We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the supervisory authority in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This privacy policy applies where One2Call Limited acts as a controller of your personal data, including where you are a visitor to our website, a prospective customer, a customer, a supplier, a partner, or a representative of one of those organisations.
In some circumstances, when we provide managed IT, cyber security, cloud, connectivity, telecoms and related services to our business customers, we may process personal data on behalf of those customers. In those circumstances, the relevant customer is usually the controller and should be your first point of contact in relation to that processing.
Here are the meanings of some key terms which we use in this policy:
| Term | Meaning |
|---|---|
| We, us, our | One2Call Limited (company number 06220567), registered office: Unit 5-8 Jessops Riverside, 800 Brightside Lane, Sheffield, S9 2RX |
| Personal data | Any information relating to an identified or identifiable individual |
| Data subject | The individual who the personal data relates to |
The personal data we collect about you depends on the particular relationship we have with you. We may collect and use the following personal data about you:
We collect and use this personal data for the purposes described in the section “How and why we use your personal data” below. If you do not provide personal data we ask for, it may delay or prevent us from responding to you, providing services, or managing our relationship with you or the organisation you represent.
We collect most of this personal data directly from you — in person, by telephone, text, email, live chat, messaging services and via our website. However, we may also collect information:
Under data protection law, we can only use your personal data if we have a proper reason, for example: where you have given consent; to comply with our legal and regulatory obligations; for the performance of a contract with you or to take steps at your request before entering into a contract; or for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, where appropriate. The table below provides further details, including the legal bases we rely on.
| Purpose | Lawful basis under the UK GDPR | Categories of personal data |
|---|---|---|
| Communications with you not related to marketing, including about changes to our terms or policies, services, systems or other important notices | Compliance with a legal obligation (Article 6(1)(c)) | your name, organisation details and contact information, including email address and telephone number |
| Communications with you not related to marketing | Legitimate interests (Article 6(1)(f)) — to administer our business and relationships effectively and provide services efficiently | your name, organisation details and contact information; records of your dealings with us; service and account information |
| Responding to enquiries and arranging consultations, meetings, events and IT health checks (by phone, email, website forms, live chat, meeting booking tools or messaging services) | Steps at your request before entering into a contract (Article 6(1)(b)); and/or legitimate interests (Article 6(1)(f)) — to respond to business enquiries and develop relationships | your name, organisation details and contact information; enquiry details; correspondence; booking information |
| Relationship management and service administration — records of customer, prospect, supplier and partner contacts; quotations, proposals, contracts, renewals, billing and related communications | Performance of a contract (Article 6(1)(b)); legal obligation (Article 6(1)(c)); and/or legitimate interests (Article 6(1)(f)) | your name, organisation details and contact information; contact history; service, account, billing and transaction information |
| Marketing — updates about our services, events, insights and other business information by email, telephone or post, where permitted by law | Consent (Article 6(1)(a)); and/or legitimate interests (Article 6(1)(f)) — to promote our business and services to relevant business contacts | your name, organisation details and contact information; marketing preferences; records of engagement with our communications |
| Website operation, analytics and related tools — cookies and similar technologies; analysing website use; measuring campaign performance and improving our website and communications (see our cookie policy) | Consent (Article 6(1)(a)) where required for cookies; and/or legitimate interests (Article 6(1)(f)) — to operate, secure and improve our website and communications | IP address; cookie identifiers; browser and device information; website usage information; form and enquiry data |
| Security, fraud prevention and legal compliance — protecting our website, systems, communications and business; handling complaints and data protection requests; keeping records needed to comply with law | Legal obligation (Article 6(1)(c)); and/or legitimate interests (Article 6(1)(f)) — to protect our business, systems, users and legal position | contact information; website and technical usage information; correspondence; records relevant to the issue or request |
Certain personal data is treated as a special category to which additional protections apply under data protection law. “Special category personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data (where used for identification), and data concerning health, sex life or sexual orientation.
We do not generally seek to collect special category personal data about you. If we do process it, we will ensure we are permitted to do so under data protection law — for example because we have your explicit consent, the processing is necessary to protect vital interests where you are incapable of giving consent, the processing is necessary to establish, exercise or defend legal claims, or the processing is otherwise permitted by applicable law.
We may use your personal data to send you updates by email, telephone or post about our services, including news, events, insights, promotions and service updates.
We may rely on our legitimate interests to send marketing to relevant business contacts where this is permitted by law. Where consent is required, we will ask for this separately and clearly.
