Cubic Telecom – Updated Privacy Notice
At Cubic Telecom we take pride in being open and up-front with our customers, so we have crafted this Privacy Notice with the aim of giving you, our customer, simple and understandable information on how we manage, use and look after your information.
This Privacy Notice explains what personal information we collect about you, how and why we use it, who we share it with and how we protect your privacy. Most importantly, it also explains the privacy rights that you have in relation to your personal information and how you can exercise these rights.
You will find all our contact details at the end of this Privacy Notice which you can use if you have any questions about this Privacy Notice including how you can exercise your privacy rights, for example updating or accessing your personal information and making a complaint.
This Privacy Notice applies to all customers of Cubic Telecom Limited. It also applies to any users of our website, who may or may not be customers of Cubic Telecom Limited. Please read this Privacy Notice in conjunction with our General Terms and Conditions and any Terms and Conditions that may apply to the products and services that you have registered for.
At Cubic Telecom, we continuously review our privacy practices and conduct regular training and monitoring of those involved in our privacy-related activities.
Who is responsible for Your Personal Information?
Cubic Telecom Limited is an Irish company registered with the company number 415374 and with a registered address at Arthur Cox Building, Earlsfort Terrace, Dublin 2, Ireland and controls the ways in which your personal information is collected, managed and used.
For the purpose of The Data Protection Acts 1988 and 2003 (as amended) and from 25th of May 2018, the General Data Protection Regulation (the GDPR) (the Applicable Data Protection Laws), Cubic Telecom Limited is the data controller. A data controller is a company that decides why and how your personal information is processed. Our Data Protection Officer can be contacted at DPO@cubictelecom.com
What Personal Information Do We Collect About You?
We collect, store and process various pieces of personal information which is information that relates to you and allows us to identify you either directly or in combination with other information which we may hold. By registering and creating an account with us, your personal information may include for example your name, your contact details and your vehicle details. We may also hold information on how and when you use our services and website and who you may have interacted with if you choose to contact us.
We may collect, store and process the following categories of information about you:
Basic information: this is information such as your name and contact information (your email address, telephone number(s) (including your mobile phone number) and postal address. We process this category of personal information when you register online and create an account to use our services and input your details into our online form.
Payment Details: Our payment processor, Realex Payments, processes the payment details you provide (credit card number, issuing bank, expiry date and security codes) in order to pay for the use of our services. For our customers who choose to save credit cards on their account for ease of further payments, we only process and store the last 4 digits of that card and the card type itself, for example Visa, Mastercard, together with a reference number for that credit card that has been returned from Realex Payments.
Information related to the Customer Relationship: We collect, store and process your customer information such as your account settings including your access codes, PIN, and security questions, your service and data pack order details, invoicing, your consent to our Terms and Conditions, your direct marketing and cookie permissions and prohibitions, your customer contacts and related recordings, such as calls you make to our customer service team.
Identification information related to your Vehicle: We collect, store and process certain information relating to the identification of your Vehicle specifically the VIN which is the Vehicle Identification Number. We may associate the VIN with your basic information and we treat the combined information as personal information in accordance with this Privacy Notice for as long as it is combined.
Traffic data generated in connection with use of our Services. We collect, store and process
(i) Device information which is the IMEI number;
(ii) Source identification information which is the ICCID, MSISDN and IMSI numbers related to the connection;
(iii) Information on the communication network used;
(iv) Log on and log off details which are the time, date, duration and cost of the connection;
(v) Vehicle/SIM card location information which is the country-location of your vehicle/SIM card.
Other data on use of our services, such as data collected by means of cookies and similar technologies in connection with your use of our website;
Information related to the registration of a prepaid SIM card to an identified customer or user where required by the relevant local law: In certain countries, the local law may require additional personal information such as copies of verified government-issued personal identity documents, for example a passport, in order to be able to use our services. We do not, however, collect, store and process these personal identity documents. Where the local law requires the authentication and verification of the customer’s personal identity documents prior to using our services, this process is carried out by specialist identity document authentication and verification service providers on our behalf as listed in Section 4. We do not store or process any information relating to the authentication and verification process, apart from the result, that is whether a customer’s personal identity documents have been accepted or rejected.
Other data, which is collected based on your consent and defined in more detail when consent is asked from you.
You are not required to provide any personal information to us but if you decide not to do so, it is possible that we will not be able to provide our services to you.
How and Why We Use Your Personal Information;
The legal bases for the processing of your personal information are:
Processing is necessary for the performance of an Agreement which you have entered with us for the purpose of setting up your account, the purchase of data pack credit and providing you with our services, including mobile telecommunications and internet related services.
