Privacy Policy

Because we are always looking to help Vodafone IoT Business Customers with new innovative products and services, this notice may change over time, so we’d encourage you to check it regularly. If we make a major change, we’ll post this on our website.

This privacy policy applies to Vodafone IoT website and the products and services offered by Vodafone IoT, which you as an employee, agent or customer of one of our Vodafone IoT Business Customers will receive. This privacy policy also applies when you interact with us for example when you call our contact centre. In this privacy policy we refer to the Vodafone IoT Business Customer that has purchased our products or services for deployment to you as your employer, although you may be a customer of our Vodafone IoT Business Customer, consultant or otherwise affiliated with such company or be authorised by our Vodafone IoT Business Customer access to, and use of, our products and services purchased by them. Note that the Vodafone IoT Business Customer, for example your employer, may have its own privacy policies with regard to the personal data they process and share with us about you to allow us to provide the services, and you should contact them if you have any questions about those privacy policies. Our privacy policy does not apply to services offered on other sites (apps, portals, websites) that have their own separate privacy policy and do not relate to or incorporate this privacy notice.

Personal information we collect about you The information we collect about you and how we collect it can vary depending on (a) the Vodafone IoT products and services that you use; (b) how you use the products and services; (c) how you have interacted with Vodafone even if you aren’t a customer, and (d) the information that we have obtained from a Vodafone IoT Business Customer or third party with permission to share such information with us. We can collect your personal information when you: - Use any of our products and services for example when you access a Service portal; - Subscribe to newsletters, alerts or other services from us; - Contact us in any way, or ask for information about a product or service; - Take part in a competition, prize draw or survey; - Visit or browse our website or other Vodafone Group websites; - Have given permission to other companies, such as our business or joint-venture partners as well as our third-party suppliers or contractors, to share information about you or the company you represent; - Where your information is publically available; or - Are the user of the products and services of a business that we acquire. We may collect information from certain organisations, where appropriate and to the extent we have legal grounds to do so. These include business directories. The types of information we may collect or process are, for example: - Your contact with us: Such as a note or recording of a call you make to one of our contact centres, a Live Chat, an email or letter sent, or other records of any contact with us, including complaints and complaint history or your requests to access your personal data; - Your account information: Such as subscriptions you use, account numbers and contact details or other information related to the business account you use; - Credential information: Such as passwords, hints and similar security information used for authentication and access to accounts and services; and/or - Service use - we collect and combine information in order to monitor individuals’ use of Vodafone’s website and Vodafone IoT Business Customers’ products and services, which helps us to improve the quality of our services and also ensure security. Device location: when providing IoT Device management services to a IoT Business Customer it might be possible for us to collect accurate information of the location of the device via the SIM embedded in the device which is then shared with the IoT Business Customer as part of the Service to them. Note that the Services we provide to the IoT Business Customers are not intended to track, trace or monitor the location of individuals and therefore the IoT Business Customer should collect the consent of the targeted individuals if they use the Services for this purpose, please contact the IoT Business Customer if you have any questions about their practices.

We will use your personal information for a number of purposes ranging from enabling us to provide you with the products or services, to enabling us to carry out our marketing activities. We may use Artificial Intelligence (A.I.) to help us provide you with a requested product or service. If we use A.I. we will do so responsibly, and where necessary we will disclose that the content is generated by A.I. Vodafone will process your personal data based on: 1. The performance of a Service Agreement with a Vodafone IoT Business Customer, when a Vodafone IoT Business Customer contracts with one of the Vodafone IoT entities for services, the Vodafone IoT Business Customer provides information about itself as a legal entity and also information about you as an individual if you are an employee of the Vodafone IoT Buisness Customer or a user of the services for the purpose of for example order fulfilment/delivery, customer service, sending bills, account set up, account relationship management. 2. Vodafone’s legitimate business interests, including for example, maintaining the security of our network and services, marketing and improvement of our products and services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit the Your Rights section of this policy; or 3. Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right in certain circumstances to restrict usage of your data, which control the scope of legal assistance to be provided; or 4. Consent you provide where Vodafone does not rely on another legal basis for such processing, for example to send you marketing communications based on products and services you have expressed an interest in. You may withdraw your consent to Vodafone sending you marketing communications at any time. Visit the Your Rights section of this policy for information on how to withdraw your consent. Below you can find an overview of the categories of personal information we process about you, the purposes for which we process that personal information and the lawful basis upon which we rely to conduct that processing. Mergers and Acquisitions If we’re re-organised or sold to another organisation we will provide your information to that organisation. We may share information about you but only to carry out specific activities described in this privacy policy with: -Companies in the Vodafone Group; and -Partners, agents or suppliers involved in delivering the products and services to our Vodafone IoT Business Customer

