TELIT 

EU AND CCPA PRIVACY NOTICE

Version: 4

Updated February 9, 2022

If you are not a resident of the EU, please refer to Telit’s non-EU Privacy Policy at: www.telit.com/privacy-policy.

  1. Who is responsible for processing your data?
  2. Categories and sources of personal data and purposes and lawful basis for processing.
  3. Sharing of your information
  4. Transfers of personal data outside the EEA
  5. Your rights
  6. Retention period

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA AND HOW TO CONTACT US
This notice (“Notice”) describes the steps the Telit corporate group (together “Telit”, “Company”, “we” or “us”) take to protect the personal data that we process about our customers and other business-related personal data.

Telit is committed to the protection of the personal data that we process about you in line with the data protection principles set out in the European Union’s (“EU”) General Data Protection Regulation 2016 (“GDPR”) and the California Consumer Privacy Act (CCPA).

In respect of personal data that is collected or otherwise processed as part of the services that we offer (see Section 2.2. below), the controller in respect of your personal data is the entity with which your employer has a contractual relationship for the provision of those services. A list of entities is provided in Annex 1. If you are unsure which entity is the controller in respect of your personal data, you can contact us using the following contact details: privacy@telit.com.

Telit Communications Limited, Cannon Place, 78 Cannon Street, London EC4N 6AF, England or its affiliates or subsidiaries are the data controllers in respect of all other processing activities outlined in this Policy.

2. WHAT PERSONAL DATA WE COLLECT AND WHY?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting the personal data that we process.

In each of the sections listed below, we describe how we obtain your personal data and how we will treat it.

Section 2.1 Representatives of our Existing or Prospective Customers, Distributors and Vendors

Section 2.2 Personal Data related to the Services that we Offer

Section 2.3 Visitors to our Premises

Section 2.4 Website Visitors

Section 2.5 Shoppers of our eShop site


2.1 Representatives of our Existing or Prospective Customers and Vendors

A – Sources of personal data

We may obtain your personal data from the following sources:

a.) from you directly,

b.) from a company that employs you, if you are an employee of our customer,

c.) from partners with whom we have a relationship;

d.) during networking events that we have either hosted, or sponsored, or attended; and/or

e.) from publicly available sources (for example, your company website or social media sites).


B – Personal data that we collect and process 

We may collect the following categories of personal data relating to our existing and prospective corporate customers’ employees, officers, authorised signatories, and other associated individuals. This may include:

a.) name;

b.) name of employer;

c.) business address;

d.) business email address;

e.) business telephone number; and/or

f.) job title.

For the purposes of anti-money laundering requirements, Company may also collect the following:

a.) Name;

b.) date of birth;

c.) address;

d.) information from utility bills;

e.) copies of passports;

f.) copies of driving licences;

g.) nationality;

h.) bank details (account numbers, sort codes);

i.) police contact certificate (occasional use).

The above items correspond to the following categories of personal information that we have collected over the past 12 months when we operate as a “business” under the CCPA:

a.) Identifiers

b.) Information that identifies, relates to, describes, or is capable of being associated with, a particular individual

c.) Professional or employment-related information

d.) Commercial information, including products or services purchased, obtained, or considered

C – Why do we collect your personal data and what are our lawful bases for it?

Representatives of our Existing or Prospective Customers, Distributors and Vendors
We may use your personal data to:Our lawful basis for doing so is:  Our legitimate interests in doing so are: 
Provide you with our products or services or receive products or services from you Legitimate InterestEfficiently fulfil our contractual and legal obligations
Management reporting (including at an intra-group level)
Establish and manage our relationshipLegitimate InterestEfficiently fulfil our contractual and legal obligations
Account management
Exercise or defend legal claims
Understand the market in which we operate
Management reporting (including at an intra-group level)
Learn about how our products and services are or may be usedLegitimate InterestUnderstand the market in which we operate
Management reporting (including at an intra-group level)
Account management
Manage securityLegitimate InterestManaging security, risk and crime prevention, including anti-money laundering
Management reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationLegitimate InterestPromote our products and services
Management reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationLegitimate InterestPromote our products and services
Management reporting (including at an intra-group level)
Anti-money laundering, sanctions lists and other laws and regulations that may apply to TelitLegal ObligationManaging risk, prevention of crime and anti-money laundering
General business managementLegitimate InterestManagement reporting and assessment.

If you object to us using your contact details for these purposes, including direct marketing, please send an email to us using the following email address: privacy@telit.com.

Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

We do not sell your personal information and we have not done so in the preceding 12 months.

The following are the CCPA business or commercial purposes for which we use each category of personal information. Details about the information we collect for each category are provided in part B above. More details about the business or commercial purposes are provided in the table above.

Categories of Personal InformationBusiness or commercial purposes pursuant to the CCPA
IdentifiersAuditing related to a current interaction with the consumer and concurrent transactions
Providing customer service, processing or fulfilling orders and transactions, verifying customer information
Processing transactions and verifying customer information
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us
Professional or employment-related information
Commercial information, including products or services purchased, obtained, or considered
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual

2.2 Personal data related to the services that we offer

A – Sources of personal data

Your personal data may be processed when our corporate customers use any if the following services that we offer, if the data flowing through these services relate to you:

a.) Connectivity – a management platform for cellular connectivity (SIM) services provided to corporate customers

b.) IoT Platform and related Professional Services – a cloud based-solution that allows corporate customers to connect an array of and handle the data collected by these devices

c.) Modules – Programmable hardware devices with telecommunication capabilities that corporate customers embed in their own products.

d.) secureWISE – a solution providing secure remote access to administer and measure the performance of factory floor machines of corporate customers


B – Personal data that we collect and process

We may collect the following categories of personal data relating to our corporate customers’ end-users:

a.) Connectivity: Call Data Record (CDR) which contains various meta-data attributes of the transmission, such as time, volume of transmission (in KB), transmission duration, completion status, source number, and destination number. SIM uptime, session duration; IP Address; the content of SMS; cell tower data/ signalling information; approximate geolocation; communication data transmitted to/from the SIM.

b.) IoT Platform and related Professional Services: the categories and nature of the personal data processed is wholly determined by the corporate customer using this service.

c.) Modules: SIM number and device number (IMEI).

d.) secureWISE: usernames, names, business contact details and work title of corporate customer’s employee using the service


C – Why do we collect your personal data and what are our lawful bases for it?

DATA RELATING TO YOU FLOWING THROUGH THE PRODUCTS AND SERVICES WE PROVIDE OUR CUSTOMERS
We may use your personal data to:Our lawful basis for doing so is:  Our legitimate interests in doing so are: 
Provide our corporate customer with our products or servicesLegitimate InterestEfficiently fulfil our contractual and legal obligations
Management reporting (including at an intra-group level)
Establish and manage our relationshipLegitimate InterestEfficiently fulfill our contractual and legal obligations
Account Management
Exercise or defend legal claims
Understand the market in which we operate
Management reporting (including at an intra-group level)
Learn about how our products and services are or may be usedLegitimate InterestUnderstand the market in which we operate
Management reporting (including at an intra-group level)
Account Management
General business managementLegitimate InterestManagement reporting and assessment.
Statutory reporting obligationsLegal ObligationReport to relevant bodies or entities where required by law.

Note that when we process the data covered in this Section 2.2, we are merely a ‘service provider’ of our corporate customer, pursuant to the CCPA.

2.3 Visitors to Our Premises

A – Sources of personal data

We may obtain your personal data from you directly and/or from our systems’ records.


B – Personal data that we collect and process 

a.) name;

b.) business contact details;

c.) organisation;

d.) role; and/or

e.) image (for example, from CCTV cameras at our premises in Italy, Cyprus and France.

The above items correspond to the following categories of personal information that we have collected over the past 12 months when we operate as a “business” under the California Consumer Privacy Act (CCPA):

a.) Identifiers

b.) Information that identifies, relates to, describes, or is capable of being associated with, a particular individual

c.) Professional or employment-related information


C – Why do we collect your personal data and what are our lawful bases for it?

VISITORS TO OUR PREMISES
We may use your personal data to: Our lawful basis for doing so is:  Our legitimate interests in doing so are: 
Manage securityLegitimate InterestManaging security, risk and crime prevention
Maintain records of visitors to our premisesLegitimate InterestManagement reporting; managing risk.

If you object to us using your personal data for these purposes, please send an email to us using the following email address: privacy@telit.com.

We do not sell your personal information and we have not done so in the preceding 12 months.

The following are the CCPA business or commercial purposes for which we use each category of personal information. Details about the information we collect for each category are provided in part B above. More details about the business or commercial purposes are provided in the table above.

Categories of Personal InformationBusiness or commercial purposes pursuant to the CCPA
IdentifiersDetecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
Professional or employment-related information
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual


2.4 WEBSITE VISITORS

A – Sources of personal data

We may obtain your personal data from the following sources:

a.) from you directly (for example, by filling in forms on the website.

b.) when you register to use the website or for a trial period;

c.) subscribe to any of our services;

d.) request further information via the website

e.) when you report a problem with the website;

f.) from your device or browser; and/or

g.) if you contact us, we may keep a record of that correspondence.

To opt-out of all Telit communication, click here.


