Privacy Reference
- Verizon Business collects account information, network usage data and device identifiers.
- Third-party sharing is limited to service providers; no marketing resellers receive data.
- California residents hold rights under CCPA and CPRA including access, deletion and opt-out.
- EU visitors hold comparable rights under GDPR with a documented lawful basis per data type.
- Deletion requests complete within 30 days via the documented procedure.
Overview of This Privacy Statement
This privacy statement describes how Verizon Business collects, uses, shares, retains and deletes information about commercial customers, their designated administrators, their end-users where applicable, and visitors to verizonbusiness.uk.com. The statement covers every Verizon Business product referenced on this site — Wireless plans, Fios fiber internet, 5G service, IoT connectivity, Business Voice and the My Verizon administrator portal. The statement is aligned with the FTC privacy-security framework, the CCPA and CPRA for California residents, the GDPR for EU visitors and the sector-specific rules issued by the FCC for telecommunications customer-proprietary network information (CPNI).
The statement is reviewed annually. The most recent review date is visible in the page-footer copyright line and in the structured data above. Material changes — a new category of data, a new third-party service provider, a change to a retention schedule — are announced in the My Verizon administrator dashboard thirty days before they take effect, giving primary admins time to review and to surface the change to internal compliance teams. Non-material editorial changes — typo fixes, link updates, clarification of existing language — are made without notice.
Categories of Data Collected
Verizon Business collects data in four broad categories. The first is account information: business name, EIN or federal tax-ID, billing address, decision-maker email, administrator User IDs, tax-exempt certificate copies, payment-method details such as ACH routing and account numbers or card PAN in tokenised form. Account information is collected at enrolment and updated as the business changes over time. It is retained for the life of the commercial relationship plus seven years after termination to satisfy SOC 2 Type II retention requirements and the applicable statute of limitations on commercial-billing disputes.
The second category is network-usage data: call-detail records on Voice lines, wireless data volume per line, roaming activity, Fios circuit throughput measurements, 5G session records, IoT connectivity logs for devices on ThingSpace and trouble-ticket content. Network-usage data is regulated under the FCC CPNI rules and is used only for the purposes the CPNI rules allow — billing, service delivery, trouble resolution and limited internal analytics on aggregated data. Individual call-detail records are never sold.
The third category is device identifiers: SIM ICCIDs, eSIM profile identifiers, IMEI numbers, MAC addresses for Fios customer-premise equipment and ONT serial numbers. Device identifiers allow the correct attribution of usage to the correct line and are necessary for provisioning, fulfilment, mobile device management integration and warranty service. The fourth category is site-analytics data from verizonbusiness.uk.com: IP address, user-agent string, referrer, pages visited and click events. Site analytics is used for understanding reference-site usage and is not linked to account identity.
Data Category, Purpose & Retention
| Data category | Purpose | Retention | Applicable rule | Opt-out available |
|---|---|---|---|---|
| Account information | Billing, admin, compliance | Relationship + 7 years | SOC 2, commercial statute | No (needed for service) |
| Network-usage data | Billing, service delivery | 18 months detail, 7 years summary | FCC CPNI rules | Yes, for marketing use |
| Device identifiers | Provisioning, fulfilment, MDM | Device life + 30 days | Verizon internal | No (needed for service) |
| Site analytics | Reference-site usage | 13 months rolling | GDPR, CCPA | Yes, via cookie banner |
| Customer-support records | Ticket resolution, audit | 7 years | SOC 2, FCC complaint retention | No (needed for audit) |
| Audit-trail log | SOC 2, segregation of duties | 7 years immutable | SOC 2 control CC7.2 | No (needed for audit) |
Cookie Usage on verizonbusiness.uk.com
verizonbusiness.uk.com uses three categories of cookies. Strictly necessary cookies support the sign-in session, the device-trust cookie for MFA, and the language preference. These cannot be disabled without breaking the sign-in experience. Functional cookies remember user preferences such as dashboard layout or notification settings; these can be disabled at the cost of re-entering preferences on each visit. Analytics cookies record aggregate site-usage data used only for improving the reference; these can be refused at the cookie banner without any functional impact on the site.
No advertising or cross-site tracking cookies are set on the reference. Verizon Business does not participate in retargeting networks and does not sell site-visit data to advertising intermediaries. The cookie banner on first visit presents a 'Reject all analytics' option alongside the 'Accept' option, in compliance with both the CCPA opt-out-of-sale right (interpreted broadly) and the GDPR requirement for affirmative consent before non-essential processing. Once a choice is made, the banner is suppressed for twelve months on the same device and browser.
Third-Party Sharing
Verizon Business shares data only with service providers that are necessary for delivering the contracted service. Service providers include the payment processor that handles ACH debits and card transactions, the tax-exempt certificate review vendor, the identity-verification vendor used during enrolment, the commercial credit bureau used for Mid-Market and above underwriting, and the SAML identity provider for customers that have enabled SSO. Each service provider operates under a written data-processing agreement that restricts use to the stated purpose and that passes through the applicable regulatory obligations.
