Vision Plus & Blue Mineral Logo

Privacy
Policy

Last updated: 29 June 2025. This policy explains how Vision Plus & Blue Mineral Ltd collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

01

Data Controller

The data controller responsible for your personal data is:

Vision Plus & Blue Mineral Ltd

322 Grenville House, Stratford Road, Shirley, B90 3DN

Email: support@visionplus-mbb.com

Telephone: 020 8103 9044

ICO Registration number: ZA767734

You can verify our ICO registration at ico.org.uk.

02

Data We Collect

We collect only the personal data that is necessary to provide you with our mobile data SIM service. We do not collect data for marketing, profiling, or advertising purposes.

2.1 Data you provide directly

When you sign up for a SIM through our website, you provide:

Category Data items Why we collect it
Identity Full name Required to create your account and fulfil the contract
Contact Email address, phone number Service notifications, billing communications, and account support
Address Home / billing address including postcode Required for Direct Debit setup and billing
SIM details SIM card number (ICCID) Required to activate and manage your SIM
Payment Bank account / sort code (for Direct Debit) or card token (for card payment) — processed via Stripe. We never store raw card or bank account numbers. To collect the charges due under your rolling monthly contract
Agreement Record of your acceptance of our Terms & Conditions and the date/time of acceptance To demonstrate lawful formation of the contract

2.2 Data collected automatically

Our website hosting provider (Netlify) automatically collects standard server logs when you visit the site, including your IP address, browser type, and the pages you visit. This data is used solely to maintain the security and availability of the service and is not used for marketing or tracking purposes.

2.3 Data we do not collect

We do not collect any special category personal data (such as health, religious, or political data). We do not conduct behavioural profiling or targeted advertising. We do not collect data about children.

04

How We Use Your Data

We use your personal data only for the purposes listed below. We will not use your data for any purpose that is incompatible with those purposes without giving you prior notice.

  • check_circle SIM activation and account management — creating your account, activating your SIM card on the network, and managing your service.
  • check_circle Billing and payment collection — collecting the monthly standing charge and any usage charges via Direct Debit or card through Stripe.
  • check_circle Service communications — sending you a registration confirmation email, billing notifications, and any important service updates or changes to our terms.
  • check_circle Customer support — responding to your queries and resolving any issues with your account or service.
  • check_circle Legal compliance and dispute resolution — retaining records as required by law or to enforce or defend our contractual rights.
  • cancel We will never sell your data to third parties, share it for marketing purposes, or use it for automated decision-making that has legal or significant effects on you.
05

Data Processors & Third-Party Recipients

We engage the following trusted third-party processors to provide our service. Each processor is bound by a data processing agreement and may only process your data on our documented instructions.

Stripe, Inc. — Payment Processing

Privacy policy ↗

Data shared: Name, address, email, bank account / card details (for payment setup).

Purpose: Processing Direct Debit mandates and card payment tokens; fraud prevention.

Location: United States (with UK GDPR-compliant data transfer mechanisms — see Section 6).

Resend — Transactional Email

Privacy policy ↗

Data shared: Name and email address.

Purpose: Delivering your registration confirmation email.

Location: United States (with UK GDPR-compliant data transfer mechanisms).

Netlify, Inc. — Website Hosting

Privacy policy ↗

Data shared: IP address and server log data (collected automatically).

Purpose: Hosting and delivering the website; running our serverless functions that process your sign-up form.

Location: United States (with UK GDPR-compliant data transfer mechanisms).

Mobile Network Provider — SIM Connectivity

Data shared: SIM card number (ICCID), and the minimum data required for SIM activation.

Purpose: Activating your SIM on the mobile network and providing data connectivity.

Location: United Kingdom.

We do not share your personal data with any other third parties. We do not sell personal data.

06

International Transfers

Some of our processors (Stripe, Resend, and Netlify) are based in the United States and may process your data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place as required by Article 46 UK GDPR. These safeguards currently include:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner (the International Data Transfer Agreement, or IDTA); or
  • an adequacy decision made by the UK Secretary of State; or
  • the UK–US Data Bridge framework (where applicable).

You can request a copy of the relevant safeguards by contacting us at support@visionplus-mbb.com.

07

Retention Periods

We keep your personal data only for as long as necessary for the purposes for which it was collected. The table below sets out our standard retention periods.

Data category Retention period Reason
Account and contract data (name, address, SIM, contact details) Duration of the contract + 6 years Statute of limitations for contract claims under UK law
Financial / billing records 6 years from end of the tax year to which they relate HMRC requirement under the Taxes Management Act 1970
Direct Debit mandate records 3 years after the mandate ends Bacs scheme rules
Server access logs (IP address etc.) Up to 90 days Security monitoring and fraud prevention
Support correspondence (emails, calls) 2 years after resolution Customer service record-keeping
Cookie consent records 1 year (stored in your browser) To avoid asking for consent on every visit

After the applicable retention period, personal data is securely deleted or anonymised.

08

Your Rights Under UK GDPR

You have the following rights in relation to your personal data. You may exercise any of them free of charge by contacting us at support@visionplus-mbb.com. We will respond within one calendar month of receiving your request.

visibility

Right of Access (Article 15)

You can request a copy of the personal data we hold about you (a "Subject Access Request").

edit

Right to Rectification (Article 16)

You can ask us to correct inaccurate personal data we hold about you, or to complete incomplete data.

delete

Right to Erasure (Article 17)

You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.

pause_circle

Right to Restriction (Article 18)

You can ask us to restrict processing of your data in certain circumstances, for example while a dispute about accuracy is resolved.

move_down

Right to Portability (Article 20)

Where we process your data on the basis of contract or consent and by automated means, you can ask for a machine-readable copy.

block

Right to Object (Article 21)

You can object to processing based on our legitimate interests. We must then stop unless we can demonstrate compelling legitimate grounds.

person_off

Rights re. Automated Decisions (Article 22)

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects. This right is therefore not engaged.

undo

Right to Withdraw Consent

Where we rely on your consent (e.g. for non-essential cookies), you can withdraw it at any time without affecting the lawfulness of prior processing.

We will respond within one month. If your request is complex or numerous, we may extend this by a further two months, but will tell you within the first month. We will not charge a fee unless a request is manifestly unfounded, excessive, or repetitive.

09

Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:

  • TLS encryption for all data in transit between your browser and our website;
  • CSRF token validation to protect form submissions;
  • HTTPS-only access enforced at the CDN level;
  • no storage of raw payment card or bank account numbers (all payment data is tokenised by Stripe);
  • access controls limiting who within our organisation can access personal data; and
  • use of reputable processors who maintain ISO 27001 or equivalent certifications.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will inform you without undue delay where required by law.

10

Cookies

We use a small number of cookies on this website. We do not use advertising or tracking cookies. Full details of the cookies we use, why we use them, and how you can control them are set out in our Cookie Policy.

You can manage your cookie preferences at any time using our cookie settings panel:

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.

We encourage you to review this policy periodically to stay informed about how we protect your personal data.

12

Contact Us & Complaints

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Vision Plus & Blue Mineral Ltd

322 Grenville House, Stratford Road, Shirley, B90 3DN

Email: support@visionplus-mbb.com

Telephone: 020 8103 9044

Right to Complain to the ICO

If you are not satisfied with our response, or you believe we are processing your data in a way that does not comply with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk/make-a-complaint

Telephone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please do contact us in the first instance.