Privacy Policy
(https://drive.automotive.vodafone.com)


In this policy, we explain how we collect, use, share and protect your personal information when you use our products, services and website.

Who we are?

  • In this privacy policy:
  • “we/us/ours/VFA/Vodafone” mean Vodafone Automotive Italia S.p.A., with registered office as Vizzola Ticino (21010-VA), Via Gabriele D’Annunzio 4, Italy
  • “third party” means someone who is not you or us; and
  • “Vodafone Group” means Vodafone Group Plc and any company or other organisation in which Vodafone Group Plc owns more than 51% of the share capital.
  • “you/yours” means the user who browse or log in to the website

Whenever you provide personal information to us, we are legally required to use such personal information in line with EU and UK legislation. Where you provide us information on behalf of someone else, you confirm that you have provided them with the information set out in this policy and that they have not objected to or withheld the use of their personal information in the ways described in this policy. Please search for the red titles to navigate faster between paragraphs.


How to contact us

Your opinion matters to us – if you have any questions about our privacy policy, you can email us at: privacy.automotive@vodafone.com /DPO: Thomas Born, Vodafone

Our principles
Vodafone is committed to respecting your privacy. We take privacy, security and complying with data protection and privacy laws seriously.
We have set out our core Privacy Commitments in our Privacy Centre. We aim to put these commitments at the heart of everything we do.

The basics

Personal information we collect about you:
The information we collect about you and how we collect it, can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with Vodafone, or what we have obtained from a third party with permission to share it with us.

Vodafone will process your personal data based on:

  1. The performance of your contract or to enter the contract and to take action on your requests. For example, so that we can map, track and manage your end-to-end journey (on-boarding/off-boarding) as our customer and provide you with an entry point into VFA, we process your basic personal information and other customer account related details such as customer account number or unique customer ID.

  2. Vodafone’s legitimate business interests, for example, service provision, improvement of our product & services & ensuring customer satisfaction. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing.

  3. Compliance with a mandatory legal obligation, including for example requests from law enforcement authorities, accounting and tax requirements and regulations in relation to services, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided.

  4. Consent you provide where Vodafone does not rely on another legal basis. Consent may be withdrawn at any time. When you give your consent, you will be given details on how to change your mind.

    We will collect your personal information when you, for example:
  • Buy or use any of our products and services
  • Use our network or other Vodafone products and services
  • Register for a specific product or service
  • Subscribe to newsletters, alerts, or other services from us
  • Contact us through various channels, or ask for information about a product or service
  • Take part in a competition, prize draw, event, or survey
  • Have given permission to other companies to share information about you
  • Where your information is publicly available
  • Are the customer of a business that we acquire


How we collect information about you
Based on the role (Data Controller) Vodafone is playing in this context, the data is collected in the following ways:

Direct Sourcing:
From the end-customers at the time of their on-boarding in Customer Portal.


In-direct Sourcing:
Data flow from other Vodafone digital channels like Vodafone Business Partner Hub (VBPH).

We also collect information from certain organizations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories, credit check references/vetting agencies, billing calculating agencies and connected network providers.

The type of information we may have are, where applicable:

  1. Name, last name, and contact details such as telephone number, email address
  2. Vehicle information such as plate and VIN number, make and model.
  3. Location data about the vehicle where the Vodafone Automotive device is installed. Depending on the type of service chosen, this information might be visible only upon declaration of a theft
  4. Your credit or debit card information, information about your bank account and other financial information. For example, you’ll have to give us this information when you open an account with us. We’ll collect the data necessary to process a payment whenever you make a purchase.
  5. Your contact with us, such as a note or recording of a call you make to one of our contact centres or the SOC, an email or letter sent, or other records of any contact with us.
  6. Your account information, such as dates of payment owed or received, subscriptions you use, account numbers or other information related to your account.
  7. Information we obtain from other sources, such as credit agencies, fraud-prevention agencies, and from other data providers. This includes demographic data, interest-based data, and internet browsing behaviour.


We’ll also get information about how you use our products and services, such as:

  • The level of service that you receive – for example, network or service faults and other events that may affect our network services or other services.
  • Details of your use of the specific services or products, to improve our services


We use cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our website). For more details on this and how to opt out of these, please see the Cookies section of this policy.


The types of information we collect & process

Customer Account Data (Basic Personal Details): such as name, surname, address, customer, mobile number, email address, company name, VFA region for the purpose of service registration and service provision. customer order number and order details.

Authentication Data: User ID and Password required to log into the Vodafone Automotive Customer Portal, multi-factor authentication credentials (e.g., One-time password).

Vehicle Details: Vehicle Brand, Device Serial Number, Vehicle Registration Details (plate Number, registration country), Vin Number for the purpose of creating customer orders.

Customer Relationship Management Data: Customer account number, unique customer ID, start and end date of the customer contract, customer contract copies, incidents & complaints records, reports shared with the customers.

Cookies: essential (strictly necessary cookies) mandatory to provide users with features they have requested e.g. maintain shopping cart, move around the pages

Performance Cookies – for tracking performance of the site e.g. pages visitors go to most often, or if they receive error messages from web pages etc.)

Traffic Data: Subscriber status (registered or de-registered)

Location Data: Device-based-location: Geo-location of the device, established based on information collected from the user’s device, GUID (globally unique identifier)

Financial Data: Banking Details (Account details, Swift Code, BIC) for order management/billing. Those data will be managed by Stripe, Inc. in compliance with banking/PCI-DSS regulation. For more information about how Stripe, Inc. manages your data, please refer to Stripe Privacy Center


How we use your personal information

We will use your personal information for the following purposes:
1. To provide you with your service
Processing your order and providing you with your products and services:

  • - To process the products and services you’ve bought from us, install equipment, or deliver equipment to you, and keep you updated with the progress of your order.
  • - To provide the relevant product or service to you. This includes other services not included in your agreement with us (PayPal, for example and when used), services that use information about where you are, and to contact with you messages about changes to the products or services.


Billing and customer care:

  • - To bill you for using our products and services, or to take the appropriate amount of credit from you also through our partner Stripe Inc..
  • - Contact you if the billing information you provided us with is about to expire or we’re not able to take payment.
  • - To respond to any questions or concerns you may have about our network, products, or services.
  • Service messages:
  • - We will contact you with customer service messages to keep you updated with current information about products and services you’ve taken. For example, changes to our terms and conditions or service interruptions.


2. To improve our service
Improving and innovating our products and services

  • - We collect anonymous, de-identified or aggregate information in order to improve the service we offer to everyone. None of these analytics are linked back to you in any way.


3. Marketing

  • - As our customer, we will contact you to keep you informed about new and existing products and services, competitions, prize draws, events, we may also send you newsletters or whitepapers and occasionally invite you to participate in market research. We tailor these messages based on the products and services you’ve bought from us in the past, or information we have from third parties such as Experian
  • - There are various ways that we may do this –including by email, post, phone, text, picture message.

4. Research and analytics
We use a variety of analytics methods including what is commonly referred to as “Big data analytics”. Big data analytics are mathematically driven analysis techniques on large and varied data sets (that is why it is “big” data) to uncover hidden patterns and hitherto unrevealed trends. At Vodafone we take governance of big data analytics seriously. Our data scientists are required to sign up to a Code of Ethics. We have a strict use case process that requires that privacy and data protection law checks are carried out before any use case commences. We also have strict rules ensuring that personal information is anonymised or de-identified at the appropriate stage in the process.

We use our analytics to, for example:

  • - Conduct market research and to carry out research and statistical analysis, including to monitor how customers use our networks, products and services.
  • - Frame our marketing campaigns and determine how we might personalise those.
  • - Provide reports to third parties (such reports don’t contain information which may identify you as an individual). For example, as part of Vodafone Analytics


5. Credit checks, fraud prevention and security

  • - We will sometimes need to profile you, for credit, fraud, and security purposes.

6. Fraud prevention and security

  • - We will process your personal and traffic data to protect against and detect fraud, to protect and detect misuse or damage to our networks, to recover debts or trace those who owe us money resulting from the use of our services.


How we share your personal information

Where applicable, we share information about you with:

  • Companies in the Vodafone Group
  • Partners, suppliers, or agents involved in delivering the products and services you’ve ordered or used
  • Companies who are engaged to perform services for, or on behalf of Vodafone
  • Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies
  • Debt collection agencies or other debt-recovery organizations
  • Law enforcement agencies, government bodies, regulatory organizations, courts, or other public authorities if we must, or are authorized to by law
  • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement
  • Emergency services (if you make an emergency call), including your location Fraud management and law enforcement
  • We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.
  • We also may need to release your information to comply with our legal obligation to respond to the authorities’ lawful demands. Your personal data shall only be provided when we in good faith believe we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.


