We take your privacy seriously.

This Privacy Policy (Policy) contains important information about how Cradlepoint, Inc. and its subsidiaries and affiliates in the United States of America (USA) (Company, we, or us) collect, use, and disclose certain personally identifiable information that we receive in the USA from the European Economic Area (EEA Personal Data), your rights in relation to your EEA Personal Data and how to contact us and supervisory authorities in the event that you have a complaint.

As we are based in the USA, Cradlepoint, UK Ltd. is our representative within the EEA. Their contact details are:

• Office Manager, EMEA
• 25 Wilton Road, Victoria, London, SW1V 1LW
• UK Phone Number +44 (0) 1932 548410
• Cradlepoint UK website: https://www.cradlepoint.com/uk
• Cradlepoint email: privacy@cradlepoint.com

Our Website Privacy Policy describes the categories of EEA Personal Data that we may receive in the USA as well as the purposes for which we use that EEA Personal Data. Cradlepoint, Inc. will only process EEA Personal Data in ways that are compatible with the purpose that Cradlepoint, Inc. collected it for, or for purposes the individual later authorises. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorised, we will provide you with the opportunity to opt out. Cradlepoint, Inc. maintains reasonable procedures to help ensure that EEA Personal Data is reliable for its intended use, accurate, complete, and current.

If we collect sensitive EEA Personal Data, we will obtain your opt-in consent, including if we disclose your sensitive EEA Personal Data to third parties, or before we use your sensitive EEA Personal Data for a different purpose than we collected it for or than you later authorised.

We will hold your name, address and contact details for the period we are required to retain this information by applicable UK tax law. With that Cradlepoint established four (4) unique categories to maintain personal information to include:

Prospects and Leads (e.g. NCM trials):

• With your implied single opt-in consent (e.g. from a tradeshow), Cradlepoint will maintain your personal contact information for 6 months following our initial contact.
• With your explicit, double opt-in, consent Cradlepoint will consider you as a valid lead and potential customer and retain your personal information, for two (2) years.

Customers of a Product or Service:

• While in a legitimate business relationship, Cradlepoint’s has a valid and mutual business need to maintain your personal information continually during the business contract.
• Cradlepoint will maintain your personal information associated with the contract agreement until your company instructs us to change or replace your information.
• Cradlepoint will maintain your personal information for two (2) years following the end of our mutual and legitimate business interest.
• To accommodate relevant financial or tax laws and/or legal requirement for six (6) years.

Employee:

• Cradlepoint will maintain your personal information from application and interview process for one (1) year.
• When hired, Cradlepoint will maintain your personal information during the initial job application, through the end of employment.
• Following the end of employment, Cradlepoint will retain (archive) personal information for two (2) years.

Partners and Third-Party Providers:

• Cradlepoint will maintain your personal information from initial contact to the point where we enter into negotiations and will retain your personal information for two (2) years following the end of negotiations.
• Cradlepoint will continually maintain personal information during the active contractional business relationship.
• If and when the contract ends, Cradlepoint will retain Data Subject information for two (2) years.

Third-Party Agents or Service Providers. We may transfer EEA Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Website Privacy Policy.

We enter into written agreements with those third-party agents and service providers limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our obligations to you and to stop and remediate any unauthorised processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.

Third-Party Data Controllers. In some cases, we may transfer EEA Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EEA Personal Data to third-party data controllers for the purposes described in our Website Privacy Policy. We will only provide your EEA Personal Data to third-party data controllers where you have not opted-out of such disclosures, or in the case of sensitive EEA Personal Data, where you have opted-in. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for EEA Personal Data that we provide. We also limit their use of your EEA Personal Data so that it is consistent with any consent you have provided and with the notices you have received.  If we transfer your EEA Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EEA Personal Data is protected with the same level of protection that Cradlepoint, Inc. provides.

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Under the General Data Protection Regulation, you have many important rights free of charge. In summary, the rights include:

• Fair processing of information and transparency over how we use your use personal information
• Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• Require us to correct any mistakes in your information which we hold
• Require the erasure of personal information concerning you in certain situations
• Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• Object at any time to processing of personal information concerning you for direct marketing
• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• Object in certain other situations to our continued processing of your personal information
• Otherwise restrict our processing of your personal information in certain circumstances
• Claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) concerning individual rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

• File a complaint or make a request;
• Let us have enough information to identify you;
• Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
• Let us know the information to which your request relates, including any account or reference numbers, if you have them.
• Unsubscribe from any Cradlepoint marketing communication or update your communication preferences.

You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed without a legitimate ground for such processing. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

If you have any questions about this Policy or would like to request access to your EEA Personal Data, please contact us as follows:

• Cradlepoint Privacy Policy
• You may also contact our European affiliate, Cradlepoint / UK, at the contact details outlined above, with any questions or concerns.

You may contact the Information Commissions Office (ICO), the supervisory authority, via helpline, live chat, email, or telephone from:

• ICO Contact page
• Telephone: 0303 123 1113

Postal Address:

• Information Commissioner’s Office (ICO)
• Wycliffe House
• Water Lane
• Wilmslow, Cheshire, SK9 5AF

This Policy was originally published, 23 May 2018 and last updated on 31 October 2018.

We may change this Policy from time to time, when we do we will inform you, the Data Subject, via email and linking you to an announcement identifying the change.