Skip to content
Member icon

Privacy Policy

The following privacy policy was last updated on 29 July 2024.

This Privacy Policy explains what personal information we have, how we use it and how you can exercise your rights under data protection law. For the purposes of this Privacy Policy, when we refer to:

  • “you” or “giffgaffers” we mean the person/s who use, contract for, or show interest in giffgaff products and services, including support services like giffgaff Community, their representatives and any third parties connected to you that you tell us about or may have told us about in the past;
  • “we”, “us” or “giffgaff” we mean giffgaff Limited which is a member of the O2 group of companies.
  • “Group Companies” we mean Telefonica UK Limited (“O2”) and its parent, shareholder, subsidiary and affiliate companies, including VMED O2 UK Limited, the joint venture company that owns O2 and Virgin Media.
  • “Virgin Media” means the companies that provide Virgin Media products and services including Virgin Media Limited, Virgin Mobile Telecoms Limited, and Virgin Media Mobile Finance Limited, Virgin Media Business Limited and Virgin Media Wholesale Limited.

giffgaff is the data controller of the personal data processed under this Privacy Policy, unless we specifically state in this policy that another organisation is a controller. giffgaff and the Group Companies are separate data controllers unless otherwise stated in this Privacy Policy or in information provided to you via other means. Please check the Privacy Policies of each of these organisations for information about how they process your personal data.

1. What do you do with my personal data?

We use your data to provide you great services and to grow our business. That includes doing things like:

  • providing you with the products and services you have selected, managing your account and any additional needs so as to tailor the assistance and support that we provide, processing your orders, keeping you up-to-date and informed and responding to your enquiries, such as via your interactions with our Interactive Voice Response service (our automated telephone service that acts on responses from callers), notifying you when you are running low on your data allowances, confirming your payback rewards or highlighting giffgaff promotions and competitions we think you will be interested in;
  • writing reports, carrying out research and number crunching, as well as keeping things secure and preventing crime and fraud, so we can run our business and keep things safe;
  • improving and developing our products and services for you and other people interacting with us, including managing the network to ensure everyone gets the best experience, reviewing and managing any additional needs for members, performing market research to understand our members' views and needs and personalising our experiences to make our service more intuitive and engaging. Sometimes we analyse data by combining and anonymising it, so you can't be identified;
  • understanding more about giffgaffers so that you only receive marketing (eg via text or email) which is of interest to you (if you've agreed to receive it) and using the needs of members to inform the marketing that we carry out so that we can ensure that we are inclusive in our marketing and to find and attract new giffgaffers who have similar tastes;
  • where feedback has been given by a member (including any additional needs), using feedback in an anonymised way (unless consent has otherwise been received) to inform product development and marketing, and from time to time, to be included within marketing itself;
  • to understand more about your interests, needs, who you are and what you like, including how you interact with us and our services, such as on our website and app, and to inform our business decisions, including the frequency and type of communications we send you. Where consent is required and we have your consent to do so, we'll combine data captured from across the business and third parties to enable us to remarket to you and to similar audiences, including, for example, carrying out and working with third parties to carry out ad measurement services and other related services, and to analyse data that you have provided to us;
  • to assist our Group Companies to develop and promote their own products, services, offers and promotions for you.
  • to enable us and/or any of our Group Companies, including VMED O2 UK Limited and its companies to coordinate or develop marketing campaigns and/or to contact you by email, SMS or telephone about our or their own products or services (subject to having obtained the appropriate consents from you, where required).
  • legal, regulatory or business reasons such as assisting with crime and fraud prevention, assessing credit risk when provisioning loans and ensuring we provide the products and services you have selected; and
  • checking whether you qualify for credit, payback points or other services and offers. We and credit providers may also use automated systems to analyse your information so we can make fair and objective decisions about whether you are eligible for credit or services.
More info

We may use information about you to:

Improve our products and services

  • enhance and personalise the products and services that we offer you and to develop new products and services;
  • perform analysis and research and monitor usage behaviour;
  • aggregate information about you, your spending and your use of the services with information about other users of the services in order to identify trends; and
  • analyse information about you including your calling, searching, browsing and location data on a personalised or aggregated basis.

