Privacy Policy

Please read this Privacy Policy carefully. It explains how Optua collects, uses, stores, and protects your personal information in accordance with applicable data protection and privacy laws.

This Privacy Policy applies to all customers of Optua Telecommunications Limited and complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

If you require an accessible version, for example by PDF or by post, please contact us at contactus@optua.co.uk

1. Data Controller

1.1 The data controller responsible for your personal data is:

Optua Telecommunications Limited
Company Number: SC872607
Registered in Scotland
Registered Address: 2nd Floor, 48 West George Street, Glasgow, G2 1BP, United Kingdom

Our Information Commissioners Office registration number is ZC069601.

1.2 For data protection enquiries, you can contact us at:

Email: contactus@optua.co.uk
Phone: 0800 054 8330 (free to call from UK landlines and mobile networks)

2. Information we collect

Personal Information You Provide

2.1 When you register for our Services or interact with us, we collect:

(a) Full name and date of birth;
(b) Email address and telephone number;
(c) Service installation address;
(d) Billing address (if different from installation address);
(e) Payment information (processed securely by our payment providers);
(f) Account credentials and security information;
(g) Business name, trading name, and company registration details (for business customers);
(h) Authorised contact information and account administrator details.

Communications Data

2.2 Under the Investigatory Powers Act 2016, as a telecommunications provider, we are required to retain certain communications data for up to 12 months, including:

(a) Internet connection records (ICRs);
(b) IP addresses assigned to your Service;
(c) Connection timestamps and duration;
(d) Data volume transmitted and received;
(e) Network identifiers and routing information.

2.3 Important: We do NOT monitor, record, or store the content of your internet usage, websites visited, or the content of your communications. We only retain metadata as required by law.

Technical and Service Data

2.4 We collect technical and service-related data necessary for the provision, maintenance, and improvement of our Services, including:

(a) Network performance and quality metrics;
(b) Equipment identifiers (router MAC address, ONT serial numbers, device identifiers);
(c) Service usage statistics and bandwidth consumption;
(d) Fault reports and technical support interactions;
(e) Network security and abuse monitoring data;
(f) Quality of service measurements and latency statistics;
(g) Configuration data and firmware versions.

Website and Account Usage Data

2.5 When you access our website or customer account portal, we collect:

(a) Website cookies and analytics data (subject to your consent—see Section 9);
(b) Account portal login history and access logs;
(c) Device and browser information;
(d) IP address used to access our website;
(e) Referring URLs and page navigation data;
(f) Session duration and interaction patterns.

Customer Communications

2.6 We retain records of communications between you and Optua, including:

(a) Customer support enquiries and responses;
(b) Email correspondence;
(c) Telephone call records;
(d) Live chat transcripts;
(e) Complaints and their resolution;
(f) Feedback and survey responses.

3. Legal basis and purpose for processing

3.1 We process your personal data under the following legal bases established by the UK GDPR:

Contract Performance

3.2 Processing necessary to provide our Services to you under our agreement:

(a) Account creation, management, and administration;
(b) Service provisioning, installation, and activation;
(c) Billing, invoicing, and payment processing;
(d) Customer support and technical assistance;
(e) Service performance monitoring and optimisation;
(f) Fault detection, investigation, and resolution;
(g) Service upgrades, downgrades, and migrations;
(h) Contract management and renewal;
(i) Credit checking and assessment of creditworthiness.

Legal Obligation

3.3 Processing required by law or regulatory obligation:

(a) Retention of communications data under the Investigatory Powers Act 2016 (maximum 12 months);
(b) Compliance with law enforcement requests (with appropriate legal authority);
(c) Tax, VAT, and accounting obligations (6-7 years);
(d) Regulatory reporting to Ofcom and other competent authorities;
(e) Prevention, detection, and investigation of fraud and crime;
(f) Anti-money laundering and know-your-customer (KYC) checks;
(g) Compliance with telecommunications security requirements under the Telecommunications (Security) Act 2021;
(h) Responding to lawful requests from government authorities, courts, and tribunals (including Scottish courts under Scots law).

