Privacy Policy

1. Introduction

Edison Networks Ltd (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our services, visit our website, or interact with us.

Edison Networks Ltd is a company registered in England and Wales. We provide business-to-business telecommunications services, including broadband, VoIP, mobile, managed IT, and AI-powered solutions.

We are the data controller for the personal data we process, unless stated otherwise in this policy. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Full name, job title, and company name
• Email address, telephone number, and postal address
• Billing and payment information (processed via secure third-party payment providers)
• Information provided in correspondence, enquiry forms, or support requests
• Contract and account details

2.2 Information Collected Automatically

• IP address, browser type, and device information
• Pages visited, time spent on our website, and referral sources
• Cookies and similar tracking technologies (see Section 10)

2.3 Information from Third Parties

• Business contact details from publicly available sources or referral partners
• Credit reference information (for business accounts)

3. How We Use Your Data

We process your personal data for the following purposes:

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.

4. Client Services and Third-Party Data

Edison Networks provides telecommunications, VoIP, WhatsApp for Business, AI-powered, and managed IT solutions to business clients. It is important to understand our role in relation to the data that flows through these services:

4.1 We Do Not Collect or Store Our Clients’ Customer Data

Edison Networks operates as a technology and connectivity provider. We do not collect, store, access, or process personal data belonging to our clients’ customers, end users, or contacts. Any data generated through or passing via our services belongs to and is controlled by our business client.

4.2 VoIP and Telephony Services

Our VoIP and telephony platform generates and retains call metadata as part of normal service operation. This includes:

• Telephone numbers (originating and destination)
• Call date, time, and duration
• Call routing and status information

This metadata is retained for billing, service delivery, and platform management purposes. However:

• We do not have access to any information that would identify a telephone number against a named individual — call metadata alone does not constitute personally identifiable information about our clients’ callers
• Call recordings, transcriptions, and interaction logs are not stored by Edison Networks. Where call recording or transcription functionality is enabled, this data is stored within the client’s own systems or their chosen storage platform and is managed entirely by the client
• It is the client’s responsibility to manage call recording data, including any associated privacy notices, consent requirements, and retention policies

4.3 WhatsApp for Business Solutions

Our WhatsApp for Business solution acts solely as a technical connector between our client’s data and the WhatsApp Business Platform (operated by Meta). In this capacity:

• Edison Networks does not hold, store, or have access to any message content, contact data, or conversation history
• All data processed through the WhatsApp Business Platform is governed by the client’s own data management practices and Meta’s applicable terms
• It is the client’s sole responsibility to ensure their use of the WhatsApp Business Platform complies with applicable data protection legislation, including obtaining any necessary consents from their contacts

4.4 AI-Powered Services (AI Receptionist, AI BDM, and Similar Products)

Where we provide AI-powered services to business clients:

• The AI service operates on behalf of and under the instruction of our business client
• The business client is the data controller for any personal data processed through the AI service
• Edison Networks provides the technology platform; we do not independently access, analyse, or retain personal data processed by the AI on behalf of clients
• All conversation transcripts, interaction logs, and related data generated through AI interactions are stored within the client’s own data storage environment, not by Edison Networks. This data is subject to the client’s own data retention and privacy policies
• It is the client’s responsibility to inform their customers and contacts that AI technology may be used and to manage their data in accordance with applicable law

4.5 Client Responsibilities

Our business clients are responsible for:

• Acting as the data controller for any personal data relating to their own customers, end users, and contacts
• Ensuring they have a lawful basis for any data processed through Edison Networks services
• Providing appropriate privacy notices to their customers and contacts
• Managing data subject access requests and other rights requests from their own data subjects
• Complying with all applicable data protection legislation in their use of our services

Edison Networks will provide reasonable cooperation to clients in responding to data subject requests, where such requests relate to our platform infrastructure.

5. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

• Service providers — trusted third-party providers who assist us in delivering our services, including cloud hosting, payment processing, CRM, and communications platforms. All service providers are bound by data processing agreements
• Professional advisers — including accountants, solicitors, and insurers where necessary
• Regulatory and law enforcement bodies — where required by law, regulation, or court order
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity

We do not sell your personal data to third parties.

6. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, including:

• UK adequacy regulations
• Standard contractual clauses approved by the ICO
• Other lawful transfer mechanisms under UK GDPR

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:

When data is no longer required, it is securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your data in certain circumstances
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, commonly used, machine-readable format
• Right to object — object to processing based on legitimate interests or direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
• Rights related to automated decision-making — request human review of decisions made solely by automated means

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within one month. There is no fee for making a request, unless the request is manifestly unfounded or excessive.

If you are unsatisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and role-based permissions
• Regular security assessments and monitoring
• Staff training on data protection obligations
• Incident response procedures for data breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

10. Cookies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device to help us understand how you use our site and to improve your experience.

Types of cookies we use:

You can manage your cookie preferences through your browser settings or our cookie consent tool. Strictly necessary cookies cannot be disabled.

11. Children’s Privacy

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The updated policy will be posted on our website with a revised effective date. Where changes are significant, we will make reasonable efforts to notify you directly.