This Privacy Policy explains how UPPHONE collects, uses, stores, and protects your personal information when you visit upphone.online or contact us by phone or any other means. We are committed to handling your data responsibly and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. By using our website or services, you agree to the practices described below.
Who We Are
UPPHONE is a phone upgrade and comparison service operating in the United Kingdom. We help individuals find the best mobile phone contracts, upgrade deals, and trade-in offers by connecting them with UK networks and retailers.
For the purposes of data protection law, UPPHONE acts as the data controller — meaning we determine how and why your personal data is processed. Our website is located at https://upphone.online/.
Data Controller: UPPHONE | Website: upphone.online | Phone: 03300 597 102
Information We Collect
We may collect and process the following categories of personal information:
- Identity data — your first name, last name, and title
- Contact data — your phone number and email address
- Service data — your current network, handset model, monthly spend, and upgrade preferences
- Technical data — IP address, browser type and version, time zone, browser plug-in types, operating system, and platform
- Usage data — information about how you use our website, including pages visited, time spent, and links clicked
- Communications data — records of calls, emails, or messages you send to us, including call recordings where you have been notified
- Marketing preferences — your preferences for receiving marketing from us
We do not collect any special categories of sensitive personal data (such as data about health, ethnicity, religion, or biometric data) and we do not knowingly collect data from children under the age of 18.
How We Use Your Information
We use the information we collect for the following purposes:
- To provide our service — processing your quote request, identifying suitable upgrade deals, and connecting you with relevant network providers or retailers
- To contact you — responding to your enquiry by phone, email, or other contact method you have provided
- To improve our website — analysing how visitors use our site so we can enhance functionality, content, and user experience
- To comply with legal obligations — meeting our regulatory, legal, and compliance requirements
- For marketing — sending you relevant offers, updates, or information about our services, where you have given consent or where we have a legitimate interest to do so
- For quality assurance — monitoring and recording calls to maintain service standards and for staff training purposes
We will never use your personal data for purposes incompatible with those stated above without first informing you and, where required, obtaining your consent.
Legal Basis for Processing
Under UK GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following legal bases:
- Consent — where you have clearly agreed to the processing, such as subscribing to marketing communications
- Contract — where processing is necessary to deliver the service you have requested from us
- Legitimate interests — where we have a genuine and proportionate business reason to process your data, such as improving our services, preventing fraud, or direct marketing to existing customers, provided this does not override your rights
- Legal obligation — where we are required to process data to comply with a legal or regulatory requirement
Where we rely on your consent as our legal basis, you have the right to withdraw that consent at any time by contacting us directly or following the unsubscribe instructions in any marketing communication we send you.
Sharing Your Personal Data
We may share your personal information with the following categories of third parties:
- Network providers and retailers — to enable us to source and present upgrade quotes on your behalf
- Technology and service providers — including web hosting, analytics, CRM, and call-recording platforms that support the operation of our business
- Professional advisers — such as lawyers, auditors, or accountants where necessary
- Regulatory authorities — where required by law, court order, or government authority
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not sell your personal data to any third party, and we do not allow third parties to use your data for their own marketing purposes without your explicit consent.
All data sharing is conducted under appropriate contractual safeguards, including data processing agreements where required by law.
Cookies
Our website uses cookies — small text files placed on your device — to improve your experience and help us understand how visitors use our site. We use the following types of cookies:
- Essential cookies — necessary for the website to function properly and cannot be disabled
- Analytics cookies — used to collect anonymous data about how visitors use our site (e.g. pages visited, time on site), allowing us to improve performance and content
- Preference cookies — used to remember your settings and choices on return visits
- Marketing cookies — used to track visits across websites and display relevant advertising, where you have consented
You can control and manage cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website. For more information about managing cookies, visit www.aboutcookies.org.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
In general, we apply the following retention periods:
- Enquiry and quote data — retained for up to 2 years from the date of your last interaction with us
- Customer account data — retained for 6 years following the end of any contract or service relationship, in line with standard legal and financial obligations
- Call recordings — retained for up to 6 months unless required for longer periods for legal, regulatory, or dispute-resolution purposes
- Marketing consent records — retained for as long as you remain subscribed, plus a reasonable period thereafter as evidence of consent
When your data is no longer required, we will delete or anonymise it securely in accordance with our internal data destruction procedures.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — you may request a copy of the personal data we hold about you (known as a Subject Access Request)
- Right to rectification — you may ask us to correct any inaccurate or incomplete data we hold
- Right to erasure — you may ask us to delete your personal data where there is no compelling reason for us to continue processing it
- Right to restrict processing — you may ask us to suspend processing of your data in certain circumstances
- Right to data portability — you may request that we transfer your data to another organisation or directly to you in a structured, commonly used format
- Right to object — you may object to processing based on legitimate interests or for direct marketing purposes
- Rights related to automated decision-making — you have the right not to be subject to a decision based solely on automated processing where it produces a significant effect on you
To exercise any of these rights, please contact us using the details in Section 12. We will respond to all legitimate requests within 30 days. In some cases, we may need to verify your identity before fulfilling your request.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Security of Your Data
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Secure HTTPS encryption on our website
- Access controls and authentication requirements for internal systems
- Regular security reviews of our IT infrastructure
- Staff training on data protection and information security
- Data processor agreements with all third-party service providers
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continually work to improve our safeguards.
Third-Party Links
Our website may contain links to external websites, network provider pages, or third-party platforms. This Privacy Policy applies only to our website and services. We have no control over and accept no responsibility for the privacy practices or content of any third-party websites.
We encourage you to read the privacy policy of any external website you visit before submitting any personal information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services following any changes constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please get in touch using the details below. We aim to respond to all data-related enquiries within 5 working days.