Duplia
Legal

Privacy Policy

How we collect, use and protect the personal data you share with us when you use Duplia.

Last updated: April 2026

When you use our broadband or visit this site, we handle a bit of personal data about you. This page explains exactly what we hold, why we hold it, how long we keep it, and what you can do about it.

The short version

We only collect what we need to deliver broadband and talk to you about it. We don't sell your data. You can ask for a copy of it, correct it, or have it deleted. Everything here is written against the UK GDPR and the Data Protection Act 2018.

When this policy applies

This policy covers how Duplia Ltd (“we”, “us”, “our”) handles personal data as defined by the UK GDPR and the Data Protection Act 2018. It applies to every form of information we hold about you, whether stored electronically or on paper, and regardless of whether you're a customer, a visitor, or someone who's just got in touch with a question.

It doesn't cover information about companies themselves, but it does cover the people who work inside them. Our services are available only to people aged 18 or over, unless supervised by a parent or guardian.

What we collect

Broadly, we collect five kinds of personal data. Only what's needed for the specific purpose we're using it for, never more:

Personal details

Your name, date of birth, nationality and family details: enough to confirm who we're talking to.

Contact details

Email, phone, postal address and any usernames you share so we can actually reach you.

Payment details

Bank or card details, used only to take payments, issue refunds or keep your account in good standing.

Usage patterns

How and when you use our services: preferences, habits, memberships and similar statistical signals.

Your correspondence

Emails, support tickets and anything you (or others) send us that relates to you.

We may also collect non-personal information such as your IP address, browser version and network details. These aren't covered by the UK GDPR principles on their own, but we still handle them responsibly.

If you ever share data with us about someone else, you confirm that you've got their permission to do that.

How we collect it

Most of the time we collect data directly from you. That happens when:

  • You register or subscribe. Signing up for a service, creating an account, joining a list.
  • You buy something. Placing an order or requesting a quote.
  • You supply us with something. If you provide us with goods or services yourself.
  • You get in touch. By email, phone, chat or any other channel.
  • You visit this site. We set cookies and similar tags in line with our cookie policy.

Less frequently, we receive data from third parties such as public records, business partners, or contractors working on your behalf. We always try to make it clear when we're collecting data about you. If we ever obtain it without your knowledge (for example by accident from a client), we'll either delete it or tell you that we hold it.

How we use and share your data

The golden rule: we only use your data for the purpose we collected it for, unless you've given us permission for something else. Specifically, we use your data to:

  • Provide the goods and services you've asked for.
  • Verify your identity.
  • Communicate with you about your account, our services, and (if you've opted in) our marketing and promotions.
  • Investigate complaints, suspected breaches of our terms, or unlawful activity on the account.
  • Meet our legal obligations.

We keep your data only for as long as it's needed for these purposes, or longer where the law requires. When it stops being needed, we either delete it or anonymise it.

We do not sell your personal data to anyone, ever. We share it with third parties only in narrow circumstances:

  • Service providers who help us run the business. We only share what each provider needs to do its job, and each one is bound by a contract that holds them to UK GDPR-grade safeguards. The current list:
  • Law enforcement or a governmental authority, where required by law or where we reasonably believe you're engaged in fraudulent, deceptive or unlawful activity.
  • A new owner of the business, in the event of a sale or merger.

If we ever share data with an organisation outside the UK, we only do so once they've agreed in writing to protect your data to the same standard as us.

Your rights

Under the UK GDPR you have the following rights over the personal data we hold about you. To exercise any of them, get in touch using the details at the bottom of this page:

Right to be informed

To know what we collect and why. That's what this policy is for.

Right of access

To ask for a copy of everything we hold about you. We'll respond within 28 days.

Right to rectification

To have inaccurate data corrected. We'll action this within 7 days of written notice.

Right to erasure

To have your data deleted. We'll action this within 28 days of a written request.

Right to restrict processing

To ask us to pause using your data for particular purposes.

Right to data portability

To receive your data in a portable format so you can take it somewhere else.

Right to object

To opt out of specific types of processing, particularly direct marketing.

Rights around automated decisions

To not be subject to significant decisions made solely by automated processing.

Complain to the regulator

If you feel we've got something wrong and we haven't put it right, you can complain to the UK Information Commissioner's Office at ico.org.uk. You can do this at any time, without going through us first.

Keeping your data safe

We take reasonable steps to protect your data from unauthorised access, including securing our physical premises and electronic systems. Our Data Protection Officer oversees compliance with this policy and the UK GDPR.

Internet transmissions and postal communications aren't guaranteed to be secure, so sending us data by either means is at your own risk. We can't be held responsible for the privacy or security practices of any third party you reach through our services, even where we're permitted to share data with them.

Please keep your password and login details confidential. We'll never ask you for your password outside of a genuine login screen. If you think your data has been misused or accessed without your permission, let us know immediately.

Access, correction and deletion

You can ask us, in writing, to:

  • Send you a copy of the personal data we hold about you. We'll respond within 28 days.
  • Delete all the personal data we hold about you. Within 28 days, we'll remove it (subject to anything we're required by law to retain).
  • Correct any mistakes in the data we hold. We'll fix it within 7 days of your written notice.

It's up to you to give us accurate information in the first place. We can't be liable for data you provide that turns out to be incorrect.

Contact us or raise a complaint

For anything to do with privacy, including data requests and complaints, contact our Data Protection Officer:

Postal correspondence:

Data Protection Officer, Duplia
Unit 22, The Glenmore Centre
Quedgeley
GL2 2AP
United Kingdom

Or email contact@duplia.com. Email is the quickest way to reach the DPO in the first instance.

If we have a dispute about your personal data, we'll try to resolve it with you directly first. If we become aware of any unauthorised access to your data, we'll tell you as soon as we've understood what happened.

From time to time we may send you important notices about changes to our policies or terms. Because these affect your relationship with us, you can't opt out of receiving them.

Changes to this policy

We may update this policy from time to time by publishing a new version on this page. If the changes are substantial we'll flag them separately; for minor edits, checking this page is your call. Nothing in this policy restricts our obligations under the UK GDPR or the Data Protection Act 2018.