Effective from 31 October 2025
CYTELUK TELECOM LTD (CYTELUK) is a limited liability company providing Telecommunication Services in the UK.
CYTELUK, as a Controller, is committed to protecting our customers’ Personal Data in full compliance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, as amended by the Data Protection and Digital Information Act 2024.
CYTELUK and its commercial partners — including Digital Wholesale Solutions, Cerberus, Voicehost, Elavon, Bottom Line Technologies, IM Primus, Net Lynk and P&J (acting as Processors) — maintain records of residential customers’ personal data for the purposes of providing, operating and maintaining electronic communication services and/or products offered to them by CYTELUK.
Customers’ data includes the subscriber’s (natural person) name, address, telephone number(s), contract number, email address (where needed), direct debit details (where needed), billing address, invoices issued per service per month, payments made, and disconnections.
This data is processed by CYTELUK and its commercial partners throughout the validity period of the customer’s service in order to:
manage customer services and products,
issue and manage billing,
process payments,
handle customer complaints, requests and enquiries, and
comply with applicable UK laws and regulatory obligations.
CYTELUK also informs its customers that their Personal Data may be forwarded to a bank for settlement of bills, to billing collection agents, or to wholesale service suppliers as necessary for the performance of the service.
CYTELUK may also process certain personal data based on legitimate interests (for example, fraud prevention, service security, or quality assurance) where those interests are balanced with the rights and freedoms of the customer.
If you do not wish CYTELUK to process any of your Personal Data as described in this section, kindly contact CYTELUK as described in Section 4.
Under the UK GDPR and Data Protection and Digital Information Act 2024, customers are entitled to exercise the following rights in respect of their Personal Data:
i. Right of Access
Customers may be informed in more detail about the Personal Data CYTELUK and its commercial partners process about them by contacting CYTELUK as described in Section 4. The right of access is subject to the provisions of the UK Data Protection Act 2018 and the authentication of the customer.
ii. Right of Erasure (“Right to be Forgotten”)
Customers may request the erasure of any of their Personal Data that is no longer necessary for CYTELUK’s purposes, by contacting CYTELUK as described in Section 4. The right to erasure is subject to the provisions of the UK Data Protection Act 2018 and the authentication of the customer.
iii. Data Portability
Customers may exercise the right to data portability by contacting CYTELUK as described in Section 4. Data portability is subject to the provisions of the UK Data Protection Act 2018 and the authentication of the customer.
iv. Right of Updating, Rectification or Minimisation of Personal Data
Customers may update their Personal Data, request correction of any inaccurate Personal Data, or request data minimisation, by contacting CYTELUK as described in Section 4. These rights are subject to the provisions of the UK Data Protection Act 2018 and the authentication of the customer.
v. Right to Restriction of Processing and Right to Object
Customers have the right to request the restriction of processing of their Personal Data in certain cases (for example, during a dispute regarding accuracy) and to object to processing where it is based on legitimate interests, direct marketing, or profiling.
vi. Right to Withdraw Consent
Where processing is based on the customer’s consent (for example, for marketing or communications preferences), the customer may withdraw consent at any time by contacting CYTELUK.
vii. Right to Lodge a Complaint
Customers also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe that their data protection rights have been infringed.
CYTELUK stores customers’ Personal Data for as long as mandated by UK Law and/or throughout the validity period of the customer’s contract. After termination of service, data may be retained for a reasonable period where required for legal, accounting, regulatory or dispute resolution purposes, in accordance with the company’s retention schedule and the UK Data Protection and Digital Information Act 2024.
Customers can contact CYTELUK for any information regarding this Privacy Policy or any data protection inquiry.
Telephone: 0800 036 0078 or 020 8882 5730
Email: [email protected]
Post: CYTELUK Telecom Ltd, Block F, Southgate Office Village, 288 Chase Road, London, N14 6HF
i. “Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
ii. “Personal Data”: means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
iii. “Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
iv. “Processor”: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
v. “Legitimate Interests”: means processing that is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
