Privacy Statement

December 31, 2016

This Privacy Statement (“Statement”) describes how information about you is collected, used, and disclosed by ITHAX S.A. (“ITHAX”) and provides other important privacy information, describes when and how we may change this Statement, and tells you how to contact us with any questions or comments.

WHAT TYPES OF INFORMATION WE COLLECT ABOUT YOU

We collect information about you and your associated device(s) when you use our products or services or otherwise interact with us or with third-party services through our products and services. Examples of the types of information we collect include:

• Personal Information
  “Personal Information” means information that we directly associate with a specific person or entity (for example, name; addresses; telephone numbers; email address; Social Security Number; call records; wireless device location). Personal information does not include “de-identified,” “anonymous,” or “aggregate” information – which are not associated with a specific person or entity.
• Customer Proprietary Network Information (CPNI)
  Customer Proprietary Network Information, or “CPNI”, is a subset of Personal Information that is generated in connection with the telecommunications services we provide to you. CPNI includes, for example, call details, call location information, and certain information about your rate plans and features. CPNI does not include your name, address, and phone number.
  
  
• Credit and Financial Information
  We collect information about your credit card or banking information, Social Security Number, and credit history for account opening, management and billing and collection purposes.
• Network and Device Information
  We may collect information about your use of our network (or other carriers’ networks when roaming domestically and internationally) and the device(s) associated with your account, network data related to WiFi usage and device, and performance information, as well as data relating to your use of our website, applications and other products and services.
• Location Data
  We may collect your device’s location whenever it is turned on (subject to coverage limitations).
• Performance and Diagnostic Data
  We may collect performance and diagnostic data about your use of our network, networks you roam on, WiFi services or your device. For example, we may collect information about the performance of the device, signal strength, dropped calls, data failures, battery strength and other device or network performance issues. We may also collect information about applications on your device, the fact that an application has been added, when an application is launched or fails to launch, and length of time an application has been running.
• Back Up and Cloud Services
  Some devices may automatically upload to ITHAX network servers information you have stored on the device and/or SIM card in order to facilitate specific functions. For instance, some devices may back-up your address book, photo album, or diagnostic data. You may choose to disable such uploads, but this may affect functionality of the device or your services. We may also provide you the ability to upload other information from your device to ITHAX or third-party network servers. For instance, you may have the option to upload pictures, text messages, recordings, calendars, tasks, or notes.
• Collection of Information About Children
  We do not knowingly solicit children to purchase our services or products. If, however, you authorize a child to use our services or products by providing them a device associated with your account, any information associated with such use will be treated as your information in accordance with this Statement. If you are the primary account holder, you will have the ability to set the marketing preferences for any other lines on your account, including those for any children to whom you provide a device.
  Our websites are not designed to attract children under the age of 13 and we do not intentionally or knowingly collect Personal Information on our websites from anyone under the age of 13. We encourage parents to be involved in the online activities (including wireless Internet browsing) of their children to ensure that no information is collected from a child without parental permission.

HOW INFORMATION ABOUT YOU IS COLLECTED

ITHAX collects information about you in three primary ways:

