FNL Privacy Policy

This Privacy Policy articulates the privacy and data protection practices followed by FireFly Networks
Limited (hereinafter referred to as “Firefly”, “FNL”, “we”, “our”) and its Technology partner Hughes Systique
Corporation (hereinafter referred to as “Hughes”, “HSC”, “we”, “our”) with regards to the safeguarding
personal information of its data subjects (“you”, “your”, “user”, “subscriber”) and for services it offers to its
customers.

This privacy policy describes the use and protection of personal information and Wi-Fi and/or cellular
enabled device information Firefly Networks Limited (FNL), and its Technology partner Hughes Systique
Corporation (HSC) collects, uses, and shares when we provide customers with Wi-Fi services. If you have
any question about our privacy policy, please email us at [email protected]. All data
collection, storage, use and deletion/ removal shall be in compliance with the prevailing applicable laws,
specifically including as and when enacted the prevailing Personal Data Protection laws.

Legitimate Interest for Information Collection

User may be asked to provide information needed for on-boarding to Wi-Fi, mandatory for regulatory
compliance. The Wi-Fi solution is hosted by the Technology partner HSC (providing data processing
and storing technology). This requires collection of user data (encrypted) with respect to their device,
location, movement, and behavior during onboarding and connected mode.

Information We Collect

FNL may automatically collect and process following data of the user:

Any on-boarding information provided by user, taken by express user consent for the purposes clearly set out,
while taking such consent as per prevailing applicable law, while availing Wi-Fi services offered by its
partners/customers at their venues.
1. Any information which FNL collects about the computer, tablet, cellular telephone, smartphone,
or other electronic device used to access the service (device), if such data is non-personal data.
The data elements are:

- Access point name through which user is trying to associate or is in user proximity
- IP address of Access Point
- SSID name
- User mobile number
- Device encrypted MAC address (of the wireless network interface)
- Device IP address (of the wireless network interface)
- Device operating system
- Device make and model
- Device browser
- Various network transmission parameters (number of bytes transmitted, received
etc.)
3. The MAC address, and mobile number is used to authenticate the user in case of legacy
(nonPasspointTM devices). The mobile number may be used to send solicited advertisements to
the user provided express consent for the same via notice to the user is taken (as per prevailing
applicable law) for availing the business Wi-Fi or associated services.

4. Any information associated with the device above (from section 2) combined with the device
location and IP addresses and associated geographical information combined as personal data
in accordance with this policy for as long as it is combined, however such combination shall result
in non-personal data analytics.

5. Any statistics originating out of the resultant data from section 2 and 3 above which is not
mentioned explicitly which involve non-personal data analytics.

Use of Collected Information

FNL, and Its Technology partner HSC may analyze the collected information and share these reports
sharing aggregated and non-personal data with its business partners or customers. Alternatively, FNL and
HSC’s business partners and customers may analyze the collected information to create anonymous and
aggregated reports. This information might be used to (in accordance with applicable law):
 - Authenticate and authorize the user for security purposes,
- Provide information for crime and fraud prevention (based on identity) to legal, public entities
or law enforcement agencies,
- Analytics processing (e.g. to generate heat maps, user’s visits, dwell time)
- Optimize access networks layouts,
- Understand user/device behavior,
- Deduce device make, model and usage,

- Report aggregate information to our partners/customers for further analysis

If FNL and Technology partner HSC need to use this data for an unrelated purpose (not mentioned above),
it will notify the user, explain the legal basis, and obtain consent, which allows it to do so.

Third Party Links

The Wi-Fi onboarding process may contain and/or send links to the user based on scenarios. The links
may direct to websites and/or applications of our business partners, affiliates, advertisers, or customer
networks. Users clicking on those links may allow third parties to collect or share data over which we do
not have any control. When users leave the Wi-Fi website/captive-portal, we encourage them to read the
Privacy statements of these third-party websites before they submit any personal data.

Data Security

We take users’ data and its security seriously. The following security mechanisms are in place to protect
the collected data:

- A VPN tunnel is used while transmitting data from the Wi-Fi Access Points/Wi-Fi Access Point
Management Systems to HSC’s Solution
- The on-boarding or captive portal interface (if hosted by HSC) are served over HTTPS. The HTTPS
certificate is verified by a trustable Certificate Authority
- The data elements (as per section 2 above) collected is stored securely with appropriate user/access
credentials
- MAC addresses and mobile numbers are encrypted (AES-128 bit) when in REST which includes
stored data in database or logs.
- Each encrypted MAC address and mobile number is retained in our databases for only as long as
reasonably necessary for authentication, analytics or advertisement purpose
- The encrypted data is decrypted on the fly (in memory) only, for advertisement and authentication
purpose only. The data by any means is neither stored nor logged in unencrypted form.
- Technology partner HSC uses cloud or in-premise compute and storage for data processing and
storage respectively.

