Ozone Services are governed by a contract between Ozone Ltd and your organisation. When you use a Ozone Service provided by your organisation, Ozone Ltd is required to process your personal data in order to provide that Service. Ozone Ltd’s affiliates may also be required to process your personal data, depending where you and the Customer are located.

Information that is supplied to us by you or the Customer in the course of us providing our services, is Customer Data. The Controller of the Customer Data is your organisation, and Ozone Ltd, and/or its Affiliates, is the Processor.

Customer Data includes:

• Name

• Address

• Country of residence

• Email address

• Telephone number

• Products and services ordered

• Unique employee ID

• Answers to DSE assessments

• Customer support interactions

• All personal data processed as a result of Ozone’s IT helpdesk service or MDM service. Note that this can include device location data to identify the whereabouts of a missing device.

• Any other data provided by you or your organisation in the course of the Services (except Other Personal Data).

Ozone relies on its contracts with its customers in order to process this personal data. As such, Ozone does not require additional consent from end users in order to process this personal data.

Ozone does not process Special Category Data on behalf of customers, with the exception of any DSE assessment information (which could constitute Special Category Data within the meaning of the General Data Protection Regulations applicable to the EU and UK) if health information is provided.

Ozone will never ask individual users for personal payment information. You may, however, be asked to prove your identity for delivery of a Ozone product by one of our third party delivery providers by displaying biometric information.

Most of the personal data that Ozone processes which relates to Ozone’s services is Customer Data. However, depending on the terms of its contracts with Customers, Ozone may act as the Controller of other personal data in limited circumstances, as set out below.

• Account administrator information.

• Metadata and log data generated through use of the Services.

• Cookie information.

• Audio and video data and metadata and.

• Additional information provided to Ozone.

We process Customer Data in accordance with our Customers’ instructions, which are contained within Ozone’s terms of business with its Customers.

As a guide, Ozone may use Customer Data to:

• Administer and manage users set up on the Customer’s account (and enable the Customer to administer and manage users), including:

• Issuing, cancelling and recalling Ozone equipment

• Transferring Ozone equipment to another user

• Resolve any complaints or enquiries you or the Customer may have;

• Provide reports or information to the Customer regarding the Ozone services

• Improve Customer experience, including for training purposes.

• Provide effective management reporting and for internal analysis of products & services

• Prevent, detect and investigate any incidents of delivery failures or fraud

• Fulfilling Ozone’s legal obligations (e.g. responding to government or law enforcement requests, where we consider that such action is required or permitted by law)

• Creating anonymised data sets for internal reporting purposes (where such information cannot be linked back or reverse engineered to any individual)

We never sell or rent Personal Data, we will not share your information with third parties for the purpose of direct marketing, and we do not use data to profile end users.

If your organisation requests Ozone to transfer your equipment directly to another user, we ask your organisation to confirm that they have your consent for a user-to-user transfer. This is because names and addresses may become visible on shipping labels.

Ozone has no access to your personal data contained on Ozone devices (except for very limited information if your organisation has enrolled its devices into Ozone’s MDM service).

Therefore, if you lose access to your Ozone devices (in the event of a change of employment, for example), you will lose access to personal data or other content on any Ozone devices.

It is part of Ozone’s terms and conditions with Customers that all end users must remove all personal data from Ozone devices before returning devices to Ozone, or when transferring devices to another permitted user.

End users are required to ensure that devices are wiped of personal data before they are returned to Ozone or before a permitted transfer to another user. Ozone does not accept any responsibility for loss of personal data in these circumstances.

Ozone offers an MDM service to some Customers, in accordance with their specifications. This service involves the provision of software which allows Ozone to manage devices remotely, push apps to those devices, and enforce security policies.

Ozone cannot read the content of your emails, see browser history, see your messages ,or view your photographs. However, depending on the MDM settings, it is possible for Ozone to geolocate mobile devices when they are in managed lost mode.

If you require information on Ozone’s MDM capabilities for your organisation, please contact your organisation

Ozone has a legitimate interest in processing Other Personal Data, for the purposes set out below.

To create a Ozone account, the Customer must supply Ozone with the names, email addresses, phone numbers, password and other account set-up details for account administrators. Ozone may also receive billing details which are linked to an individual acting on behalf of an organisation (such as credit card information, banking information and/or a billing address). Ozone acts as the Controller of this information in order to ensure that it can manage its Customer accounts, and any debts owed to Ozone.

When a user interacts with Ozone’s Services, metadata and log data may be generated that provides additional context about the way that a user uses the Services, and any problems they experience in using the Services. Other Personal Data here may include your Internet Protocol (IP) address, browser type and settings, the date and time that the Services were used, and actions performed on the account. This data helps Ozone understand how users interact with the Services so that we can continue to improve and develop our Services, and also helps us to fix bugs.

Ozone may receive, capture and store metadata such as data regarding the date and time of recorded sales calls with Ozone in order to improve our sales experience for customers.

We receive Other Personal Data that is submitted to us, such as personal opinions that you may provide us (for example, if you participate in a pilot, or provide feedback about our products or services), interactions with our social media accounts, or other communications with Ozone. We use this data for the purpose of improving Ozone’s services.

In respect of Customer Data, you should direct any data protection enquiries (including any requests to exercise your data protection rights) to your organisation’s Administrator. Ozone is not responsible for the privacy or security practices of our Customers, which may differ from those contained in this policy.

Storage periods depend on the data processing terms with our Customers and their choices, the type of Personal Data, purposes of its collection and processing, and the applicable law.

Ozone will retain Customer Data in accordance with a Customer’s instructions (including to perform any applicable terms in the Customer Agreement and through the Customer’s use of Services functionality) and as required by applicable law. We must retain customer contact and product information during the course of any equipment lease, or other Ozone service, and we will retain information for a set period of time after this, according to the retention period agreed with our Customers.

Ozone may retain Other Information relating to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping Other Information after your organisation no longer receives Ozone services, for the period of time needed for Ozone to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Ozone takes security of data very seriously. Ozone is SOC2 compliant and takes reasonable and appropriate measures to protect your Personal Data from loss, misuse, and unauthorised access. We use standard, industry-wide practices including firewalls and encryption of Customer Data to protect your information.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee absolute security.

Ozone engages third parties to enable us to provide our services. Key third party services which we use include web hosting services, diagnostics services, sales platform services, trade credit services and courier services.

Where Ozone engages third party subprocessors who transfer personal data abroad, Ozone uses the Standard Contractual Clauses approved by the European Commission or UK (as appropriate) to govern transfers to countries which do not have equivalent safeguards to the UK and EU, including the United States, Canada, India, Japan, South Korea.

Ozone may change this Privacy Policy from time to time without prior notice. We will post the changes to this policy online.