Legitimate Interests

3.4 Processing necessary for our legitimate business interests (balancing your rights and our interests):

(a) Network security, monitoring, and abuse prevention;
(b) Service improvement, development, and testing;
(c) Fraud prevention, detection, and debt recovery;
(d) Business analytics, planning, and forecasting;
(e) Marketing our Services to existing customers (where permitted under PECR);
(f) Credit checking and payment verification;
(g) Complaints handling and dispute resolution;
(h) Internal record-keeping and audit;
(i) Protecting our legal rights and interests, including establishment, exercise, or defence of legal claims in Scottish or other UK courts under Scots law or other applicable law;
(j) Sharing payment behaviour data with credit reference agencies to assist other businesses in making informed credit and risk decisions, thereby supporting a fair and transparent commercial credit environment.

3.5 Where we rely on legitimate interests, we have conducted a balancing assessment to ensure that our processing does not override your fundamental rights and freedoms.

Consent

3.6 Where we have obtained your explicit consent:

(a) Marketing communications to prospective customers;
(b) Non-essential cookies and analytics (see Section 9);
(c) Sharing testimonials or case studies;
(d) Participation in customer surveys or feedback programs;
(e) Use of personal data beyond the scope of our contract where consent is required.

3.7 You may withdraw your consent at any time by contacting us at contactus@optua.co.uk or using the unsubscribe mechanism provided. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal.

4. Information sharing and third parties

4.1 We do not sell your personal data to third parties under any circumstances.

4.2 We may share your information with the following categories of recipients where necessary for the purposes set out in Section 3:

Network Partners

4.3 We share necessary information with wholesale network operators (including CityFibre, Openreach, Netomnia, and other wholesale fibre network operators) to:

(a) Provision and install Services;
(b) Investigate and resolve faults;
(c) Schedule engineer appointments;
(d) Maintain network infrastructure;
(e) Coordinate service migrations and upgrades.

4.4 Network partners process personal data as independent data controllers for their own regulatory and operational purposes. We recommend reviewing their respective privacy policies.

Service Providers and Processors

4.5 We engage trusted third-party service providers who process data on our behalf as data processors, including:

(a) Payment processors (for billing, transaction processing, and fraud prevention);
(b) Cloud hosting providers (for data storage, systems hosting, and infrastructure);
(c) Customer support platforms and CRM systems;
(d) Email and communication services;
(e) Analytics, monitoring, and security tools;
(f) IT service providers and system integrators;
(g) Professional advisers (legal, accounting, audit).

4.6 All service providers are bound by written data processing agreements requiring them to:

(a) Process personal data only on our documented instructions;
(b) Implement appropriate technical and organisational security measures;
(c) Ensure confidentiality of personal data;
(d) Assist us in responding to data subject requests;
(e) Notify us of any personal data breaches;
(f) Delete or return personal data upon termination;
(g) Comply with UK GDPR and Data Protection Act 2018.

Law Enforcement and Regulatory Bodies

4.7 We may disclose information when legally required or permitted:

(a) In response to lawful requests from law enforcement agencies (with appropriate legal authority such as a warrant, court order, or statutory notice);
(b) To comply with court orders, subpoenas, judicial warrants, or legal processes issued by Scottish or other UK courts under Scots law or other applicable law;
(c) To Ofcom for regulatory compliance, monitoring, and enforcement;
(d) To the Information Commissioner's Office (ICO) where required;
(e) To prevent, detect, or investigate suspected criminal activity, fraud, or threats to public safety;
(f) To protect our legal rights, property, or the safety of our customers or third parties;
(g) In response to requests from the Scottish Courts and Tribunals Service or other competent judicial authorities under Scots law.

4.8 We will only disclose the minimum amount of personal data necessary to fulfil the legal obligation or request.

Credit Reference Agencies and Fraud Prevention Agencies

4.9 We may share information with credit reference agencies and fraud prevention agencies for:

(a) Identity verification and authentication;
(b) Credit checking and affordability assessment;
(c) Fraud prevention, detection, and investigation;
(d) Debt tracing and recovery (where applicable);
(e) Prevention of money laundering and other financial crimes.

