Unibeam Privacy Policy

1. Introduction

Unibeam Ltd. (“Unibeam,” “we,” “us,” or “our”) provides a proprietary technology solution designed for secure and advanced identity authentication of mobile end devices and Internet of Things (IoT) devices (the “Product”), utilizing integration with SIM/eSIM technology provided by telecommunications operators (“Telcos” as further defined below). Our Product supports Telcos and other Service Providers (as defined below) in their identity authentication workflows of their own End-Users (as defined below).

This Privacy Policy explains how we receive and process the limited data we handle on behalf of Telcos and the Service Providers within the scope of the Product. It also outlines what rights End-Users may have regarding this data and how such rights can be exercised, typically through the Telco or Service Provider that has a direct relationship with the End-User.

2. Definitions

“Service Provider” – Any entity (such as commercial, financial, organizational, or governmental) that has its own subscribers, clients, or end-users, including IoT devices, and requires periodic identity authentication for them. The Service Provider has entered into a separate agreement with the Telco or Unibeam or Unibeam’s distributor and utilizes Unibeam’s Product for its authentication needs.

“End-User“– means you, an individual or legal entity who is both a subscriber to a Telco’s services and a client of a Service Provider. The End-User interacts with the Service Provider’s services and may be authenticated by Unibeam’s Product.

“Telco” – A cellular operator, telecommunication company, or any entity that provides communication services. The Telco supplies the necessary infrastructure and subscriber identity (e.g., SIM/eSIM) for the End-User.

3. The Type of Personal Data We Handle

The personal data processed by Unibeam for the purpose of providing the Product is the Mobile Station International Subscriber Directory Number (“MSISDN“). The MSISDN is the End-User’s mobile phone number, which uniquely identifies their subscription in a mobile network.

4. How We Receive the MSISDNs

Unibeam does not collect MSISDNs directly from the End-User. Instead, the MSISDN is obtained from the Service Provider or the Telco, who has already established a contractual business relationship with the End User. The MSISDN is provided to Unibeam solely for enabling the advanced authentication process on behalf of the Service Provider.

In cases where consent is required by applicable law, consent will be collected by the Service Provider or by the Telco before the authentication process begins. Unibeam relies on the Service Provider’s and Telco’s compliance with their contractual and regulatory obligations, including the General Data Protection Regulation (“GDPR“) or any other applicable privacy regulation, local or international, for obtaining any necessary user consent.

5. Purpose of the MSISDNs Processing

Unibeam processes MSISDN to provide a secure and efficient authentication mechanism on behalf of the Service Provider. This helps ensure that the Service Provider can verify that requests, operations, or transactions initiated by an End-User device correspond to a legitimate and authorized subscriber, thereby enhancing security and preventing fraud.

6. How We Use and Protect the MSISDN

Immediate Hashing: Unibeam employs a hashing protocol immediately upon receipt of any MSISDN via a secure channel. Hashing is a form of cryptography that converts the original data (in this case, the MSISDN) into a fixed-size string of characters, representing the original data but not allowing for its reconstruction or direct identification of the individual.

Deletion of Original Data: The original MSISDN is permanently deleted from our systems following the hashing process. This step is crucial to ensuring that no personal identifiable information is retained longer than necessary for the specific processing purpose. Deleting the MSISDN post-hashing significantly reduces the risk of unauthorized access or data breaches affecting personal data.

Use of Hashed Data: The resultant hashed data retains its utility for operational processes without compromising individual privacy. Hashed MSISDNs enables service provision without directly identifying the user, thus adhering to the GDPR and other privacy regulation principles of privacy by design.

Security Measures: To further ensure the integrity and confidentiality of the data we process, we implement robust technical and organizational measures to protect all data in our possession. These measures include but are not limited to data encryption in transit, regular security audits, and secure coding practices.

7. Data Retention

Unibeam stores only hashed values (non-identifiable data) after the initial process and does not retain the original MSISDN. The hashed values are retained only as long as necessary to fulfill the Service Provider’s authentication needs and will be erased or further anonymized when no longer required upon End-User deregistration (opting out) from the service.

1. Hashes:Unibeam will retain hashes of user data as long as the End-User has not opted out or deregistered from the service. This ensures that we can provide seamless service continuity and maintain user-specific configurations.
2. Logs:Logs, which are also hashed to ensure PII-free data handling, will be maintained for a period between one year and three years, as requested by the Telco. This retention period allows for: Network troubleshooting and optimization; Billing and dispute resolution; Compliance with regulatory requirements; Security audits and incident response.
3. Important Note:Although Unibeam operates PII-free by using hashes, we retain this data for the necessary period to fulfill our obligations to our customers and regulatory bodies. We do not retain data beyond what is required for these purposes.

8. Sharing or Disclosure of Information with Third Parties

Unibeam acts as a processor on behalf of the Telco and the Service Provider. We rely on contractual agreements with these entities, and we process data based on their instructions as outlined in our agreements with them. Unless otherwise described in this Policy, We do not share personally identifiable information of the End Users with any third parties. While we briefly receive minimal data (the MSISDN) from Telcos or Service Providers, this data is immediately transformed into anonymized, hashed identifiers and the original MSISDN is then deleted. As a result, we retain no personally identifiable information. Consequently, we have no personal data to share with any third parties.

We will only disclose hashed data if compelled to do so by law, or by a valid court order or a legally binding requirement issued by an authorized administrative or security authority. In such cases, we will provide only the hashed identifiers in our possession, and no information that can directly identify an End-User.

9. Rights as an End-User

Given Unibeam’s operational model, and although Unibeam does not maintain direct contact with End-Users, we recognize that you may have rights under privacy laws. The typical data subject rights under the GDPR are contextually modified as follows:

Right of Access, Rectification, Erasure, and Portability- Typically, these rights allow data subjects to manage their personal data. However, Unibeam does not hold any PII, and therefore cannot directly associate any data with a specific End-User. As a result, these rights do not apply directly to our service. End-Users wishing to exercise such rights should contact their Telco or the Service Provider, who may retain the necessary identifiable information.

Right to Restrict Processing and to Object- While these rights primarily pertain to the processing of personal data, Unibeam acknowledges their importance. Because Unibeam only handles hashed, non-identifiable data, requests to restrict or object to processing, including opt-out requests, should be directed to the Telco or the Service Provider. Their contractual or legal frameworks may allow for such requests and can be addressed at that level.

Any requests to exercise your rights should be directed to your Service Provider (the entity with whom you have a direct relationship) or to your Telco, depending on the circumstances. Unibeam will cooperate fully with the Service Provider or Telco to fulfill such requests in accordance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Product, legal requirements, or other operational reasons. We will notify the Service Provider and/or Telco of any significant changes, and it is their responsibility to update their End-Users as needed. The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised.

11. Governing Law; Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to the conflict of laws provisions thereof. Any dispute arising under or in relation to this Agreement shall be exclusively resolved in the competent courts in of Tel-Aviv, Israel.

12. Contact Information

For any inquiries, concerns, or requests regarding this Privacy Policy, please get in touch with our Chief Security Officer (CISO) at:

Email: [email protected]