Processing is necessary for the purposes of the legitimate interests which we pursue as a business in providing you with our services where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your personal information.
Processing for legitimate business interests is used for the following purposes related to the provision and delivery of our services to you:
- to correspond and communicate with you;
- to verify the accuracy of your information and create a better understanding of you as a customer;
- to comply with our general administration including managing your queries,
- complaints, or claims and to send service messages to you;
- to comply with a request from you in connection with the exercise of your privacy rights;
- to administer our services and website and for internal operations, including
- troubleshooting, service management and optimisation in order to provide you and our other customers with a better customer experience;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to provide, manage and fulfil your orders for our services and to send you invoices;
- to investigate, prevent or take action regarding illegal activities and violations of our Terms and Conditions and/or applicable laws;
- to meet our legal and regulatory obligations;
- and for marketing activities (other than where we rely on your consent).
We primarily process your personal information based on our Agreement concluded with you or under legitimate interests which we pursue as a business in connection with the provision of our services. For the categories of personal information we collect from you, it is important to inform you how we use your personal information and the legal basis we use for processing your personal information.
Processing is necessary for compliance with a legal obligation to which we are subject: We use your personal information to comply with our legal obligations including:
- to assist the police or any other public authority or criminal investigation body according to our lawful interception, mutual assistance and disclosure obligations;
- to comply with local legal requirements mandating the registration of a prepaid SIM card to an identified customer or user of our services;
- to identify you when you contact us;
- to verify the accuracy of personal information that we hold about you;
- and for our accounting and taxation audit purposes as required by law.
Processing where you have provided consent: We may use and process your personal information where you have consented for us to do so for the following purposes: to contact you via email with direct marketing information about related products, services and promotional offers when you tick the marketing box. You may withdraw your consent at any time in the same way in which you provided it.
Who We Share Your Personal Information With:
We sometimes share your personal information with third parties who perform important functions for us based on our instructions and applying the necessary confidentiality and security measures.
We use third party partners for a variety of business purposes, including to help us take payment, repair and improve our services, securely store data and to comply with local regulatory requirements, for example relating to the mandatory registration of prepaid SIM cards to an identified customer or user of our services. In such cases it may be necessary to disclose your personal information to third parties for these purposes. We will typically share your personal information with third parties to help us run our business effectively when:
- It is necessary to involve a third-party partner, agent or other service provider to facilitate or extend our services so that we can provide a better service to you.
- You have given us your consent to share your personal information.
- We are required or allowed by law to disclose your personal information, for example in order to protect you, us or someone else from harm or damage, or we are required by a warrant, court order or other legal or regulatory requirement to disclose your personal information to the police and law enforcement agencies, courts or other public authorities
- If we decide to sell, buy, merge or otherwise re-organise our business, we may share your personal information with prospective or actual purchasers, sellers or partners and their advisers.
We have set out below a list of some examples of third parties with whom we share your personal information:
Please see Section 8 “Your Privacy Rights in Relation to your personal information” under the heading “Direct Marketing” for further details.
We use specialist third parties such as Realex Payments to help us process your payments. For more information on Realex Payments and its compliance with the Applicable Data Protection Laws please visit, www.realexpayments.ie;
We use the services of the following specialist identity document authentication and verification service providers:
Experian (Prove ID) for passport scanning and passport authentication, only where this is required by the relevant local law, for example for (but not limited to) our customers in Spain, Italy and Belgium. For more information on Experian and its compliance with the Applicable Data Protection Laws please click on the following link: http://www.experian.co.uk/crain/idf-information-notice.html?SP_MID=15700-g&SP_RID=9037668-g&elqTrackId=c5834303ec214f33ab879cd1fe2d7cab&elq=1d5120717f4349b699402c2e51834298&elqaid=15700&elqat=1&elqCampaignId=7265
IDNow for passport authentication and video verification, only where this is required by the relevant local law, for example for (but not limited to) our customers in Germany. For more information on IDnow “Video Identification” and its compliance with the Applicable Data Protection Laws please click on the following link: https://www.idnow.eu/privacy/
We use the services of Zendesk, a recognised customer service software and support ticketing system as part of our customer service architecture. For more information on Zendesk and its compliance with the Applicable Data Protection Laws please click on the following link: https://www.zendesk.com/company/customers-partners/eu-data-protection/
We use the services of Microsoft Azure to securely store your data. For more information on Microsoft Azure and its compliance with the Applicable Data Protection laws, please click on the following link: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
When we use third party contractors, agents or partners, we only disclose to them your personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure according to our obligations as a data controller for the purpose of the Applicable Data Protection Laws and not to use it other than in accordance with our specific instructions.
