Privacy Policy

Boundless Telecom Ltd ("Boundless", "we", "us" or "our") respects your privacy and is committed to protecting personal data. We provide enterprise-grade business telecom and connectivity services, including SIM and eSIM, IoT and M2M connectivity, roaming, secure enterprise mobile, and related telecom and platform services to businesses and organisations operating in the United Kingdom and internationally.

This Privacy Policy explains how we collect, use, share, protect and retain personal data when you visit our website, contact our team, make an enquiry, engage with us as a business customer, work with us as a partner or supplier, or otherwise interact with Boundless and our representatives.

We handle personal data in accordance with applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and maintain appropriate data protection governance for our business activities.

Boundless Telecom Ltd is a company registered in England and Wales under company number 16328940.

Registered office: Office 5, Northgate Business Centre, Northgate, Whitelund Industrial Estate, Morecambe, Lancashire, United Kingdom, LA3 3PA

For privacy and data protection enquiries, including requests to exercise your rights, please contact us at privacy@boundless-telecom.com.

This policy applies to personal data we process in connection with our business and website, including data relating to:

• visitors to our website;
• business prospects and individuals who submit enquiries through our website or other channels;
• enterprise and business customers, and their authorised users and representatives;
• partners, resellers, affiliates and suppliers, and their representatives;
• attendees at events and recipients of business communications;
• individuals whose business contact information is provided to us by their employer, a partner, a reseller, or another legitimate business or public source.

Our services are provided to businesses and organisations. This policy is therefore written for a business-to-business context, while still explaining how we handle personal data relating to individuals who interact with us.

Depending on how you interact with us, we may process the following categories of personal data.

Business contact data — such as name, job title, employer or organisation, business email address, business telephone or mobile number, and business location or region.

Company and account data — such as organisation name, trading or registered address, billing and contact details, tax or VAT details where relevant, and details of authorised account users and their roles.

Enquiry and relationship data — such as the products, services or regions you are interested in, the scale or nature of your requirement, and records of our communications with you, including notes from calls, meetings, demonstrations, proposals and correspondence.

Service and operational data — where we provide services, we may process service-related identifiers and operational records necessary to deliver, secure, support, troubleshoot and bill those services. We do not routinely access the content of communications carried over our services. Where any content-related data is processed, this would only be where necessary to provide a specific service, respond to a support request, comply with law, or protect the security and integrity of our services.

Website and technical data — such as IP address, browser and device information, cookie and similar-technology identifiers, website usage information, form submission information, and security and event logs.

Marketing and preference data — such as your communication preferences, your engagement with our communications, and your registrations for newsletters, events or updates.

Compliance and security data — such as information used for business verification, fraud prevention, security monitoring, and records relating to the acceptable use of services, where applicable.

We may collect personal data:

• directly from you — when you complete a form on our website, contact us, request information, attend a meeting, demonstration or event, or interact with our team;
• from your organisation — where an employer, customer, partner or authorised representative provides your business contact details;
• from partners and suppliers — where they provide information necessary to manage a business relationship or deliver a service;
• from public and business sources — such as business directories, professional networks and company websites; and
• automatically — through website technologies, cookies and similar technologies, and security and event logging, as described in our Cookie Policy.

We process personal data for the purposes set out below. The lawful basis we rely on may vary depending on the context and your relationship with us.

Where we rely on legitimate interests, we balance our interests against your rights and interests. Where we rely on consent, you may withdraw it at any time. The lawful basis applicable to a particular activity may vary by context and jurisdiction.

We may send business-related communications to business contacts about our services, where we are permitted to do so. You can ask us to stop sending marketing communications at any time by using the unsubscribe option in our communications or by contacting us at privacy@boundless-telecom.com. We maintain records as necessary to respect opt-out and suppression requests.

We may share personal data where necessary to operate our website, respond to enquiries, manage business relationships, provide and support our services, comply with legal or regulatory obligations, protect our rights and interests, or maintain the security and integrity of our services. We may also share personal data in connection with a business transaction such as a reorganisation, merger or acquisition, where permitted by law.

We do not sell personal data.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to respond to enquiries, manage business relationships, provide services, comply with legal obligations, maintain records, resolve disputes and protect our rights.

The period for which we retain personal data depends on the category of data and the purpose for which it is held. As a general guide:

• Website enquiry data is typically retained for up to 24–36 months from your last meaningful interaction with us, unless the relationship develops into a customer, supplier, partner or other commercial or legal record.
• Business sales and contact records are typically retained for up to 36 months from the last meaningful business interaction, and then reviewed.
• Customer account and contact records are retained for the duration of the relationship and typically for up to 6 years afterwards where needed for legal, accounting, audit, contractual or dispute purposes.
• Billing and accounting records are typically retained for 6 years from the end of the relevant financial year.
• Support and service records are retained for the duration of the service relationship and then for as long as needed for audit, legal, security, service or dispute purposes.
• Marketing suppression records are retained as necessary to respect opt-out requests.
• Cookie consent records are retained as necessary to manage and evidence consent preferences.
• Technical and security logs are retained for a limited period unless needed for security, investigation, legal or operational reasons.

Where data is no longer required, we take appropriate steps to delete it securely or to anonymise it.

We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse or alteration. Access to personal data is limited to those who need it for legitimate business purposes. While we take the security of personal data seriously, no method of transmission or storage can be guaranteed to be completely secure.

Under UK data protection law, you have a number of rights in relation to your personal data, which may include:

• the right to be informed about how your data is used;
• the right to access the personal data we hold about you;
• the right to request correction of inaccurate or incomplete data;
• the right to request erasure of your data in certain circumstances;
• the right to restrict or object to certain processing;
• the right to data portability in certain circumstances; and
• where we rely on consent, the right to withdraw that consent at any time.

To exercise any of these rights, please contact privacy@boundless-telecom.com. We may need to verify your identity before responding to a request.

If you have a concern about how we handle your personal data, we encourage you to contact us first so we can address it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk.

Our website may contain links to third-party websites and resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy information provided on any third-party website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. The current version will always be available on our website, and we will update the "Last updated" date accordingly.

For any questions about this Privacy Policy or about how we handle personal data, please contact:

Boundless Telecom Ltd
Registered in England and Wales, company number 16328940
Office 5, Northgate Business Centre, Northgate, Whitelund Industrial Estate, Morecambe, Lancashire, United Kingdom, LA3 3PA
privacy@boundless-telecom.com