• Information You Provide
  We collect information that you provide to us when you apply for, purchase, or use our products or services, or otherwise communicate with us.
  For example, some of the ways you may provide information to us include:
  • When you sign up for our voice or data services or purchase other products or services, we may collect personal contact, billing, and credit information.
  • When you establish or modify an online account, we may collect user identification information, passwords, and/or security question responses that you will use for future sign-on.
  • When you interact with our customer service representatives, enter information on our websites, submit survey responses, or pay for services, we may also collect Personal Information and other information. We may monitor and record phone calls, e-mails, live chats, or other communications between you, your device, and our customer service representatives or other employees or representatives.
  • When you use our services on a phone provided to you by an account holder.
• Information We Collect Automatically
  We automatically collect a variety of information associated with your use of your device (on our network, when roaming, or in WiFi mode) and our products and services, some of which may be associated with you or another user on your account.
  For example some of the ways we may automatically collect information include:
  • Our systems capture details about the type and location of wireless device(s) you use, when the device is turned on, calls and text messages you send and receive (but we do not retain the content of those calls or messages after delivery), and other data services you use.
  • We may also gather information about the performance of your device and our network. Some examples of the types of data collected include: the applications on the device, signal strength, dropped calls, data failures, and other device or network performance issues.
  • Cookies, Web Beacons, and Similar Technologies
    We may use, or we may engage third-parties to use on our behalf, cookies (small data text files placed on your computer or device) or similar technologies to identify your computer or device and record your preferences and other data so that our websites can personalize your visit(s), see which areas and features of our websites are popular, and improve our websites and your experience.
    We may also use web beacons (small graphic images on a web page or an HTML e-mail) to monitor interaction with our websites or e-mails. Web beacons are generally invisible because they are very small (only 1-by-1 pixel) and the same color as the background of the web page or e-mail message.
    The information we receive through cookies, web beacons and similar technologies may enable us to recognize users across devices, such as smartphones, computers, tablets or related browsers. Depending upon your device or computer, you may be able to set your browser(s) to reject cookies or delete cookies, but that may result in the loss of some functionality on our websites. If we combine or link cookie or web beacon information with Personal Information, we will treat the combined or linked information as Personal Information under this Statement.
  • Web Browsing Activity
    Our Websites. When accessing our websites, mobile websites and related applications and widgets designed for your device or web-based experience, we automatically collect certain information about your device and your visit, such as your IP address, browser type, date and time, the web page you visited before visiting our website, your activities and purchases on our websites, and other analytical information associated with the sites.
    Other Websites. When your device’s web browser utilizes our data services to access websites other than our own, we automatically capture information associated with your browsing activities, and measure and monitor network and Internet connection performance, throughput, latency, and similar network data.
    Do Not Track Statement. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Those sites (or the third party content on those sites) may continue to engage in activities you might view as tracking even though you have expressed this preference, depending on the sites’ privacy practices. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to the browser DNT signals when you use our services and products or interact with our websites or online services. We do allow you to exercise choice regarding the collection of information by third parties about your online activities over time and across third-party websites or online services for online interest based advertising purposes and to opt out of our interest-based advertising on your device, as described below.
  • Voice Controlled Applications
    If you use a voice-controlled application, that application may collect and record your requests and other information from you and your phone.
  • Retail Beacons
    We may use beacon devices in our retail locations that collect data about your device. These programs use signals from smart devices (like mobile phones and tablets) to track movement and wait times. Retail beacons collect a unique identifier that your device routinely transmits (e.g., a MAC address) and coverts it to an identifier unique to ITHAX. In some cases, we will use identifiers that are already routinely collected by the ITHAX network in order to provide you with wireless service. We use aggregated data in order to understand general traffic trends in our stores. This helps us to better service our customers.
• Information From Other Sources
  We may also obtain information about you from other sources. For example, we may receive credit information from third-party sources before initiating your service, or background information in connection with employment opportunities. We may also obtain updated address information from our shippers or other vendors. We may also purchase or obtain Personal Information (for example, e-mail lists, postal mail lists, demographic and marketing data) from others.

HOW WE USE INFORMATION WE COLLECT ABOUT YOU

We use the information we collect for a variety of business purposes, such as:

• To route your calls or message or otherwise provide you with service;
• To provide and bill for products and services you purchase and charge to your account;
• To deliver and confirm products and services you obtain from us;
• To verify your identity and maintain a record of your transactions and interactions with us;
• To provide customer and technical services to you;
• To create, modify, improve, enhance, remove or fix our network, products and services, and their performance;
• To identify and suggest products or services that might interest you;
• To make internal business decisions about current and future product and service offerings;
• To provide you customized user experiences, including personalized product and service offerings;
• To protect our rights, interests, safety and property and that of our customers, service providers and other third parties; and
• To comply with law or as required for legal purposes.

Fraud Prevention
We may use Personal Information, including voice print recordings, account information (such as purchase patterns) and device information for investigations or prevention of fraud or network abuse. We provide fraud prevention services to banks or other third parties. As part of this service, we may verify your phone number to help those third parties prevent your personal information from being used for fraudulent purposes. We also may provide the information you report as spam to 7726 to a third party to prevent fraud or network abuse, and we may share such information with government agencies and others that work to combat spam and prevent fraudulent, deceptive, and unfair practices.

Information Collected from Cookies
We may also use information collected from cookies or other similar technologies to improve our websites, make recommendations, and complete transactions you request.

Marketing
We may use information we collect to contact you about ITHAX or third-party products, services, and offers that we believe you may find of interest. We may contact you by telephone, postal mail, e-mail, or other methods. You may opt-out of receiving marketing communications from us at any time by clicking on the “opt-out” or “unsubscribe” link on the marketing e-mail that you will receive.

Directories
We do not publish directories of our customers’ wireless numbers; nor will we provide or make such numbers available to third-parties for listing in their public directories, without the customer’s prior consent.

Performance, Diagnostics & Management
We collect information about devices, our network and WiFi usage to perform diagnostic analyses and understand how your device is performing overall. Diagnostic data helps us troubleshoot technical issues related to your device’s performance such as battery life, dropped calls, processing speed, device memory, service coverage, and network and WiFi signal strength that you and other customers may experience. If you are using a device in WiFi mode, we may collect information about that usage, such as the routing address and IP address. We also may use diagnostic data to identify and recommend products and services.

Location-Based Services
We use location information to route wireless communications and to provide 911 service, which allows emergency services to locate your general location. We may disclose, without your consent, the approximate location of a wireless device to a governmental entity or law enforcement authority when we are served with lawful process or reasonably believe there is an emergency involving risk of death or serious physical harm.
Depending on your device, you may also be able to obtain a wide array of services based on the location of your device (for example, driving directions, enhanced 411 Directory Assistance, Find My Device, or search results, etc.). These data services, known as Location-Based Services (“LBS”) are made available by us and others, usually via applications. These services use various location technologies and acquire location data from various sources.
These applications and services use various location technologies (including Global Positioning Satellite (“GPS”), Assisted GPS (“AGPS”), cell ID and enhanced cell ID technologies) to identify the approximate location of a device, which is then used in conjunction with the application to enhance the user’s experience (for example, to provide driving directions, to provide enhanced 411 Directory Assistance, or search results, etc.)
LBS may, or may not, involve any interaction with or dependency on our network, and location-based services may or may not look to our network to obtain location data. Where we allow third parties the capability of accessing data about your location that is derived from our network, we require those third parties to observe specific privacy and security protections consistent with this statement.
It is important that you understand the location capabilities and settings of your device, and that you carefully read and understand the terms under which these services are provided – whether by us or another entity.
You should carefully review the privacy statements and other terms of third-parties with whom you have authorized the sharing of your location information, and you should consider the risks involved in disclosing your location information to other people.
Where we provide a location-based service, you will receive notice of the location features of the service and collection of location data is with your consent. You will be provided options for managing when and how such information should be shared (except in the case of certain parental controls or similar services associated with enterprise or multi-line accounts – for example, ITHAX’s FamilyWhereTM services – which may be managed solely by the primary account holder or their designee, but always with notice to the end-user). ITHAX follows the CTIA’s Best Practices Guidelines for Location-Based Services, which are available here.

Advertising
You may see advertisements when you visit our websites, mobile websites, in mobile applications, or on your device. We may help advertisers better reach our customers by providing certain information, including device type, geographic information, language preferences or demographic information obtained from other companies to allow advertisers to determine which ads may be more relevant to you. However, we do not share Personal Information for advertising purposes outside of our corporate family without your consent.
Some examples of the types of advertising you might see include:
Our Ads on Our Websites. We may provide advertisements, such as banner ads, on our websites, mobile websites, and in mobile applications and widgets you may download, access or use on your device.
Other Company Ads on Our Websites. You may also see third-party advertisements on some ITHAX websites, services, or in applications, or on devices. These third-party advertisers, or their ad networks, may place or access cookies, web beacons, or similar technologies on your device, or use your device identifier, and may collect certain anonymous or de-identified information about your visit on our websites. The third-party advertisers who provide these ads may use this information to provide you with advertising on our websites, as well as on other websites. We do not have control over or access to any information contained in the cookies that are set on your computer or device by ad servers, ad networks, or third-party advertisers.
Our Ads on Other Websites. We may ask third-parties to place advertisements about our products and services on other websites, mobile websites and in mobile applications and widgets. The use of cookies, web beacons, or similar technologies by such third-parties on other websites is subject to any applicable privacy statements that they may have, not this Statement.

Interest-Based Ads
You may receive ads from us and our ad providers that are tailored to your interests. These interest-based ads are selected based on your use of our services and products as well as other information obtained by us and our ad providers. None of this information is Personal Information.

• We do not provide your Personal Information to third-party advertisers without your consent.
• Advertising may be tailored to the interests that advertisers have inferred from your browsing of our websites or other websites or applications with which the third-party partners to provide advertising.
• We may provide third-party advertisers with aggregated or de-identified location, demographic or similar data (unrelated to your browsing activities) that does not personally identify you. This data may be used by advertisers to help tailor their ads on our websites, and on other sites and applications.
• We, and our providers, may use a de-identified profile of your web-browsing and application use activity and interests. This profile does not contain information that identifies you personally, but may include a unique or encrypted identifier that enables your device to be matched to a profile of your browsing activity and de-identified characteristics about your interests.
• When we use information associated with your web browsing activities on websites that are not our own to provide interest-based advertising or offers, we will provide you with notice and appropriate choice.
  
