Skip to main content
M2M and IoT

How IoT Connectivity Works

A technical guide for engineers, developers, and deployment managers who need to understand what happens between a device powering on and data reaching the cloud.

Most IoT connectivity guides focus on choosing the right SIM type, comparing radio technologies, or selecting a provider.

This guide goes deeper. It explains what actually happens when an IoT device powers on and attempts to connect, including the authentication sequence, the network attach procedure, how APNs route traffic, how IP addresses are assigned, how firmware behaviour affects reliability, and where the most common connectivity failures occur.

Understanding these mechanics is not academic. It is the difference between a deployment that works reliably at scale and one that generates constant support tickets. When a device authenticates successfully but cannot pass data, when battery life is half of what was expected, or when devices intermittently drop offline after firmware updates, the answers are in this technical layer.

This guide is written for engineers, developers, and technical decision-makers who design, deploy, or troubleshoot IoT systems. It assumes familiarity with cellular connectivity concepts but explains each mechanism from first principles.

How IoT SIM authentication works

Every IoT device begins its connectivity journey by proving its identity to the mobile network. This authentication process determines whether the device is permitted to access network services.

The authentication sequence

When the device powers on and detects a cellular network, the following sequence occurs.

The SIM (or eSIM) presents its IMSI (International Mobile Subscriber Identity) to the network. This is the device’s primary credential, a unique identifier tied to a specific carrier subscription. The network’s authentication centre (AuC) receives the IMSI and generates a cryptographic challenge using a random number (RAND). This challenge is sent to the SIM.

The SIM uses its Ki (authentication key), a 128-bit secret key stored securely on the SIM and never transmitted over the air, to compute a response (SRES) and a session key (Kc) using the network’s authentication algorithm.

In modern 4G and 5G networks, this process uses AKA (Authentication and Key Agreement), which provides mutual authentication. The device verifies the network identity as well, reducing the risk of rogue base station attacks. Older 2G and 3G networks used one-way authentication models.

The network compares the SIM response against its own expected value. If they match, the device is authenticated and permitted to proceed to the attach phase. If they do not match, the attach request is rejected.

Why this matters for IoT deployments

The Ki key is the most sensitive credential in the system and it never leaves the SIM. If a SIM profile is corrupted during provisioning, authentication fails and the device cannot connect. For eSIM deployments using remote provisioning, the integrity of the profile download process is critical.

For large fleets, authentication must work reliably for devices that frequently transition between sleep and connected states. Every time a device wakes from deep sleep and re-attaches, this authentication sequence runs again. Poorly designed wake cycles that trigger excessive re-authentication can cause network-side throttling.

An additional security layer used in enterprise IoT is SIM-to-IMEI locking, where the network verifies that the SIM IMSI is paired with the expected device IMEI (International Mobile Equipment Identity). This prevents a SIM from being extracted and used in an unauthorised device.

IoT device identifiers: ICCID, IMSI, IMEI, and MSISDN

IoT devices carry several unique identifiers, each serving a different function. Confusing them is one of the most common sources of provisioning errors and troubleshooting delays.

ICCID (Integrated Circuit Card Identifier) is the SIM serial number. It is used for provisioning and inventory management, not for network authentication. When you order SIMs from a provider, the ICCID is how individual SIMs are tracked and activated.

IMSI (International Mobile Subscriber Identity) is the subscriber identity stored on the SIM. It identifies the subscription to the mobile network and is used during authentication and attach. In multi-IMSI SIMs, multiple IMSIs are stored and the device presents the appropriate one depending on the network it is connecting to.

IMEI (International Mobile Equipment Identity) identifies the modem hardware, not the SIM. It is used for device tracking, blacklisting stolen equipment, and SIM-to-IMEI locking.

MSISDN is the device phone number. In IoT it is frequently unused, and many data-only SIMs do not have an MSISDN. It is only required for devices using SMS or needing to be reachable via a phone number.

When these identifiers are mismatched, for example when a SIM is moved to a different device without updating the IMEI lock, or when a multi-IMSI SIM presents the wrong IMSI, the device will fail to connect or will be rejected by security policies.

Maintaining a clean mapping of ICCID, IMSI, and IMEI across your fleet is essential for troubleshooting at scale.

The network attach procedure

Once authenticated, the device must complete the attach procedure before it can exchange data. This is a multi-step negotiation between the device and the network.

Radio technology selection

The modem scans available frequencies and selects a radio access technology, typically NB-IoT, LTE-M, 4G LTE, or 5G, based on signal strength, firmware configuration, and band-locking rules set by the deployment.