Transfers of your Personal Information outside the European Union or the European Economic Area:
At all times, we intend to store and process your personal information within the European Economic Area (EEA). We also ensure that any of our trusted third-party partners store and process your personal information within the EEA. Should this ever change, and we need to share your personal information for storage and processing with third parties or organisations located outside the EEA, we will only transfer your personal information in the following circumstances:
- If that country provides an adequate level of protection for personal information as set down by the European Commission; or
- Where the transfer is made under a legally binding agreement which covers the European Union requirements for the transfer of personal information to data processors outside of the EEA such as model contractual clauses approved by the European Commission, the EU- US Privacy Shield Framework or such other approved mechanism or model approved by the European Commission.
Cookies and Other Similar Technologies:
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies may be either persistent cookies or session cookies. A persistent cookie will be stored by a web browser and will remain valid until its expiry date, unless deleted by the user before the expiry date. A session cookie will expire at the end of the user’s session when the web browser is closed.
We issue two types of cookies, First Party and Third Party. First party cookies are cookies served directly by us to your computer. They are typically required for our website to perform as you would expect. In addition, our website may use an external company to analyse how people are using our website. This external company will set their own cookie to do this.
While browsing you may also receive Third Party cookies which are not issued directly by us but are served by a Third Party on our behalf. Some of our web pages may also contain content from other sites like YouTube which may set their own cookies.
- Assisting you in navigation;
- Assisting in registration, login, and your ability to provide feedback;
- Analysing your use of our website, services or applications;
Below is a detailed list of the cookies we use on our website. Our website is scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:
Strictly Necessary Cookies
Targeting/Advertising and Other Third Party Cookies
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. These cookies are deleted when you close your browser. They include, for example, cookies that enable you to log into secure areas of our website. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
Categories of Strictly Necessary Cookies we use:
Type: First Party
Purpose: This cookie is used to create a session ID for the user, so that the system itself can identify the user as a unique and individual user, distinct from anyone else looking at the website. This information is not used or stored outside our systems and is held only temporarily while our customer or user is accessing account pages and any other pages which require unique and secure access. Without this cookie such access could not remain secure, so it is very important.
Type: First Party
Purpose: These cookies are used to make sure visitor page requests are routed to the same server in all browsing sessions.
Type: First Party
Purpose: The cookie stores the user’s cookie consent state for a period of one year.
Purpose: This cookie is used for security purposes to prevent cross-site-request-forgery attacks. This cookie is a session cookie and expires when the browser is closed.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know how visitors move around our site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Categories of Performance Cookies we use:
Cookie: Microsoft Application Insights software cookies
Names: ai_session, ai_user
Purpose: These cookies are associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. ai_session, is a unique anonymous session identifier cookie. ai_user, is a unique user identifier cookie enabling counting of the number of users accessing the application over time and it expires after one year.
Cookie: Google Analytics Name: _ga, _gid, _gat Type: Third Party
Purpose: Google Analytics gathers information allowing us to understand interactions with our websites and ultimately refine that experience to better serve you. The cookies collect information in an anonymous form. _ga is used by Google to distinguish between unique users and expires after 2 years. _gid registers a unique ID that is used to generate statistical data on how the visitor uses the website and expires at the end of the session. _gat is used by Google Analytics to throttle request rate and expires at the end of the session. For more information about the information gathered using Google Analytics please visit http://www.google.com/intl/en/analytics/privacyoverview.html
Name: _hjIncludedInSample Type: Third Party
Purpose: This session cookie is set to let Hotjar, a digital analytics tool, know whether that visitor is included in the sample which is used to generate funnels. It is essentially used to improve the usability and features of the website.
These cookies are set up to improve the functionality of our website. For Example, cookies that remember the email address and password you provided when registering during an earlier visit to our website. Use of Functional Cookies can therefore save you the time of having to re-register or re- enter information when you visit our website or try to access your account.
The information these cookies collect may include personally identifiable information that you have disclosed, such as your email address. If you do not accept these cookies, it may affect website performance and functionality and may restrict access to web content.
Categories of Functional Cookies we use:
Cookie: User Preferences
Name: Auto_Language, Auto_ShopperEmail
Purpose: These cookies are set to improve the user experience. Once the user returns to the portal, these cookies reuse the stored settings and use it to default the language and user profile to the appropriate one, making it more convenient to the user.
