Olilo
Order Now
Legal · Data Protection

Privacy Notice.

Exactly what we collect, why we collect it, and what rights you have over your data. Written plain, in one place.

Last updated: 6 May 2026
UK GDPR & DPA 2018
Data controller: Olilo UK & Ireland Ltd
Company · 16352417

Olilo UK & Ireland Ltd. ("Olilo", "we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data Controller: Olilo UK & Ireland Ltd., Company Number 16352417, 3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE

1. Information We Collect

1.1 Personal Information You Provide

When you register for our services, we collect:

  • Full name and date of birth
  • Email address and telephone number
  • Service installation address
  • Billing address (if different)
  • Payment information (processed securely by our payment providers)
  • Account credentials and security information

1.2 Communications Data

Under the Investigatory Powers Act 2016, as a telecommunications provider, we are required to retain certain communications data, including:

  • Internet connection records (ICRs)
  • IP addresses assigned to your service
  • Connection timestamps and duration
  • Data volume transmitted and received

Important: We do NOT monitor, record, or store the content of your internet usage, websites visited, or the content of your communications. We only retain metadata as required by law.

1.3 Technical and Service Data

  • Network performance and quality metrics
  • Equipment identifiers (router MAC address, ONT serial numbers)
  • Service usage statistics and bandwidth consumption
  • Fault reports and technical support interactions
  • Network security and abuse monitoring data

1.4 Website and Account Usage

  • Website cookies and analytics data
  • Account portal login history
  • Device and browser information
  • IP address used to access our website

1.5 Community Platform Data

  • Discord and community forum usernames and profiles
  • Community posts and interactions
  • Support ticket communications

2. Legal Basis and Purpose for Processing

We process your personal data under the following legal bases:

2.1 Contract Performance

Processing necessary to provide our services to you:

  • Account creation and management
  • Service provisioning and installation
  • Billing and payment processing
  • Customer support and technical assistance
  • Service performance monitoring and optimisation

2.2 Legal Obligation

Processing required by law:

  • Retention of communications data under the Investigatory Powers Act 2016 (12 months)
  • Compliance with law enforcement requests (with appropriate legal authority)
  • Tax and accounting obligations
  • Regulatory reporting to Ofcom
  • Prevention and detection of fraud and crime

2.3 Legitimate Interests

Processing necessary for our legitimate business interests:

  • Network security and abuse prevention
  • Service improvement and development
  • Fraud prevention and debt recovery
  • Business analytics and planning
  • Marketing our services to existing customers

2.4 Consent

Where we have obtained your explicit consent:

  • Marketing communications (you can withdraw consent at any time)
  • Non-essential cookies and analytics
  • Community platform participation

3. Information Sharing and Third Parties

We do not sell your personal data to third parties.

We may share your information with the following categories of recipients:

3.1 Network Partners

We share necessary information with wholesale network operators (CityFibre, Openreach, Freedom Fibre and other wholesale fibre network operators.) to:

  • Provision and install services
  • Investigate and resolve faults
  • Schedule engineer appointments
  • Maintain network infrastructure

3.2 Service Providers

We use trusted third-party service providers who process data on our behalf:

  • Payment processors (for billing and transactions)
  • Cloud hosting providers (for data storage and systems)
  • Security and bot protection providers (Cloudflare Turnstile)
  • Customer support platforms
  • Email and communication services
  • Analytics and monitoring tools

All service providers are bound by data processing agreements and must comply with UK GDPR.

3.3 Law Enforcement and Regulatory Bodies

We may disclose information when legally required:

  • In response to lawful requests from law enforcement (with appropriate legal authority)
  • To comply with court orders or legal processes
  • To Ofcom for regulatory compliance
  • To prevent or investigate suspected criminal activity

3.4 Business Transfers

If Olilo is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any such change.

3.5 Credit Reference Agencies

We may share information with credit reference agencies for:

  • Identity verification
  • Fraud prevention
  • Debt recovery (if applicable)

4. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where we use service providers located outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK authorities
  • Adequacy decisions recognizing equivalent data protection standards
  • Other legally approved transfer mechanisms

5. Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for account access
  • Regular security assessments and penetration testing
  • Access controls and staff training
  • Secure data centres with physical security measures
  • Incident response and breach notification procedures

While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

  • Account and billing data: Duration of service plus 6 years (for tax and accounting purposes)
  • Communications data (ICRs): 12 months (as required by the Investigatory Powers Act 2016)
  • Support communications: 3 years
  • Marketing consent records: Until consent is withdrawn plus 3 years
  • Website analytics: 26 months

After the retention period expires, we securely delete or anonymise your personal data.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of the personal data we hold about you (Subject Access Request). We will respond within one month, free of charge.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information through your account portal. If not please contact support@olilo.co.uk.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. Note that we may be required to retain some data for legal or regulatory reasons.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

7.5 Right to Data Portability

You can request a copy of your personal data in a structured, commonly-used, machine-readable format to transfer to another provider.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113

Website: ico.org.uk

To exercise any of these rights, contact us at: privacy@olilo.co.uk

8. Cookies and Tracking Technologies

We use a small number of browser storage technologies on our website. We use PostHog for product analytics and aggregate traffic patterns.

8.1 Types of Cookies We Use

Essential Cookies (Always Active)

Required for the website to function properly, including authentication, security, and session management.

Performance and Analytics Cookies

Help us understand how visitors use the site so we can improve performance, navigation, and content. We use PostHog for product analytics (including session recording, error tracking, and aggregate metrics). We treat PostHog as strictly necessary for operating the site - it is how we monitor errors and diagnose issues with the postcode checker, plan picker, and order flow - so it runs regardless of consent state. PostHog is configured to respect your privacy: inputs are masked in session recordings, email addresses are hashed before identification, and we do not use it for cross-site profiling.

Functional Cookies

Remember your preferences and settings to provide enhanced features.

8.2 Cookie Consent Management

We use Cookiebot to manage cookie consent on our website. Where consent is required for any optional technology, Cookiebot presents the banner and records your preference choices.

Cookiebot itself uses a cookie to remember your consent preferences. This is an essential cookie used to store the choices you make through the banner.

8.3 Managing Your Cookie Preferences

You can manage your cookie preferences at any time by:

  • Clicking on the cookie button in the bottom left
  • Adjusting your browser settings to block or delete cookies
  • Withdrawing or changing your consent through the Cookiebot banner

Note that disabling essential cookies may affect website functionality.

8.4 Third-Party Cookies

Some cookies or similar technologies may still be placed by third-party infrastructure or security services. Our analytics provider is PostHog. Our consent tooling is provided by Cookiebot, and our bot protection is provided by Cloudflare Turnstile. Hosting and edge-security providers operate under their own privacy documentation.

9. Marketing Communications

We may send you marketing communications about our services, offers, and updates if:

  • You have given us consent, or
  • You are an existing customer and we are marketing similar services (soft opt-in)

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in your account portal
  • Contacting us at support@olilo.co.uk

Note: You will still receive essential service communications (bills, service updates, security alerts) regardless of marketing preferences.

10. Third-Party Websites and Services

Our website and services may contain links to third-party websites, including:

  • Discord (community platform)
  • Payment processors
  • Social media platforms
  • Partner websites

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information. This Privacy Policy applies only to information collected by Olilo.

11. Website Analytics and Product Improvement

To improve our website and services, we use PostHog, an open-source product analytics platform. This helps us understand how users interact with our site so we can build a better experience.

11.1 What Data is Collected

When you use our website, PostHog may collect:

  • Page views and navigation paths
  • Feature usage and click events
  • Technical information (browser, device type, operating system)
  • Approximate location (based on IP address, which is anonymised)
  • Session recordings (replays of your interaction with our site)
  • Console logs and technical errors

We use PostHog for aggregate analysis and to diagnose technical issues. We use session recording to understand where users encounter friction or errors. We do not use it to identify individual users across different websites, and we take steps to mask sensitive information.

11.2 Legal Basis and Purpose

We process this data under our legitimate interest to:

  • Identify and fix usability issues
  • Understand which features are most valuable to our users
  • Improve website performance and user experience
  • Monitor service availability and reliability

11.3 Data Sharing

Analytics data is processed by PostHog, Inc. PostHog's privacy policy is available at posthog.com/privacy.

12. Children's Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal information from children under 18 without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@olilo.co.uk and we will delete such information.

13. Automated Decision-Making and Profiling

We may use automated decision-making in limited circumstances:

  • Credit checks and fraud prevention (using third-party systems)
  • Network abuse detection and security monitoring

You have the right to request human intervention, express your point of view, and challenge automated decisions. Contact us at privacy@olilo.co.uk if you wish to exercise this right.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay in accordance with UK GDPR requirements. We will also notify the ICO within 72 hours of becoming aware of the breach where required by law.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or account notification
  • Provide at least 30 days' notice for significant changes

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may terminate your service in accordance with our Terms and Conditions.

16. Contact Us and Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Data Protection Enquiries:

Email: privacy@olilo.co.uk

Postal Address:

Data Protection Officer

Olilo UK & Ireland Ltd.

3rd Floor, 86-90 Paul Street

London, England

United Kingdom, EC2A 4NE

Company Number: 16352417

We aim to respond to all data protection enquiries within one month. For complex requests, we may extend this by a further two months and will inform you of any such extension.

17. Glossary

  • Personal Data: Any information relating to an identified or identifiable individual
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion
  • Data Controller: The entity that determines the purposes and means of processing personal data (Olilo)
  • Data Processor: An entity that processes personal data on behalf of the data controller
  • ICRs (Internet Connection Records): Records of internet services accessed, required to be retained under UK law
  • UK GDPR: The UK General Data Protection Regulation, the UK's data protection law
  • PECR: Privacy and Electronic Communications Regulations, governing electronic marketing and cookies