This section explains how Plan Communications Limited (“Plan”, “we”, “us”) processes personal data when we provide connectivity and platform services under our Wholesale model to business partners (“Wholesale Partners”) who then supply services to their own customers and end users.
It applies to personal data about:
a. a Wholesale Partner’s personnel and contacts; and
b. that Wholesale Partner’s customers and end users provisioned on Plan’s network or platforms (including my.plan).
It should be read with the rest of this Privacy Policy and our Data Processing terms applicable to Wholesale.
Roles and how we decide them
For End Customer Data (i.e., data about a Wholesale Partner’s customers and end users), the Wholesale Partner is the controller and Plan is the processor. We process End Customer Data only on the Wholesale Partner’s documented instructions to deliver the contracted services (for example, provisioning, platform access, usage presentation, billing data publication, and required roaming notifications).
We may also provide outputs (for example, rated CDRs/billing data) for the Wholesale Partner’s billing and reconciliation. Where the contract specifies that certain outputs are provided on a controller-to-controller basis, that sharing follows the contract terms.
For personal data about the Wholesale Partner’s own staff and contacts (e.g., account admins using my.plan (Reseller)), Plan acts as an independent controller to run our business (account administration, fraud/security, compliance, finance).
If a specific activity requires joint determination with a Wholesale Partner, we will document the essence of any joint controller arrangement.
What we collect
Identity and contact data (Partner personnel and, where provided under instructions, customer/end-user identifiers).
Service and device data: MSISDN, IMSI, ICCID, IMEI, SIM/eSIM profile identifiers, device type, IP addresses, and network/cell identifiers.
Usage data including call/SMS/data records and metadata (dates/times, durations, volumes, destinations, roaming zones); platform activity and audit logs; and rated usage outputs as configured.
Account and commercial data including orders, tickets, tariffs, bolt-ons, spend caps, configuration settings, and service notes.
Security and abuse signals including authentication and event logs, fraud/misuse indicators, and gateway/AIT flags.
Cookies and online identifiers for my.plan and related portals (see Cookie Policy).
Where we get it
From Wholesale Partners (provisioning files, API calls, portal entries).
From end-user devices and our network/platforms as services are used.
From upstream carriers/roaming partners and other service providers needed to deliver the services.
From fraud-prevention/security systems and from lawful requests where required.
Why we use it (purposes) and legal bases
We use personal data to provide and operate the services for Wholesale Partners, including provisioning, routing, interconnect, roaming, support and access to portals.
We use personal data to generate and publish usage and rated outputs (for example, CDR extracts and rated usage files) so that Wholesale Partners can administer their services and handle their own downstream invoicing and reconciliations. We do not bill Customers and we do not process customer payments.
We use personal data to administer our relationship with Wholesale Partners, including account setup, user management for the platforms, service communications and operational reporting to the Partner.
We use personal data to protect the security and integrity of the services, including preventing and investigating fraud, misuse and artificially inflated traffic, managing access controls and audit logs, and responding to incidents.
We use personal data to maintain and improve the services and to produce operational analytics, using aggregated or de-identified information where feasible.
We use personal data to meet legal and regulatory requirements, including sending required roaming notifications and responding to lawful requests from competent authorities.
Who we share data with
We share personal data with upstream and downstream carriers and roaming partners to deliver connectivity and to settle interconnect and roaming traffic.
We share personal data with technology and platform suppliers engaged by Plan under contract, including rating and provisioning systems and other providers who host or support our services.
We share personal data with Wholesale Partners, acting as controller for the customers and end users they manage, including usage data, rated outputs and supporting reports needed for administration and support.
We share personal data with our professional advisers and auditors who support our business.
We share personal data with competent authorities and regulators where required by law.
International transfers
If personal data is transferred outside the UK/EEA, we use appropriate safeguards (for example, the UK International Data Transfer Agreement or adequacy decisions) and assess local laws and practices as required.
Retention
We keep personal data only for as long as needed for the purposes described in this section, including to meet legal, tax, accounting and telecoms requirements and to resolve disputes. Some usage data, rated outputs and portal exports are available for limited windows; Wholesale Partners should download and retain any copies needed for their own records.
Security
We use appropriate technical and organisational measures to protect personal data, including role-based access controls, encryption where appropriate, network and application monitoring, and regular testing. my.plan and related portals use enforced role-based access control and audit logging.
Your rights and how to exercise them
Where Plan acts as controller (for example, for Partner personnel data), individuals can exercise their UK GDPR rights by contacting us via the “Contact us” section of this Privacy Policy.
Where Plan acts as processor for a Wholesale Partner (End Customer Data), requests should be sent to that Wholesale Partner as the controller. We will support the Wholesale Partner in responding, in line with our contract.
Partner responsibilities
Wholesale Partners must provide a transparent privacy notice to their customers and end users, identify Plan’s role(s) and the lawful bases for sharing personal data with Plan, and obtain any permissions required by law.
Wholesale Partners manage user access and permissions (including any my.plan white-label enablement), configure and enforce spend caps, and must keep configuration, zone and tariff data accurate for messaging and controls.
Wholesale Partners remain responsible for their downstream billing to customers and for ensuring that any third-party billing provider they engage meets data-protection requirements.
Cookies and portals
See our Cookie Policy for my.plan and related portals. Where marketing cookies are disabled in Wholesale deployments, essential cookies for login, security and preferences still apply. my.plan (white-label) exposes usage views by default and does not expose billing views unless explicitly enabled.
Contact, complaints and updates
Contact details for our Data Protection Officer and how to complain to the UK Information Commissioner’s Office are set out in the “Contact us” and “Your rights” sections of this Privacy Policy.
We may update this Wholesale section from time to time; material changes will be communicated through our usual channels and reflected in the version history.
