Vodafone Location Services. Privacy Management Code of Practice. Issued Version V1.0

Similar documents
We reserve the right to modify this Privacy Policy at any time without prior notice.

SMS SERVICE PROVISION

Data Protection Policy

CNH Industrial will use your personal information for a number of purposes including the following:

Spree Privacy Policy

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

PRIVACY POLICY TABLE OF CONTENTS. Last updated October 05, 2018

Acceptable Use Policy

Mailbox Rental Terms and Conditions

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

WEBSITE PRIVACY POLICY

PS Mailing Services Ltd Data Protection Policy May 2018

VIRGIN MOBILE POSTPAID MOBILE SERVICES DESCRIPTION 1. ABOUT THIS SERVICE DESCRIPTION...3

Introduction to the Personal Data (Privacy) Ordinance

The information we collect

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

PRIVACY POLICY. 1. What Information We Collect

Data Processing Agreement

2. What is Personal Information and Non-Personally Identifiable Information?

First Federal Savings Bank of Mascoutah, IL Agreement and Disclosures

LightGig Communications, LLC Privacy Policy

CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement

PTLGateway Acceptable Use Policy

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

Legal notice and Privacy policy

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

Lusitania Savings Bank Retail Internet Banking Terms and Conditions

NOTICE OF PRIVACY PRACTICES

Internet Service Provider Agreement

Made In Hackney Data Protection Policy Last Updated:

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

SALES LEAD MULTIPLIER INC. PRIVACY POLICY

Acceptable Use Policy

Terms and Conditions of Mobile Phone Service (Post-Paid) Between Operator and Subscriber

Eight Minute Expert GDPR. Login. Password

Policy & Procedure Privacy Policy

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Website privacy policy

PATRIOT CAMPERS PTY LTD PRIVACY POLICY

Privacy and Cookies Policy

PRIVACY POLICY. 1. Introduction

UNTITLED HIP HOP PROJECT Privacy Policy. 1. Introduction

PRIVACY STATEMENT OF TIBBAA SMARTCARD

2. COLLECTIO OF PERSO AL I FORMATIO

Privacy Policy. Revisions to this Policy. What Information we collect. How do we collect Information?

Acceptable Use Policy (AUP)

TERMS & CONDITIONS. Australian Radio Network Pty Ltd. 97.3Fm s Music Panel COMPETITION AND ENTRY DETAILS

DS MEDIA & EVENTS LTD PRIVACY POLICY

QNB Bank-ONLINE AGREEMENT

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

This procedure sets out the usage of mobile CCTV units within Arhag.

Terms and Conditions between Easy Time Clock, Inc. And Easy Time Clock Client

We offer background check and identity verification services to employers, businesses, and individuals. For example, we provide:

Privacy notice. Last updated: 25 May 2018

PRIVACY POLICY. Service. Information Collected

CODE OF PRACTICE FOR PREMIUM RATE NUMBERS IN DECADE 4. Preamble

Privacy Information - Privacy and Cookies Policy In Full

Terms and conditions of use for the Online and Mobile Banking Service

Transatel DataSIM Terms & Conditions ( T&C s )

It s still very important that you take some steps to help keep up security when you re online:

B. We may offer you the opportunity to submit other information about yourself (such as gender, age, occupation, hobbies, interests, zip code, etc.

Privacy and cookie policy

GDPR Compliance. Clauses

Subject: Kier Group plc Data Protection Policy

3. Available Membership Categories and the associated services and benefits are published on the BMF website.

EnviroIssues Privacy Policy Effective Date:

When you provide personal information to us it will only be used in the ways described in this privacy policy.

Terms and Conditions 01 January 2016

Starflow Token Sale Privacy Policy

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

Privacy Policy. Third Party Links

Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the website (the Service ).

