Quick summary
BroadbandSwitch.uk is a free, UK-focused broadband comparison service operated by SearchSwitchSave Limited. We collect only the minimum personal data needed to help you compare and switch broadband, and we never sell your information to anyone. Strictly necessary cookies keep the site running, while analytics and affiliate-attribution cookies are only used after you give consent in our cookie banner. You have strong rights under the UK GDPR, including access, correction, erasure and the right to complain. Anything to ask? Email our data protection team at dpo@searchswitchsave.com and a real human will reply.
Who we are
BroadbandSwitch.uk is the trading name of SearchSwitchSave Limited. We are the data controller for personal data collected through this website. Here are the details you may need.
- Trading name
- BroadbandSwitch.uk
- Legal entity
- SearchSwitchSave Limited
- Registered office
- Sycamore House, Glen Duff, Lezayre, IM7 2AT, Isle of Man
- Company number
- 030828B (Isle of Man)
- ICO registration
- R697728
- UK trade mark
- UK00004211113
- General enquiries
- hello@searchswitchsave.com
- Editorial
- editor@broadbandswitch.uk
- Data protection
- dpo@searchswitchsave.com
- Phone
- 0330 122 1223
Our team is happy to walk you through anything in this policy. If you would prefer plain conversation to legalese, just drop us a line and we will explain in everyday language.
Scope of this policy
This policy explains how we handle personal data collected through the BroadbandSwitch.uk website, our customer service interactions (email, phone, chat) and any related landing pages we operate. It applies to visitors, comparison users, newsletter subscribers and people who get in touch with us.
It does not cover the privacy practices of broadband providers, third-party retailers or other websites we link to. When you click through to a provider to complete a switch, that provider becomes the controller of the data you give them, under their own privacy policy. We always recommend skimming theirs too before signing up.
The personal data we collect
We try to keep things lean. Here are the categories of personal data we may collect, with examples and where they come from.
| Category | Examples | Source |
|---|---|---|
| Identity | First name, last name, account username (only if you create an account) | Provided directly by you |
| Contact | Email address, postcode, optional phone number | Provided directly by you (forms, newsletter) |
| Technical | IP address, device type, browser, operating system, referring URL | Collected automatically via server logs and cookies |
| Usage | Pages viewed, search filters used, comparison clicks, time on page | Collected via analytics cookies (with consent) |
| Marketing preferences | Newsletter opt-in status, topics of interest, unsubscribe records | Provided by you and recorded by our email platform |
| Communications | Emails, chat transcripts, call notes, support tickets | Provided by you when you contact us |
We do not knowingly collect special category data (such as health, religion or biometric information) and we ask you not to send it to us. If you do, we will delete it as soon as practical.
How we use your data and our lawful bases
Under the UK GDPR, every use of personal data must rely on a lawful basis (Article 6). Here is a clear breakdown of why we process data, what we use, the basis we rely on and how long we keep it.
| Purpose | Data used | Lawful basis | Retention |
|---|---|---|---|
| Run the comparison service | Identity, Contact, Technical, Usage | Legitimate interests (operating the site) | Session plus 12 months |
| Keep the site secure and reliable | Technical (IP, logs) | Legitimate interests (security) | 90 days for raw logs |
| Analytics and product improvement | Usage, Technical (pseudonymised) | Consent (PECR for cookies) | Up to 14 months |
| Affiliate attribution | Click ID, timestamp, partner ID | Consent (PECR for cookies) | 30 to 90 days |
| Newsletter and updates | Contact, Marketing preferences | Consent | Until you unsubscribe, plus 24 months for the consent record |
| Respond to enquiries | Identity, Contact, Communications | Legitimate interests / contract steps | 24 months after last contact |
| Legal, accounting and compliance | As required by law | Legal obligation | 6 years (HMRC) |
| Defending legal claims | As needed | Legitimate interests | Up to 6 years |
If we ever want to use your data for a new purpose that is not compatible with these, we will tell you and ask for your consent first.
International transfers
Most of our processing happens within the UK and the European Economic Area. Where a processor is based in another country, we transfer personal data only when one of the safeguards in Chapter V of the UK GDPR is in place.
- UK adequacy regulations: for transfers to countries the UK Government has decided offer an adequate level of protection (such as the EEA, and the US under the UK Extension to the EU-US Data Privacy Framework for certified organisations).
- International Data Transfer Agreement (IDTA): the UK's standalone transfer contract.
- UK Addendum to the EU Standard Contractual Clauses: used together with the EU SCCs for transfers to non-adequate countries.
- Transfer risk assessments: we document a TRA for each non-adequate destination, with extra safeguards (such as encryption and access controls) where needed.
If you would like a copy of the safeguards we rely on for a specific transfer, just ask.
How long we keep data
We keep personal data only as long as we genuinely need it. Here is the summary.
| Data type | Retention period | Reason |
|---|---|---|
| Server logs | 90 days | Security and abuse prevention |
| Analytics events (pseudonymised) | Up to 14 months | Trend analysis |
| Affiliate click records | 30 to 90 days | Attribution windows |
| Newsletter subscriber data | Until unsubscribe | Send the newsletter you asked for |
| Marketing consent records | 24 months after last interaction | Demonstrate consent |
| Customer enquiries | 24 months after last contact | Continuity of support |
| Accounting records | 6 years | HMRC and Companies law |
| Backups | Rolling 35 days | Disaster recovery |
When a retention period ends we either securely delete the data or anonymise it so it no longer identifies you.
