BT Facilities - Visitor Privacy Notice
General
Who we are
BT Group is a group of companies made up of BT Group plc and BT plc, and all subsidiaries of these companies, including Openreach Ltd, EE Ltd and Plusnet plc (together “BT Group”, “we”, “our” or “us”). At BT Group, we take your privacy seriously and are committed to protecting your personal data. This privacy notice explains how we collect, use, and protect your personal data when you visit any of our BT Group Premises. It is important that you read this notice so that you understand how and why we use your personal data when you do so.
This notice does not form part of any contract and may be updated from time to time.
The controller of your data is the BT Group entity that decides the purpose and the means by which any processing of your data will be carried out. In most circumstances that will be the BT Group entity that operates the building or site you visit.
Who does this notice apply to?
This notice applies to individuals (excluding colleagues) who visit BT Group Premises, whether on an ad-hoc basis or as part of ongoing business arrangements.
In this notice, “BT Group Premises” or “our Premises” means any building or site operated by any BT Group company (such as our offices, operational and network buildings), excluding our retail stores.
When you visit our retail stores, notices in store will apply to you and to the extent you enter into a transaction, the relevant EE or BT privacy notice will apply.
If you are a BT Group colleague, please see our Colleague Privacy Notice (if you are in the UK, or our applicable local equivalent, where relevant) for details of how we process your personal data when you visit BT Group Premises.
What personal data we collect
We may collect the following types of personal data from visitors:
- Contact information - including your name, company name, contact telephone number, and email address.
- Identification details - including photographic identification and visitor badge information.
- Visit details - including date, time, duration of visit, and purpose of visit.
- CCTV footage - visual recordings from security cameras in and around our Premises.
- Body-worn camera footage - audio and visual recordings from body-worn cameras worn by our security personnel in and around our Premises – please note our security personnel will only activate body-worn cameras to record by if an incident is taking place.
- Access logs - electronic records of entry and exit from our Premises.
- Health and safety information - any relevant information needed to ensure your safety during your visit.
- Vehicle information - registration details if you use our car parks.
We collect this information through:
- Visitor management systems and forms.
- Security cameras and monitoring equipment, including body-worn cameras.
- Access control systems.
- Direct interaction with our colleagues, reception and security teams.
How we use your personal data
Legal basis
The law requires us to have a legal basis for collecting and using your personal data. Examples of legal bases that we might rely on include the following:
- Performance of a contract with you: We may use your personal data where it is necessary to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.
- Consent: We rely on your consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use the various types of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose |
Legal basis |
Security and access control - to manage and monitor access to our Premises and ensure the security of all visitors, employees, and assets |
Legitimate interests (to maintain the security of our Premises, protecting our business, colleagues and visitors) Legal obligation |
Health and safety - to ensure the safety of our visitors, employees and assets |
Legitimate interests (to maintain the safety of our Premises, protecting our business, colleagues and visitors) Legal obligation |
Prevention and detection of crime - to investigate any security incidents, accidents, or other issues that may occur on our Premises |
Legitimate interests (to protect our business) Legal obligation |
Business administration - to manage visitor appointments and maintain records of business interactions
|
Legitimate interests (to run our business) |
Legal compliance - to comply with our regulatory and legal obligations
|
Legal obligation |
Exercise or defence of legal rights - to exercise or defend our legal rights (including managing legal claims) or for insurance purposes
|
Legitimate interests (to protect our business)
|
We may also process special category data for these purposes. Where we do so we will ensure that we have a special category condition. Examples of conditions that may be relevant include: (i) consent; or (ii) necessary for the establishment, exercise or defence of legal claims.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you, for example, we may not be able to grant you access to our Premises.
Data sharing
We may share your personal data, where necessary, with:
- Our security and facilities suppliers – third party companies that provide security and facilities services to our Premises.
- Our IT and security system/technology suppliers – third party companies that provide us with IT systems and services, such as our visitor management system and our CCTV system.
We may also share your personal data with third parties, where necessary, such as:
- Emergency services - police, fire, ambulance, or other emergency responders when required.
- Other BT Group companies - for administrative and security purposes.
- Legal and regulatory authorities - when required by law or to assist with investigations.
- Our insurers and legal advisors - when required to protect our business.
International data transfers
We may, in some circumstances, process your personal data outside the UK. Where we do so we will ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection law, such as an adequacy decision, standard contractual clauses or binding corporate rules (in respect of transfers to BT Group companies).
How long we keep your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Your legal rights
Under data protection law, you have the following rights:
- Right of access - You can request copies of your personal data.
- Right to rectification - You can ask us to correct personal data you think is inaccurate or incomplete.
- Right to erasure - You can ask us to delete your personal data in certain circumstances.
- Right to restriction of processing - You can ask us to restrict the processing of your personal data in certain circumstances.
- Right to object to processing - You can object to the processing of your personal data in certain circumstances such as when it is processed on the basis of the legitimate interests legal basis or for direct marketing purposes.
- Right to data portability - You can ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
- Right to withdraw consent - You can withdraw your consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
To exercise any of these rights, please contact our Data Protection Officer using the details below.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You do not usually have to pay anything for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that these rights may not be absolute, and we may refuse to comply with a request if we have legitimate grounds to do so.
Changes to this privacy notice
We may update this privacy notice from time to time. This version was last updated in February 2026.
Contacting us
Who to contact
To exercise any of your legal rights listed above, or if you have any queries, concerns or complaints about the way that BT Group uses your personal data (or any questions about this notice), you can contact BT Group’s Data Protection Officer via email at: cpo@bt.com or by post at:
Data Protection Officer
BT
One Braham
1 Braham Street
London
E1 8EE
If you’d like any more details or have any comments or questions about this notice you can contact us using the details above.
If you are not satisfied with our response or believe that we are not using your data in line with the law, you have the right to complain to the UK data protection regulator (Information Commissioner) whose contact details can be found at ico.org.uk.