4.10 We use Creditsafe as our primary credit reference agency:

Creditsafe Business Information Limited
Registered Office: Diffley House, Lloyd Drive, Cheshire Oaks Business Park, Ellesmere Port, CH65 9HQ
Company Registration: 03490298 (England and Wales)
Website: www.creditsafe.com

4.11 We may also share information with other credit reference agencies, including:

(a) Experian Limited
Experian Ltd
George West House
Great West Road
Brentford
TW8 9AG
Website: www.experian.co.uk
(b) Equifax Limited
Equifax Ltd
Customer Service Centre
PO Box 10036
Leicester
LE3 4FS
Website: www.equifax.co.uk
(c) TransUnion International UK Limited
TransUnion
One Park Lane
Leeds
LS3 1EP
Website: www.transunion.co.uk

4.12 Information shared with credit reference agencies may include your name, address, date of birth, financial information, payment history, and credit history. This information may be used by these agencies and other organisations for their own credit assessment, fraud prevention, and identity verification purposes.

4.13 Important: We do not automatically provide you with a copy of your credit report. If you wish to obtain a copy of your credit report or credit score, you must contact the relevant credit reference agency directly. You have the right to request a free statutory credit report from each credit reference agency. Contact details are provided above in clauses 4.10 and 4.11.

4.14 You can contact each credit reference agency directly to request a copy of your credit file or to understand how they use your information.

Trade Payment Data Sharing with Creditsafe

4.15 We participate in Creditsafe's trade payment data programme. Under this programme, we share payment behaviour information from invoices with Creditsafe to assist other businesses in making informed credit and risk management decisions.

4.16 The payment data we share with Creditsafe includes:

(a) Your business name, trading name, and company registration details (for business customers);
(b) Invoice amounts and credit limits extended;
(c) Payment terms (e.g., 30-day payment terms);
(d) Actual payment dates and timing of payments;
(e) Days Beyond Terms (DBT) – a metric that tracks how late payments are made;
(f) Payment performance patterns and trends;
(g) Outstanding invoice balances and aged debt information.

4.17 Purpose of sharing trade payment data: This information is shared to:

(a) Enable other organisations to assess the creditworthiness and payment behaviour of businesses when making lending and credit decisions;
(b) Support a transparent and fair commercial credit environment;
(c) Help businesses identify potential financial risks before entering into trading relationships;
(d) Reward businesses with good payment behaviour by making their positive payment history visible to potential suppliers and lenders;
(e) Contribute to Creditsafe's global database of over 300 million trade payment experiences, which improves the accuracy and reliability of business credit reports.

4.18 Legal basis for sharing trade payment data: We share this payment data based on our legitimate business interests under Article 6(1)(f) of the UK GDPR. Our legitimate interest is to contribute to a fair and transparent commercial credit environment that benefits both creditors and debtors. We have conducted a balancing assessment and determined that:

(a) Businesses reasonably expect that their payment behaviour may be reported to credit reference agencies as part of standard commercial practice;
(b) Sharing payment data is widely recognised as beneficial to the UK economy, promoting responsible credit practices and reducing bad debt;
(c) The processing is necessary to achieve our legitimate interest, as alternative methods (such as relying solely on informal trade references) would not provide the same level of accuracy, consistency, or transparency;
(d) The impact on your privacy rights is minimal because the data relates primarily to business financial behaviour rather than personal or sensitive information, and is used solely for commercial credit assessment purposes;
(e) You have the ability to improve your credit standing by maintaining good payment practices, which will be reflected positively in the shared data.

4.19 How Creditsafe uses trade payment data: Creditsafe acts as an independent data controller when processing trade payment data. The data is:

(a) Combined with information from other suppliers, public records, and financial sources to create comprehensive business credit reports;
(b) Used to calculate credit scores and risk indicators that help businesses assess the financial stability of potential customers and suppliers;
(c) Made available to Creditsafe's subscribers (businesses that use Creditsafe's services) to inform their credit decisions;
(d) Retained in accordance with Creditsafe's data retention policies and applicable legal requirements.

4.20 Your rights regarding trade payment data: You have the following rights in relation to payment data shared with Creditsafe:

(a) Right to access: You can request a copy of the payment data we have shared with Creditsafe by contacting us at contactus@optua.co.uk. You can also request your business credit report directly from Creditsafe (see clause 4.10 for contact details);
(b) Right to rectification: If you believe that payment data we have shared is inaccurate or incomplete, you can request correction by contacting us. We will investigate and, where appropriate, update the information with Creditsafe;
(c) Right to object: You have the right to object to the sharing of your payment data with Creditsafe on grounds relating to your particular situation. If you object, we will assess whether we have compelling legitimate grounds to continue sharing the data that override your interests, rights, and freedoms. You can exercise this right by contacting us at contactus@optua.co.uk;
(d) Updating your data with Creditsafe: If you wish to update or correct information held by Creditsafe directly, you can contact Creditsafe using the details provided in clause 4.10. Creditsafe may require validation or proof of corrections before updating their records.

