Soracom Services Privacy Policy for European Customers

SORACOM CORPORATION, LTD.

Latest update: 30 April 2020

1. INTRODUCTION

In this Privacy Policy we describe our privacy practices in relation to information that we collect when you use our products, services, applications, websites and other “Digital Channels” operated by us Our Digital Channels include:

  • the Soracom Mobile App;
  • our websites: https://soracommobile.com; https://soracom.io; https://dev.soracom.io; https://soracom.io; https://sps.soracom.io; https://console.soracom.io; and
  • our social media channels: LinkedIn; Facebook

When we refer to “we”, “us”, “our”, “Soracom” or use similar phrasings we refer to SORACOM CORPORATION, LTD., a company incorporated in the UK with company registration number 12311887, who is the data controller for personal information regarding our customers.

If you want to contact us for any reason, please see How to contact us at the bottom of this Privacy Policy.

2. THE DATA SORACOM COLLECTS AND PROCESSES

The information we collect about you and how we collect it varies depending on the products and services that you use and the Digital Channels that you access.

For purposes of this Privacy Policy, personal information may include, but is not limited to, information that identifies you as an individual, such as: your name, title, company name, job role, expertise, postal address, telephone number, IP-address or email address; payment information, such as: your credit card number; .

We also collect other types of information through cookies like browser information, time of visit, referring site etc. – more information about this can be found in our Cookie Policy.

Through your use of our products and services, we will also collect certain communications traffic data including data on a communication’s origin, destination, route, time, date, size, duration, or type of underlying service (collectively “Traffic Data“)

We process Traffic Data as a data controller in order to: (i) provide and maintain the products and services; (ii) calculate any charges and fees payable by you, and to bill and invoice you accordingly; (iii) identify, investigate and protect against fraud, threats and unlawful or wrongful use of the services; (iv) for internal use for development and improvement of the services; and / or (v) as may be required by applicable law.

3. HOW WE COLLECT PERSONAL DATA

We collect personal information in a variety of ways, including:

  • Through Digital Channels: We collect personal information through our Digital Channels, e.g., when you subscribe to a newsletter, register for a webinar, complete our contact us form, download content (e.g. whitepapers), sign up to use a service, or place an order requiring a physical delivery address.
  • Through your use of our products and services: We collect personal information and other Traffic Data when you use our products and services.
  • Offline: We may collect personal information from you offline, such as when you attend one of our events, meet in person, during phone calls with sales representatives, or when you contact customer service or support.
  • Information from other sources: To enhance our ability to provide relevant marketing, offers, and services to you, we may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties.

4. WHY WE PROCESS AND SHARE YOUR PERSONAL DATA

We process and share your personal data with other companies for the purposes listed below:

4.1 Providing you our services

Some of the services and features we provide require the processing of your personal data. We process such personal data in order to provide our services to you or our other customers, e.g. a business that you represent.

If we have entered into an agreement and the services are provided to you, our legal basis for such processing of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) article 6(1)(b), as such processing is required to let you use our services under the agreements we have entered into.

If the services are provided to a customer other than you e.g. a business that you represent or if we have not entered into an agreement, our legal basis is GDPR article 6(1)(f). Our legitimate interest pursued by the processing is to be able to provide our services to our customers.

4.2 Fulfilling our legal obligations

Sometimes our legal obligations require that we process personal data, e.g. when we receive an enforceable governmental request requiring the processing of personal data which we are under an obligation to comply with. Our legal basis for such processing of personal data will be GDPR, article 6(1)(c).

4.3 Customer service and relationship management

If you contact us, including our customer service or support, with an inquiry, e.g. a question or a complaint, we may ask you for or you may provide us certain information, including personal data. We may use such personal data to identify you and to help us respond to your inquiry.

Our legal basis for such processing of personal data is GDPR article 6(1)(f). Our legitimate interests pursued by the processing are to be able to identify you and to respond to your inquiry.

Similarly, we may use contact information provided by you to contact you, if we have any questions, comments or other information which we want to address to you.
Our legal basis for such processing of personal data is GDPR article 6(1)(f). Our legitimate interests pursued by the processing is to be able to identify you and contact you.

4.4 Development and improvement of our products and services

We may use personal data which we have collected regarding you to improve our current products and services or develop new ones, e.g. by using personal data to assess how our products are currently being used by gathering statistics regarding the use of certain functionality to better understand market trends, and thereby improve and develop our websites, product offerings, and services, or by making use of and evaluating suggestions for improvements provided by you.

We also use personal data to provide you with more user-friendly services. This relates primarily to your experience with registration and login procedures. Personal data is also processed with the aim of being able to adapt the viewing of content on Digital Channels, to the device you use and provide you with an enhanced user experience.

Our legal basis for such processing of personal data is GDPR article 6(1)(f). Our legitimate interests pursued by the processing is to be able to improve our current products and services or to develop new ones.

4.5 Tailored marketing

If you have consented to it, we may use personal information regarding you to provide you with customized offers and advertising, e.g. by direct email, based on your interests and use of our Digital Channels. For example, we may assess your personal preferences based on analysing your use and results of your use of our services, your purchase history, your participation in promotions or surveys, and other data that you have provided to us.

Depending on your consent, you may receive offers by regular mail, email, SMS, social media, coupons or any other digital channels used by you. You may use the unsubscribe functionality for the different communication channels.

Our legal basis for providing you with tailored offers will be GDPR, article 6(1)(a), and the consent you have given to receiving tailored marketing. If you have consented to receiving tailored marketing, you may at any time withdraw your consent. Such withdrawal may be performed here, or you may contact us as set out at the bottom of this policy. Your withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.

4.6 Business Transfers

In some cases, we may buy or sell assets or businesses. In these types of transactions, user information is typically one of the business assets that is transferred. We may disclose personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Our legal basis for such processing of personal data is GDPR article 6(1)(f). Our legitimate interests pursued by the processing is to be able to buy or sell assets or businesses.

4.7 To prevent, limit, and investigate abuse

We need personal data about user activities and technical data to prevent, limit, and investigate various types of abuse of our Digital Channels, such as the presentation of false profiles, spamming, harassment, attempts to log into other users’ accounts, as well as other behaviour which is prohibited by law.

Our legal basis for such processing of personal data is GDPR article 6(1)(f). Our legitimate interests pursued by the processing is to be able to prevent, limit, and investigate abuse.

5. SORACOM AND SOCIAL MEDIA PAGES

When you use our Digital Channels, you may share information on social media, such as Facebook, LinkedIn, Instagram or Twitter, through an implemented social plug-in (such as a Like button). If you choose to share information via a social plug-in, your browser will transfer the following data to the social medium:

  • Date and time of your visit
  • The internet address or URL for the address you are temporarily visiting
  • Your IP address
  • The browser you are using
  • The operating system you are using
  • Your username and password and, where applicable, whether you are a registered user of the social medium, your first name and surname
  • The information for which you have used this specific plug-in

With respect to such information, we refer to the terms and conditions for the relevant social medium (we have no influence over the information that the social medium collects through the use of plug-ins). You can block social plug-ins in your browser settings.

6. HOW DOES SORACOM SECURE PERSONAL DATA?

We have implemented organizational, technical, and administrative measures to protect personal information within our organization, including security controls to prevent unauthorized access to our systems. While we take reasonable steps to secure your personal information, you should be aware no security procedures or protocols are ever guaranteed to be 100% secure. There is therefore always some risk assumed by sharing personal information online. If you have reason to believe that your interaction with us should not be secure, please contact us immediately (see How to contact us below).

7. HOW LONG WILL WE STORE YOUR DATA FOR?

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy. When your personal data is no longer relevant for the purposes for which it has been collected, we will delete it.

8. OPTING OUT

You may opt-out of receiving marketing communication by unsubscribing through the unsubscribe or opt-out link in any email. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

You can also close your Soracom account via the link in the administration console, provided you have no active services and no outstanding amounts due.

9. HOW CAN YOU ACCESS, CORRECT OR REMOVE DATA?

You have the right to request access to, rectification or erasure of, or restriction of the processing of your personal data.

You may also object to any processing of your personal data.

You also have the right to data portability.

If you would like to access, correct, remove or limit the use or disclosure of any personal information about you that has been collected and stored by Soracom, please contact us as described in ‘How to Contact Us’ below.

If you are dissatisfied with our processing of your personal data, you have the right to lodge a complaint to your local data protection authority such as the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Fax: 01625 524510
Please visit https://ico.org.uk/make-a-complaint/ for more information.

10. THIRD PARTY SITES

Our Digital Channels may permit you to link to other websites on the Internet through direct links or through applications such as “share” or “Like” buttons, and other websites likewise may contain links to our Digital Channels. The information practices or content of such other websites is not governed by this Privacy Policy, but the privacy statements of those websites.

11. CHANGES TO THIS POLICY

Soracom may update this Privacy Policy from time to time, for example, to reflect changes to data protection law.

The “Latest updated Date” on this page indicates when this Privacy Policy was last revised.

Any changes to this Privacy Policy will become effective when we publish the revised Privacy Policy. Material changes in our Privacy Policy will be notified 30 days before they become effective.

12. TRANSFER OF PERSONAL DATA REGARDING YOU

We may disclose your personal data to any of the following categories of recipients:

  • Our data processors, e.g. data processors used for the operation of our websites or hosting our data;
  • Subject to applicable data protection legislation, any affiliate, agents, service providers and/or subcontractors of us for the purposes listed in this privacy policy. e.g. authorised third party companies involved in the processing of payments made on our website, or other third parties helping us achieve the purposes listed in this privacy policy. Our legal basis for such disclosure of personal data may be GDPR, article 6(1)(f). Our legitimate interests pursued by the processing is to be able to provide you with our services including in a cost-effective manner;
  • Authorised governmental entities, supervisory agencies, fiscal entities etc. pursuant to a legal process or enforceable governmental request which we are under an obligation to comply with. Our legal basis for such disclosure of personal data will be GDPR, article 6(1)(c).

13. Transfer of data to a non-EU/EEA country

We transfer your personal data to the following companies which are headquartered outside of the EU/EEA. We have entered into agreements with each of the below, which include data protection Model Clauses to contractually protect your data and privacy. Please Contact us if you have any questions.

13.1 SORACOM INC.

Soracom Inc. (4-5-6-3F Tamagawa Setagaya Tokyo, Japan 158-0094) is our affiliated company who operate and develop the Soracom websites and services. When you sign up for a Soracom Account, the Soracom Partner Space, or browse our other websites, the data is transferred to Soracom Inc, because they operate the underlying systems and services. Soracom Inc. is ISO27001 certified and we have model clauses to help protect your personal information and privacy.

14. WHEN THIS POLICY DOES NOT APPLY

This Privacy Policy does not apply to the practices of third parties that Soracom does not own or control, or to individuals that Soracom does not employ or manage. Please note that some Soracom customers may have agreements with us that contain further detail regarding the collection, use, and sharing of their data. If those special agreements and this notice conflict, those special agreements will apply.

15. CONSEQUENCES OF NOT PROVIDING PERSONAL DATA

If you do not provide us with your personal data, you will not be able to open a Soracom account or use Soracom’s services.
If you do not provide a shipping address, we will be unable fulfil your order.
If you do not provide a payment information, your use of the Soracom services will be limited.

16. HOW TO CONTACT US

Your privacy matters. If you have any questions, concerns, or complaints regarding the way we collect and handle your information, please visit https://www.soracom.io/contact.

If you have a Soracom Account, please login and then click ‘Support’ at the top right and raise a request in our support system. This is described at the bottom of https://www.soracom.io/contact.

Soracom will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner.