Skip to main content Skip to footer

Your Privacy

Chess GDPR Data Protection Policy

Click here to view our Data Protection Policy

Chess Group Privacy Notice

Click here to view our Privacy Notice

Our Vendors Privacy Policy

Click here to view BT/EE's Policy

Click here to view Vodafone's Policy

Click here to view O2's Policy

Information Security & Quality

Chess Group is committed to its customers, suppliers, and people; with security playing an essential part of our culture. To ensure the effective confidentiality, integrity and availability of our services and products, we utilise the below accreditations in support of our information security management system. Our dedicated teams further ensure our measures (both procedural and technical) are continually reviewed and reported to help Chess’s continual improvement in staying up to date with the latest security technologies and best practise.   

Subject Access Request Form

Click here to view our Subject Access Request Form

A SAR is a request for personal data only which is information that relates to the subject as an identified or identifiable individual. An individual can only make a request for their own information (with certain exceptions) Please refer to our Privacy Policy. We will require comprehensive information of the details, dates and search criteria to help us fulfil your request.

Chess Group Privacy Policy

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

This privacy notice applies to anyone who uses the websites and/or portals of, or who buys or uses any of the services or products provided by Chess Limited and its subsidiaries (“the Chess Group”) which includes the brands Chess ICT Limited, Chess Digital Ltd, Chess Partner Ltd and TTNC Limited.

By using any of our services or visiting our websites you agree to use of your information as set out in this privacy notice. This privacy notice forms part of and should be read in conjunction with the terms and conditions on our website and the terms and conditions which apply to your contract for the provision services and/or the supply of goods or products.

Who we are

The Chess Group collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK General Data Protection Regulation and the Data Protection Act 2018. We are responsible as a ‘controller’ of that personal information for the purposes of those laws.

The personal information we collect and use

Collection of Data

When you place an order with us for any of our goods or services we will need certain information to process your order. This may be information such as your name, private or business email address, postal address, site addresses, telephone or mobile numbers, date of birth, financial or bank account/card information to help us identify you and provide you with the services or products. We may ask for further information that relates to the service that you are ordering.

When you contact us to discuss your account, we may ask for certain information to confirm your identity, check our records and answer your questions quickly and accurately.

If you complete a survey or enter into any competitions we may ask for information about you which we will make clear at the time and for the purpose we will being using the information.

  • We will automatically collect information: when you use our services, such as broadband usage or when you make a call the number, destination and length of your call, which we need to help the services and for billing purposes;
  • When you visit our websites, portals or use our online or mobile applications, we may collect and process information about your usage of these by using “cookies” and other similar technologies (see “cookies” section below) to help us make improvements to the websites and to the services we make available.

We may receive personal information from third parties, such as companies contracted by us to provide services to you, other telecommunications operators, marketing organisations and credit reference agencies (see “credit checks" below).

Where you have come to Chess as a customer through acquisition, we will have collected information about you from the company and/or business we purchased the rights to your contract for services from. We will also collect information about you following the acquisition.

Where you have been referred to Chess by a partner or dealer that works with Chess, we will have collected information about you from that third-party partner or dealer. We will also collect information about you following the introduction and/or referral.

How we use your personal information

We use your personal information for example to:

  • verify your identity when you use our services or contact us;
  • process your enquiries, orders or contracts and to provide you with services;
  • carry out credit checks and to manage your account(s);
  • monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations;
  • provide you with information about other services, offers or products across the Chess Group;
  • to tell you about changes to our websites, services or terms and conditions;
  • carry out any marketing analysis, profiling or create statistical or testing information to help us personalise the services we offer you and to understand what our customers want;
  • analyse our services with the aim of improving them;
  • recover any monies you may owe to us pursuant to a contract with a member of the Chess Group;
  • prevent or detect a crime, fraud or misuse of, or damage to our network, and to investigate where we believe any of these have occurred; and
  • monitor network traffic from time to time for the purposes of backup and problem solving, for example our automated system may monitor email subjects to help with spam and malware detection.


Who we share your personal information with

We routinely share information with organisations outside the Chess Group:

  • involved in the running or managing of your accounts or providing services to you for us (e.g. customer support, carriers, or a courier company if you have asked us to send something to you);
  • to help us improve the services we are providing;
  • for marketing purposes in respect of products and services offered across the Chess Group;
  • as part of the process of selling one or more of our businesses;
  • as part of current or future legal proceedings;
  • in response to properly made requests from law enforcement agencies for the prevention, investigation and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation; or
  • in response to properly made requests from regulatory bodies such as the Information Commissioners Office, Ofcom and CISAS, for example where you contact Ofcom or CISAS asking them to investigate a complaint in respect of the provision of our services to you, they may request information from us to enable them to investigate and make a decision in respect of this matter. We will need to provide them with the relevant information we hold relating to your account.