It is necessary for us to process your personal information to enable us to provide you with the Business products or services. How is your information used? Processing orders and to provide you with products and services -To process the products and services ordered by you as the person authorised by our Vodafone IoT Business Customer to place orders when you are the employee, agent, affiliated or customer of our Vodafone IoT Business Customer, and to deliver those orders and keep you updated with the progress of the order where required. What data is used? Identification information Account information Lawful basis Performance of a contract How is your information used? Customer Care -Respond to any questions or concerns that you may have about our network, products or services for example when you contact our customer care. What data is used? Account information Your contract with us Lawful basis Performance of a contract How is your information used? Service messages -If you are the person authorised by the Vodafone IoT Business Customer to manage the services purchased by them, we will contact you with service messages to keep you updated with current information about those. For example, changes to our terms and conditions, price plan, upgrades the Vodafone IoT Business Customer may be entitled to, service performance or service interruptions. What data is used? Identification information Account information Lawful basis Performance of a contract

We collect information such as on your use of our Business products and services on an aggregated or anonymous basis in order to help us manage and improve the services we offer to everyone. How is your information used? Improving and innovating our products and services - We collect anonymous, aggregate information in order to improve the service we offer to everyone. - None of these analytics are linked back to you in any way. What data is used? Anonymised/aggregated: How you use our products and services Lawful basis Legitimate interests How is your information used? Credential information - We may use your personal information for identity verification purposes, for example, for access control to our service portals via logins and for general account management and/or administration. What data is used? Credential Information Lawful basis Legitimate interests How is your information used? Security logs - Vodafone will create an access log of authorised users detailing the date and time that they logged on to a Service including usernames which will be used in the event that there is an allegation of unauthorised access and/or use of the platform. - Service use - a record of activities undertaken by the authorised user may be retained for example the fact that an authorised user activated or de-activated a SIM on their account. What data is used? Access logs Service use Lawful basis Legitimate interests

Marketing communications include things like updates on new products and services, newsletters, event invites, thought leadership articles and blog updates. Some of these marketing activities will be undertaken by third parties (other organisations), acting on Vodafone’s behalf. A data processing agreement will be in place with those organisations to ensure your information is only used for the specified purpose. How is your information used? Marketing - Sending you email marketing communications after you subscribe on our website. The type of content we send you will be specific to the preference(s) you have signed up to. - Sending you email marketing communications based on permission you provided to a third party organisation to share your details with us. What data is used? Identification information Account information Lawful basis Consent How is your information used? Marketing - When you are the contact for one of our existing Vodafone IoT Customers or a customer of one of Vodafone Group’s partner organisations, we may send you email marketing communications for similar products/services. - A member of our sales team calling you back after submitting a “contact me” enquiry on our website, or expressing an interest in one of our products or services - Sending you an invite to complete a survey when you are the contact of one of our existing Vodafone IoT Customers, or after a recent interaction with our sales team. - Performing internal analysis on the billing/usage data related to your use of our services to determine whether the Vodafone Vodafone IoT Customer package you use when for example you are the employee of our Vodafone IoT Customer is right for our Vodafone IoT Customer. - Contacting you as the contact of a Vodafone IoT Customer close to, or after, the expiry of the Vodafone IoT Customer contract to discuss renewal options. What data is used? Identification information Account information Questionnaire answers Lawful basis Legitimate interests For further information on how to opt-out of marketing messages please see the section below on your “Right to object”. How is your information used? Analytics - When you participate in a marketing campaign such as completing surveys, we will use your answers to carry out analytics, for example to understand the requests of the Vodafone IoT Customer you represent, how satisfied the Vodafone IoT Customer is with our products and services, and to tailor our offers. What data is used? Questions and answers we receive from you Lawful basis Consent

Under certain circumstances, it is necessary for us to process information about the Vodafone IoT Products and Services provided to the Vodafone IoT Customer, in order to comply with the law, for example, when responding to law enforcement requests for data or to comply with tax requirements. How is your information used? Law enforcement and disclosures related to regulatory requirements - We may need to release your information to comply with our legal obligation to respond to the authorities’ lawful demands, for example law enforcement agencies, government bodies, courts or other public authorities. Your personal data shall only be provided when we in good faith believe we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements. - We may also share your information with a third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement. What data is used? Data lawfully required to respond to the authorities’ lawful demands Lawful basis Compliance with mandatory legal obligation

We may need to transfer your information internationally to other Vodafone Group companies or service providers who support Vodafone IoT Products and Services.. If Vodafone transfers your information internationally, we will make sure that it is done in compliance with the legislation in force, and your information is properly protected.

We will retain your personal information for no longer than is necessary to fulfil the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.

We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction. Communications over the internet (such as emails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control. We’ll never ask for your secure personal or account information by an unsolicited means of communication. You’re responsible for keeping your personal and account information secure and not sharing it with others. Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. Please ensure that you read that third party company’s privacy and cookies policies before using or putting your personal information on their site. The same applies to any third-party websites or content you connect to using our products and services. You may choose to disclose your information in certain ways such as social plug-ins (including those offered by Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information. Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you’re familiar with these. For more information on how we keep your data secure visit: