Secure Net Privacy Policy

Secure Net - Privacy Statement

This privacy supplement gives some additional information specific to Secure Net and the accompanying App. Secure Net is a security product that provides additional protection when browsing on our mobile network. For general information about how we process your data as part of providing mobile connectivity, view our main privacy policy.

Last updated: 11 July 2024

Who we are

We are Vodafone Limited, a member of the Vodafone Group. In this privacy policy:

  • "we/us" means Vodafone Limited;
  • "third party" means someone who is not you or us; and
  • "Vodafone Group" means Vodafone Group Plc and any company or other organisation in which Vodafone Group Plc owns more than 15% of the share capital.

Our registered office is Vodafone House, The Connection Newbury, Berkshire RG14 2FN. We are registered in England under company number 1471587 and with the Information Commissioner's Office (ICO), registration number Z1933885.

How to contact us

Your opinion matters to us - if you have any questions about our privacy policy or your privacy settings, please submit your query and a member of our dedicated team will respond to you. If you would like to mail us by post directly, send it marked the "Privacy Team" to Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN.

Additional information

Personal information we collect about you

Information we collect about you

The types of information we process about you and any devices you register with the service when you use Secure Net and the accompanying App are:

  • The content of your communications; Secure Net is a service that uses a process called Deep Packet Inspection on information we are transmitting in order to detect any security threats and filter these. We do not use this information for other purposes;
  • Your phone number, tariff information and price plan;
  • Your credential information such as passwords, hints and similar security information used for authentication and access to accounts and services;
  • Information about your mobile device each time you use the App. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device's mobile phone number;
  • If you activate the Secure Net cleaning tool, we will access data from your device to help remove security threats from your device; and
  • If you activate the Identify Monitoring tool, a feature to check for data breaches of user personal data on the internet and provide you with alerts via SMS, you will be prompted to enter your phone number when first using the service - this is for product registration and authentication. In addition, any information that is inputted into the identity monitoring service, including name, address, e-mail address, bank account information, credit card details, phone number and date of birth, which will be shared with a third party at the request of the user for the monitoring service.

We'll also get information about how you use our products and services, such as:

  • Details of your use of our services - for example, we can see whether or not a site has been blocked and keep a limited record of this information for service and customer care (see How long we keep your personal information for), or how often you interact with our portal; and
  • We also collect anonymous analytics information on how our customers use the Secure Net App in order to improve your experience and troubleshoot (for example, we can see whether certain functionalities are not working as intended and fix them).

When we collect your personal information

We collect your personal information when:

  • You browse the internet on a mobile connection when you have an active Secure Net subscription;
  • You interact with the App or online Portal (where you can see what has been blocked); and
  • You activate and use the cleaning tool feature of the App.
  • When you activate the Identity Monitoring tool to check for personal data breaches on the internet.

Vodafone will process your personal data based on:

  1. Vodafone's legitimate business interests, for example, fraud prevention, maintaining the security of our network and services, and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit the Your Rights section of this policy.
  2. Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided; or
  3. Consent you provide where Vodafone does not rely on another legal basis. Consent is always presented to you separately and you can withdraw your consent at any time. For example, we need your consent to process the content of your communications in order to detect and block any security threats.

Secure Net is an optional service, which you can deactivate at any time. To do so, you can navigate to the Secure Net portal or via the link sent to you in your welcome text message or alternatively, you can contact our Customer Services team by calling 191 free from your Vodafone mobile.

How we use your personal information

To provide you with your service

In order for us to protect you from security threats, we view the content of your communications in order to do so. We do not use this information for marketing or personalised profiling and it is retained for a limited period of time.

Profiling and automated decision making

Our threat monitoring is based on profiling and automated decisions; for example, websites we block at based on the intelligence we have gathered. You can, however, go into your portal or App and view why something has been blocked (for example, if it was malicious or contained malware).

To improve our service

We collect anonymous, de-identified or aggregate information in order to improve the service we offer to everyone. None of these analytics are linked back to you in any way.

Service messages

From time to time we'll send you notifications of data breaches and the threats that have been blocked. You can turn these off if you no longer wish to receive them via the app notification settings.

How we share your personal information

Where applicable, we share information about you with:

  • Companies in the Vodafone Group;
  • Partners, suppliers or agents involved in delivering the products and services you've ordered or used;
  • Companies who are engaged to perform services for, or on behalf of, Vodafone Limited, or Vodafone Group;
  • Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies;
  • Debt collection agencies or other debt-recovery organisations;
  • Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law; or
  • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement.

International data transfers

We do not transfer data outside of the EEA without adequate safeguards; data is stored in our data centres in Germany and Ireland.