International Data Transfers & Data Storage
We may need to transfer your information to other Vodafone Group companies or service providers in countries outside the European Economic Area (EEA). The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein, and Norway: they are considered to have equivalent laws when it comes to data protection and privacy. This kind of data transfer may happen if our servers (i.e., where we store data) or our suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.


If Vodafone sends your information to a country that is not in the EEA, we will make sure that your information is properly protected. We will always ensure to conduct a transfer impact assessment and that there is a proper legal agreement that covers the data transfer. In addition, if the country is not considered to have laws that are equivalent to EU data protection standards then we will implement additional technical security and organisational safeguards such as asking the third party to enter into a legal agreement that reflects those standards.
Your personal data is stored in our Vodafone Group datacentre in Milan, Italy.


How long we keep your personal information for

We’ll store your information for as long as we must, as applicable by law. If there’s no legal requirement, we’ll only store it for as long
as we need to, as justified by the purpose of processing.

We’re required by law to keep certain personal information about how you use our services for 12 months. Some account
information will be held for 10 years from the end of your contract with us.

We’ll keep some personal information for a reasonable period after your contract with us has finished in case you decide to use our services again. We, or one of our partners, may contact you about Vodafone services during this time if you haven’t opted out of receiving marketing communications from us.

Keeping your personal information secure

We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure, or destruction.

We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control. We’ll never ask for your secure personal or account information by an unsolicited means of communication. You’re responsible for keeping your personal and account information secure and not sharing it with others.

Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. Please make sure you read that company’s privacy and cookies policies before using or putting your personal information on their site. The same applies to any third-party websites or content you connect to using our products and services.

You may choose to disclose your information in certain ways such as social plug-ins (including those offered by Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information.
Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and
privacy and cookies policies. You should make sure you’re familiar with these.

Your rights

Below we set out details on how you can exercise your rights. If you have a question or cannot find the answer, please contact our Customer Services team or use the dedicated address privacy.automotive@vodafone.com.

Right to access personal data:
You have a right to request a copy of the information that we hold about you, and how it has been processed. To make this request as an individual or an authorised third party please send an email to the above-mentioned email address.

Right to correct personal data:
If you believe any of the personal data, we hold about you is inaccurate, you can request to get it updated by sending us an email to the above-mentioned email address.

Right to data portability:
In some circumstances, you have the right to receive the personal information about you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to a third-party. To do this, please send an email to the above-mentioned email address.

Right to object to use of personal data:
In some circumstances, you can request that we temporarily suspend the processing of your data. However, upon doing so, you will no longer be be able to use our services/products, since the processing of the information is required for service provision. If you wish to exercise this right, please send us an email at the above-mentioned email address.

Right to erasure:
Vodafone strives to only process and retain your data for as long as we need to. In certain circumstances you have the right to request that we erase personal data of yours that we hold. If you feel that we are retaining your data longer than we need, it is worth first checking that your contract with Vodafone has been terminated which you can do with customer services. If your contract with Vodafone has been terminated, we may still have lawful grounds to process your personal data (for more information on retention periods please refer to the section: How long we keep your information for)

How to lodge a complaint
If you have a complaint, you can contact us on the details provided. We’ll do our best to help but if you’re still unhappy, you can contact your local data protection regulator – please find your by checking your country at https://edpb.europa.eu/about- edpb/about-edpb/members_en


To opt out of Marketing messages:

If you no longer want to receive marketing messages from Vodafone, you can elect to opt out of all marketing communications or only selected methods (email, SMS MMS, phone, or post).
There are various ways to opt out:

  • Reach out to us at: privacy.automotive@vodafone.com
  • Contact our customer services team
  • Click the link at the end of a marketing email or text to unsubscribe
  • Tell the adviser if you receive a marketing call

Opting out does not mean that you won’t any longer receive service-related messages. You will continue to receive those (unless we have indicated otherwise). To opt out of receiving marketing communications from other Vodafone Group companies, just contact them directly.
In some cases, you may receive marketing from Vodafone, even if you’re not a customer or never had contact with Vodafone. This is a result of third-party marketing lists which Vodafone may acquire from time to time. If you’ve registered to opt out of such marketing, you shouldn’t receive such communications. If you do, we ask that you let us know immediately.


To manage Cookies and understand more about what they are:
Want to disable a cookie, or understand more about what these are? Check the Cookie policy of this website for full details on how to do this.

History of modifications

Date
Version
Description
Approved by
04/11/2024
1.0
First editing
Legal, Privacy