B – Personal data that we collect and process 

a.) name;

b.) username;

c.) email address;

d.) phone number;

e.) postal address;

f.) bank details;

g.) job title;

h.) operating system;

i.) browser type;

j.) login information;

k.) products or services you viewed or searched for;

l.) other website data, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;

m.) cookie data (for more information please see our Cookie Section in the Global Privacy Policy;

n.) preferences regarding online marketing;

o.) IP address;

p.) website addresses of social media profiles;

q.) website pages visited including time stamp; and/or

r.) online purchase history.

The above items correspond to the following categories of personal information that we have collected over the past 12 months when we operate as a “business” under the California Consumer Privacy Act (CCPA):

a.) Identifiers

b.) Information that identifies, relates to, describes, or is capable of being associated with, a particular individual

c.) Professional or employment-related information

d.) Commercial information, including products or services purchased, obtained, or considered

e.) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

f.) Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes


C – Why do we collect your personal data and what are our lawful bases for it?

WEBSITE VISITORS
We may use your personal data to:Our lawful basis for doing so is: Our legitimate interests in doing so are:
Provide our website services to youLegitimate InterestWebsite management
Promote our products and services
Account management
Notifying you of any changes to our products and services
Provide you with password reminders
Notify you that a particular service has been suspended for maintenance
Establish and manage our relationshipLegitimate InterestUnderstand the market in which we operate
Management reporting (including at an intra-group level)
Account management
Make suggestions and recommendations to you about products or services that may interest you
Learn about our websites(s) users’ browsing patterns and the performance of our website(s)Legitimate InterestWebsite management, including troubleshooting, data analysis, testing, research, statistical and survey purposes
Manage securityLegitimate InterestManaging security, risk and crime prevention
Management reporting on security incidents (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationLegitimate InterestPromote our products and services
Management reporting (including at an intra-group level)
Learn about how our products or services may be usedLegitimate InterestUnderstand the market in which we operate
Management reporting (including at an intra-group level)
General business managementLegitimate InterestManagement reporting and assessment.

If you object to us using your personal data for these purposes, including direct marketing, please send an email to us using the following email address: privacy@telit.com.

We will seek your prior consent, where required to do so by law, where we:

a.) use cookies or similar technologies to fulfil this purpose; and/or

b.) use your email to communicate marketing information to you.

We do not sell your personal information and we have not done so in the preceding 12 months.

The following are the CCPA business or commercial purposes for which we use each category of personal information. Details about the information we collect for each category are provided in part B above. More details about the business or commercial purposes are provided in the table above.

Categories of Personal InformationBusiness or commercial purposes pursuant to the CCPA
IdentifiersProviding customer service, processing or fulfilling orders and transactions, verifying customer information
Auditing related to a current interaction with the consumer who is a job applicant
Processing transactions and verifying customer information
Professional or employment-related information
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual
Internet or other electronic network activity informationDetecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, prosecuting those responsible for that activity
Undertaking internal research for technological development and demonstration
Undertaking activities to verify or maintain the quality of the service and to improve, upgrade or enhance the service
Debugging to identify and repair errors

2.5 Shoppers of our eShop site 

A – Sources of personal data

We may obtain your personal data from the following sources:

a.) from you directly (for example, when you complete the order forms on the website).

b.) from our third-party processor, Shopify, who helps us administer our eShop.


B – Personal data that we collect and process 

a.) name;

b.) email;

c.) shipping and billing address;

d.) payment details (collected by Shopify acting as our processor but not shared with Telit);

e.) your company name;

f.) phone number;

g.) information about orders you initiate.

Shopify, acting as our processor, also collects the following information from you: information about the Shopify-supported merchant stores that you visit, and information about the device and browser you use.  Click here to read Shopify‘s privacy policy.


C – Why do we collect your personal data and what are our lawful bases for it?

SHOPPERS OF OUR ESHOP SITE
We may use your personal data to: Our lawful basis for doing so is:  Our legitimate interests in doing so are: 
Fulfill your orderPerformance of purchase contractProperly fulfil our contractual and legal obligations to process and deliver your order and payment
Establish and manage our relationshipLegitimate interestsEfficiently fulfil our contractual and legal obligations
Account management
Exercise or defend legal claims
Understand the market in which we operate
Management reporting (including at an intra-group level)
Learn about how our products and services are or may be usedLegitimate interestsUnderstand the market in which we operate
Management reporting (including at an intra-group level)Account management
Manage securityLegitimate interestsManaging security, risk and crime prevention, including anti-money laundering
Management reporting (including at an intra-group level)
Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communicationLegitimate interestsPromote our products and services
Statutory reporting obligationsLegal obligationReport to relevant bodies or entities where required by law.
General business managementLegitimate interestsManagement reporting and assessment.

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH

We do not sell your personal data to third parties.

Affiliates

We may share your personal data with our affiliates, subsidiaries and parent company.