Data Retention

We will retain your personal information for as long as necessary to provide the services you have requested,
or for other essential purpose such as performance of a contract, legal, regulatory, statuary obligations and
enforcing our policies. At expiry of such periods, your personal information will be deleted or archived to
comply with legal/ contractual retention obligations or in accordance with applicable statuary retention periods.

On-boarding and Captive Portal Cookie Policy

Our On-boarding and Captive Portal, if used, may use cookies to store session related data.

A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose
is to remember information about you that shall allow us to improve your experience. Just like most of
the professional websites we use functional and analytical cookies to gain insight on useful information
such as counting website visitors and their user behaviour, targeted advertising, user preferences and
for ease of authentication (e.g. auto profile login) purposes that will allow us to improve our services or
products offerings, enhance user experience and ease of accessibility to the website users.

We use this information to identify the user anonymously and to deliver personalized service.
Disclosure/ Transfers to Third Parties

FNL & Technology partner HSC may share personal information about you with affiliates, partners,
service providers, group entities and non-affiliated companies (a) strictly to provide products or services
you’ve requested; (b) when we have your express permission after notice for the same: or (c) under the
following circumstances:

- We may share information with affiliated entities/subsidiaries/branch offices for legitimate business
purposes.
- We may provide the information to trusted entities or third parties who work on behalf of or with FNL
& Technology partner HSC under strict confidentiality and data protection agreements. However,
these companies do not have any independent right to further share or disseminate this information.
- We may share information with statutory authorities, government institutions or other bodies where
required for compliance with legal requirements.
- We may use the information to respond to subpoenas, court orders, or legal process, or to establish
or exercise our legal rights or defend against legal claims.
- We may share information where we believe it is necessary to investigate, prevent, or take action
against any illegal activities, suspected fraud, situations involving potential threats to the physical
safety of any person, or as otherwise required by law.
- We may share information where we believe it is necessary to protect or enforce FNL & Technology
partner HSC’s rights, usage terms, intellectual or physical property or for safety of HSC or
associated parties.
- We may share information about you if FNL & Technology partner HSC is acquired by or merged
with another company.
- FNL & Technology partner HSC may share your personal information with your consent, or where
the disclosure is necessary for compliance of a legal obligation or where required by government
agencies mandated under law to procure such disclosure. It shall also take steps to ensure that the
information transferred to a third party is not further disclosed by it except where permissible under
law.

Please keep in mind that when you provide information on a third-party site or platform, the information you
provide may be separately collected by the third-party site or platform. The information we collect is covered
by this privacy policy, and the information the third-party site or platform collects is subject to the third-party
site or platform’s privacy practices. Privacy choices you have made on the third-party site or platform will not
apply to our use of the information we have collected directly through our portal. Please also keep in mind that
our sites and services may contain links to other sites not owned or controlled by us and we are not
responsible for the privacy practices of those sites.

International Transfer of Personal Information

Technology partner HSC has a global presence, as a result, the data that we may collect from you, may be
transferred to, stored at, and processed in any of our locations which may be inside or outside the European
Economic Area (“EEA”) or the country in which you are a resident. A Transfer of personal information has a
broad meaning and occurs when information is communicated, moved, accessed, or otherwise sent to
another country. HSC may transfer certain personal information across geographical borders to our entities or
third-party service providers in other countries working on our behalf in accordance with applicable law. These
countries may have data protection laws that are different to the laws of your country (and, in some cases,
may not be as protective). However, HSC has put in place adequate measures to protect data, which is
transferred internationally, including appropriate security measures to safeguard the transfer of your personal
data. HSC ensures the “same level of data protection” as per applicable data protection laws and regulations
when it transfers your personal information to any other body corporate or a person in any country.

By submitting your personal data, you agree to this transfer, storing or processing.

Your Rights As A Data Subject

We respect your right to be informed, access, correct, request deletion or request restriction, portability,
objection, and rights in relation to automated decision making and profiling, in our usage of your personal
information as required by applicable law. We also take steps to ensure that the personal information we
collect is accurate and up to date.

Exercising your rights

To exercise your rights, you may connect with FNL at any one of the following communication channels:
- Official Address: Firefly Networks Limited, A-19, Mohan Co-operative Industrial Estate, Mathura Road,
New Delhi

- Contact details: [email protected]

Verification of identity where you exercise rights related to your information

Where you request access to your information, we are required by law to use all reasonable measures to
verify your identity before doing so. These measures are designed to protect your information and to
reduce the risk of identity fraud, identity theft or general unauthorized access to your information.

Where we possess appropriate information about you on file, we will attempt to verify your identity using
that information. If it is not possible to verify your identity from existing information, or if we have insufficient
information about you, we may require original or certified copies of certain documentation in order to be
able to verify your identity before we are able to provide you with access to your information.

Responding to your requests

FNL’s Technology partner HSC shall provide information on action taken on a request pertaining to the
rights above without undue delay and in any event within one month of receipt of the request. That period
may be extended by two further months where necessary, taking into account the complexity and number
of the requests. HSC shall inform the data subject of any such extension within one month of receipt of
the request, together with the reasons for delay.

Following are data subject rights as applicable under Information Technology (Reasonable Security Practices
and Procedures and Sensitive Personal Data or Information) Rules, 2011:

Access and Rectification of your personal information

When you use the FNL & Technology partner HSC Wi-Fi Solution, we make reasonable efforts to provide,
as and when requested by you, with access to your personal information and shall further ensure that any
personal information or sensitive personal data or information found to be inaccurate or deficient shall be
corrected or amended as feasible. We ask individual users to identify themselves and the information
requested to be accessed or corrected before processing such requests. We may decline to process
requests that are unreasonably repetitive or systematic, requiring disproportionate technical effort,
jeopardizing the privacy of others, or would be extremely impractical (for instance, requests concerning
information residing on backup tapes), or for which access is not otherwise required. In any case, where
we provide information access and rectification, we perform this service free of charge, except if doing so
would require a disproportionate effort.

Data Portability
You may also be entitled to request copies of personal information that you have provided to us in a
structured, commonly used, and machine-readable format and have the right to transmit to another
controller, wherever feasible

Data Erasure
We retain your personal information as long as necessary for us to provide services to you or you ask us
to not retain your data. If you no longer want us to use your information, then you can request that we
erase your personal information. Please note that if you request for the erasure of your personal
information, we may retain some of your personal information as necessary for our legitimate business
interests, such as fraud detection and prevention, enhancing safety and to the extent necessary to comply
with our legal obligations. For example, we may keep some of your information for tax, legal reporting and
auditing obligations.

Right to withdraw consent and Restriction of processing

For withdrawing your consent at any time during the tenure of our services with you. We shall review your
request and may ask you to verify your identity. Post verification we will withdraw the consent for which
request was made by you and stop any further processing of your personal information.

Right to Opt-out or Object to the Processing

FNL & Technology partner HSC respects your privacy considerations and hence provides an option to
you, to not provide the data or information sought to be collected.
Right to lodge complain to Supervisory Authorities
If you have any complaints regarding processing of your personal information you may contact FNL Data
Protection Officer (DPO) at [email protected]. You have the right to complaint about the data
processing activities carried out by FNL’s Technology partner HSC before the competent data protection
supervisory authorities.

Right to object being subject to a decision based solely on automated processing, including
profiling
You have the right not to be subject to a decision based solely on automated processing, including
profiling, which produces legal effects concerning you or similarly significantly affects you. This does not
apply if:

- it is necessary for entering into, or the drawing up of, a contract between us

- it is authorized by Union or State law to which the Data Controller is subject, and which also lays down
suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or - it
is based on your explicit consent

To achieve the paragraph above, we have to implement suitable measures to safeguard your rights and
freedom and legitimate interest, at least the right to offer a human intervention from our side to present
your own point of view, and to challenge a decision.

Effective Date

This Privacy Policy is effective from 04 November 2022 and it supersedes all existing policies on the
subject matter.

Changes to Privacy Policy

Please note that this Privacy Policy may be subject to change from time to time. The revised Privacy
Policy will accordingly be published on this page. We will not reduce your rights under this Privacy Policy
without your explicit consent. You are responsible for periodically visiting our Site and this Policy to check
for any changes.

Contact Information of FNL

Firefly Networks Limited.

Address: A-19, Mohan Co-operative Industrial Estate, Mathura Road, New Delhi - 110044
Contact Number: 011-41667599
Email: [email protected]

If you have any questions or comments regarding this Privacy Policy or processing of your personal
information, please send an email to [email protected] or contact us by calling or writing to
the above-mentioned communication channels

Data Protection Officer (DPO) Details

FNL has appointed a Data Protection Officer (DPO) for you to contact if you have any concerns or queries
about privacy policy and practices or information regarding handling your personal information.
Additionally, for any data protection matters within the European Union (EU), you may still contact the
DPO or our locally appointed EU representative at below mentioned communication channels. The Data
Protection Officer’s name and contact information are as follows:

Data Protection Officer:

Official Address: Firefly Networks Limited.
A-19, Mohan Co-operative Industrial Estate, Mathura Road, New Delhi - 110044
Email: [email protected]
Contact Number: 011-41667599