  

Choices About Advertising
ITHAX adheres to the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising.

• On Your Mobile Device. Where we offer interest-based ads, you can opt-out of certain interest-based advertising by clicking on the ad options link on or near the advertisement.
  • If you turn off interest-based ads, you will still see just as many ads, but the ads may not be based on your interests and may be less relevant to you.
  • Your choice only affects the ads you see on websites and applications you access on your device.
  • If your device’s browser cookies are deleted, or your device is reset, you may need to reset the interest-based ads feature.
  • If you are using your device, but are not on our network (such as a WiFi network), we, and our ad providers, may not be able to identify your ad choices.
• On Your Computer or Non-Mobile Device. For information about targeted advertising, or to opt-out of use of your browser information for purposes of certain third-party advertising, please visit www.aboutads.info/choices. Please note that if you opt out, you will continue to receive the same number of ads, but they may be less relevant because they will not be based on your interests. You may still see ads related to content on a web page or based on other nonpersonal information. Please note that this opt-out is cookie-based. If you change computers or devices, change web browsers, or delete cookies, you will need to visit the aboutads site and opt-out again.

WHEN WE SHARE INFORMATION COLLECTED ABOUT YOU

We do not sell, license, rent, or otherwise provide your Personal Information to unaffiliated third-parties (parties outside the ITHAX corporate family) to market their services or products to you without your consent. We may, however, disclose your information to unaffiliated third-parties as follows:

With Your Consent
We may disclose Personal Information about you to third-parties with your consent. We may obtain your consent in writing; online, through “click-through” agreements; when you accept the terms of disclosures on your phone for certain applications or services; orally, in our stores or on the phone, including through interactive voice response, or implicitly, for example, when you purchase a product and ask that it be shipped to your home, consenting to our disclosure of your name and address to a third-party shipping company to complete delivery.

To the Primary Account Holder
We may disclose information about an account user to the primary account holder (the party financially responsible for the account). If a business, governmental agency, or other individual obtains service for you, that entity or individual is our customer, and we may provide information about you or your use of the service, products or devices to them or others at their direction.
When you are the primary account holder, but you receive special or discounted pricing, terms, or other benefits through another party’s agreement with us (for example, an employee discount), we may provide enough information to that party to verify your initial and continuing eligibility for benefits under their agreement with us and to calculate any associated discounts.

To Our Service Providers
We may disclose information to third-party vendors and partners who complete transactions or perform services on our behalf (for example, credit/debit card processing, billing, shipping, repair, customer service, auditing, and marketing).

Third-Party Carriers and Suppliers
If you are roaming on the network of another carrier or WiFi service provider, your wireless telephone number, your location, the numbers you dial, and other information about your usage will be available to that carrier to facilitate that service. Additionally, services and functionality offered through certain devices are sometimes provided in conjunction with entities other than ITHAX. As a result, Personal Information from your devices may be uploaded and stored on their servers. For instance, BlackBerry® service is provided in conjunction with Research in Motion (RIM), and Personal Information from your device is stored on their BlackBerry Enterprise Servers™. Their specific terms and conditions, terms of use, and privacy statements apply to those services.

In a Business Transfer
We may sell, disclose, or transfer information about you as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third-parties as a business asset in the transaction. We may also share information with banks for purposes of transferring loans in connection with your device financing.

For Legal Process & Protection
We may disclose Personal Information, and other information about you, or your communications, where we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary:

• To satisfy any applicable law, regulation, legal process or enforceable governmental request;
• To enforce or apply agreements, or initiate, render, bill, and collect for services and products (including to collection agencies in order to obtain payment for our products and services);
• To protect our rights or interests, property or safety or that of others;
• In connection with claims, disputes, or litigation – in court or elsewhere;
• To protect users of our services and other carriers or providers from fraudulent, abusive, or unlawful use of, or subscription to, such services;
• When information is reported to the Spam Reporting Service, it may be shared with government agencies and others that work to combat spam and prevent fraudulent, deceptive, and unfair practices;
• To facilitate or verify the appropriate calculation of taxes, fees, or other obligations due to a local, state, or federal government; or
• In an emergency situation.

Co-Sponsored Websites and Partners
If you provide information to us in connection with a co-sponsored website, this Statement will apply to our use of the information and the co-sponsor’s statement will apply to their use of the information. If you purchase equipment or activate service at one of our partner’s locations (including websites of such dealer or retailer), they may request information from you that is passed to us as part of the activation process, but which may also be retained by the partner. This Statement will govern our use of such information, and the partner’s privacy statement will govern its use of such information.

De-Identified Information
We may provide information that does not identify you personally to third-parties for marketing, advertising or other purposes.

Third-Party Applications for Your Devices
We are not responsible for the third-party applications (for example, applications, programs, widgets, etc.) you select and install on your device. When you install third party applications, you may give your consent for the third party to access information stored on the device and on our network to facilitate the application’s functions (for example, you may consent to third-party access to your location information – see Location Based Services). The manner in which such third-parties may use, share, or disclose such information is governed by the terms and conditions and privacy statement provided by that third party – not by this Statement.

HOW WE STORE AND PROTECT THE INFORMATION COLLECTED ABOUT YOU
 

Protecting Your Information
We use a variety of physical, electronic, and procedural safeguards to protect Personal Information from unauthorized access, use, or disclosure while it is under our control.
We provide password protected online access to your account information through my.ITHAX.com. For multi-line accounts, the primary account holder is authorized to access online account information for all the devices and lines on the account. Other users may generally access online account information related only to their respective device and line (for example, if a parent provides a device to their child, the child may access online information about that device and line– including CPNI). The primary account holder, however, may designate additional or more limited access rights for other users on the account.
Under federal law, you have a right, and we have a duty, to protect the confidentiality of CPNI and we have adopted statements and procedures designed to ensure compliance with those rules. We will not intentionally disclose your CPNI to third-parties without your permission, except as allowed under FCC rules, applicable law, or explained in this Statement. However, if you are the primary account holder, you may designate other “authorized users” (for example, a spouse) to access and manage your account information, including CPNI.

Retention and Disposal
We retain information only for as long as we have a business or tax need or as applicable laws, regulations, or government orders require. When we dispose of Personal Information, we use reasonable procedures designed to erase or render it unreadable (for example, shredding documents and wiping electronic media).

HOW YOU CAN UPDATE YOUR INFORMATION AND CHOOSE HOW WE CONTACT YOU
 

You may access and modify your contact information by visiting voip.ithax.net, or by contacting Customer Service.

Choices Regarding Use of Your Information
We may send you communications about services or products we, or our partners, sell. We want to provide you with meaningful choices regarding our marketing communications, and you may choose to limit or opt-out of some marketing communications from us at any time. Although you may elect not to receive marketing information from us, if you subscribe to our services or buy our products, you will continue to receive invoices, customer-service and transactional notices, and similar communications. The Primary Account Holder can configure options for marketing communications for all lines on the account.

You may also manage your preferences regarding marketing communications by contacting Customer Service by dialing 0000 from your ITHAX phone or +1-212-444-9704 from any phone, or, with respect to marketing e-mails, by following the “unsubscribe” instructions on any marketing e-mail we send you.

Do Not Call Registry
The FTC maintains a National Do Not Call Registry at https://www.donotcall.gov/, and your state may maintain its own Do Not Call Registry. Putting your number on these Registries also may limit our telemarketing calls to that number.

YOUR ROLE IN PROTECTING YOUR PRIVACY

You play an important role in ensuring the security of Personal Information. We encourage you to use safeguards to protect your information and devices.

OTHER INFORMATION YOU SHOULD KNOW
 

Consumer Code for Wireless Service
We follow the Consumer Code for Wireless Service established by the Cellular Telecommunications & Internet Association (“CTIA”). In doing so, we want to help customers understand their bills, receive quality service, and make informed choices and conform our information practices under this Statement to meet the requirements of applicable federal and state laws and regulations.

Your California Privacy Rights
California Civil Code Section 1798 entitles California customers to request information concerning whether a business has disclosed Personal Information to any third parties for the third parties’ direct marketing purposes. As stated in this Statement, we will not sell or share your Personal Information with non-affiliated companies for their direct marketing purposes without your consent. California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices and statements may contact us as specified in the section below.

PRIVACY STATEMENT UPDATES AND CONTACT INFORMATION
 

How We Communicate Changes to This Statement
We may update this Statement at any time to provide updates to or clarification of our practices. If we make changes, we will revise the date at the top of the Statement. If we propose to use Personal Information in a materially different way, we will provide you with notice by posting notice of the changes on our website for at least 30 days before we implement those changes, and obtain your consent as specified above for any material change regarding disclosure of Personal Information. You should refer to this Statement often for the latest information and the effective date of any changes.

How to Contact Us
If you have any questions or comments about this Statement or about ITHAX’s privacy practices, please call Customer Service at 0000 (from an ITHAX phone) or +1-212-444-9704 (from any phone) or send an e-mail message to info@ithax.net .