Our Service Providers

We may disclose information about you to organisations that provide a service to us, on the understanding that they will keep the information confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

a.) our distributors who may contact you regarding Telit products and services, if you indicate your desire to receive such offers;

b.) technical support providers who assist with our website and IT infrastructure;

c.) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;

d.) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

e.) providers that help us generate and collate reviews in relation to our products and services;

f.) our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf; and/or

g.) providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format (e.g. cloud service providers), and for marketing purposes.

Content that you post on Telit’s Technical Forum may be viewable by other users of the Website and Internet users in general, along with your username on the Website.


Company Mergers and Takeovers

We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business.


Legal and Regulatory Enforcement

If you have breached the Terms, abused your rights to use the website, or violated any applicable law. Your information may be shared with competent authorities and with any third party, if we believe it is necessary or justified.

4. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA

If and when transferring your personal data outside the EU or European Economic Area (“EEA”), we will only do so using one of the following safeguards:

a.) the transfer is to a non-EEA country that has been the subject of an adequacy decision by the EU Commission;

b.) the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA;

c.) the transfer is to an organisation which has binding corporate rules approved by an EU data protection authority; or

d.) the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

International transfers to our affiliates, subsidiaries and parent company are governed by EU Commission-approved Standard Contractual Clauses for Controllers and, where relevant, for Processors.

We may also transfer your data to third-party vendors outside the EU, such as our customer relationship management system and due diligence providers e.g. Salesforce and Amazon Web Services (AWS). Where we do so, the Standard Contractual Clauses or other safeguards approved by the EU Commission are in place to safeguard that personal data.

You may request a copy of these agreements by contacting us using the following email address: privacy@telit.com.

5. YOUR RIGHTS

If the EU’s GDPR applies to the processing of your personal data, the GDPR provides you with certain rights in relation to the processing of your personal data, including to:

• Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.

• Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

• Request personal data provided by you to be transferred in machine-readable format (“data portability”).

• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).

• Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above, or where decisions about you are based solely on automated processing, including profiling.

These rights are not absolute and are subject to various conditions under:

• applicable data protection and privacy legislation; and

• the laws and regulations to which we are subject.

If at any time you decide that you do not want to be contacted for any purpose or if you would like to exercise any of your rights as set out above, you can contact us by emailing the following email address: privacy@telit.com.

If you are a resident of California, you have the following rights in relation to personal information we process about you (other than processing personal information as a service provider of a corporate customer):

CategoryDetails of your Rights
Disclosure of Personal Information We Collect About YouYou have the right to know:
• The categories of personal information we have collected about you
• The categories of sources from which the personal information is collected
• Our business or commercial purpose for collecting personal information
• The categories of third parties with whom we share personal information, if any
• The specific pieces of personal information we have collected about you.
Right to DeletionSubject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records; and
• Direct any service providers to delete your personal information from their records.

Please note that we may not delete your personal information if it is necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection Against DiscriminationYou have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
Designate an authorized agent to submit CCPA requests on your behalfYou may designate an authorized agent to make a request under the CCPA on your behalf. To do so, you need to provide the authorized agent written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below.

If you would like to exercise any of your CCPA rights as described above, you should email us to: privacy@www.telit.com.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.



6. RETENTION PERIOD

We will keep and process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defense of legal claims.

ANNEX 1: TELIT ENTITIES

EU ENTITIES

Telit EntityCountry
Telit Communications SpAItaly
Telit Wireless Solutions GmbHGermany
Telit Communications Spain SLSpain
Telit Communications Cyprus Ltd.Cyprus
Telit Technologies (Cyprus) Ltd.Cyprus


ENTITIES OUTSIDE THE EU

Telit EntityCountry
Telit IoT Solutions Holding Ltd.England
Telit IoT Solutions Ltd.England
Telit IoT Ltd.England
Telit Communications LimitedEngland
Telit IoT Solutions, Inc.United States
Telit Wireless Solutions Tecnologia E Serviços LtdaBrazil
Telit Wireless Solutions Co LtdRepublic of Korea
Telit Wireless Solutions Ltd.Israel
Telit Wireless Services Ltd.Israel
Telit Wireless Solutions (Pty) Ltd.Republic of South Africa
Telit Wireless Solutions Hong Kong LimitedHong Kong
Telit Wireless Solutions (Australia) Pty LimitedAustralia
secureWISE, LLCUnited States
Telit Wireless Solutions (Shenzen) Ltd.China
Telit Wireless Solutions Japan KKJapan
Telit Wireless Solutions (Shanghai) LtdChina
Telit Wireless Solutions Taiwan LimitedTaiwan
Telit Communications India Private LimitedIndia

Version 1 – Effective Date: 25 May 2018