4.21 Important notice for business customers: If you are a business customer, please note that:

(a) Maintaining good payment practices (such as paying invoices on time or within agreed terms) will result in positive payment data being shared, which can improve your business credit rating and make it easier to access credit, financing, and favourable payment terms from other suppliers;
(b) Late payments or non-payment will be reported and may negatively impact your business credit rating;
(c) Sharing payment data is standard commercial practice in the UK and is consistent with the expectations of the business community and regulatory frameworks such as the Small and Medium Sized Business (Credit Information) Regulations 2015.

4.22 For more information about how Creditsafe processes business payment data, please refer to Creditsafe's Business Information Transparency Notice, available at www.creditsafe.com.

Business Transfers

4.23 If Optua is involved in a merger, acquisition, reorganisation, sale of assets, or any form of business transfer or restructuring, your personal data may be transferred to the acquiring or successor entity. We will notify you of any such transfer and ensure that the transferee is bound by appropriate data protection obligations.

5. International data transfers

5.1 Your personal data is primarily stored and processed within the United Kingdom. However, some of our service providers and partners may be located outside the UK, including in the European Economic Area (EEA), United States, or other jurisdictions.

5.2 Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place to protect your data, including:

(a) Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office;
(b) Adequacy decisions recognising that the destination country provides an equivalent level of data protection to the UK (e.g., EEA countries);
(c) Binding Corporate Rules (where applicable);
(d) Other legally approved transfer mechanisms under UK GDPR and Data Protection Act 2018.

5.3 You can obtain further information about the safeguards we use for international transfers by contacting us at contactus@optua.co.uk.

6. Data security

6.1 We implement appropriate technical and organisational security measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, damage, or disclosure. Our security measures include:

(a) Encryption of data in transit (using TLS/SSL) and at rest (using AES-256 or equivalent);
(b) Multi-factor authentication (MFA) for account access and administrative systems;
(c) Role-based access controls and principle of least privilege;
(d) Regular security assessments, vulnerability scanning, and penetration testing;
(e) Secure data centres with physical security measures, environmental controls, and access logging;
(f) Intrusion detection and prevention systems (IDS/IPS);
(g) Security incident response and breach notification procedures;
(h) Staff training on data protection, security, and confidentiality;
(i) Regular backup and disaster recovery procedures;
(j) Logging and monitoring of access to personal data.

6.2 While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. You acknowledge that you provide your personal data at your own risk.

6.3 You are responsible for:

(a) Maintaining the confidentiality of your account credentials (username, password, security questions);
(b) Using strong, unique passwords and changing them regularly;
(c) Enabling multi-factor authentication where available;
(d) Notifying us immediately at contactus@optua.co.uk if you suspect any unauthorised access to your account;
(e) Ensuring that your devices and software are kept up to date with security patches.

7. Data retention

7.1 We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations under UK and Scottish law.

7.2 Our data retention periods are as follows:

Data Category	Retention Period	Legal Basis
Account and billing data	Duration of service plus 6 years	Tax, VAT, and accounting law (section 24 of the Taxes Management Act 1970; VAT Act 1994)
Communications data (ICRs, metadata)	Maximum 12 months	Investigatory Powers Act 2016
Customer support and complaints records	Duration of service plus 3 years	Contract performance and legal claims (Prescription and Limitation (Scotland) Act 1973)
Payment and transaction records	6 years from end of financial year	Tax and anti-money laundering laws
Marketing consent records	Until consent withdrawn plus 3 years	Evidence of consent and PECR compliance
Website analytics and cookies	Maximum 26 months	PECR and legitimate interests
Contract and agreement records	Duration of service plus 7 years	Contract law and potential legal claims (Companies Act 2006 and Prescription and Limitation (Scotland) Act 1973)
Network security logs	12 months	Legitimate interests (security) and Telecommunications (Security) Act 2021
Fault and incident records	3 years	Service improvement and potential claims
Credit checking records	6 years from date of check	Credit assessment, fraud prevention, and potential disputes
Trade payment data shared with Creditsafe	Shared for duration of customer relationship; retained by Creditsafe in accordance with their retention policies	Legitimate interests and support for commercial credit environment

7.3 After the applicable retention period expires, we will securely delete, destroy, or anonymise your personal data in accordance with our data retention and disposal policy.

7.4 We may retain personal data for longer periods where:

(a) Required by law, regulation, court order, or tribunal direction (including Scottish courts) under Scots law or other applicable law;
(b) Necessary for the establishment, exercise, or defence of legal claims under Scots law or other applicable law;
(c) Necessary for compliance with regulatory investigations or proceedings;
(d) You have consented to longer retention;
(e) The data has been anonymised or aggregated such that it can no longer identify you.

8. Your rights under UK GDPR

8.1 You have the following rights regarding your personal data under the UK GDPR:

Right of Access (Subject Access Request)

8.2 You can request a copy of the personal data we hold about you. We will respond within one month of receiving your request, free of charge (unless the request is manifestly unfounded, excessive, or repetitive).

8.3 When responding to a subject access request, we will provide:

(a) Confirmation of whether we process your personal data;
(b) A copy of your personal data;
(c) Information about the purposes of processing, categories of data, recipients, retention periods, and your rights;
(d) Information about the source of the data (if not collected directly from you);
(e) Information about automated decision-making or profiling (if applicable).

Right to Rectification

8.4 You can request correction of inaccurate or incomplete personal data. You can update most information through your customer account portal. If you cannot update information yourself, contact us at contactus@optua.co.uk.

8.5 We will respond to rectification requests within one month and will notify any third parties to whom we have disclosed the data of the correction (unless this is impossible or involves disproportionate effort).

Right to Erasure ("Right to be Forgotten")

8.6 You can request deletion of your personal data in certain circumstances, including where:

(a) The personal data is no longer necessary for the purposes for which it was collected;
(b) You withdraw consent (where processing is based on consent) and there is no other legal basis for processing;
(c) You object to processing based on legitimate interests and there are no overriding legitimate grounds for processing;
(d) The personal data has been unlawfully processed;
(e) The personal data must be erased to comply with a legal obligation.

8.7 We may refuse erasure requests where we are required or permitted to retain the data:

(a) To comply with legal or regulatory obligations (e.g., Investigatory Powers Act 2016, tax laws, telecommunications security requirements);
(b) For the establishment, exercise, or defence of legal claims in Scottish or other UK courts under Scots law or other applicable law;
(c) For compliance with regulatory investigations or proceedings;
(d) For archiving purposes in the public interest, scientific or historical research, or statistical purposes.

Right to Restrict Processing

8.8 You can request that we limit how we use your personal data in certain situations, including where:

(a) You contest the accuracy of the personal data (restriction applies while we verify accuracy);
(b) Processing is unlawful and you oppose erasure, requesting restriction instead;
(c) We no longer need the personal data but you require it for legal claims;
(d) You have objected to processing based on legitimate interests (restriction applies while we verify whether our legitimate grounds override yours).

8.9 Where processing is restricted, we may store the data but not use it (except with your consent, for legal claims, to protect another person's rights, or for public interest reasons).

Right to Data Portability

8.10 You can request a copy of your personal data in a structured, commonly-used, machine-readable format (such as CSV or JSON) to transfer to another service provider, where:

(a) The processing is based on your consent or on a contract with you; and
(b) The processing is carried out by automated means.

8.11 Data portability applies to personal data you have provided to us, such as:

(a) Account information (name, email, address, telephone);
(b) Service usage data;
(c) Billing and payment history;
(d) Customer communications records.

8.12 Data portability does not apply to:

(a) Derived or inferred data (such as credit scores or risk assessments);
(b) Data obtained from third parties;
(c) Data that adversely affects the rights and freedoms of others.

Right to Object

8.13 You can object to processing of your personal data where:

(a) Processing is based on legitimate interests (including profiling);
(b) Processing is for direct marketing purposes (including profiling for direct marketing).

8.14 Where you object to processing based on legitimate interests, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defence of legal claims under Scots law or other applicable law.

8.15 Where you object to direct marketing, we will stop processing your personal data for that purpose immediately.

Right to Withdraw Consent

8.16 Where processing is based on your consent, you may withdraw your consent at any time by contacting us at contactus@optua.co.uk or using the unsubscribe mechanism provided.

