WeLink Communications (UK) Limited
WeLink Communications (UK) Limited (“WeLink”, “we”, “us” or “our”) recognises that the privacy of the personal information that is provided to us is critically important. We take the privacy and security of personal information very seriously.
We are committed to complying with our legal obligations under the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“UK Data Protection Laws”) and other data protection laws around the world.
WeLink is a company, registered in England and Wales under No. 08850166, whose registered office is at Cardale House Cardale Court, Beckwith Head Road, Harrogate, North Yorkshire, HG3 1RY. The business of WeLink is the provision of Wi-Fi services and wireless broadband services to the UK market.
WeLink is registered with the Information Commissioner’s office under Registration No. ZA184721.
WeLink operates a website, which provides more information about who we are and what we do, which can be viewed at https://www.welinkuk.com (“the Website” or “our Website”).
Our customers are either individuals and businesses which purchase our broadband services or public sector organisations to which we provide free WiFi services to end users.
There are three ways to contact WeLink to discuss any data protection issues you may have:-
The Data Protection Officer
WeLink Communications (UK) Limited
Cardale House Cardale Court
Beckwith Head Road
Harrogate, HG3 1RY
+44 (0)1423 510511 and ask for the WeLink Data Protection Officer.
We have appointed Michael Wray as the Data Protection Officer for WeLink. The Data Protection Officer is responsible for managing data protection at WeLink and ensuring that we comply with our legal obligations relating to personal information. The Data Protection Officer can be contacted using the contact details given in section 3 above.
Under data protection laws, personal data is any information relating to an individual from which that person can be identified. It does not include data from which the identity of an individual cannot be identified (which is anonymous data).
WeLink processes the following categories of personal data depending upon whether we are providing broadband services or Wifi services:
We process the following personal data in relation to these services: limited customer information as set out below.
We process the following personal data in relation to these services: information relating to the users of our Free Wifi Services, and personal infomration relating to people who work for, or represent, our current and prospective customers or who are, or work for, or represent suppliers to WeLink.
In relation to our broadband services we collect the following personal data:
In relation to our Wi-Fi services we collect the following personal data:
When you register to be able to use our Wi-Fi network we ask for some personal information through our registration portal. This information includes:
We also collect device-specific information when you connect to our network and when you browse the internet. This information includes:
When you use our services we automatically collect and store certain information in server logs such as:
In relation to WeLink’s broadband business, it is a data controller and it uses and processes that data in accordance with its obligations under the GDPR.
In relation to WeLink’s WiFi business it has a number of agreements with its customers. These agreements set out whether WeLink, or its customer is either data controller or data processor and set out how data is either controlled or processed.
In relation to the networks which WeLink owns, it is data controller but where it operates a network for a customer which owns the network, then it is a data processor. Where WeLink is a data controller it determines the purposes for which data is processed; where it is a data processor it processes information on the basis of instructions received from its customers.
Obligations where WeLink is a Data Processor
Data processors are obliged to ensure that the processing of data is in compliance with the six data protection principles set out in the GDPR. In particular, to:
As we have explained above in the context of WeLink’s businesses (both broadband and WiFi), WeLink can be both data controller and data processor depending upon its contractual position with its customers. We will only process personal data when the law allows us to.
We use personal data in relation to our broadband services as follows:
Most commonly, we use personal data in our Wi-Fi business in the following ways:
The law on data protection provides a number of different grounds that a company such as WeLink can rely on to make its processing of personal data lawful.
WeLink relies on the following four legal grounds to process personal data:
You Have Consented To Our Using Your Personal Data
We can collect and process your personal data with your consent. This will be the case if you have registered to use app or website.
WeLink’s Contractual Obligations & Performance
We may process personal data to comply with and perform our obligations and exercise our rights under our contract with you. We also rely on this basis when ascertaining whether or not you are complying our Terms of Service and enforcing those terms.
WeLink’s Legitimate Interests
The law states that in specific situations, WeLink can process personal data to pursue its legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact the rights, freedoms or interests of our customers or users. We rely on this basis to use data to send you communications and information about other services we offer. We also rely on this basis to process your data to generate anonymised data. We further rely on this data to provide your Technical Data and Usage Data to Amvia, as set out in section 10 below.
We may process your personal data to comply with any applicable legal obligation, law, regulation, legal process or enforceable governmental request or to detect, prevent or otherwise address fraud or crime prevention. We would rely on this ground for example if the police or security services were to require us to provide them with personal data in relation to the detection or prosecution of criminal offences.
WeLink may share personal data with any member of our group, for the purposes of data and trend analysis. Group in this context means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose or share personal data in order to comply with any legal obligation on us or to protect the rights, property, or safety of WeLink or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection or the prevention of criminal conduct.
We may disclose personal data to a purchaser of WeLink or substantially all of its assets, in which case personal data held by WeLink will be one of the transferred assets.
We won’t share personal data with any third party for the purpose of marketing unless you have given your consent to us doing that. If you do consent to receive information about third party products or services, we will provide you with relevant details of the third party (including who they are, where they are based and how they may be contacted) and will explain what personal data will be shared with them.
We may share your personal data with a company called Amvia Limited, company No. 10267830, whose registered address is at Aizlewoods Mill, Nursery Street, Sheffield, S3 8GG. Amvia provide us with certain technology infrastructure (such as leased line, fibre, ethernet and FTTP services) to allow us to operate Wifi in the City of Watford.
A subset of some data in relation to YCCC is shared with TwoCircles (a marketing company). The following information is shared. This includes: Date of registration; Time of registration; Registration type (email/Facebook); Marketing consent (yes/no); First name; Last name; Email address; Postcode; Gender (Male/Female); age range; registration location (which stand in the stadium).
Individuals (“Data Subjects”) have a number of legal rights in relation to the personal data which we hold about them. These include:
If you would like to exercise any of your legal rights in relation to the personal data we hold about you, you can submit a request through our Website using this link: www.welinkuk.com/contact-us or by contacting the data protection officer whose details are set out in section 3 above.
Generally Data Subjects will not have to pay a fee to exercise any of their legal rights. However, we are entitled to charge a reasonable fee if any request is clearly unfounded, repetitive or excessive. We can also refuse to comply with an unfounded or excessive request. We may need to request information from a Data Subject to confirm their identity, in order to make sure that personal data is not disclosed to someone who is not entitled to have it. We may also need to ask a Data Subject for additional information to help us respond to their request. We will try to respond to a Data Subject’s request within one month but, if the request is very complex or if a Data Subject has made a number of requests, it could take longer. In such circumstances, we will explain to the Data Subject why it will take longer to respond and we will keep them updated.
We may also use your personal data to send you emails containing information about products and services we offer or to conduct surveys but we won’t do that if you opted not to receive such emails when you registered with us. Any email of this type that we send you will contain an opt out option, which you can use to tell us that you no longer wish to receive this kind of email.
We won’t otherwise share your personal data with any third party for marketing purposes without first obtaining your express opt-in consent.
You can ask us or any approved third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
We retain WeLink personal data for as long as reasonably necessary to fulfil the purposes it was collected for and to enable us to comply with our legal obligations.
As part of our commercial offering includes the statistical analysis and presentation of summarised historic information, we will retain information for as long as it is useful for these purposes. In carrying out these analyses, we will never share your personal information and will ensure that you remain anonymous at all times.
This does not affect your absolute right to have your personal information removed from our servers on request at any time.
WeLink takes the security of personal data very seriously. We use appropriate security measures to protect personal data from unauthorised access, disclosure, alteration or loss.
WeLink data is hosted by Amazon Web Services which is built with security by design principles, based upon confidentiality, integrity, and availability. The development of the WeLink Platform, its installation and maintenance are carried out in accordance with the rules set out by the latest security standards. Our products and services comply with the security and privacy requirements of GDPR, ISO 27001.
We take our responsibilities as a data processor extremely seriously and ensure that all customer data is treated with the utmost care and confidentiality. Data is hosted within Amazon Web Services London region and we use end to end encryption to ensure that information transmitted between the mobile device applications and infrastructure is not accessible by any individual.
Staff receive induction training on information security as part of joining their organisation and are made aware of their responsibilities and the implications of their actions in relation to cyber security both on them as individuals and also within the organisation.
We conduct training courses using our training platform to ensure that staff are up to date with the latest guidelines and best practices.
Access to personal information is retained only for senior staff and accessed upon instruction from a customer in response to a support issue or query. Roles Based Access Controls are implemented across the organisation’s IT systems to ensure that staff only ever have access to the information that they require.
As part of our induction training all staff are made aware of how to report information security incidents and we have ISO and GDPR policies on how to report a data breach internally, with customers and the ICO. Sophos antivirus and firewall protections are implemented across the organisations IT systems and end user devices.
We conduct annual penetration testing by a CESG accredited organisation to ensure that there are no threats and vulnerabilities within our infrastructure.
As part of our IT operations policy we conduct patching of internal IT systems and end user devices in line with guidance from software vendors and always use supported operating systems, software and browsers.
We ensure that we follow the latest industry best practices and guidelines in relation to cyber security. We ensure compliance with the latest information security and cyber security guidelines from NCSC.
All WeLink contact personal data, which we store electronically, is stored on our private, secure network of computers. Access to our IT systems is password protected. Our IT provider regularly monitors our computer and network systems for possible vulnerabilities and attacks and use state of the art firewalls and anti-virus software, which is regularly updated.
We only process personal data in the UK.
If you wish to exercise any of the rights set out above, then you should contact our Data Protection Officer, whose details are set out in paragraph 3 above.
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive (see above). Alternatively, we could refuse to comply with such a request in these circumstances.
Verifying Your Identity
We may need to request specific information from you to help us confirm your identity and ensure your right to access personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Typically we will require at least two valid types of Identity Data, being the email address that you used to sign up to our network services with and details of the devices you used to access our service (for example MAC Address).
We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if the request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
If you ask us to, we will, subject to compliance with any overriding legal obligations we owe to third parties (such as the police or the security services), remove, delete or stop using your personal Data information. If you want us to do this then please contact us at . We will need to verify your identity as set out in section 16 above.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority in relation to data protection issues (www.ico.org.uk). If you feel that your data has not been handled correctly, or are unhappy with our response to any requests you have made to us regarding our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would, however, appreciate the chance to deal with any such concerns before you approach the ICO so please contact us in the first instance.
The ICO can be contacted by calling 0303 123 1113 or by going online at www.ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge a complaint with the relevant data protection regulator in your country of residence.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
|WeLink||laravel session||This cookie keeps track of the user sessions. We use the session cookie to provide a seamless registration experience across all registration mechanisms.|
|WeLink||random_string||This cookie is used in conjunction with the larval session cookie to keep track of the user sessions. We use the session cookie to provide a seamless registration experience across all registration mechanisms.|
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.