PRIVACY POLICY

WHO WE ARE

JOYNEWPHONE ("we", "us", "our") is a UK-based phone comparison and advisory service that helps consumers find competitive mobile phone upgrade and new contract deals across all major UK networks. We are registered in England and Wales.

For the purposes of UK data protection law, JOYNEWPHONE is the Data Controller responsible for your personal data. This means we determine the purposes and means by which your personal information is processed.

Our contact details are:

• Telephone: 02035 043106 (Mon–Fri 8am–8pm, Sat 9am–5pm)
• Email: privacy@joynewphone.online
• Website: www.joynewphone.online
• Registered in England & Wales

Our designated Data Protection Contact can be reached at the email address above for any data-related enquiries.

DATA WE COLLECT

We collect personal data in the following ways, and only collect information that is necessary, relevant, and proportionate to providing our services.

Information you provide directly to us:

• Identity Data: Your first name and last name, as provided when you complete our quote request form or contact us.
• Contact Data: Your mobile phone number and email address, used to provide your quote and communicate with you about your enquiry.
• Preference Data: Your stated preferences regarding handset brand, monthly budget, data allowance, contract type (upgrade, new contract, or SIM only), and preferred callback time.
• Communication Data: Records of any calls, emails, or messages exchanged between you and our advisors, including call recordings made for training and compliance purposes. You will be informed when a call is being recorded.
• Transaction Data: If you proceed to take a phone deal through us, we retain details of the deal arranged, including the network, handset, contract length, and monthly cost.

Information collected automatically:

• Technical Data: Your IP address, browser type and version, operating system, device type, time zone, and the pages you visit on our website, collected via cookies and similar tracking technologies.
• Usage Data: Information about how you interact with our website, including which pages you visit, how long you spend on each page, which links you click, and the source of your visit (e.g., search engine, referral link, or direct visit).

Information we do not collect:

• We do not collect Special Category Data (such as health information, biometric data, or political opinions).
• We do not collect full payment card details. Any payment processing is handled by regulated third-party providers.
• We do not knowingly collect data from individuals under the age of 18.

HOW WE USE YOUR DATA

We use the personal data we collect for specific, explicit, and legitimate purposes. We will not use your data in a way that is incompatible with the purpose for which it was collected.

LEGAL BASIS

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:

• Contractual Necessity (Article 6(1)(b)): Processing is necessary to perform the service you have requested — i.e., providing you with a phone upgrade or new contract quote and arranging a callback from an advisor.
• Legitimate Interests (Article 6(1)(f)): We have legitimate business interests in improving our services, managing our business, preventing fraud, and communicating relevant offers to existing customers. We always balance these interests against your rights and freedoms before relying on this basis.
• Consent (Article 6(1)(a)): Where we rely on consent — specifically for direct marketing communications — we will always ask for your explicit agreement first. Consent can be withdrawn at any time without detriment to you.
• Legal Obligation (Article 6(1)(c)): We may need to process your data to comply with applicable laws and regulations, including requirements from financial regulators, HMRC, or law enforcement agencies.

SHARING YOUR DATA

We take the sharing of your personal data seriously. We only share your data with third parties where it is necessary, lawful, and subject to appropriate safeguards.

We may share your data with:

• UK Mobile Networks: When you agree to proceed with a phone deal, we share the minimum necessary data with the relevant network (such as EE, O2, Vodafone, Three, Sky Mobile, or iD Mobile) to process your application. These networks are independent data controllers and will have their own privacy policies governing how they use your information.
• Technology & IT Service Providers: Third-party providers that support our website infrastructure, CRM systems, email delivery, and analytics tools, operating under strict data processing agreements as our data processors.
• Call Recording & Telephony Providers: Regulated providers who store and manage call recordings on our behalf, bound by confidentiality and data processing obligations.
• Professional Advisors: Solicitors, accountants, insurers, and auditors who provide professional services to us, where disclosure is reasonably necessary.
• Regulators and Law Enforcement: Where we are required to do so by applicable law, a court order, or regulatory authority.

International transfers: We endeavour to keep all personal data within the UK and European Economic Area (EEA). If any of our service providers process data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

COOKIES & TRACKING

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic, and understand how visitors use our site. A cookie is a small text file placed on your device when you visit a website.

