Pelion Global Privacy Statement

Introduction

This Pelion Privacy Statement (“Privacy Statement“) describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process information relating to individuals (“Personal Data“), and to learn about your rights and choices regarding our processing of your Personal Data.

A reference to “Pelion”, “we,” or “us” is a reference to Pelion IOT Limited with its principal place of business at 319 St.Vincent Street, Glasgow, G2 5LD, Scotland, United Kingdom.

Scope

Pelion is the controller of your Personal Data as described in this Privacy Statement.

For the avoidance of doubt, this Privacy Statement does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers, including where we offer to our customers various cloud products and services.

Types of Processing Activities

This Privacy Statement applies to the processing of Personal Data collected by us when you:

• Use our products and services;
• Visit our websites that display or link to this Privacy Statement;
• Visit our branded social media pages;
• Visit our offices;
• Receive communications from us, including emails, phone calls, or texts; or
• Register for, attend and/or otherwise take part in our events, webinars or contests.

Personal Data We Collect

1.  Directly from you

The Personal Data that we collect directly from you includes the following:

• If you express an interest in obtaining additional information about our products and services, use our “Contact Us” or similar features, register to use our websites, sign up for an event, contest, or download certain content, we will require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
• If you attend an event where we scan your attendee badge, we will collect from your attendee badge information such as name, title, company name, address, country, phone number and email address;
• If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies;
• If you use our Pelion Connectivity Management service, we automatically collect traffic data, such as the number a device called or sent a message to, the time and duration of a device’s connection, how you are using data, internet protocol (“IP”) address, and which protocols you have utilized during a session.  We don’t, however, keep a record of the content of your calls or messages;
• If you use Pelion Connectivity Management location-based services, we automatically process location data, which can be precise where it uses Global Positioning System (GPS) data or by identifying nearby mobile phone masts and Wi-Fi hotspots, when you enable location-based services or features. Location data may be less precise where, for example, a location is derived from your IP address, or data such as a post code or name of a town or city;
• If you use and interact with our products and services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data; and
• If you visit our offices, you will be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.

If you provide us with any Personal Data relating to other individuals, you must explain to those individuals that their Personal Data will be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or if you otherwise wish to exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contact Us” section below.

• From other sources

We also collect information about you from other sources and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide products and services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including professional contact details, employment-related information (such as job titles) and device / location-related information (such as IP addresses) for purposes of targeted advertising, delivering relevant email content, event promotion and profiling.

We obtain information through partners, vendors, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy the Pelion technology or third-party offerings that include Pelion technology. We might also obtain information through a partner as part of our business operations. This kind of data is used for work such as improving algorithms and data models, product testing and improvement, enhancing existing products and developing new capabilities and features.

Why and How We Use Your Information

We collect and process your Personal Data for the purposes and on the legal basis identified in the following:

• Billing: We process your Personal Data to bill you for using our products and services, to contact you if we are not able to take payment, or to respond to any questions or concerns you may have about our products and services, pursuant to our agreement with you;
• Service messages: We process your Personal Data to contact you with customer service messages to keep you updated with current information about products and services you’ve taken, for example, changes to our terms and conditions or service interruptions, pursuant to our agreement with you;
• Providing connectivity management services: to improve your connectivity experience, to detect and resolve fraudulent use of our partners’ networks (and their roaming networks) and to solve technical issues if you are experiencing any. We also process Personal Data to understand how we are performing in providing connectivity management services, whether connectivity management services and related products are working as intended, or whether improvements are needed to the connectivity management service pursuant to our agreement with you;
• Connectivity service load balancing and planning: to protect Pelion Connectivity Management service and manage volumes of connections and other uses of our partners’ networks. For example, we identify peak periods of use so we can try and ensure our partners’ networks can handle volume at those times pursuant to our agreement with you;
• Traffic data: if you use Pelion Connectivity Management, we process traffic data in order to provide the service to you, pursuant to our agreement with you;
• Location data: if you use Pelion Connectivity Management, we process location data in order to provide certain location-based services to you, such as GSM Track, pursuant to our agreement with you;
• Providing our websites and services: We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfill our obligations under applicable terms of use/service; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with the content you access and request (e.g., to download content from our websites);
• Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites, products and services, creating aggregated, non-Personal Data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the products and services, systems and applications and in protecting our rights and the rights of others;
• Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
• Handling contacts and user support requests: If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you;
• Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
• Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
• Developing and improving our websites, products and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and products and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings, or where we seek your valid consent;
• Assessing and improving user experience: We process device and usage data as described above, which in some cases may constitute Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
• Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
• Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
• Registering office visitors: We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent that such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;
• Sending marketing communications: We process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products and services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the “Your legal rights” section below to learn how you can control the processing of your Personal Data by Pelion for marketing purposes); and
• Complying with legal obligations: We process your Personal Data when cooperating with public and governmental authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent the processing or disclosure of Personal Data to protect our rights is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Where we need to collect and process Personal Data under a contract we have entered or will enter into with you, and you fail to provide the required Personal Data when requested, we may be unable to perform our contract with you.

When and how can Pelion share your Personal Data?

Sharing with third parties

We share information with the following third parties:

• Third party service providers (for example advertising and event/marketing services, information technology, product and service delivery, website hosting, data analysis, IT services, auditing, payment processing or customer service and other service providers) in order for these third parties to provide services on behalf of Pelion;
• As required or authorized by law, to comply with a legal obligation, in connection with a request from a public or governmental authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical, and where we are legally permitted to do so, we will tell you in advance of such disclosure.

• Relevant third parties as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
• With third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as sweepstakes, contests, and similar promotions, to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices will be provided where required.
• With emergency services (if you make an emergency call), including your approximate location.
• If you use the Pelion Connectivity Management service, you may connect third party devices to your SIM. When you make that connection, those third parties may record your SIM details or your interaction with the network. The third-party device manufacturers will process your Personal Data in accordance with their privacy policies and we recommend that you read those.

Sharing within Pelion

We share your information across the Pelion corporate group to provide, maintain and develop our products and services. Pelion employees will only access the information to the extent necessary to achieve the particular purpose(s) and perform their job.

We also share information that is not Personal Data, such as anonymized or aggregated information, for purposes such as analysis, identifying trends in the areas of our products and services and to help research and develop new Pelion products and services.

Data Aggregation and Analytics

We collate your Personal Data which you provide to us, or we collect and use it anonymously for analytics, benchmarking and to effectively monitor our website and improve your user experience.

How long do we retain your information for?

We retain Personal Data for the period necessary to:

• Provide requested Pelion products and services, as needed to comply with legal obligations (e.g., maintaining opt-out lists to fulfill advertising and marketing choices or to comply with mandatory record retention or legal hold requirements), as agreed in an individual consent; and
• to resolve disputes, and to otherwise fulfill the purposes, rights and obligations outlined in this Privacy Statement.

Retention periods can vary significantly based on the type of information and how it is used, and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When Personal Data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

Your legal rights

If you are located in a European Union member state and certain other countries, you have the following additional rights:

Access and/or have your information provided to you

You can request a copy of the Personal Data we are processing about you.

Change or correct

You can ask us to change, fix or update information about you (for example, if it is incomplete or inaccurate).  

Delete 

You can ask us to delete Personal Data about you.

Restrict or limit use

You have the right to ask us to restrict our processing (i.e., stop any active processing) of your Personal Data (for example, if the information about you is inaccurate).

Data portability 

In certain circumstances, you have the right to obtain Personal Data we hold about you in a structured, electronic format, and to transmit such data to another company.  

Object

You have the right to object to Pelion using your Personal Data in some circumstances (in particular, where we do not have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). See below for information about how to unsubscribe to direct marketing.

Opt-out

You can withdraw your consent to certain data processing, including for marketing messages that you receive from us. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please note that these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.If you have unresolved concerns, you have the right to complain to a data protection authority as described below. Individuals based in the UK, or the EEA can make a Data Subject Access Request by following this link.

International Transfer of Personal Data

Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries.

Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA). We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission.

Children’s Privacy

We will not knowingly collect Personal Data from children under the age of 13 years.  On occasion Pelion does run campaigns to encourage the use of technology for children under the age of 13.  Such campaigns are strictly for educational purposes only.  Any information collected by Pelion of participating children under the age of 13 is done with the consent of the parent or legal guardian and the data collected is strictly segregated and deleted immediately after the end of any such campaign.

Changes

We may modify this Privacy Statement at any time. If we make changes to this Privacy Statement, then we will post an updated version of this Privacy Statement on our website. We will specifically notify you by email about any material changes to this Privacy Statement.  

Contact Us

If you believe we have used your Personal Data in a way that is not consistent with this Privacy Statement or your choices, or if you have any questions or comments about this Privacy Statement, please contact Pelion Legal by emailing [email protected]  Any request will be evaluated and completed in accordance with applicable data protection law, including verification of the requestor’s identity. Alternatively, please contact us at the following address:

Head of Legal

Arm Cloud Services Limited

c/o Brodies LLP

110 Queen Street

Glasgow, G1 3BX

United Kingdom

Pelion IoT Limited
319 St. Vincent Street
Glasgow
G2 5LD
Scotland
United Kingdom

Filing a complaint

If you have a complaint about this Privacy Statement or any aspect of how we use your Personal Data, then please contact us first. If you are not satisfied and are located in within the European Economic Area, then please contact your local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the UK Information Commissioner’s Office at the following address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).

If you are based in, or the issue you would to complain about took place elsewhere in the EEA, please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities in other EEA countries.