This Pelion Privacy Statement (“Privacy Statement“) describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share, protect and otherwise process information relating to individuals (“Personal Data“), and to learn about your rights and choices regarding our processing of your Personal Data.

 A reference to “Pelion”, “we,” or “us” means Pelion IOT Limited (registered company number SC211701) with its principal place of business at 319 St. Vincent Street, Glasgow, G2 5LD, Scotland, United Kingdom.

Scope
Pelion is the controller of your Personal Data as described in this Privacy Statement and is responsible for your Personal Data.

For the avoidance of doubt, this Privacy Statement does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers, including where we offer to our customers various cloud products and services.

We use different methods for collecting your Personal Data. This Privacy Statement applies to the collection  of Personal Data via you:

• Using our products and services;

• Visiting our websites that display or link to this Privacy Statement;

• Visiting our branded social media pages;

• Visiting our offices;

• Receiving communications from us, including emails, phone calls, or texts; or

• Registering for, attend and/or otherwise take part in our events, webinars or contests.

1 – Directly from you

Personal Data means any information about an individual from which that person can be identified. The Personal Data that we collect directly from you includes the following:

• If you express an interest in obtaining additional information about our products and services, use our “Contact Us” or similar features, register to use our websites, sign up for an event, contest, or download certain content, we will require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;

• If you attend an event where we scan your attendee badge, we will collect from your attendee badge information such as name, title, company name, address, country, phone number and email address;

• If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies;

• If you use our Pelion Connectivity Management service, we automatically collect traffic data, such as the number a device called or sent a message to, the time and duration of a device’s connection, how you are using data, internet protocol (“IP”) address, and which protocols you have utilized during a session.  We don’t, however, keep a record of the content of your calls or messages;

• If you use Pelion Connectivity Management location-based services, we automatically process location data, which can be precise where it uses Global Positioning System (GPS) data or by identifying nearby mobile phone masts and Wi-Fi hotspots, when you enable location-based services or features. Location data may be less precise where, for example, a location is derived from your IP address, or data such as a post code or name of a town or city;

• If you use and interact with our products and services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data; and

• If you visit our offices, you will be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.

If you provide us with any Personal Data relating to other individuals, you must explain to those individuals that their Personal Data will be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or if you otherwise wish to exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contact Us” section below.

2 – From other sources

We also collect information about you from other sources and combine this information with Personal Data provided by you. This helps us to update, expand and analyse our records, identify new customers and create more tailored advertising to provide products and services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including professional contact details, employment-related information (such as job titles) and device / location-related information (such as IP addresses) for purposes of targeted advertising, delivering relevant email content, event promotion and profiling.

We obtain information through partners, vendors, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy the Pelion technology or third-party offerings that include Pelion technology. We might also obtain information through a partner as part of our business operations. This kind of data is used for work such as improving algorithms and data models, product testing and improvement, enhancing existing products and developing new capabilities and features.

Why and How We Use Your Information

We collect and process your Personal Data for the purposes and on the legal basis identified in the following:

• Billing: We process your Personal Data to bill you for using our products and services, to contact you if we are not able to take payment, or to respond to any questions or concerns you may have about our products and services, pursuant to our agreement with you;

• Service messages: We process your Personal Data to contact you with customer service messages to keep you updated with current information about products and services you’ve taken, for example, changes to our terms and conditions or service interruptions, pursuant to our agreement with you;

• Providing connectivity management services: to improve your connectivity experience, to detect and resolve fraudulent use of our partners’ networks (and their roaming networks) and to solve technical issues if you are experiencing any. We also process Personal Data to understand how we are performing in providing connectivity management services, whether connectivity management services and related products are working as intended, or whether improvements are needed to the connectivity management service pursuant to our agreement with you;

• Connectivity service load balancing and planning: to protect Pelion Connectivity Management service and manage volumes of connections and other uses of our partners’ networks. For example, we identify peak periods of use so we can try and ensure our partners’ networks can handle volume at those times pursuant to our agreement with you;

• Traffic data: if you use Pelion Connectivity Management, we process traffic data in order to provide the service to you, pursuant to our agreement with you;

• Location data: if you use Pelion Connectivity Management, we process location data in order to provide certain location-based services to you, such as GSM Track, pursuant to our agreement with you;

• Providing our websites and services: We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfil our obligations under applicable terms of use/service; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with the content you access and request (e.g., to download content from our websites);

• Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites, products and services, creating aggregated, non-Personal Data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the products and services, systems and applications and in protecting our rights and the rights of others;

• Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;

• Handling contacts and user support requests: If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you;

• Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;

• Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;

• Developing and improving our websites, products and services: We process your Personal Data to analyse trends and to track your usage of and interactions with our websites and products and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings, or where we seek your valid consent;

• Assessing and improving user experience: We process device and usage data as described above, which in some cases may constitute Personal Data, to analyse trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;

• Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;

• Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;

• Registering office visitors: We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent that such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;

• Sending marketing communications: We process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products and services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the “Your legal rights” section below to learn how you can control the processing of your Personal Data by Pelion for marketing purposes); and

• Complying with legal obligations: We process your Personal Data when cooperating with public and governmental authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent the processing or disclosure of Personal Data to protect our rights is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Where we need to collect and process Personal Data under a contract we have entered or will enter with you, and you fail to provide the required Personal Data when requested, we may be unable to perform our contract with you.

Sharing with third parties

We may share information with the following third parties:

• Third party service providers (for example advertising and event/marketing services, information technology, product and service delivery, website hosting, data analysis, IT services, auditing, payment processing or customer service and other service providers) in order for these third parties to provide services on behalf of Pelion;

• As required or permitted by law, to comply with a legal obligation, in connection with a request from a public or governmental authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical, and where we are legally permitted to do so, we will tell you in advance of such disclosure.

• Relevant third parties as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

• With third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as sweepstakes, contests, and similar promotions, to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices will be provided where required.

• With emergency services (if you make an emergency call), including your approximate location.

• If you use the Pelion Connectivity Management service, you may connect third party devices to your SIM. When you make that connection, those third parties may record your SIM details or your interaction with the network. The third-party device manufacturers will process your Personal Data in accordance with their privacy policies and we recommend that you read those.

We share your information across the Pelion corporate group to provide, maintain and develop our products and services. Pelion employees will only access the information to the extent necessary to achieve the particular purpose(s) and perform their job.

We also share information that is not Personal Data, such as anonymized or aggregated information, for purposes such as analysis, identifying trends in the areas of our products and services and to help research and develop new Pelion products and services.

We collate your Personal Data which you provide to us, or we collect and use it anonymously for analytics, benchmarking and to effectively monitor our website and improve your user experience.

How long do we retain your information for?

We retain Personal Data for the period necessary to:

• Provide requested Pelion products and services, as needed to comply with legal obligations (e.g., maintaining opt-out lists to fulfil advertising and marketing choices or to comply with mandatory record retention or legal hold requirements), as agreed in an individual consent; and

• to resolve disputes, and to otherwise fulfil the purposes, rights and obligations outlined in this Privacy Statement.

Retention periods can vary significantly based on the type of information and how it is used, and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When Personal Data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

You have a number of rights under data protection laws in relation to your personal data.  You have the right to:

Access and/or have your information provided to you

You can request a copy of the Personal Data we are processing about you.  This  is commonly known as a “subject access request” and enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

You can ask us to change, fix or update information about you (for example, if it is incomplete or inaccurate).  However, we may need to verify the accuracy of the new data you provide to us.

You can ask us to delete Personal Data about you in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (which is detailed below), where we may have processed your information unlawfully or where we are required to erase your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

You have the right to ask us to restrict our processing (i.e., stop any active processing) of your Personal Data.  This can be done in the following scenarios:

• if you want us to establish the data’s accuracy;

• where our use of the data is unlawful but you do not want us to erase it;

• where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

• you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

In certain circumstances, you have the right to obtain Personal Data we hold about you in a structured, electronic format, and to transmit such data to another company. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

You have the right to object to Pelion using your Personal Data in some circumstances (in particular, where we do not have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). See below for information about how to unsubscribe to direct marketing.

You can withdraw your consent to certain data processing, including for marketing messages that you receive from us. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please note that these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.  If you have unresolved concerns, you have the right to complain to a data protection authority as described below.  Individuals based in the UK, or the EEA can make a Data Subject Access Request by following this link.

If you wish to exercise any of the rights set out above, please contact us (see Contact Details).

Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries.

Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA). We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission.

We will not knowingly collect Personal Data from children under the age of 13 years.  On occasion Pelion does run campaigns to encourage the use of technology for children under the age of 13.  Such campaigns are strictly for educational purposes only.  Any information collected by Pelion of participating children under the age of 13 is done with the consent of the parent or legal guardian and the data collected is strictly segregated and deleted immediately after the end of any such campaign.

We keep our Privacy Statement under regular review and may modify this Privacy Statement at any time. If we make changes to this Privacy Statement, then we will post an updated version of this Privacy Statement on our website. We will specifically notify you by email about any material changes to this Privacy Statement.  

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

If you believe we have used your Personal Data in a way that is not consistent with this Privacy Statement or your choices, or if you have any questions or comments about this Privacy Statement, please contact Pelion Legal by emailing privacy@pelion.com.  Any request will be evaluated and completed in accordance with applicable data protection law, including verification of the requestor’s identity. Alternatively, please contact us at the following address:

Pelion IoT Limited

Head of Legal
319 St. Vincent Street
Glasgow
G2 5LD
Scotland
United Kingdom

If you have a complaint about this Privacy Statement or any aspect of how we use your Personal Data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (details can be found below).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).

If you are based in, or the issue you would to complain about took place in the EEA, please visit this website for a list of local data protection authorities in EEA countries.