GSMA EQUIPMENT MARKETPLACE PRIVACY NOTICE

Last updated March 22, 2024

GSMA Equipment MarketPlace is delivered by Shields Environmental Group (Holdings) Limited, doing business as Shields (“Shields”, “we”, “us”, or “our”). We are committed to protecting your personal information and your privacy rights. If you have any questions or concerns about this notice or our practices with regards to your personal information, please contact us at datacontroller@shields-e.com

When you visit our website equipmentmarketplace.gsma.com and use GSMA Equipment MarketPlace, you trust us with your personal information. We take your privacy very seriously. In this Privacy Notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Privacy Notice that you do not agree with, please discontinue use of our Sites and our services.

This Privacy Notice applies to all information collected through GSMA Equipment MarketPlace equipmentmarketplace.gsma.com) and/or any related services, sales or events (we refer to them collectively in this Privacy Notice as the "Sites").

Please read this Privacy Notice carefully.

TABLE OF CONTENTS
  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE USE YOUR INFORMATION?
  3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
  4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  6. HOW LONG DO WE KEEP YOUR INFORMATION?
  7. HOW DO WE KEEP YOUR INFORMATION SAFE?
  8. WHAT ARE YOUR PRIVACY RIGHTS?
  9. CONTROLS FOR DO-NOT—TRACK FEATURES
  10. DO WE MAKE UPDATES TO THIS NOTICE?
  11. HOW CAN YOU CONTACT US?
1. WHAT INFORMATION DO WE COLLECT?

In Short: We collect personal information that you provide to us such as name, address, contact information and passwords and security data.

We collect personal information that you provide to us when registering at the Sites expressing an interest in our products and services, when participating in activities on the Sites or otherwise contacting us (for example for support).

The personal information that we collect depends on the context of your interactions with us and the Sites, the choices you make and the products and features you use. The personal information we collect can include the following:

Name and Contact Data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.

Credentials. We collect passwords and similar security information used for authentication and account access.

Health data. In rare circumstances we may collect health data to provide our services. For example if users have additional requirements due to having problems hearing and/or seeing and provide this information to us so we can provide sufficient support.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as IP address and/or browser and device characteristics — is collected automatically when you visit our Sites.

We automatically collect certain information when you visit, use or navigate the Sites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your lP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites and other technical information. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. Please see our section on cookies below for further details of this.

Information collected from other sources

We do not obtain information about you from other sources.

2. HOW DO WE USE YOUR INFORMATION?

In Short: We process your information for purposes based on our legitimate business interests and compliance with our legal obligations. In the rare circumstances we may collect health data from you, we rely on our need to evidence our legal obligations in the event of claims.

We use personal information collected via our Sites for a variety of purposes:

  • To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
  • Fulfil and manage your orders and transactions. We may use your information to fulfil and manage your orders and other transaction-related activities made through the Sites.
  • Request Feedback. We may use your information to request feedback and to contact you about your use of our Sites.
  • To protect our Sites. We may use your information as part of our efforts to keep our Sites safe and secure (for example, for fraud monitoring and prevention).
  • To enforce our terms, conditions and policies.
  • To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
  • For other Business Purposes. We may use your information for other Business Purposes, such as providing support (including health data where this is needed such as where you have a health condition that we need to take into account when contacting you), data analysis, identifying usage trends and sharing these with GSMA, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites, products, services, marketing and your experience.

We process your personal information for these purposes by relying on the following legal grounds:

  • Legitimate Interests. We may process your data when it is reasonably necessary to achieve our legitimate business interests, which are the provision of our services and the matters noted above.
  • Legal Obligations. We may use and/or disclose your information where we are legally required to do so in order to comply with applicable law, audit requirements, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • For health data, evidencing our obligations in relation to potential legal claims.
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share your personal information when we have a legal ground to do so.

We may need to share your personal information in the following situations:

  • We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: data analysis, email delivery, hosting services and customer service. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to among other things, analyse and track data, determine the popularity of certain content and better understand online activity. We do not share, sell, rent or trade any of your information with third parties for their promotional purposes. We have categorised the parties we currently use so that you easily understand the purpose of our data collection and processing practices.
    • Advertising, Direct Marketing, and Lead Generation
      HubSpot Inc
    • Content Optimisation
      Vimeo Inc
    • Functionality and Infrastructure Optimisation; Website Performance Monitoring and Website Testing
      Microsoft Azure
    • User Account Registration and Authentication
      MessageBird
    • Web and Mobile Analytics
      Google Analytics and HubSpot Inc
  • We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • We may disclose your information to authorities and/or regulators when it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and other tracking technologies to collect and store your information.

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.

5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United Kingdom. If you are accessing our Sites from outside the United Kingdom, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see "WILL YOUR INFORMATION BE SHARED WITH ANYONE?" above), in other countries.

Please note that if you are a resident outside the European Economic Area (EEA) or accessing our Sites from outside the EEA, then these countries may not have data protection laws as comprehensive as those in countries within the EEA.

We will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law. Such measures include implementing appropriate safeguards with our third-party service providers, such as insisting on Privacy Shield certification or implementing the European Commission's Standard Contractual Clauses. We do this so that the personal information they receive from the EEA is processed in accordance with European data protection laws. Details of such international transfers and appropriate safeguards are set out below:

A summary of our data transfers outside the EEA is set out below:

Provider Country of transfer Reason for the transfer Method we use to protect your personal information
HubSpot Inc. USA CRM services Privacy Shield certification
Vimeo Inc. USA Content optimisation training videos Privacy Shield certification
6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.

Personal data will be kept for the duration of the Agreement or until expiry or termination of the user's account (unless a longer retention period is required by law).

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access the services within a secure environment.

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area and other areas of the world, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the European Economic Area), you have certain rights under applicable data protection laws, though these are subject to exemptions. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure of your personal information; (iii) to restrict the processing of your personal information; (iv) to challenge our legitimate interests; (v) to object to direct marketing and/or profiling; and (vi) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here:https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

If you do have a complaint, we would appreciate the opportunity to resolve it with you before a complaint is made to a regulator, so please do get in touch with us first.

Account Information: If at any time you would like to review or change the information in your account, deactivate your account or request termination of your account, you can:

  • Log into your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms & Conditions and/or comply with legal and audit requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Sites. To opt-out of interest-based advertising by advertisers on our Sites visit http://www.aboutads.info/choices. Please see our section on cookies above for further details of this.

9. CONTROLS FOR DO-NOT—TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

10. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update our Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to our Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review our Privacy Notice frequently to be informed of how we are protecting your information.

11. HOW CAN YOU CONTACT US?

If you have questions or comments about this Privacy Notice, you may contact our Data Protection Officer (DPO), Kevin McHale, by email at datacontroller@shields-e.com, by phone at 01708 684000, or by post to:

Shields Environmental Group (Holdings) Limited
Kevin McHale
Kerry Avenue, Purfleet Industrial Park,
South Ockendon, Essex RM15 4YE
United Kingdom