Provide you with services and information

  • provide you with access to parts of our site;
  • contact you if necessary. We will contact you with service messages to provide you with important updates about the products and services you’ve taken, such as changes to our terms and conditions, order updates, and service updates (e.g. when we have infrastructure work planned, we need to fix something or there are service disruptions). We use your contact details and information about the products and services you’ve taken;
  • tell you about any new services or functionality (e.g.: the introduction of a new messaging service);
  • market our products and services to you;
  • send you information about our products and services by email or other means if you have opted in to receiving relevant marketing communications; and
  • send you information about products and services offered by other companies that we think you might be interested in if you have opted in to receiving relevant marketing communications.

Satisfy our legal, regulatory and business requirements

  • help us keep your account safe, e.g.: checking your identity;
  • investigate any complaints or other enquiries that you raise; and
  • We use automated means to collect information about the members’ public activity in the Community, including IP address and account details. Where a member uses the ‘Flag’ option to report a private message or a public post or where we have other reasonable grounds to do so, we review the reported correspondence and activity. We do this to ensure compliance with our Terms and Conditions and/or as otherwise required by law; and
  • assess credit risk, assess the provision of loans, debt tracing, debt recovery, credit management and crime, fraud and money laundering detection and prevention.

We may also disclose your personal information or information about your usage of our services to certain third parties. This data may identify you personally or may be included in aggregated and anonymised data (which means you will not be identified). These third parties may use this information:

  • to provide you with targeted giffgaff or third party offers, promotions, adverts or commercial communications if you have opted in to receiving relevant marketing communications;
  • to give them a better understanding of our business; and/or;
  • to provide you with products and services or to improve the products or services you are already receiving.

See "Who do you share my personal information with (and why)" for further details about the types of third parties your information may be disclosed to.

We are allowed to use your information in these ways because:

  1. we need it to provide you with products and services and to manage your account with us;
  2. we need to use some of your information to comply with legal and regulatory obligations (such as legal obligations to keep details of calls made by members for a certain period of time);
  3. we have a legitimate business interest in some uses of your information (such as conducting market research); and/or;
  4. you may have given your consent to us to use your data for certain activities, e.g.: marketing communications.
Hide more info

[Top]

2. How long will you keep my personal data?

We keep information while you're our member and, for a while, after you've left us if we have a justifiable reason for keeping it, where the law requires us to keep it or it's anonymised so you can no longer be identified. This also includes if you're a super-recruiter or pioneer; in such circumstances we keep hold of your responses for as long as is necessary.

After you’ve left us, information concerning your account details, payment history, network usage (such as records of calls made and messages sent), financial and payment information is kept for 7 years to enable us to establish or defend legal claims and for fraud detection purposes.

The retention period for any other personal data we hold will be determined by various criteria, which include:

  • the need to use your information to provide you with the products and services you have selected and about how you use our products or services;
  • the need to sort out disagreements, stop fraud and abuse or to prove that you had an account with us;
  • the need to assist the police if they require it as evidence;
  • whether the information is needed for credit reference of fraud prevention agencies with whom your information may be shared and who may need to keep the information for up to six years;
  • if we need the information for audits, checks or corporate responsibilities;
  • for laws or regulations where they set a minimum period for which we have to keep your information; and
  • if the data is aggregated or anonymised so that you can no longer be identified by it.

In each case, the length of time that we need to keep the information may be different, but we will only keep the information for as long as we need it. Information used to provide you with the products and services you have selected will be held for the entire time that you are a member plus 12 months after you have left.

Where giffgaff staff members have been engaging with the giffgaff Community in their capacity as a staff member, when they leave employment with giffgaff, we will remove access to private messages sent and received by the ex giffgaff staff members during their time with us. However, the ex giffgaff staff members will still have general access to the account albeit staff permissions to their accounts will be revoked. Thereafter, all staff members are required to create their own new accounts where they would like to continue to engage with the giffgaff Community in their own personal capacity.