8.17 Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. After you withdraw consent, we may continue to process your personal data where we have another legal basis for doing so (such as contract performance or legal obligation).

Right to Lodge a Complaint

8.18 You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with data protection law.

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

8.19 We encourage you to contact us first at contactus@optua.co.uk so we can try to resolve your concern directly.

How to Exercise Your Rights

8.20 To exercise any of your rights under UK GDPR, please contact us:

Email: contactus@optua.co.uk
Phone: 0800 054 8330
Post:
Data Protection Officer
Optua Telecommunications Limited
2nd Floor
48 West George Street
Glasgow
G2 1BP
United Kingdom

8.21 We may need to verify your identity before responding to your request. We will respond to all valid requests within one month (which may be extended by a further two months for complex or multiple requests).

9. Cookies and tracking technologies

9.1 Our website uses cookies and similar tracking technologies to improve your experience, analyse website usage, and provide targeted advertising (where you have consented).

9.2 Essential Cookies: These cookies are necessary for the website to function and cannot be disabled. They include cookies for:

(a) Session management and authentication;
(b) Security and fraud prevention;
(c) Load balancing and performance.

9.3 Analytics Cookies: We use analytics cookies to understand how visitors use our website and to improve our services. These cookies collect information such as:

(a) Pages visited and time spent on each page;
(b) Referring website or search engine;
(c) Device type, browser, and operating system;
(d) IP address (anonymised where possible).

9.4 We use the following analytics platforms:

(a) PostHog: We use PostHog for product analytics, session recordings, feature flags, and user behaviour analysis. PostHog processes data including page views, clicks, user interactions, session replays, and technical information about your device and browser. PostHog is configured to respect user privacy preferences and can anonymise or pseudonymise data where appropriate. For more information about PostHog's data practices, please visit posthog.com/privacy.
(b) Google Analytics: We may use Google Analytics to understand website traffic and usage patterns. Google Analytics collects anonymised data about website visits and user interactions.

9.5 Marketing Cookies: We may use marketing cookies to:

(a) Display targeted advertising based on your interests;
(b) Track the effectiveness of advertising campaigns;
(c) Provide personalised content.

9.6 You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings. You can also:

(a) Opt out of PostHog tracking by using the opt-out controls in our cookie banner or by enabling "Do Not Track" in your browser settings (where supported);
(b) Opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).

9.7 Disabling cookies may affect the functionality of our website and your user experience.

10. Marketing communications

10.1 We may send marketing communications to existing customers about our products, services, offers, and promotions where:

(a) You have not opted out of receiving marketing communications; and
(b) The marketing relates to similar products or services to those you have previously purchased or enquired about (in accordance with PECR).

10.2 We may send marketing communications to prospective customers where:

(a) You have explicitly consented to receive marketing communications; or
(b) You have provided your contact details in the context of a business enquiry or request for information.

10.3 You can opt out of receiving marketing communications at any time by:

(a) Clicking the "unsubscribe" link in any marketing email;
(b) Contacting us at contactus@optua.co.uk;
(c) Calling us on 0800 054 8330;
(d) Updating your marketing preferences in your customer account portal.

10.4 Opting out of marketing communications does not affect essential service communications (such as billing, account notifications, service updates, and security alerts).

11. Children's Privacy

11.1 Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

11.2 If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at contactus@optua.co.uk and we will delete the information.

12. Changes to this privacy policy

12.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

12.2 We will notify you of any material changes by:

(a) Posting the updated Privacy Policy on our website with a revised "Last Updated" date;
(b) Sending you an email notification (where we have your email address);
(c) Providing notice through our customer account portal or billing communications.

12.3 We encourage you to review this Privacy Policy periodically. Your continued use of our Services after we make changes indicates your acceptance of the updated Privacy Policy.

13. Contact us

13.1 If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Email: contactus@optua.co.uk
Phone: 0800 054 8330 (free to call from UK landlines and mobile networks)
Post:
Data Protection Officer
Optua Telecommunications Limited
2nd Floor
48 West George Street
Glasgow
G2 1BP
United Kingdom

14. Governing law and jurisdiction

14.1 This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with Scots law.

14.2 Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Scotland, including the Court of Session and the Sheriff Courts.