Your rights under UK GDPR
You have eight headline rights when it comes to your personal data. We aim to make exercising them genuinely easy.
- Right of access: ask for a copy of the personal data we hold about you.
- Right to rectification: ask us to correct anything that is inaccurate or incomplete.
- Right to erasure: ask us to delete personal data where there is no good reason for us to keep it (also known as the right to be forgotten).
- Right to restriction: ask us to pause processing while we sort out a query.
- Right to data portability: ask us to send certain data to you, or to another provider, in a machine-readable format.
- Right to object: object to processing based on legitimate interests, including direct marketing (which we will always stop).
- Right to withdraw consent: change your mind at any time where we relied on consent (such as cookies or newsletter sign-up).
- Right to complain: raise a complaint with the UK Information Commissioner's Office (ICO).
How to exercise your rights
The fastest route is to email dpo@searchswitchsave.com with a brief description of your request. We may need to verify your identity before we proceed, which protects you from impersonation. We respond within one calendar month, and where requests are complex we may extend by up to two further months and tell you why.
Most requests are free. We may charge a reasonable fee or refuse where a request is manifestly unfounded or excessive, but in practice that is very rare.
Security
We take security seriously. Our measures include HTTPS across the whole site, encryption in transit (TLS 1.2 or higher), encryption at rest where supported by the platform, role-based access control, multi-factor authentication for staff, regular software patching, structured logging and a documented incident response plan.
If we ever experienced a personal data breach that posed a risk to you, we would notify the ICO within 72 hours and tell you directly when the law requires it. No system is perfectly secure, but we work hard to reduce risk and learn from every issue.
If you ever see anything unusual involving your account or our communications, please email dpo@searchswitchsave.com right away so we can investigate quickly.
Children
Our service is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact dpo@searchswitchsave.com and we will delete it promptly.
Automated decision-making
We do not carry out automated decision-making (including profiling) that produces legal or similarly significant effects on you. Our comparison tables and ranking algorithms are designed to inform your choice, not to make decisions for you, and a human is always in the loop on editorial decisions.
Changes to this policy
We may update this policy from time to time, for example when we introduce a new feature, change a processor or to reflect updates in the law. When we do, we will revise the "last updated" date at the top of the page. If the changes are significant, we will give a clearer heads-up by email (where you have given consent) or with a banner on the site.
We keep an internal version history so we can show what changed and when, on request.
Contact and complaints
If you have a question, request or concern, please get in touch. We will always try to put things right ourselves first.
- Data protection
- dpo@searchswitchsave.com
- General enquiries
- hello@searchswitchsave.com
- Phone
- 0330 122 1223 (Mon to Fri, 9am to 5pm UK time)
- Post
- Data Protection Officer, SearchSwitchSave Limited, Sycamore House, Glen Duff, Lezayre, IM7 2AT, Isle of Man
Complain to the ICO
You also have the right to complain to the UK Information Commissioner's Office (ICO) if you think we have not handled your data correctly. We would prefer to hear from you first, but you can go directly if you wish.
- ICO website
- ico.org.uk/make-a-complaint
- ICO helpline
- 0303 123 1113
- ICO post
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Frequently asked questions
Quick answers to the questions our readers ask most. Pick a question to expand the answer.
Do you sell my personal data?
No, never. We earn through commission paid by broadband providers when you switch via our affiliate links. That model does not require selling, sharing or renting your personal data, and we do not do any of those things.
Do I have to accept cookies to use the site?
No. Strictly necessary cookies (for example, the one that remembers your cookie choice) keep the site running and do not require consent. Analytics and affiliate-attribution cookies are optional and only set after you accept them. You can change your mind at any time using the cookie preferences link in the footer.
How do you protect my data?
We use HTTPS everywhere, encrypt data in transit, restrict staff access through role-based permissions and multi-factor authentication, keep audit logs, patch our systems regularly and review the security of our hosting and processors at least annually.
Can I get a copy of the data you hold about me?
Yes. Email dpo@searchswitchsave.com with the subject line "Subject Access Request". We respond within one calendar month and may ask for proof of identity to keep your data safe.
How long do you keep my information?
Only as long as we genuinely need it. Typical periods are 12 months for analytics, 24 months for marketing consent records and 6 years for accounting records (a legal requirement). See the retention table above for the full list.
Where is my data stored?
Primarily in the UK and the European Economic Area. Where a processor is based outside the UK, we rely on UK adequacy regulations or the IDTA / UK Addendum to the EU Standard Contractual Clauses, plus a transfer risk assessment to make sure your data stays well protected.
Are you registered with the ICO?
Yes. SearchSwitchSave Limited is registered with the UK Information Commissioner's Office under registration number R697728. You can verify our registration at ico.org.uk.
How do I complain about how my data is handled?
Please contact us first at dpo@searchswitchsave.com so we can investigate and put things right. You also have the right to complain directly to the ICO at ico.org.uk/make-a-complaint.
References
Sources we relied on when preparing this policy, in APA style.
- Data Protection Act 2018, c. 12. https://www.legislation.gov.uk/ukpga/2018/12/contents
- Information Commissioner's Office. (2023). Guide to the Privacy and Electronic Communications Regulations. https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/
- Information Commissioner's Office. (2023). Guide to the UK General Data Protection Regulation (UK GDPR). https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/
- Information Commissioner's Office. (2023). International data transfer agreement and guidance. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/
- The Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426. https://www.legislation.gov.uk/uksi/2003/2426/contents
- Web Content Accessibility Guidelines (WCAG) 2.2. (2023). W3C. https://www.w3.org/TR/WCAG22/