[Top]

3. Who do you share my personal data with and why?

We will share your information in the following situations:

  • with our Group Companies, including VMED O2 UK Limited and its companies, our and their prospective partners, suppliers, agents and subcontractors (for example advertisers and content providers) who: (a) help us deliver the products and services you've chosen to use and who help us to give back to our giffgaffers; and (b) (with appropriate consents having been obtained) who undertake promotional marketing and campaigns in respect of their own products and services.
  • with third parties (such as Amazon, Google and Meta) to help us analyse and measure the performance of our ads (e.g., to understand which of our social media ad placements have generated sales), improve the display of more relevant ads on third-party sites, and show you products that might interest you while you're browsing the internet. These third parties also use this information for their own business purposes. For instance, we have enabled Google Analytics Advertising features, which allows Google to associate your session data Google Analytics collects from our website site when you’ve consented to our marketing cookies, with Google's information about your account if you have consented to Google Ads Personalisation. We use these features for demographics, ad impressions measurement and reporting, and remarketing online. You can prevent your data from being used in this way by withdrawing your consent to marketing cookies on our website and/or via Google’s opt-out at https://tools.google.com/dlpage/gaoptout/. Please see their policies for more information and how you can exercise your rights in relation to the information they hold about you. See our Cookies Policy for details;
  • with third parties to ensure that you are not shown products which are not of interest to you while you're browsing the internet; when you have provided your consent;
  • when we have legal or regulatory requirements such as a request from the competition authority, law enforcement agency;
  • with debt collection and credit reference agencies, to file a suspicious activity report where deemed necessary and for fraud prevention purposes;
  • if there's an emergency and we think you or other people are at risk; and with third parties in order to perform analysis and research on member behaviour including for the purpose of being provided ad measurement services and other similar services.

We may need to share your personal data with some organisations based outside the United Kingdom. We grant these organisations access to personal data only where necessary and only where appropriate security measures and controls are in place to protect your personal data in accordance with applicable data protection laws, regulations and regulatory guidance. In particular:

a. If there is a decision under the UK data protection law that the country to which your personal data is transferred provides an adequate level of data protection (adequacy decision), we rely on this. For example, the European Economic Area (EEA), which consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway, has received such an adequacy decision.

b. If there is not such an adequacy decision, we implement appropriate safeguards or other available legal mechanisms for transferring personal data to third countries. For example, we enter into appropriate contracts, known as standard contractual clauses, with our business partners and suppliers in those third countries to ensure the protection of your personal data.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

[Top]

4. What data do you hold about me? (and how do you get it?)

We collect such information as:

  • your contact information including name, address, email address and telephone number, and any information disclosed to us relating to additional needs that you may have (such as for example, medical or health related information, financial information or if you have been a victim of crime);
  • your order history including top-ups and purchases;
  • your payment details including debit or credit card details, banking details and Paypal details;
  • your account settings including adult content, auto top-up and recurring functions;
  • your Community interactions including posts and comments;
  • your communications with us including requests and complaints;
  • your activity/interactions on our website, within our app or in response to communications from us;
  • your device location data and Internet Protocol (IP) address; and
  • your use of our services including but not limited to:
    • phone numbers and/or email addresses of calls, texts, MMS, emails and other communications made and received by you and the date, duration, time and cost of such communications; and
    • usage data to check compliance with our fair usage policy.
  • what, if any, products or services you have purchased or received from any of our Group Companies and information relevant to your use of those products and services.

We collect information in four ways:

  1. directly from you, such as information filled in within application or registration forms, the products and services you have shown interest in when visiting websites or requesting a 'Free Sim', your payment card details if you've saved them, surveys and community activity, including account information, IP address and information about your public and private interactions;
  2. from the products and services you use, such as the calls you make on the giffgaff network (including call length, how much it costs and where you were when you made them), your browsing history including the websites you visit and your location data so that, for example, we can connect you to the network;
  3. from Group Companies, if you use or have attempted to buy or use their products or services; and
  4. from 3rd parties, such as information from credit reference agencies, fraud protection agencies and events management partners for giffgaff events.

We may also collect information from commercially and publicly available sources, for example, where you've agreed to share data or the use of cookies, such as Google or social media.