Privacy Notice. Introduction. What is personal data? Date Updated: 2/11/2019

BoostMyShop.com Privacy Policy

Chess Entries 4 All Website Privacy Policy

Terms and Conditions of Mobile Phone Service (Pre-Paid) Between Operator and Subscriber

ADMA Briefing Summary March

Seven West Media Privacy Policy (Updated)

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Person to Person (P2P) Services Terms and Conditions

LCU Privacy Breach Response Plan

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

Data Processing Agreement

Janie Appleseed Network Privacy Policy

A Homeopath Registered Homeopath

Emergency Nurses Association Privacy Policy

Offer Description : Cisco Webex

GDPR Compliant. Privacy Policy. Updated 24/05/2018

Shaw Privacy Policy. 1- Our commitment to you

ETSY.COM - PRIVACY POLICY

TIA. Privacy Policy and Cookie Policy 5/25/18

Business Banking Online application

Website Privacy Policy

GENERAL PRIVACY POLICY

SIX Trade Repository AG

Winnebago Industries, Inc. Privacy Policy

Transcription:

Vodafone Location Services Privacy Management Code of Practice Issued Version V1.0 Issued Version 1.0 Page 1 of10 17/08/03 August 2003 Vodafone Limited. All rights reserved.

CONTENTS 0. Overview.. 3 1. General Requirements..3 2. Active Location Services 4 2.1 Text and Voice Services.4 2.2 Web/WAP Services..4 2.3 Terms and Conditions / Marketing Literature 5 3. Passive Services 5 3.1 Consent Capture 5 3.2 Identity Validation..5 3.3 Web/WAP Services 6 3.4 Notification 6 3.5 Obtaining Current Status 6 3.6 Cancelling/Reactivating a Passive Service 7 3.7 Corporate Passive Services 7 4. Age 8 5. Location Services Involving Minors.. 8 6. Use of Location Services for Surveillance Purposes..8 7. Alternative Wording..9 Appendix A Compliance Requirements... 10 Issued Version 1.0 Page 2 of10 17/08/03

OVERVIEW The location services agreement which has been entered into by you imposes a number of obligations on you, including, in particular, a requirement to ensure that your services, the messages that you send and all associated marketing materials comply with all applicable laws and regulations. These guidelines do not qualify those obligations in any way. We recommend that you obtain independent legal advice on your services to ensure that you are compliant with your obligations under the location services agreement and applicable law. These guidelines are not intended to constitute legal advice to you or to address all legal issues which are likely to apply. These guidelines shall constitute a Code of Practice issued by Vodafone Limited, and you are required to comply with these guidelines pursuant to the location services agreement that you have entered into. Vodafone may at its option and without incurring any liability to you, immediately suspend its services and recover reasonable costs that it has incurred in making refunds to end-users and investigating any breach of this Code, if it has reason to believe that you are in breach of the location services agreement (which includes this Code of Practice). Prior notice of suspension will be provided where reasonably possible unless there is a risk of consumer harm. Vodafone shall also be entitled to withhold payments due to you under any other agreement that you have with Vodafone Limited from the date of the breach as a result of charges for the location service, if these charges are by way of a premium rate call or message. Please note that the law in this area is currently under review; consequently we will be carrying out a review of these guidelines on an ongoing basis to ensure that they meet all relevant legal requirements. If we update these guidelines, we will re-issue the guidelines to you. 1. GENERAL REQUIREMENTS 1 You are a data controller and as such must notify the Information Commissioner of the personal data you are processing (please see; http://www.dpr.gov.uk). 2 3 4 5 6 7 8 If the information is to be transferred to a third party (other than an end user) you must ensure that they agree to comply with these guidelines. You will be held liable under your agreement with us for any breach of these guidelines by any third party to whom you have transferred information. The location data must only be used for the purposes of the location service as described by you on the Location Services Order Form and must be deleted as soon as it is no longer needed to run the service. For passive services, all consents must be recorded and retained for the duration of the service and three months after the termination of the service. The end-user and the located person (if different) must each be able to cancel the service at any time. This process must be simple for the end-user to understand and use. You must keep the location data secure. Location data should only be disclosed to those employees who need to have access to the data to run the service. You must provide the end-user with the following information: 8.1 a detailed description of the service; Issued Version 1.0 Page 3 of10 17/08/03

