Secure Net Privacy Policy
Secure Net - Privacy Statement
This privacy supplement gives some additional information specific to Secure Net and the accompanying App. Secure Net is a security product that provides additional protection when browsing on our mobile network. For general information about how we process your data as part of providing mobile connectivity, view our main privacy policy.
Last updated: 16 January 2023
Who we are
We are Vodafone Limited, a member of the Vodafone Group. In this privacy policy:
- "we/us" means Vodafone Limited;
- "third party" means someone who is not you or us; and
- "Vodafone Group" means Vodafone Group Plc and any company or other organisation in which Vodafone Group Plc owns more than 15% of the share capital.
Our registered office is Vodafone House, The Connection Newbury, Berkshire RG14 2FN. We are registered in England under company number 1471587 and with the Information Commissioner's Office (ICO), registration number Z1933885.
How to contact us
Your opinion matters to us - if you have any questions about our privacy policy or your privacy settings, please submit your query and a member of our dedicated team will respond to you. If you would like to mail us by post directly, send it marked the "Privacy Team" to Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN.
Additional information
Personal information we collect about you
Information we collect about you
The types of information we process about you and any devices you register with the service when you use Secure Net and the accompanying App are:
- The content of your communications; Secure Net is a service that uses a process called Deep Packet Inspection on information we are transmitting in order to detect any security threats and filter these. We do not use this information for other purposes;
- Your phone number, tariff information and price plan;
- Your credential information such as passwords, hints and similar security information used for authentication and access to accounts and services;
- Information about your mobile device each time you use the App. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device's mobile phone number;
- If you activate the Secure Net cleaning tool, we will access data from your device to help remove security threats from your device; and
- If you activate the Identify Monitoring tool, a feature to check for data breaches of user personal data on the internet and provide you with alerts via SMS, you will be prompted to enter your phone number when first using the service - this is for product registration and authentication. In addition, any information that is inputted into the identity monitoring service, including name, address, e-mail address, bank account information, credit card details, phone number and date of birth, which will be shared with a third party at the request of the user for the monitoring service.
We'll also get information about how you use our products and services, such as:
- Details of your use of our services - for example, we can see whether or not a site has been blocked and keep a limited record of this information for service and customer care (see How long we keep your personal information for), or how often you interact with our portal; and
- We also collect anonymous analytics information on how our customers use the Secure Net App in order to improve your experience and troubleshoot (for example, we can see whether certain functionalities are not working as intended and fix them).
When we collect your personal information
We collect your personal information when:
- You browse the internet on a mobile connection when you have an active Secure Net subscription;
- You interact with the App or online Portal (where you can see what has been blocked); and
- You activate and use the cleaning tool feature of the App.
- When you activate the Identity Monitoring tool to check for personal data breaches on the internet.
Vodafone will process your personal data based on:
- Vodafone's legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit the Your Rights section of this policy.
- Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided; or
- Consent you provide where Vodafone does not rely on another legal basis. Consent is always presented to you separately and you can withdraw your consent at any time. For example, we need your consent to process the content of your communications in order to detect and block any security threats.
Secure Net is an optional service, which you can deactivate at any time. To do so, you can navigate to the Secure Net portal at this link or via the link sent to you in your welcome text message or alternatively, you can contact our Customer Services team by calling 191 free from your Vodafone mobile.
How we use your personal information
To provide you with your service
In order for us to protect you from security threats, we view the content of your communications in order to do so. We do not use this information for marketing or personalised profiling and it is retained for a limited period of time.
Profiling and automated decision making
Our threat monitoring is based on profiling and automated decisions; for example, websites we block at based on the intelligence we have gathered. You can, however, go into your portal or App and view why something has been blocked (for example, if it was malicious or contained malware).
To improve our service
We collect anonymous, de-identified or aggregate information in order to improve the service we offer to everyone. None of these analytics are linked back to you in any way.
Service messages
From time to time we'll send you notifications of data breaches and the threats that have been blocked. You can turn these off if you no longer wish to receive them via the app notification settings.
How we share your personal information
Where applicable, we share information about you with:
- Companies in the Vodafone Group;
- Partners, suppliers or agents involved in delivering the products and services you've ordered or used;
- Companies who are engaged to perform services for, or on behalf of, Vodafone Limited, or Vodafone Group;
- Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies;
- Debt collection agencies or other debt-recovery organisations;
- Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law; or
- A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement.
International data transfers
We do not transfer data outside of the EEA without adequate safeguards; data is stored in our data centres in Germany and Ireland.
How long we keep your personal information for
Browsing history
We keep a limited record of your browsing history for service and customer care purposes only. Vodafone does not repurpose your browsing for the purposes of marketing or personalised profiling.
- For example, if you believe that we should not have blocked a site, we can check that for you; or
- In order for you to be able to view a history of the protection provided (such as sites or malware blocked) with the App or the Secure Net portal.
We'll store your information for as long as we have to by law. If there's no legal requirement, we'll only store it for as long as we need to; please find below some examples of the data we will collect and how long we will retain it.
| Example | What data is involved | How long it is retained for |
|---|---|---|
| Number of websites viewed | Totals - Count of how many | 6 months |
| Number of websites blocked | Totals - Count of how many | 6 months |
| Numbers of files downloaded | Totals - Count of how many | 6 months |
| Number of files blocked | Totals - Count of how many | 6 months |
| Number of websites blocked because of Parental Control restrictions (applied by Administrator) | Totals - Count of how many | 6 months |
| Top blocked categories | Totals - Count of how many | 6 months |
| Actual files downloaded by the Individual (IF Notify of new apps feature is turned on) | Name of app | Instant only (Notification): without any detail or info on file content |
| Aggregated top harmful files and websites attempted to be downloaded | Totals - Count of how many | 6 months |
| Actual domains accessed by an Individual | Specific domains | 6 months |
Keeping your personal information secure
We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
Communications over the internet (such as emails) aren't secure unless they've been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet.
We cannot accept responsibility for any unauthorised access, misuse of the service provided for the ID monitoring and loss of personal information that is beyond our control.
We'll never ask for your secure personal or account information by an unsolicited means of communication. You're responsible for keeping your personal and account information secure and not sharing it with others.
Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. So make sure you read that company's privacy and cookies policies before using or putting your personal information on their site.
The same applies to any third-party websites or content you connect to using our products and services.
You may choose to disclose your information in certain ways such as social plug-ins (including those offered by Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information.
Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you're familiar with these.
Your rights
Below we set out details on how you can exercise your rights. If you have a question or cannot find the answer, please contact our Customer Services team or use our privacy query form and a member of our dedicated team will respond to you.
Please note: the privacy query form is not for Subject Access Requests, please fill in the Subject Access Request form.
Right to access personal data
You have the right to make a request for a copy of the personal data that Vodafone holds about you. To make this request as an individual or an authorised third party, visit our Subject Access Request page which gives details on how to do this. Alternatively, you can contact our Customer Services team.
Right to correct personal data
You have the right to correct information held about you if it's not accurate. If the information we hold about you is inaccurate or needs to be updated, you can log in to My Vodafone to update it or you can contact our Customer Services team.
Right to data portability
You have the right to be able to take with you the personal data you provided to us in certain circumstances. Vodafone ensures that you can take your data with you by allowing you to download your monthly bills, at the click of a button. In order to do this, log in to My Vodafone and go to your billing area.
Right to object to use of personal data
You have the right, in certain circumstances, to object to Vodafone processing your personal information. For more information or to exercise this right, please contact our Customer Services team. If this relates to an automated decision performed on you (this means with no human involvement), please let us know and we will review your request.
How to lodge a complaint
If you want to contact us about any of your rights or complain about how we use your information, please use our privacy query form and a member of our dedicated team will respond to you. Alternatively, you can contact our Customer Services team - we'll do our best to help but if you're still unhappy, you can contact the Information Commissioner's Office (ICO). Their website www.ico.org.uk has details on how to contact the ICO.
Right to restrict use of your data
If you feel data we hold on you is inaccurate, or you believe we shouldn't be processing your data, please contact our Customer Services team to discuss your rights. In certain circumstances, you have the right to ask us to restrict processing.
Right to erasure
Vodafone strives to only process and retain your data for as long as we need to. In certain circumstances you have the right to request that we erase personal data of yours that we hold. If you feel that we are retaining your data longer than we need, it is worth first checking that your contract with Vodafone has been terminated, which you can do with Customer Services. If your contract with Vodafone has been terminated, we may still have lawful grounds to process your personal data. For more information on retention periods, see the section in this privacy policy called ‘How long do we keep your personal information for?'.
Our cookie policy
Cookies are tiny text files that are stored on your computer, tablet or mobile phone when you visit a website. The cookies mean that the website will remember you and how you've used the site every time you come back.
Cookies themselves don't hold personal information such as your name or bank details. And in many cases, we won't be able to link the information we collect by using a cookie back to you. They can, however, help us to find information once you're logged in or help us link your browsing information to you and your personal information, for example, when you choose to register for a service, white paper or newsletter.
First party cookies
First party cookies originate from the same domain as the website you're currently visiting.
| Cookie | Meaning of the cookie | Domain | Duration |
|---|---|---|---|
| SESSION | Used to track a session ID to allow user to stay logged in. | .vodafone.com | Session |
| L | User's preferred language is stored in this cookie. | .vodafone.com | Session |
| backButtonURL | Used to manage back button functionality storing proper link to last visited site in Secure Net portal. | .vodafone.com | 10 years |
| VF-UUID | Used to collect analytics data. | .vodafone.com | Session |
| recall | Used to remember last user logged in to Secure Net portal. | .vodafone.com | 30 Days |
| IDP | This cookie is used to store a session ID to keep user logged in to Secure Net portal. | .vodafone.com | Session |
| JSESSIONID | Used for session or user tracking and is always present. | .vodafone.co.uk | Until users starts new session |
| vdf_openid_uk | While Vodafone is authenticating a user of its service, this cookie is set. It is used to identify the user during authentication process. | .vodafone.co.uk | Until users starts new session |
| vdf_ulff_ula_uk | An ID is stored that supports Vodafone to identify users in case of troubleshooting should become necessary. | .vodafone.co.uk | Until users starts new session |
Controlling your cookies
You can control how you use cookies in your browser. If you wish to restrict or block the cookies which are set by any website - including a Vodafone website, you should do this through the web browser settings for each web browser you use, on each device you use to access the internet.
Information on controlling and deleting cookies, including on a wide variety of browsers, is also available at allaboutcookies.org.
