- “you”, we mean the person/s who use, contract for, or show interest in O2 products and services or events, their representatives and any third parties connected to you that you’ve told us about;
- “we” or “us”, we mean Telefonica UK Limited (“O2”);
- “VMED O2 UK Limited”, we mean the joint venture company with registered number 12580944 and whose registered address is Griffin House, 161 Hammersmith Road, London, UK W6 8BS. The joint venture company owns O2 and Virgin Media (which means the companies that provide Virgin Media products and services including Virgin Media Limited, Virgin Mobile Telecoms Limited, Virgin Media Mobile Finance Limited, Virgin Media Business Limited and Virgin Media Wholesale Limited).
Why do we collect your personal information?
We collect information because:
You’ve contracted with us. For example, we need your information to help manage your account and deliver products and services relevant to you (whether we provide them or not), or you work for O2 and we need your information to look after you and your employment with us;
You’ve given us your consent. For example, if you’ve entered a competition, or agreed for us, or specified third parties, to send you direct marketing, offers and perks that are relevant to you;
We’ve got a legitimate interest to help us run and grow our business. For example, improving our products and services, developing new ones, telling you or prospective customers about our products and services (unless it’s in a way that requires consent), finding new customers, understanding more about who our customers are and what they like, tailoring our advertising to the right audience/s managing credit and fraud risks, managing our network and complying with our legal and regulatory obligations.
The law also requires us to process some information. For example, we need to monitor usage to make sure we implement spend caps correctly. Occasionally this information is anonymised so you can't be identified.
To find out more, click on any of the sections below:
- The type of Information we have.
- Where do we get your information?
- How we use your information.
- How we share your information.
- Why we keep hold of your information.
- How to check and update your information.
- Product specific terms.
- Other important things to know.
The type of information we have
The information we have about you includes things like who you are, how you use your O2 products and services, where you use our network, and how you pay for your services.
Who you are includes:
- Your name, phone number, address, gender, age, interests, etc.
- Your debit or credit card details, bank details and other payment information.
- Your interests and preferences.
- Your driving license or other documents that help us verify your identity or contact details or your authority to represent an O2 customer.
How you use your O2 products and services includes:
- Your call, text, surfing and billing records.
- Details about your usage of any other products we supply to you, such as our apps. This includes the date and time you use them, how long for, where you use them and how much it costs.
- We don't look at the content of your messages or listen to your calls (unless you are talking to one of our customer service advisors).
Where you use our network:
If you don't want us to share your network location or some or all of your services, call us on 1300. It's free from your O2 mobile.
Your smartphone might also have a Global Positioning System (GPS) location, that's used by your phone and certain apps. It's more accurate than network location alone, because it uses satellites. If you're using some of our apps, like Priority we, or our partners, might collect some of your GPS location information.
GPS location is different from network location. We don't control it, so there's no need to call 1300. GPS is based on satellites and is set up on the phone itself. Look at your phone's settings to configure it. Remember, if you choose not to share your location, you might not be able to use certain services that need to know where you are for those services to work.
What you do with your O2 account(s):
This includes things such as when and how much you top up and pay your bill, or how often and why you access your account with us.
Where do we get your information?
We collect information mainly when you sign up with us, contact us and when you use our products and services. We also record calls for training and monitoring purposes.
For example, we will collect information when:
- You register as a customer or enquire about O2 products, services or events or take part in market research.
- You get in touch with us to ask something.
- You buy from us – whether it's in an O2 shop, online, over the phone or somewhere else.
- You enter any surveys, promotions, competitions or prize draws.
- You make changes to, or close your O2 account.
- You go to our website, apps, or the websites or apps of any other companies in the Joint Venture Group, or websites used for market research purposes.
- You've bought products or services from one of the Joint Venture Group businesses.
- You submit content, including photographs, or comments to participate in discussion threads.
- You use any of our networks – mobile, wifi or other O2 products and services.
- You sign up for a service with us that means we need to check with credit reference and fraud prevention agencies or you sign up for a service with someone else and they need to verify details with us.
- You sign up for an insurance product that means we need you to provide sensitive personal data, including any medical or criminal record information, about you or a third party.
- You apply for a job with us.
- Your details were included in an application for and performance of an O2 insurance or credit product or service by an O2 customer.
How we use your information
We use and analyse your information to keep in touch with you and to supply and improve our products and services. We will also use your information to tell you about products and services that we think may interest you. Sometimes we'll combine and anonymise this information so you won't be identified. You must obtain consent from any third parties whose personal or sensitive information you provide to us in your application for and / or performance of O2 products and services, (like O2’s insurance products), for us to receive and process that information for those purposes.
In particular, this means using your information to:
- Help you and us manage your account, including:
- Sorting out a payment, put your order through our system or send you an order.
- Getting in touch with you (e.g. if we need to tell you about any problems with a service).
- Looking into any complaints or questions you may raise.
- Telling you if we've changed the way a service works or other important information about the products and services you use.
- Checking whether you qualify for credit or other products, services and offers. We use automated systems to analyse your information to help us make fair and objective decisions about whether we can give you (and members of your household) credit, credit-related services, other similar facilities or insurance. As part of this we may also need to check the financial status of people connected to you (e.g. your spouse or other family members).
- Tracing and recovering debts, managing credit, detecting and preventing fraud and money laundering.
- Recovering any money you might owe us.
- Assigning your debt to permitted third parties and look after any credit you might have.
- To run our business, supply and improve our products and services and develop new ones, including:
- Looking at markets, writing reports or carrying out research and number crunching. And, if the law allows it, looking at information about you (including the calls you make, your spending, what you use the internet for and where you are when you do it).
- Managing our network and your use of our network.
- Improving our (and third party partner) products and services and develop new ones.
- Complying with legal and regulatory obligations (such as legal obligations to keep details of calls made by customers for a certain period of time, to protect vital interests, national security or comply with requests from legal or enforcement authorities),
- Prevent fraud, illegal activity and money laundering to minimise our credit and fraud risks and protect you and our business.
- operating the joint venture. So that we can manage our relationship with you we may share your data between the other members of the Joint Venture Group.
- To market products and services, including:
- telling you about a new service that we think may interest you
- checking what you're interested in or eligible for, so we can offer (and develop) relevant products and services, and surveys
- understanding more about you and O2 customers so you only receive marketing which is of interest to you and so we can find and attract new customers who have similar tastes;
- helping build effective and targeted marketing campaigns to you and similar audiences;
- sending you information about our products and services (or those from selected third parties we think you'd be interested in) by phone, post, email, text, picture message, online banner advertising, or other ways. For some of this marketing activity we need your consent and, in those circumstances, we will only send you messages if you have consented to receive them. You can update marketing preferences at any time using the link in any marketing communication received. Alternatively, you can:
- if you are a consumer or small business, check and update your current preferences here; or
- if you are a business with 10 or more people check and update your preferences here.
- where you have provided your consent, telling you about products and services from other companies we think you'd be interested in, or let selected third parties tell you directly about their products and services.
and to keep things secure and prevent crime and fraud, including verifying your identity and the services you use.
How we share your information
We may share your information with third parties in order to do all the things we’ve described above. We only provide the information needed for these third parties to perform their services, and they’re only allowed to use it for the purpose that we’ve agreed with them and under the contracts we have put in place with them.
This might mean sharing that information with:
- Our partner companies or agencies and their sub-contractors or prospective partners who help us run and develop our current and future products and services, for example our delivery couriers billing or customer service centres and our initiatives.
- Other companies in the Joint Venture Group. This includes their respective partners, agents and sub-contractors.
- Insurance providers when you take out a policy through us.
- Third parties whose products and services we market to you (where you have given consent to receive such messages).
- Third parties whose services or offers you sign up to and in order for those third parties to mitigate fraud, identity theft, or facilitate a quicker and more secure access to their services or who may market to you, for example through the Priority app or O2 Wifi. Third parties like Google or Facebook, to ensure that you are not included in marketing campaigns which are not of interest to you or to understand our customers better and find new audiences who have similar tastes to you. This is based on either your acceptance of cookies or your agreement with Google or Facebook;
- With our partners and contractors for market research and other market engagement.
- Third parties with whom we annonymise cookie data (see our Cookies Policy for more detail).
- Third parties in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any bankruptcy or similar proceedings.
- Credit reference and fraud prevention agencies. When we check your credit score with a credit reference agency, the information that we give them (including details of your credit application and financial details) as well as the fact that we have requested that search will also be recorded by the credit reference agency. We exchange information with credit reference agencies on payment performance and your financial situation on an ongoing basis and this information could be used by us and third parties to make future credit assessment decisions. Your data will also be linked to the data of your spouse, any joint applicants or other financial associate. If fraud is detected, you could be refused certain services, finance, or employment.
- Other communications companies.
- New or prospective owners of Telefónica UK Limited or the joint venture.
We might also share your information:
- With any public authority or law enforcement agency (if they ask for it).
- To comply with law or regulations, or for possible legal proceedings.
- If you give us personal information that's wrong or we find out (or think) you're responsible for fraud. In these circumstances we might share your information with third parties such as law enforcement agencies, credit reference agencies and other affected third parties.
- If one of our partners who are processing information for us are compelled to do so by law.
- If there's an emergency and we think you or other people are at risk.
Why we keep hold of your information
We keep information for as long as we need it for the purposes described above.
We keep information while you're our customer. After you've left uswe will generally keep it for at least one year and up to seven years, depending on the type of information and the reason we need it. Sometimes we may need to keep it for longer. The retention period will be determined by various criteria including:
- We might need to sort out disagreements, stop fraud and abuse, prove that you had an account with us or follow our legal obligations. Or the police may need it as evidence. We may also keep information about how you use our products or services. But in each case, we will only keep the information for as long as we need it. Credit reference of fraud prevention agencies with whom your information may be shared may need to keep the information for up to six years.
- If we need it for audits, checks or corporate responsibilities;
- Laws or regulation may set a minimum period for which we have to keep your information;
- If the data is aggregated or anonymised so you can no longer be identified by it.
You have a number of legal rights in relation to the information that we hold about you, including:
- The right to request details of the information we have about you.
- The right to withdraw your consent to the use of your information where we are relying on that consent (for example, you can withdraw your consent to marketing messages from us where such consent has been given). Please note that we may still be entitled to process your information if we have another legitimate reason (other than consent) for doing so.
- In some circumstances, you have the right to receive some of your information in a usable format and/or request we transmit that data to a third party where this is technically feasible. Please note that this right only applies to information which you have provided to us.
- The right to ask that we update your information if it is inaccurate or incomplete.
- The right to ask that we erase your information in certain circumstances. Please note that there may be circumstances where you ask us to erase your information but we are legally entitled to retain it.
- The right to request that we restrict the processing of your information in certain circumstances. Again, there may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request.
- The right to make a complaint with the Information Commissioner www.ico.org.uk if you think that any of your rights have been infringed by us.
You can exercise your right by emailing us or you can speed up the process by using this form to access your data and this form to exercise your other rights. You’ll need to include some proof of identification. Email your Data Rights request to email@example.com or, if you prefer, you can write to us at: Telefonica UK Limited, Correspondence Department, PO BOX 694, Winchester, SO23 5AP. Don’t forget to include your form, if you choose to fill one out.
If you are an O2 employee, you can exercise your rights by contacting MyHRUK@o2.com.
For queries or information regarding exercising your data rights with Virgin Media and their use of your personal information, see https://www.virginmedia.com/shop/the-legal-stuff/privacy-policy.