How long your personal information will be kept

We retain personal data we collect for as long as necessary for the purposes for which the personal data was collected or where we have an ongoing legitimate business need to do so (for example, to provide you with goods or services, to ensure that transactions can be processed, settled, refunded, charged back or to indemnify fraud), or to comply with applicable legal, tax or regulatory requirements. Even if you close your account, we will retain certain information to meet our obligations.

When we have no ongoing legitimate business need to process your personal data, we will either securely destroy, erase, delete or anonymise it, or if this is not possible (for example because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Retention periods for Customers/Marketing purposes: -

Account with current purchasing activity – Retained

Account with ceased purchasing activity – 7 years after activity ceased

Account with no purchasing activity – 2 years

Reasons we can collect and use your personal information

Our legal basis for collecting and using personal data will depend on the personal data concerned and the specific context in which we collect it. However, we normally collect personal data from you where we need it to perform a contract with you, or where the processing is in our legitimate interest and not overridden by your data protection interests or rights, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we collect and use your personal data in reliance upon our legitimate interests (or those of a third party) other than as described in this privacy notice, we will make clear to you at the relevant time what those legitimate interests are.

Credit Checks

When you apply to buy products or services from us we may carry out a credit check. This means we may need to check certain records about you which may include records at credit reference agencies or fraud prevention agencies

Marketing Preferences

Where you have agreed to us contacting you either when you joined or via your preferences, we will contact you with details of products, services and promotions which we believe you may be interested in. Such communications may contain tracking technology that tells us whether you opened the communication and whether you followed the hyperlinks within the communication, in order to help us analyse the effectiveness of, monitor, and improve our marketing campaigns. Such communications may contain tracking technology that tells us whether you opened the communication and whether you followed the hyperlinks within the communication in order to help us analyse the effectiveness of, monitor and improve our marketing campaigns.

If you change your mind and do not want us to send you marketing messages or information you can unsubscribe from any email updates by clicking on the ‘unsubscribe’ button at the bottom of the email. In addition, you can contact us as detailed below.


Our websites, portals and applications use cookies. Cookies collect information about your use of our website and any other portals or applications including things like your connection speed, details of your operating system, the time and duration of your visit and your IP address. The information collected by cookies enables us to understand the use of our sites and applications, including the number of visitors we have, pages viewed per session, time exposed on pages etc. This in turn helps provide you with a better experience since we can evaluate the level of interest in the content and tailor it accordingly. We will not attempt to identify you from your IP address unless required to as a matter of law or regulation or in order to protect our, or our customers’, rights.

Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can also delete existing cookies from your browser. However, you may find that some parts of the website, portal or application may not function properly if you disable cookies.

Transfer of your information out of the EEA

We will not transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) which is either not governed by public international law or which is not set up under any agreement between two or more countries.

Your rights

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have a number of important rights:-

  1. to be informed in relation to the fair processing of information and transparency over how we use your personal information
  2. access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  3. require us to correct any mistakes in your information which we hold
  4. require the erasure of personal information concerning you in certain situations
  5. otherwise restrict our processing of your personal information in certain circumstances
  6. receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  7. object in certain situations to our continued processing of your personal information (or object at any time to processing of personal information concerning you for direct marketing)
  8. object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, processed or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Changes to this privacy notice

We may change this privacy notice from time to time, when we do we will inform you via a notification on our website and/or by way of a notice on invoices raised by us to you.

How to contact us

Please contact Compliance Team if you have any questions about this privacy notice or the information we hold about you. If you wish to contact our Compliance Team, please send an email to or write to Chess ICT Limited, Bridgford House, Heyes Lane, Alderley Edge, SK9 7JP.

If you would like to unsubscribe from any email updates or marketing communications you can also click on the ‘unsubscribe’ button at the bottom of the email. Alternatively, you can contact us by email Chess will endeavour to action such requests within 3 working days of receipt.

Should you wish to make a Subject Access Request please complete the Subject Access Request Form that is available on our website at “Legal”-“Privacy”-”Subject Access Request Form” or email or by post to: Compliance Team, Chess ICT Limited, Bridgford House, Heyes Lane, Alderley Edge, SK9 7JP, together with:

  • enough information to identify you;
  • proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

If you wish to make a complaint regarding the use of your information, in the first instance please contact our Data Protection Officer:- Sandra Lovell-Struthers, Head of Compliance, either by email or by writing to Chess ICT Limited, Bridgford House, Heyes Lane, Alderley Edge, SK9 7JP.

The UK General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113 or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

This privacy policy will be regularly reviewed and update as necessary. The management team endorses this statement and is fully committed to its implementation.