How long we keep your personal information for

Browsing history

We keep a limited record of your browsing history for service and customer care purposes only. Vodafone does not repurpose your browsing for the purposes of marketing or personalised profiling.

  • For example, if you believe that we should not have blocked a site, we can check that for you; or
  • In order for you to be able to view a history of the protection provided (such as sites or malware blocked) with the App or the Secure Net portal.

We'll store your information for as long as we have to by law. If there's no legal requirement, we'll only store it for as long as we need to; please find below some examples of the data we will collect and how long we will retain it.

Example What data is involved How long it is retained for
Number of websites viewed Totals - Count of how many 6 months
Number of websites blocked Totals - Count of how many 6 months
Numbers of files downloaded Totals - Count of how many 6 months
Number of files blocked Totals - Count of how many 6 months
Number of websites blocked because of Parental Control restrictions (applied by Administrator) Totals - Count of how many 6 months
Top blocked categories Totals - Count of how many 6 months
Actual files downloaded by the Individual (IF Notify of new apps feature is turned on) Name of app Instant only (Notification): without any detail or info on file content
Aggregated top harmful files and websites attempted to be downloaded Totals - Count of how many 6 months
Actual domains accessed by an Individual Specific domains 6 months

Keeping your personal information secure

We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.

Communications over the internet (such as emails) aren't secure unless they've been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet.

We cannot accept responsibility for any unauthorised access, misuse of the service provided for the ID monitoring and loss of personal information that is beyond our control.

We'll never ask for your secure personal or account information by an unsolicited means of communication. You're responsible for keeping your personal and account information secure and not sharing it with others.

Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. So make sure you read that company's privacy and cookies policies before using or putting your personal information on their site.

The same applies to any third-party websites or content you connect to using our products and services.

You may choose to disclose your information in certain ways such as social plug-ins (including those offered by Google, Facebook, Twitter and Pinterest) or using third-party services that allow you to post reviews or other information publicly, and a third party could use that information.

Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you're familiar with these.

Your rights

Below we set out details on how you can exercise your rights. If you have a question or cannot find the answer, please contact our Customer Services team or use our privacy query form and a member of our dedicated team will respond to you.

Please note: the privacy query form is not for Subject Access Requests, please fill in the Subject Access Request form.

Right to access personal data

You have the right to make a request for a copy of the personal data that Vodafone holds about you. To make this request as an individual or an authorised third party, visit our Subject Access Request page which gives details on how to do this. Alternatively, you can contact our Customer Services team.

Right to correct personal data

You have the right to correct information held about you if it's not accurate. If the information we hold about you is inaccurate or needs to be updated, you can log in to My Vodafone to update it or you can contact our Customer Services team.

Right to data portability

You have the right to be able to take with you the personal data you provided to us in certain circumstances. Vodafone ensures that you can take your data with you by allowing you to download your monthly bills, at the click of a button. In order to do this, log in to My Vodafone and go to your billing area.

Right to object to use of personal data

You have the right, in certain circumstances, to object to Vodafone processing your personal information. For more information or to exercise this right, please contact our Customer Services team. If this relates to an automated decision performed on you (this means with no human involvement), please let us know and we will review your request.

How to lodge a complaint

If you want to contact us about any of your rights or complain about how we use your information, please use our privacy query form and a member of our dedicated team will respond to you. Alternatively, you can contact our Customer Services team - we'll do our best to help but if you're still unhappy, you can contact the Information Commissioner's Office (ICO). Their website www.ico.org.uk has details on how to contact the ICO

Right to restrict use of your data

If you feel data we hold on you is inaccurate, or you believe we shouldn't be processing your data, please contact our Customer Services team to discuss your rights. In certain circumstances, you have the right to ask us to restrict processing.

Right to erasure

Vodafone strives to only process and retain your data for as long as we need to. In certain circumstances you have the right to request that we erase personal data of yours that we hold. If you feel that we are retaining your data longer than we need, it is worth first checking that your contract with Vodafone has been terminated, which you can do with Customer Services. If your contract with Vodafone has been terminated, we may still have lawful grounds to process your personal data. For more information on retention periods, see the section in this privacy policy called ‘How long do we keep your personal information for?'.

Our cookie policy

Cookies are tiny text files that are stored on your computer, tablet or mobile phone when you visit a website. The cookies mean that the website will remember you and how you've used the site every time you come back.

Cookies themselves don't hold personal information such as your name or bank details. And in many cases, we won't be able to link the information we collect by using a cookie back to you. They can, however, help us to find information once you're logged in or help us link your browsing information to you and your personal information, for example, when you choose to register for a service, white paper or newsletter.

First party cookies

First party cookies originate from the same domain as the website you're currently visiting.

Cookie Description Domain Duration
vdf_openid_uk Used for log in. It is added in the beginning of the process and removed afterwards. .vodafone.co.uk Session
vdf_ulff_ula_uk Used for log in. It is added in the beginning of the process and removed afterwards. .vodafone.co.uk Session
JSESSIONID Used for session/user tracking and is always present. .vodafone.co.uk Session
x-vf-sn-cross-token Used for authentication between the Convergent Portal and the Classic Web Portal. .vodafone.co.uk 1 minute
x_vf_sn_cookie_mngt Used to set cookie preferences across Secure Net service. securenet.vodafone.co.uk 13 months
VF-UUID Used by Vodafone to collect analytics data. securenet.vodafone.co.uk 1 year
VF-SID Used by Vodafone to collect analytics data. securenet.vodafone.co.uk 36 minutes
VF-OPT Used by Vodafone to collect analytics data. securenet.vodafone.co.uk Session
VF-BINS Used by Vodafone to collect analytics data. securenet.vodafone.co.uk Session
_ga The most common cookies used by Google Analytics/Firebase to track user sessions. Other cookies related to analytics and managed by the Firebase Javascript dependency might be used and changed over time. securenet.vodafone.co.uk 13 months
_ga_<firebase_measurement_id> The most common cookies used by Google Analytics/Firebase to track user sessions. Other cookies related to analytics and managed by the Firebase Javascript dependency might be used and changed over time. securenet.vodafone.co.uk 13 months
_gid The most common cookies used by Google Analytics/Firebase to track user sessions. Other cookies related to analytics and managed by the Firebase Javascript dependency might be used and changed over time. securenet.vodafone.co.uk 1 day
kampyleUserSessionsCount Medallia Targeting Tracks number of sessions user has been in the browser securenet.vodafone.co.uk 1 year
kampyleUserSession Medallia Targeting Timestamp indicating when the user has started his session securenet.vodafone.co.uk 1 year
kampyleUserPercentile Medallia Targeting Number between 0-100 used for percentage of users targeting securenet.vodafone.co.uk 1 year
kampyleSessionPageCounter Medallia Targeting Tracks the number of pages the user has been in the session securenet.vodafone.co.uk 1 year
kampylePageLoadedTimestamp Medallia Targeting Timestamp indicating when the page was loaded. Used for time on page targeting securenet.vodafone.co.uk 1 year
DECLINED_DATE Medallia Targeting - Quarantine Timestamp indicating when an intercept was last declined / survey was last closed without submit securenet.vodafone.co.uk 1 year
SUBMITTED_DATE Medallia Targeting - Quarantine Timestamp indicating when a survey was last submitted securenet.vodafone.co.uk 1 year
kampyleInvitePresented Medallia Targeting - Quarantine Flag indicating whether an intercept was presented in the session securenet.vodafone.co.uk 1 year
md_isSurveySubmittedInSession Medallia Targeting - Quarantine True if any survey was submitted in session, otherwise false securenet.vodafone.co.uk 1 year
LAST_INVITATION_VIEW Medallia Analytics Timestamp for when the last intercept was presented securenet.vodafone.co.uk 1 year
mdigital_alternative_uuid Medallia Analytics When "alternativeUUID" provision is enabled, An alternative UUID for identifying a user is created securenet.vodafone.co.uk 1 year
mdLogger Medallia Analytics Enables Console logs for debugging purposes securenet.vodafone.co.uk 1 year
kampyle_userid Medallia Analytics UUID for identifying a user securenet.vodafone.co.uk 1 year
cd_user_id Medallia Analytics Cooladata user ID, Created by Cooladata and being sent with every event. It is used for analysing user behaviour. securenet.vodafone.co.uk 1 year
cd_user_id Medallia Analytics It is used as a fallback for first party cookie of same name. .kampyle.com 1 year
incap_ses_* (Example: incap_ses_770_2431481) WAF Mandatory session cookie securenet.vodafone.co.uk Session
nlbi_* WAF It is a load balancer Cookie to ensure requests by a client are sent to the same origin server. .vodafone.co.uk Session
visid_incap_* (Example: visid_incap_2345399) WAF The cookie on which we relate sessions to a specific visitor (visitor representing a specific browser on a specific computer) .vodafone.co.uk 1 year
reese84* WAF The cookie is part of Anti Bot Protection feature of WAF and should avoid a site to be attacked by a bot. .vodafone.co.uk 30 days
___utmvc* WAF This is a cookie used by the JS classification script. .vodafone.co.uk Session

Controlling your cookies

You can control how you use cookies in your browser. If you wish to restrict or block the cookies which are set by any website - including a Vodafone website, you should do this through the web browser settings for each web browser you use, on each device you use to access the internet.

Information on controlling and deleting cookies, including on a wide variety of browsers, is also available at allaboutcookies.org.