[Top]

5. What rights do I have?

You have the following rights:

  • to be informed about how we use your personal data (the purpose of this privacy policy);
  • to update or amend your personal data. You can update or amend your information by visiting the My Details section of my giffgaff. If you need help or if you want to update data that is not updateable through my giffgaff, you can contact us at dpo@giffgaff.co.uk;
  • to ask us to delete your personal data. However, there may be circumstances where we need to retain it for legitimate or legal reasons (e.g. so we can keep providing the service);
  • to get details of your personal data that we have about you. A subset of your data (limited to data that you have provided to us) is available in a machine-readable format if required;
  • to object to the processing of your data and, in certain circumstances, ask us to have it restricted for a period of time There may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request;
  • to ask us to review some automated decision-making or profiling (automated processing to determine certain things about you);
  • the right to make a complaint to the Information Commissioner (www.ico.org.uk) if you think that any of your rights have been infringed by us.

You can exercise your right to access or erase your data by contacting us as set out below.

More info

giffgaff is required to respond to your request within 1 month. Where requests are complex and excessive, giffgaff is permitted an additional 2 months to process your request. However, in these circumstances we would provide an update on your request within 1 month of receiving it.

giffgaff reserves the right to charge an admin fee or refuse a request where requests for data are clearly unreasonable or excessive, particularly if they are repetitive.

Hide more info

[Top]

6. How do I change my marketing preferences?

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

You can opt in and out of marketing communications at any time by changing your preferences within my giffgaff. You will be able to choose to receive marketing communications about the products and services you have chosen, all marketing communications from giffgaff or options from selected partners.

You can also opt out of marketing communications by following unsubscribe links at the bottom of any marketing emails or text messages received from giffgaff.

We must always comply with your request.

[Top]

7. How do you ensure my data is secure?

giffgaff is committed to keeping your data secure. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure.

More info

Security of Communications
Please be aware that communications over the Internet, such as e-mails and webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered - this is the nature of the World Wide Web/Internet. giffgaff cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

giffgaff Blogs, Chat rooms and Forums
You are reminded that chat rooms and opinion forums are for public discussion. Any personal information that you choose to supply when you participate in these discussions is widely accessible. Never reveal any personal information such as your telephone number, postal or email address when you participate in these discussions.

Users 13 and under
If you are aged 13 or under, please get your parent or guardian's permission before providing any personal information or before taking part in any www.giffgaff.com discussion. Users without this consent are not allowed to provide us with personal information.

Co-Branded Micro Sites and Third Party Sites
Some web pages and Micro Websites included within giffgaff's websites may be co-branded with third party names, logos, or properties. These Micro Websites are operated or maintained by or on behalf of giffgaff. While such third parties are sponsors of these web pages or Micro Websites, the third parties do not share in any personally identifiable information collected within those web pages or Micro Websites unless otherwise stated.

This policy does not apply to third party sites that you may access via our Portals. You should therefore ensure that you are familiar with the applicable third-party privacy policy before entering any personal information on a third party site.

This policy does not apply to third party sites operated by those promoting giffgaff, including Super Recruiters. Whilst giffgaff provides guidance to Super Recruiters in respect of their use and protection of personal data, giffgaff requires such third party sites to maintain a privacy policy. You should, therefore, review relevant policies to learn about how your personal data will be treated.

Hide more info

[Top]

8. What else can I do to ensure my data is secure?

Along with a section on Privacy, Get Safe Online has plenty of other good advice about protecting yourself online

[Top]

9. How can I contact you?

If you would like more information about how we protect your information or would like to raise any data protection or privacy queries with us, including if you want to exercise any of your data subject rights in relation to your information, you can contact us:

  • if you are a member, by logging in to my giffgaff and using the "Ask a giffgaff Agent" option;
  • by emailing us at dpo@giffgaff.co.uk; or
  • by writing to the Data Protection Officer at:

Data Protection Officer
giffgaff Ltd
Belmont House
Belmont Road
Uxbridge
UB8 1HE

[Top]

10. Changes to this privacy policy

We will check and update this policy from time to time.

We may let you know about these changes by email, voicemail, text or media message, or via a national advertising campaign.

[Top]

11. Resolving Privacy Issues

We will always try our best to resolve any data privacy issue you may have. You have the right to refer any data privacy issue to the Information Commissioner's Office at any time.

[Top]