Types of cookies we use:

When you first visit our website, a cookie consent banner will appear asking for your preferences. You can change your cookie settings at any time by clicking "Manage Cookies" in the footer of our website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our site.

DATA RETENTION

We do not hold your personal data for longer than is necessary for the purposes for which it was collected. Our retention periods are guided by the nature of the data, the purpose of processing, and our legal obligations.

• Quote Enquiry Data (no deal taken): If you request a quote but do not proceed to take a deal, we will retain your enquiry data for up to 12 months in case you wish to continue your search at a later date. After this period, your data is securely deleted or anonymised.
• Customer Transaction Records: If you take a phone deal through us, we retain your transaction and identity records for 6 years from the end of the contract in line with standard UK commercial and tax law requirements.
• Call Recordings: Telephone call recordings are retained for 6 months for training and quality assurance purposes, and for up to 3 years if they relate to a formal complaint or dispute.
• Marketing Consent Records: Where you have given consent for marketing, we retain a record of that consent for as long as we continue to send you marketing communications, plus an additional 12 months thereafter.
• Website Analytics Data: Anonymised and aggregated analytics data is retained for up to 26 months.

At the end of the applicable retention period, personal data is securely deleted, destroyed, or permanently anonymised in accordance with our internal data destruction policy.

YOUR RIGHTS

Under UK GDPR and the Data Protection Act 2018, you have a number of important rights in relation to your personal data. We take these rights seriously and will always respond to a valid request within one calendar month of receipt.

To exercise any of these rights, please contact us using the details in Section 13. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.

DATA SECURITY

We take the security of your personal data very seriously and have implemented appropriate technical and organisational measures to protect it against accidental loss, unauthorised access, alteration, or disclosure.

Our security measures include:

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard TLS (Transport Layer Security) protocols.
• Access Controls: Access to personal data within our organisation is strictly limited to employees and contractors who need it to perform their job functions. All staff receive data protection training.
• Secure Data Storage: Personal data is stored on secure, access-controlled servers. We conduct regular security reviews and vulnerability assessments.
• Data Minimisation: We only collect and retain the minimum amount of personal data necessary for the purpose stated.
• Incident Response: We have a documented data breach response procedure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.
• Third-Party Due Diligence: All third-party providers who process personal data on our behalf are subject to rigorous vetting and bound by written Data Processing Agreements.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to protect yourself by using a strong password and keeping it confidential.

CHILDREN'S PRIVACY

Our services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, store, or process personal data from anyone under the age of 18.

Our website is not directed at children, and we do not use any techniques to attract or engage minors. If you are a parent or guardian and believe that your child has inadvertently submitted personal data to us, please contact us immediately at privacy@joynewphone.online or on 02035 043106 and we will take prompt steps to delete that data from our records.

THIRD-PARTY LINKS

Our website may contain links to third-party websites, including mobile network operators such as EE, O2, Vodafone, and Three. These links are provided for your convenience and information only.

Once you click a link to a third-party website, you leave our site and are subject to that third party's own privacy policy and terms of use. We have no control over, and accept no responsibility for, the privacy practices or content of any external websites.

We recommend that you review the privacy policy of any third-party website you visit before providing any personal information.

CHANGES TO THIS POLICY

We review this Privacy Policy regularly to ensure it remains accurate, up to date, and compliant with applicable data protection legislation. We reserve the right to amend this policy at any time.

When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page.
• Display a notice on our website homepage for at least 30 days following a significant change.
• Where we have your email address and the change materially affects how we use your data, we will notify you directly by email.

We encourage you to review this page periodically to stay informed about how we protect your personal information. Your continued use of our services after the effective date of any changes constitutes your acknowledgement of the revised policy.

Previous versions of this Privacy Policy are available on request by contacting us using the details below.

CONTACT US

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please do not hesitate to get in touch. Our team is here to help.

• Phone: 02035 043106 — Mon–Fri 8am–8pm, Sat 9am–5pm
• Email: privacy@joynewphone.online
• Data Protection Contact: dpo@joynewphone.online
• Post: Data Protection, JOYNEWPHONE, United Kingdom

We aim to respond to all data-related enquiries and Subject Access Requests within one calendar month of receipt. If your request is particularly complex or numerous, we may extend this period by a further two months, in which case we will write to you to explain the reason for the delay.