You can opt out of marketing at any time. The easiest way is to use the unsubscribe or “manage preferences” link in any of our marketing emails, which lets you update your choices yourself. You can also contact us at privacy@one2call.net, or by telephone, and we will action your request promptly.
We may ask you to confirm or update your marketing preferences in the future if you ask us to provide further services, or if there are changes in the law, regulation, or the structure of our business. We will always treat your personal data with respect and will not sell your personal data to third parties for marketing purposes.
We routinely share personal data with:
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on them, where appropriate, to ensure they can only use your personal data for the purposes for which it was shared. If you would like more information about who we share your personal data with and why, please contact us.
Card payments are processed by Stripe through a secure payment link on our invoices. We do not collect or store your card details. Where you pay by Direct Debit, payments are collected through GoCardless. These providers process your payment information as our service providers under appropriate contractual terms.
Personal data may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above. Some of these third parties may be based outside the UK. For more information, including how we safeguard your personal data when this happens, see “Transferring your personal data out of the UK” below.
We will not keep your personal data for longer than we need it for the purpose for which it is used. Different retention periods apply for different types of personal data. We will retain your personal data only for as long as is reasonably necessary for the relevant purpose, including to respond to your enquiry, manage our relationship with you or the organisation you represent, provide services, keep appropriate business records, and comply with legal, regulatory, tax, accounting or reporting requirements.
The specific retention periods we apply are set out in our internal records retention policy, which we can summarise on request. Following the end of the relevant retention period, we will delete or anonymise your personal data.
It is sometimes necessary for us to transfer your personal data to countries outside the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the UK where the UK government has decided the country ensures an adequate level of protection; where there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or where a specific exception applies under relevant data protection law.
Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or, where this is not available, legally recognised transfer mechanisms such as the UK International Data Transfer Agreement, the UK Addendum to the standard contractual clauses, or another lawful transfer mechanism permitted under UK data protection law. If you would like further information about data transferred outside the UK, please contact us.
You have the following rights, which you can exercise free of charge:
| Right | Description |
|---|---|
| Access | The right to be provided with a copy of your personal data |
| Rectification | The right to require us to correct any mistakes in your personal data |
| Erasure (right to be forgotten) | The right to require us to delete your personal data, in certain situations |
| Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances, for example if you contest the accuracy of the data |
| Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format, and/or to transmit it to a third party, in certain situations |
| To object | The right to object at any time to processing for direct marketing, and in certain other situations to our continued processing, for example processing for our legitimate interests unless there are compelling legitimate grounds or the processing is for legal claims |
| Automated decision-making | Where significant decisions are made about you based solely on automated processing with no meaningful human involvement, you have the right to certain safeguards. We do not currently make significant decisions about you in this way |
| Withdraw consent | Where you have given consent, you can withdraw it easily at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew it |
For more information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance from the Information Commissioner. To exercise any of those rights, please email, call or write to us (see “How to contact us”), provide enough information to identify yourself, and let us know which right you want to exercise and the information your request relates to.
We have appropriate security measures to prevent personal data from being lost accidentally, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need, and those processing it do so only in an authorised manner and are subject to a duty of confidentiality.
We continually review our security arrangements and hold certifications including ISO 27001, ISO 9001 and Cyber Essentials Plus. We also have procedures to deal with any suspected personal data security breach, and we will notify you and any applicable regulator of a breach where we are legally required to do so.
If something has gone wrong, we need you to tell us. You have the right to make a complaint to us — please email, call or write to us (see “How to contact us”) and provide enough information about your complaint so that we can investigate it.
We will investigate your complaint, which will usually involve reviewing it, locating and reviewing any records we hold about you, and establishing the relevant facts. We may need to ask you for further information. We will update you on progress at appropriate times and inform you of the outcome without undue delay.
If we are unable to resolve your complaint, you also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator), at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.
This privacy policy was last updated on 24 June 2026. We may change this privacy policy from time to time. When we do, we will inform you via our website.
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed.
You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint. Our contact details are:
One2Call Limited
Unit 5-8 Jessops Riverside, 800 Brightside Lane, Sheffield, S9 2RX
0114 230 0080
If you would like this notice in another format, please contact us.
Monday 7am-7pm
Tuesday 7am-7pm
Wednesday 7am-7pm
Thursday 7am-7pm
Friday 7am-7pm