Verizon Business does not share data with marketing resellers. Network-usage data is never sold. Customer-proprietary network information is never disclosed to any third party outside the narrow exceptions permitted by the FCC CPNI rules — internal carrier use, law-enforcement response to valid process, safeguarding the network against fraud and abuse, and the provision of inbound telemarketing to the customer only where the customer has not exercised the CPNI opt-out. Aggregate data is shared with the CTIA for industry-wide statistics on a non-identifying basis only.
California Resident Rights (CCPA & CPRA)
California residents, whether as business-contact individuals or as end-users of business lines, hold the rights granted by the California Consumer Privacy Act as amended by the California Privacy Rights Act. Those rights include: the right to know what categories of personal information have been collected and the sources of the collection; the right to access the specific personal information Verizon Business holds; the right to request deletion of personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to opt out of any sale or sharing for cross-context behavioural advertising.
Verizon Business has not sold personal information as defined under the CCPA in the preceding twelve months, does not sell personal information today, and has no current plan to sell personal information in the future. The 'Do Not Sell or Share My Personal Information' request mechanism is implemented as a cookie-banner opt-out on verizonbusiness.uk.com and as a dedicated request form linked from the reach-out page for requests that require account-identity verification. Responses to verified requests complete within 45 days, with a 45-day extension permitted under the CCPA when reasonably necessary.
Sensitive Personal Information
Sensitive personal information under the CPRA is limited in Verizon Business processing to network-usage data that reveals geolocation of a wireless line. Customers can limit the use of that data to the purposes necessary for the service — provisioning, billing, trouble resolution — by submitting a request through the My Verizon portal Administration module. Geolocation data is never used for cross-context behavioural advertising and is never sold.
EU Visitor Rights (GDPR Notes)
Verizon Business is a U.S.-focused commercial offering serving U.S. business customers; EU-based visitors occasionally reach verizonbusiness.uk.com as reference material. Visitors resident in the European Union or the European Economic Area hold rights under the General Data Protection Regulation including the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability and the right to object to processing. The lawful basis for processing visitor data on the reference site is legitimate interest in operating a publicly accessible reference, and the basis for any analytics processing is consent via the cookie banner.
EU visitors who wish to exercise GDPR rights can submit a request through the reach-out page. Requests are handled within one calendar month as required by Article 12. Transfers of personal data outside the EEA use the European Commission's Standard Contractual Clauses with appropriate supplementary measures where the destination is the United States. Verizon Business is not established in the EU and does not offer contracted services to EU-based customers as part of the referenced product set; EU-visitor data is limited to site-visit information.
Deletion Procedure
Data deletion runs through a documented request flow. Customers with an active account submit a deletion request through the Administration module in My Verizon; visitors submit through the reach-out page. Requests are verified against account identity (for customers) or against a secondary verification signal such as a confirmation email (for visitors). Verified requests are processed within thirty days. Deletion covers all categories of personal information except those subject to a legal-hold obligation — active billing dispute, active law-enforcement process, active tax record retention under the seven-year commercial-statute window.
Audit-trail entries relating to a deletion request are themselves retained in the seven-year audit log, as the SOC 2 Type II control requires an immutable record of deletion actions. The retained entry shows the timestamp, the requesting identity and the data scope, but does not contain the deleted information itself — only the metadata needed to demonstrate the deletion occurred. The FTC privacy-security framework treats this pattern as compatible with deletion rights because the audit entry is not a usable copy of the deleted record.
Universal Service Fund & Other Regulatory Obligations
Certain data processing is required by regulation and is not subject to opt-out. Contributions to the Universal Service Fund administered by the Universal Service Administrative Company require reporting of revenues by category; CPNI rules require retention of network-usage data for billing-dispute resolution; the FCC complaint-handling rules require retention of customer-support records; and tax rules require retention of billing records for the applicable state and federal horizons. None of these obligations imply disclosure of individual data to third parties beyond the specific regulatory body and only where the regulator makes a valid request.
Verizon Business publishes an annual transparency report summarising the volume and nature of law-enforcement requests received during the prior year. The transparency report is posted to the company overview page and is linked from this privacy statement. Guidance on commercial-customer data handling from the NTIA and from the FCC provides the external benchmark against which the report and this statement are reviewed each year.
Contact & Exercising Your Rights
Questions about this privacy statement and requests to exercise CCPA, CPRA or GDPR rights should be directed to the designated privacy contact at business.support@verizonbusiness.uk.com or by phone at 1-855-228-8743. Requests requiring account-identity verification are processed through the My Verizon Administration module; requests from non-customer visitors are processed through the reach-out page. All requests are logged in the seven-year audit trail with the handling disposition and the resolution timestamp.
This statement was last reviewed on the date shown in the structured data above and is reviewed annually. Material changes are announced thirty days in advance through the administrator dashboard. Customers with an active commercial relationship receive an email notification of material changes; visitors without an account see the change-notice banner on the next visit. The change-frequency annotation in the sitemap XML is set to yearly to reflect the review cadence.