Advertising Targeting Cookies / Other Third-Party Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Categories of Advertising/Targeting Cookies and Other Third-Party Cookies we use: There are currently no third-party advertising cookies in place on our website.
Name: VISITOR_INFO1_LIVE; YSC; PREF
Purpose: We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Most browsers automatically accept cookies. You have the ability to accept or decline cookies or request that you be warned when a website is trying to install a cookie. This can be done by modifying the settings in your browser. Please note that by not accepting or disabling certain cookies may affect the functionality of some parts of this website.
For more information about managing cookies and how to stop cookies being installed visit http://www.allaboutcookies.org/manage-cookies/
How Long We Keep Your Personal Information;
Your personal information will only be kept as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by the Applicable Data Protection Laws. Our retention periods reflect applicable statue of limitation periods and legal requirements.
Cubic Telecom Limited is an Irish registered company and we are obliged to comply with the following specific retention periods below as required by the law of the Republic of Ireland (Communications (Retention of Data) Act 2011).
Service Usage Details: For legal purposes service usage records are retained for a period of twelve months to comply with the requirements of the law of the Republic of Ireland. Service Usage details includes the following traffic information:
- Source identification: ICCID, MSISDN and IMSI numbers;
- Device Information: IMEI number;
- Log Information: Log on/log off date, time and duration;
- Vehicle Location Information: the country location of the Vehicle, for example Germany,France, Spain etc.
Any content viewed on Internet sites visited by our customers is outside the scope of this Privacy Notice and is not information that we retain under any circumstances.
Invoice and Billing Details: We retain invoices and billing data or a period of 6 years plus the current year.
If the purpose for which your personal information was obtained has ceased and this information is no longer required, it will be deleted or anonymised by us which means that your personal information is stripped of all possible identifying characteristics.
Your Privacy Rights in Relation to Your Personal Information:
You have certain rights in relation to the personal information that we hold about you. We have in place measures and processes to enable you to exercise your rights and ensure that we can fulfil your requests concerning the personal information that we hold about you. Subject to certain legal limitations on certain rights, your rights in relation to your personal information are set out below, as well as the ways by which you can exercise your rights, for example, in relation to direct marketing we may send you.
You have the following rights in relation to the personal information that we hold about you:
- To request access to your personal information: We enable you to access the personal information that we hold about you and how we use and process your personal information.
- To request the correction of your information: We enable you to have your personal information corrected if you believe it to be inaccurate or incomplete. We do our best to ensure that the personal information we hold about you is correct, complete and accurate. However, it is your responsibility to ensure that you provide us with true, accurate and complete information, and that you keep information on your account up to date or contact us to correct or edit your personal information.
- To request the deletion of your information: We enable you to request the deletion or removal of your personal information where there is no compelling reason for us to keep using it. This is not a general right to deletion; there are exceptions provided by the Applicable Data Protection Laws.
- To request that we restrict our use of your personal information: We enable you to request the restriction of our use and processing of your personal information.
Provided we do not have any continuing lawful reason to continue processing your personal information, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- To receive the personal information that you have provided to us in a structured, commonly used machine-readable format: You may request us to provide you with your personal information which you have given us in a structured, commonly used and machine- readable format and you may request us to transmit your personal information directly to another data controller where this is technically feasible. This right only arises where we process your personal information where you have provided your consent or where it is necessary to perform our agreement with you and the processing is carried out by automated means.
- To object to the processing of your information for certain purposes: You have the right to object to certain types of processing, including processing for direct marketing, for example if you no longer want to be contacted about our promotions or related services. Further details on this right are set out below.
- To withdraw your consent to our use of your personal information: If we rely on consent to use or process your personal information, you have the right to withdraw this consent at any time. This will not, however, affect the lawfulness of our use and processing of your personal information before you decided to exercise your right to withdraw consent.
- The right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority (which is a national data protection regulator), in the European Union Member State of your habitual residence, your place of work or the place of the alleged infringement of the Applicable Data Protection Laws. For the purposes of the Republic of Ireland, which is the country of our main establishment, the supervisory authority is the Data Protection Commissioner whose contact details are as follows: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, County Laois, Ireland. Phone: +353 57 868 4800, +353 761 104 800; LoCall: 1890 25 22 31. Email: email@example.com Website: www.dataprotection.ie
Please note that the Applicable Data Protection Laws allow the rights outlined above to be restricted by the national laws of European Union Member States in certain circumstances, for example, the prevention and detection of crime.
