchase of a product or services from us, and we shall make this clear to you at the point of collection of the personal data.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this to the appropriate authorities. At our request, you shall promptly provide evidence of your identity.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
When you use our platforms, including our website, mobile applications and/or a NETDUMA router, we automatically collect and store information Technical Data and Usage Data about your device and your activities.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use on our website, why, and how you can control them, please see our Cookies Policy.
We use this information on an anonymous basis to improve our products and services, to analyse and report on user activities, and it helps us to diagnose any problems you might have if you contact us for support.
When you set up a router you will be given the option to consent to sharing your usage data with us. We will only receive this data if you give that consent.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties confirming your identity. We may also receive personal data about you from our payment providers and other third party service providers.
If you talk about us on social media, we may also collect your social media username.
We will only use your personal data where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Policy are:
If you have ordered products or services from us, we shall use your personal data to provide those products and/or services in We may from time to time contact you with information about your account with us, including any changes to our Terms and/or our EULA.
PURPOSE/ACTIVITY
TYPE OF DATA
LAWFUL BASIS FOR PROCESSING
To register your router, and to provide the products and services to you accordance with the contract for supply agreed between us, including where applicable our Terms and/or our EULA; and respond to any queries from you
ContactIdentity
Performance of a contract with you
To manage your account including managing payments and for audit purposes, and providing support to you
ContactIdentityFinancialTransactionSensitive
Performance of a contract with youLegitimate interests (fraud-checking)
To manage our relationship with you such as notifying you about changes to our EULA or this Privacy Policy
ContactIdentity
Performance of a contract with youNecessary to comply with a legal obligationNecessary for our legitimate interests
To administer and protect our business and website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting and hosting of data)
Technical
Necessary for our legitimate interests (for running our business security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
TechnicalUsage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety
ContactIdentity
Necessary for our legitimate interestsNecessary to comply with a legal obligation
In connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
ContactIdentityUsageMarketing TechnicalSensitive
Necessary for our legitimate interests
For our legitimate interests, we may share your personal data with our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems subject to their rights under applicable data protection legislation.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell all of or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this Privacy Policy.
We also use broadband benchmarking service providers, to perform speed tests to measure and collect the performance results of user networks that are maintained through user devices. The results are anonymous, but may be used by us and our broadband benchmarking service providers for research purposes, to improve services and systems and to issue reports on network performance.
If you use our router to measure your home’s connection speed, you will be connected to our provider, M-Labs who carry out the test. So that they can do so, we will share your IP address with them (but no other personal data) and they will process your IP address in accordance with their privacy policy. M-Labs and retains all experiment data indefinitely and publishes it publicly to support research into trends in internet performance.
Some or all of your personal data may be stored or transferred outside of the United Kingdom for any reason, including for example, if our email server is located in a country outside the United Kingdom or if any of our service providers are based outside of the United Kingdom.
Where your personal data is transferred outside the United Kingdom we will take steps that are reasonably necessary to ensure that adequate safe guards are in place to protect your personal data and to make sure it is treated securely. We may, for example, rely on approved data transfer mechanisms, such as ensuring that the country where the data is transferred is deemed to have adequate data protection laws.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about the products and services we offer. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. However, we may still send you information in relation to any other contract we have in place with you, such as our Terms and/or our EULA.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here.
Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
Right to portability: You can request that we transfer your personal data to another service provider.
Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information if you believe our processing impacts on your fundamental rights and freedoms. However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.
Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your personal data.
Right to stop receiving marketing information: You can ask us to stop sending you information about our services but please note we shall continue to contact you in relation to any matters relating to your account, if you have one.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority
Subject to the provisions of this Privacy Policy, we will retain personal data for as long as we have a valid reason to keep it in accordance with applicable laws.
To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In particular:
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible or in some cases anonymized.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.
Last updated: September 2024