How to check and update your information
Go to o2.co.uk and sign in to My O2 to look at your personal information.
You can change how we get in touch with you – and your account details – whenever you like.
Product Specific Examples
If you sign up to Priority we use information about your location so you can enjoy offers that are near you. You can manage your Priority marketing preferences in your account in the Priority App.
If you work for O2, when you register as a user and when you set up an activity through Our Blueprint website, we collect information directly from you, such as your team, directorate, office location, whether you are a purpose ambassador, details of the activity you want to set up, including name and contact details of the organiser, location, date and time of the event etc. If you are an existing O2 employee, we may also process information about you that is held on our systems such your name and work email address.
We use the information we collected to advertise volunteer opportunities on Our Blueprint website and on our internal Workplace site, to contact event organisers and attendees about events they are supporting or attending and to produce reports about Our Blueprint engagements and impact.
If you participate in market research for us, including using the Trail Blazers sites and Apps (‘Sites”), we may also gather information from other sources. The type of information we have will also include information like user ID, your birthday, shopping habits, household income, family composition, online user activity, lifestyle preferences and information, photographs, profile pictures, your “likes” and your social media content you post, as well as the results of any surveys in which you take part on personality, values, attitudes and lifestyle. We will also collect publicly available information such as user-generated content, blogs and postings.
When you visit the Trail Blazers websites, we may also collect:
- information about the type of browser and operating system you use;
- details of the web pages and advertisements you have viewed and the other apps you use on your mobile device; your IP address & log on time;
- your physical location via geolocation techniques;
- your mobile device category and operating system;
- the hyperlinks you have clicked;
- the times you started and ended your participation in a specific survey;
- details from social networking sites (where you have linked your social networking site to your Trail Blazers account); and
- the websites you visited before arriving at our site.
Information gathered for Trail Blazers is kept for 12 months following the end of your membership of Trail Blazers, unless you tell us you’d like us to remove it earlier.
If you’ve registered with Trail Blazers, we can update or make changes to your personal data by sending us an email to hello@O2 Trailblazers.co.uk and one of the team will be happy to help with your query.
Other Important things to know
Recipients outside the United Kingdom (UK):
We, or organisations to whom we transfer your information (including fraud agencies), might give your information to other companies based outside the UK. For example, like many companies, we may use cloud services from suppliers outside the UK.
Where we transfer your personal data outside the UK, we ensure that such transfer is safe and secure and carried out in accordance with the applicable data protection legislation:
- If there is a decision under the UK data protection law that the country to which your personal data is transferred provides an adequate level of data protection (adequacy decision), we rely on this. For example, the European Economic Area (EEA), which consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway, has received such an adequacy decision.
- If there is not such an adequacy decision, we implement appropriate safeguards or other available legal mechanisms for transferring personal data to third countries. For example, we enter into appropriate contracts, known as standard contractual clauses, with our business partners and suppliers in those third countries to ensure the protection of your personal data.
You can obtain more details of the protection given to your information when it is transferred outside the UK (including a sample copy of the contract used with some recipients of your information) by contacting us via the “Contact us” section below.
Communicating over the internet:
Please remember, any emails or other communications you send over the internet aren't safe unless they've been encrypted. They might go through a few countries before they get to your friend who lives around the corner. Unfortunately, that's the nature of the internet.
If someone gets into your emails without your permission, or your personal information is shared publicly, we can't accept responsibility. It is out of our control.
Pages on o2.co.uk and other companies' websites:
On our website there are pages that are branded with both the O2 name and logo, as well as other companies' names and logos. We, and other companies working with us, look after these pages.
Other important information
Please note that if you're signing up for our products and services there might be extra terms and conditions to look at.
If you would like to know more about how credit reference and fraud prevention agencies use and share your personal information you can find that information at:
If you want to know more about how we use your information or to raise any queries with us in relation to your information, you can Contact Us. To get in touch with our data protection office, email DPO@o2.com.
Publication Date: 29 June 2022