If you wish to exercise your rights outlined in relation to your personal Information, for example to access and receive a copy of the personal Information that we hold about you, please contact us by telephone, in writing or by email using the contact details listed in Section 11, “How to Contact us”.
Before we are able to respond to your request, for example for access to your information, we may ask you to prove your identity and to provide further details about your request.
Please consider your request responsibly before submitting it. We endeavour to respond as soon as we can and generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll advise you accordingly.
We respond to requests and provide your personal information free of charge but we may charge a reasonable fee to cover our administrative costs of providing the information in two limited circumstances. A charge will be applied for baseless or excessive and repeated requests, or for further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.
In addition, you can also access most of the personal information that you provide to us via your online account at any time and to correct, amend, or delete information that is inaccurate. You can also close your account altogether.
As outlined above, you have the right to object to the use and processing of your personal information for certain purposes which you may exercise at any time by contacting us where:
You object to us using or processing your personal information in order to carry out a task in the public interest or for our legitimate interests, including any profiling which is analysing or predicting your behaviour based on your information; and/or
You object to us using or processing your personal information for direct marketing purposes (including any profiling that is related to such direct marketing).
You can exercise your right to object to us using or processing your personal information for direct marketing purposes by clicking on “unsubscribe” at the bottom of any marketing email we send to you and following the instructions which appear in your browser when you click that link. You can also amend your preferences at any time by logging into your account and unticking the marketing box (only if you have previously chosen to tick the marketing box).
How We Store and Protect Your Personal Information:
We have put in place appropriate technical and organisational security measures to securely store and protect your personal information to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
We use secure servers to store your personal information located within the European Economic Area.
We take measures to verify the identity of any person who requests access to personal information before granting the access to that information.
When you log into your account on our website to use our services with your email and password, all data is encrypted using cryptographic protocols designed to provide communications security such as Transport Layer Security (TLS) and Secure Socket Layer (SSL) encryption. We employ such cryptographic protocols on all pages of our website where we collect personal information. To purchase a data pack from our website, you must use a TLS or SSL-enabled browser such as Edge, Safari, Firefox, or Chrome. This ensures that your personal information remains confidential and is protected white it is transmitted over the Internet.
When we use service providers or other data processors to process personal information on our behalf, we require them to follow our instructions and apply appropriate technical and organisational security measures to protect the personal information they process on our behalf.
If you have a user name and password to access our services, you are responsible for keeping them secure and confidential.
Updates to our Privacy Notice:
We keep our Privacy Notice under regular review and as a result the notice may change from time to time as our business and services expand or change, in the event of a business sale or transfer or if we are required to by law. Any changes will be posted on our website and will be effective when posted. We will inform you of material changes to the content of our Privacy Notice through a notification posted on our website, the email address that you have provided or other communications channels. We will get your consent to the changes if this is legally required.
Please review this notice each time you use our website or our services. This notice was last updated on 25th of May 2018.
How to Contact us:
If you have any questions, suggestions or complaints about the processing of your personal information or about this Privacy Notice or you wish to access your personal information or exercise any of your privacy rights, you can contact us in the following ways set out below:
Our Contact details:
By calling our Customer Support team :
The Netherlands: +31-20-8086085
Austria: + 43-1-2676258
By emailing our Customer Support team:
– firstname.lastname@example.org (German)
– email@example.com (French)
– firstname.lastname@example.org (Dutch)
– email@example.com (Swedish)
– firstname.lastname@example.org (English)
– email@example.com (Italian)
– firstname.lastname@example.org (Spain)
– email@example.com (Danish)
You may also choose to write to our Customer Support team at:
Sandyford Industrial Estate, Dublin 18,
Our Data Protection Officer can be contacted by email at: DPO@cubictelecom.com
We would like to remind you that if you do not agree with the response you receive from Cubic Telecom, you are entitled to lodge a complaint with the Office of the Data Protection Commissioner who can be contacted in the following ways:
By calling the Office of the Data Protection Commissioner:
+353 57 868 4800 / +353 761 104 800 / LoCall: 1890 25 22 31 / Fax: +353 57 868 4757
By emailing the Office of the Data Protection Commissioner at the following email address: firstname.lastname@example.org
By writing to the Office of the Data Protection Commissioner at the following address:
Office of the Data Protection Commissioner, Canal House,
Co. Laois, R32 AP23 Ireland.
You can visit the website of the Office of the Data Protection Commissioner at www.dataprotection.ie for more details.