8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 what location data will be processed and the fact that you will only provide information on the basis of the approximate location of the mobile phone; what action by the end-user will result in a location request by you; for passive services, information on the status of the customer's visibility at any time; why location data will be processed; how long the location data will be retained; whether any location data will be passed to a third party for the purposes of providing the value added services, and if so, who that third party is; how to turn the location service off; and all charges for the service. 9 10 11 If you breach these location guidelines or any breach of these location guidelines comes to your attention, you must take action to remedy the breach and notify Vodafone within 24 hour in accordance with your location services agreement. Vodafone reserves the right to co-operate with law enforcement agencies where misuse of location services is suspected. This right should also be made clear to end-users. Vodafone also reserves the right to audit for compliance with these guidelines in which case reasonable notice will be given.. 2. ACTIVE LOCATION SERVICES Active services are services where the end-user initiates the location request e.g. information services such as Find My Nearest Cinema. For active services, the information set out in 8.0 above must be included in marketing materials and terms and conditions. In addition, when the end-user first accesses the service they must be notified that their location information will be used for the purposes of the service. 2.1 Text and Voice Services For text or voice services, a text must be sent to the end-user or the following information should be shown/read out to the end-user prior to the first request for location information. If the service is a text service, this text message should be free. "In order to provide this service, we will use the approximate location of your mobile phone, as provided by your network operator". This message only needs to be shown/read once to a end-user when subscribing. However, no request must be made unless the text has been sent or the message fully read. 2.2 Web/WAP Services Information about the use of location must not be "buried" in terms and conditions but should be part of the registration process for that service. For example, one of the questions to be completed when registering could be "Please confirm that you give permission for your mobile network provider to pass to us the approximate location of your phone to enable us to provide you with this service." Issued Version 1.0 Page 4 of10 17/08/03

2.3 Terms and Conditions / Marketing Literature The following information must be included in terms and conditions and marketing literature: In order to provide this service to you, we will request information about the approximate location of your mobile phone from your network provider. Provision of this information is dependent on your mobile phone being switched on and within network coverage. This information will only be kept as long as necessary to provide the service to you and to allow us to better manage and develop our services and provide you with a more enjoyable and customised experience in the future. We may pass this information to third parties solely for the purposes of providing this service to you. You acknowledge that by calling/texting this service, you consent to the use of your location information in accordance with the statements above. 3. PASSIVE SERVICES Passive services are services where a third party locates an individual (locatee) at the request of another (the locator). Typical passive location services are: Friend Finder Services Location-Based Dating Fleet Management Job Scheduling Where passive services are concerned there is a higher risk of misuse by end-user and application service providers. Consequently, Vodafone is imposing stricter requirements in relation to passive services to discourage any abuse and to protect our customer's privacy. In all cases end-users must be provided with a secure means with which to access the service e.g. password or unique pin code in order to access Wap or website. 3.1 Consent Capture For passive services (including location-based mobile marketing) you must not process any location requests until the locatee has given explicit permission for the locator to locate them. When requesting consent from the locatee, they must be informed of the following: Name and Mobile Number of prospective locator Website or Customer Support number where further service information including terms and conditions are available The Service Name and Service Provider As an example, the following text may be sent to the locatee when a locator first requests the ability to locate them: [NAME AND PHONE NUMBER] wants to locate your mobile phone. Text YES [NAME] to [SERVICE NUMBER]." to agree. For further info see [SERVICE WEBSITE]. [SERVICE NAME] BY [PROVIDER NAME]. At the point of consent the exact services to be offered must be specified. Terms and conditions and marketing material must make clear the duration and frequency of location requests and in what circumstances the customer is to be located. 3.2 Identity Validation You are required to validate the name and current address of all locators prior to passing any location data to them. Suitable examples are copies of identity and address documentation Issued Version 1.0 Page 5 of10 17/08/03

required for contract phone provision, valid credit card transaction at point of registration, via unique PIN confirmation at locator s postal address or Identity Validation Check using reputable agency e.g. Dun & Bradstreet, Experian, Equifax, in which case you must ensure that name, address and date of birth are all validated. You must ensure that no PO Box addresses are used to validate identity. Any other validation methods must be approved by Vodafone in advance. You are required to maintain a list of all locators registered to each service including an audit trail showing the identity validation method used, and whom the locator has permission to locate. You must be able to provide proof of identity validation including name, current address and age upon request. 3.3 Web/WAP Services Information about the use of location must not be "buried" in terms and conditions but should be part of the registration process for that service. For example, you should ensure that the end-user accepts the following terms; "I accept that my mobile network provider may pass the location of my phone to this service In addition, if the end-user accepts the above, a warning should pop up, or be placed on the confirmation screen, as follows: WARNING: THIS SERVICE ALLOWS OTHER PEOPLE TO LOCATE YOU. YOUR PERSONAL SAFETY COULD BE AT RISK BY ALLOWING OTHERS TO LOCATE YOU. YOU ARE ADVISED TO ENSURE THAT YOU CAN VERIFY THE IDENTITY OF THOSE LOCATING YOU. NB The locator cannot be responsible for ensuring the locatee is notified of the terms and conditions. If the locatee is not also a reciprocal locator the text shown above must be incorporated into the notification and consent messages. 3.4 Notification Once consent has been granted you must immediately send the following confirmation message to the end-user and again within 24 hours of consent. "You have authorised [NAME AND MOBILE NUMBER] to locate your phone at any time. To stop this person from locating you please send STOP [NAME AND MOBILE NUMBER] to [SERVICE NUMBER]. For further info see [SERVICE WEBSITE]. [SERVICE NAME] BY [PROVIDER NAME]." You must also send this message at random but no less than once a month to the locatee. Notifications must be sent for each locator. If this message is not delivered, you must re-send the message. Even if no location requests have been made in relation to that locatee since the previous notification was sent the notifications must be sent out. All notifications must be provided at standard tariff rates. 3.5 Obtaining current status A locatee must be able to find out who has permission to locate them at any time. You must make available to each locatee a breakdown of location requests made by all individuals having permission to locate them. Such information must be available for at least the previous 28 Issued Version 1.0 Page 6 of10 17/08/03

days and must include time of day and day of week. This service must be provided at standard tariff rates You must refer the customer to a secure place where they can easily obtain this information e.g. Website, when they first register for the service. If the locatee is not registered with the service as a locator and is therefore only able to be located this service should be notified to the locatee at the point of consent. 3.6 Cancelling/Reactivating a passive service A locatee must be able to suspend/cancel a service from being able to locate them at any time by sending STOP [SERVICE NAME] to [SERVICE NUMBER] and must be able to withdraw from multiple services provided by the same provider e.g. by sending "STOP ALL" to [SERVICE NUMBER]. In addition, where multiple locators are able to locate an end-user e.g. Friend Finder, the locatee should be able to prevent individual locatees from locating them. To reactivate the service the locatee should send the words GO [SERVICE NAME] to [SERVICE NUMBER]. 3.7 Corporate Passive Services Corporate customers must provide the information set out in Section 1.0, paragraph 8 above to, and obtain consent from, all employees/agents that they wish to locate. Corporate customers must also notify employees/agents that they can stop the service at any time by sending STOP [SERVICE NAME] to [SERVICE NUMBER] and of the duration and frequency of any location requests. You must ensure that all corporate services operate in accordance with existing Data Protection guidelines as produced by the Information Commissioner. For further details see http://www.dataprotection.gov.uk/dpr/dpdoc.nsf You must also ensure that all corporates provide you with the name and job title of all persons authorised to make location requests. You are required to validate these persons according to 3.2 above and retain a record of the company registration number. You must also ensure that the corporate does not locate any persons under the age of 16 and that they are able to prove a business relationship exists with the locatees. If the mobile device to be located has text-barring in place the corporate must ensure that its employees have access to a means of stopping the service. Where the mobile device to be located is embedded within a vehicle or has a data-only SIM the corporate must ensure that its employees are made aware that they may be located and their consent must be obtained. In the case of data-only SIMs you must keep a record of whether your service is being used by a data-only SIM and which locators are able to locate that SIM. It is suggested that the requirements associated with Corporate Passive Services be incorporated into Corporate terms of employment. It is also suggested that Corporates issue a briefing note detailing the service and how it can be suspended/reactivated to all employees using the service. NB If your service is hosted by a corporate you MUST ENSURE that your service may only locate mobile devices where explicit consent has been granted by the employee and is processed by your service. Default allow access to location requests and/or paper based consent is strictly prohibited. Issued Version 1.0 Page 7 of10 17/08/03

4. AGE Vodafone does not permit the location of persons under 16 except by parents and guardians. All location services except those involving minors must notify potential end-users that the service is not for use by persons under the age of 16. At the point of registration you are required to obtain the age of the locator before permitting an individual to use your service. You must be able to provide evidence that you are compliant with this requirement. You are also required to validate the age of the locatee to ensure that they are over 16 with the exception of services involving the location of minors or those that are anonymous to the end-user. Acceptable methods include valid credit card transaction or Identity Validation Check using reputable agency e.g. Dun & Bradstreet, Experian, Equifax. If the locatee is under 18 and does not have a valid credit card themselves it is acceptable for them to obtain permission to use a card belonging to a parent or guardian in which case you must validate the identity of the parent or guardian and maintain a record that the service is being used by a person under 18 including their name and age. 5. Location Services Involving Minors and those services where the locatee is not also a reciprocal locator If the service involves the location of persons under 16 and / or does not permit the locatee to reciprocally locate the locator (including corporate services) you must implement the following specific requirements in addition to those described above: 1. The terms and conditions of the service must include the right for the name and mobile number of the locator to be disclosed to other locators. 2. At the point of registration the locator must specify the age of the minor and confirm their relationship to the minor e.g. parent/legal guardian. Only parents and legal guardians may request permission to locate a minor. You must be able to provide evidence that you are compliant with this requirement. 3. If a subsequent locator registers for the service and requests the ability to locate a handset already registered as belonging to a minor all other locators registered as being able to locate that minor must be notified that a subsequent locator has registered as being able to locate that minor as follows: [NAME] has requested authorisation to locate [NAME OF MINOR & MOBILE NUMBER]. For further info see [SERVICE WEBSITE]. [SERVICE NAME] BY [PROVIDER NAME]. 4. The terms and conditions of services involving minors must include a recommendation that the warning be shown to a parent or guardian as follows: WARNING: THIS SERVICE ALLOWS OTHER PEOPLE TO LOCATE YOU. PLEASE SHOW THIS MESSAGE TO A PARENT OR GUARDIAN BEFORE PROCEEDING. YOUR PERSONAL SAFETY COULD BE AT RISK BY ALLOWING OTHERS TO LOCATE YOU. YOU ARE ADVISED TO MAKE SURE YOU KNOW THE IDENTITY OF ANYONE LOCATING YOU. 5. You must send a notification message no less than every two weeks to each individual registered with the service as a locatee. 6. USE OF LOCATION SERVICES FOR SURVEILLANCE PURPOSES Under no circumstances must you use, or enable a third party to use, location information for surveillance purposes without the consent of the person being located. Issued Version 1.0 Page 8 of10 17/08/03

7. ALTERNATIVE WORDING The wording in the example consent capture, notification and service suspension/activation messages is suggested text only. However, to ensure consistency across the industry the following terminology is recommended: STOP/ opt-out Go/ opt-in To suspend or cancel a location service at any time To Activate / Re-activate a location service at any time Issued Version 1.0 Page 9 of10 17/08/03

Appendix A Compliance Requirements If requested you must able to provide the following details to Vodafone and the Law Enforcement Authorities: ACTIVE LOCATION SERVICES 1. Detailed breakdown of all location requests made including who was located, time of day and date for last 28 days PASSIVE LOCATION SERVICES LOCATOR 1. Name, Current Address and Age of all locators 2. Company registration number (as appropriate) 3. Method used to validate Age, Current Address and Identity of each locator 4. Date of Identity Validation LOCATEE 1. Name and Age of all locatees 2. Age Validation method used to confirm each locatee is over 16 (except for services involving minors) 3. Date of Age Validation 4. Proof of consent per locator 5. Stated relationship between Locator and Locatee where locatee is a minor or non-reciprocal locatee 6. Whether locatee is using a data-only SIM LOCATION DATA 1. Details of which locatees each Locator is able to locate 2. Detailed breakdown of all location requests made by each locator including who was located, time of day and date for last 28 days 3. Detailed breakdown of all location notifications sent to each locatee including to which locator they referred, time of day and date for last 28 days Issued Version 1.0 Page 10 of10 17/08/03

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback