Privacy Notice 

Last updated: 1st June 2026 

This privacy notice explains who we are, what personal information we collect, how and why we use it, who we share it with, how long we keep it, and your rights. It also tells you how to contact us or make a complaint. 

This notice applies if you: 

• visit our websites or portals; or 

• buy or use any products or services provided by Chess Limited or any current or future subsidiary or affiliated company within the Chess Group. 

 

Who we are 

The Chess Group collects and uses personal information and is responsible for it as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

 

The personal information we collect 

Information you give us 

We collect information when you: 

• place an order or sign up for our products or services. 

• contact us about your account. 

• complete surveys or enter competitions. 

This may include: 

• name. 

• business or personal email address. 

• postal and site addresses. 

• telephone or mobile number. 

• date of birth. 

• payment, bank or card details. 

• other information needed to provide the specific service you request. 

 

Information we collect automatically 

We automatically collect some information when you: 

• use our services (for example, call data such as numbers called, call duration, or broadband usage) for billing, support and service management; and 

• use our websites, portals or apps, using cookies and similar technologies (see the Cookies section below). 

 

Information from third parties 

We may receive personal information from: 

• service providers who work on our behalf. 

• other telecommunications providers. 

• marketing organisations. 

• businesses whose customers we acquire. 

• partners or dealers who refer you to us. 

• credit reference and fraud prevention agencies 

 

How we use your personal information 

We use your information to: 

• verify your identity. 

• answer enquiries and manage your account. 

• process orders, contracts and payments. 

• carry out credit checks and manage financial risk. 

• provide and support our services. 

• monitor and record communications for training, quality, and regulatory purposes. 

• tell you about changes to our services, websites or terms. 

• improve our products and services through analysis and reporting. 

• personalise services and understand customer preferences. 

• recover money owed under a contract. 

• prevent and detect fraud, crime, misuse or damage to our networks; and 

• maintain the security and performance of our systems (including monitoring for spam and malware). 

 

Who we share your information with 

We may share your personal information with organisations outside the Chess Group, including: 

• suppliers and service providers who help us deliver and support our services (such as customer support teams, carriers or couriers). 

• organisations that help us improve our services. 

• other companies within the Chess Group and Chess T2 Group for marketing and service-related purposes. 

• buyers or advisers if we sell or restructure part of our business. 

• courts, regulators or law enforcement bodies where required by law; and 

• regulators such as Ofcom, CISAS or the Information Commissioner’s Office (ICO) when they request information to investigate a complaint. 

We only share information where it is necessary and lawful to do so. 

Definitions used in this section 
Chess T2 Group means Chess T2 Limited and any current or future subsidiary or affiliated company within the Chess T2 corporate structure. The Chess T2 Group is a separate legal group from the Chess Group, although certain shareholders or directors may be the same.  

 

How long we keep your information 

We keep personal information only for as long as necessary to: 

• provide goods or services. 

• meet legal, regulatory or tax obligations; or 

• protect our legitimate business interests (for example, dealing with disputes or fraud). 

For information about how long we retain personal data, please refer to our Data Protection & Retention Policy, available on our website here Chess GDPR Data Protection and Retention Policy 

 

Our legal bases for using your information 

We use your personal information where: 

• it is necessary to perform a contract with you. 

• it is in our legitimate interests, provided your rights do not override those interests. 

• you have given consent (for example, for certain marketing); or 

• we have a legal obligation to do so. 

Where we rely on legitimate interests, we explain these to you where required. 

 

Credit checks 

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). 
We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data. 

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority. FCA Firm Reference Number: 742313 

• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority. FCA Firm Reference Number: 805757 

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws. 

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices: 

• Creditsafe Privacy / Transparency Notice: Transparency Notice | Customers & Suppliers 

• TransUnion CRAIN (Credit Reference Agency Information Notice): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference 

• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau 

 

 

Marketing preferences 

If you have agreed to receive marketing, we may contact you about products, services and offers we think may interest you. Our emails may include tracking technology to help us understand how effective our communications are. 

You can stop receiving marketing at any time by: 

• clicking “unsubscribe” in any marketing email; or 

• contacting us using the details below. 

We aim to action opt‑out requests within 3 working days, though it may take up to 28 days to fully synch across all systems. 

 

Cookies 

Our websites, portals and applications use cookies to collect information such as: 

• IP address. 

• browser and device details. 

• pages visited and time spent on pages. 

This helps us understand how our sites are used and improve your experience. We do not try to identify you from your IP address unless required by law or to protect our rights or those of our customers. 

You can control or delete cookies through your browser settings. Some features may not work properly if cookies are disabled. 

 

International transfers 

We do not transfer personal information outside the EEA unless: 

• the destination country has been approved by the UK as providing adequate protection; or 

• appropriate safeguards are in place, such as the ICO International Data Transfer Agreement. 

 

Your rights 

You have the right to: 

1. be informed about how we use your information. 

2. access your personal information. 

3. have inaccurate information corrected. 

4. request deletion of your information in certain circumstances. 

5. restrict how we use your information in certain circumstances. 

6. receive and reuse your information (data portability). 

7. object to processing, including direct marketing; and 

8. not be subject to certain automated decision‑making. 

Further guidance is available from the ICO: https://ico.org.uk 

 

Keeping your information secure 

We use appropriate technical and organisational measures to protect personal information. Access is limited to people who need it for legitimate business purposes. 

We have procedures in place to deal with data security incidents and will notify you and regulators where required. 

The Chess Group is accredited to ISO 27001:2022, demonstrating our commitment to information security. 

 

Changes to this notice 

We may update this privacy notice from time to time. We will notify you of significant changes on our website or by other appropriate means. 

 

How to contact us 

If you have questions or want to exercise your rights, please contact our Compliance Team: 

• Email: compliance@chessict.co.uk 

• Post: Data Protection Officer, Chess ICT Limited, Mereside, Alderley Park, Congleton Road, Macclesfield. SK10 4TG 

Subject Access Requests 

You can submit a request by email or post using the details above, or via the form on our website under Privacy → Data Processing Requests or Complaints → Exercise your Rights 

We may ask for proof of identity. 

 

How to complain 

We encourage you to contact us first so we can resolve any concerns. 

Data Protection Officer: Tina Flather 

• Email: tinaflather@chessict.co.uk 

• Post: Data Protection Officer, Chess ICT Limited, Mereside, Alderley Park, Congleton Road, Macclesfield. SK10 4TG 

• Online form: https://chessict.co.uk (Privacy section) 

You also have the right to complain to the Information Commissioner’s Office (ICO): 

• Website: https://ico.org.uk/concerns/ 

• Telephone: 0303 123 1113 

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

 

This privacy notice is reviewed regularly and approved by management.