Many IoT devices are configured to prefer a specific technology. For example, a low-power sensor may prefer NB-IoT and only fall back if NB-IoT is unavailable.

Misconfigured band-locking is a common cause of connectivity failures. A device locked to NB-IoT bands in a location where the carrier only provides LTE-M will fail to attach even though service is technically available.

Attach request and acceptance

The device sends an attach request to the network’s mobility function. The network validates the subscription, checks restrictions, and returns an attach accept message that includes a temporary identity, network timer values for idle and connected states, and carrier-specific policies.

PDP context activation: the step that enables data

Authentication and attach do not automatically provide data connectivity.

The device must establish a PDP context (3G and 4G terminology) or PDN connection (4G and 5G terminology). This is where the APN comes into play. The device requests a data connection by specifying its configured APN. The network routes the request to the appropriate packet gateway. The gateway assigns an IP address and establishes the data path according to the APN configuration, such as public internet routing, private network routing, VPN tunnel, or enterprise firewall rules.

If the APN is misconfigured, wrong name, wrong authentication type, or the SIM is not provisioned for that APN, PDP context activation fails. The device appears authenticated and attached but cannot pass data.

This is the most common cause of the connected but no data symptom.

APNs explained: The backbone of IoT data routing

The Access Point Name (APN) determines how a device’s data reaches its destination.

An APN is a logical identifier that tells the carrier network which packet gateway to use, what IP addressing scheme to apply, what security policies to enforce, and where to route traffic.

What an APN consists of

An APN has two components, a network identifier and an operator identifier. In practice, most IoT deployments use a single APN string provided by the connectivity provider.

Public APNs

A public APN routes traffic to the open internet through the carrier’s standard gateway.

Public APNs are simple to configure and broadly compatible, but they expose device traffic to the public internet, provide limited isolation, and offer limited control over routing and IP addressing. They are generally unsuitable for sensitive data.

Private APNs

A private APN creates an isolated data path between the device and an enterprise network. Traffic does not traverse the public internet. It is routed via VPN tunnel, MPLS, or direct peering.

Private APNs provide controlled IP addressing, traffic isolation, VPN support, firewall integration, and the ability to enforce access control policies at the network level. Private APNs are effectively mandatory for payments and EFTPOS, utilities and smart grid, security and surveillance, industrial control systems, healthcare, and any environment with data sovereignty or compliance requirements.

How APN configuration works in practice

The APN is configured in the modem, either in firmware, via AT commands during manufacturing, or through SIM platform configuration. When the device requests PDP context activation, it presents the APN. The carrier validates that the SIM is provisioned for that APN and routes the connection accordingly.

If the APN is wrong, the device attaches successfully but fails at the PDP context stage. The device appears connected at the radio level but has no working data path.

When troubleshooting data connectivity failures, verify the APN configuration first.

IP addressing for IoT devices

How a device is assigned an IP address has significant implications for security, reachability, and fleet management.

Private dynamic IP

The most common configuration. The device receives a private IP from a carrier NAT pool each time it connects. The device cannot be reached from the internet, which provides inherent security. Suitable for devices that only push data outbound.

Public dynamic IP

The device receives a public IP that can change each time it reconnects. This increases exposure and is rarely appropriate for IoT unless strict firewalling is in place.

Public static IP

The device receives a fixed public IP. This is required for inbound access, such as remote management or certain camera and controller use cases. It must be combined with strict firewall policies and is often better implemented through a private APN.

VPN-terminated addressing

The device connects through a private APN and the carrier gateway terminates an IPSec VPN tunnel into the enterprise network. The device receives an address from the enterprise address space and remains isolated from the public internet. This is the most secure model for sensitive deployments.

IPv6 considerations

5G networks natively support IPv6. IPv6 simplifies addressing for large fleets by removing IPv4 exhaustion constraints. As 5G IoT deployments scale, IPv6 adoption will accelerate. Ensure devices, management platforms, and cloud infrastructure support it.

Device behaviour: The hidden driver of IoT reliability

The network provides connectivity infrastructure, but device firmware determines how effectively that infrastructure is used.

Poor device behaviour is one of the most underestimated causes of IoT connectivity problems.

Attach and detach cycles

Every attach consumes signalling resources. Devices that repeatedly attach and detach due to aggressive wake cycles, poor signal, or firmware bugs generate excessive signalling traffic. Carriers monitor this and may throttle or temporarily bar devices that exceed thresholds.

Design firmware to use PSM or eDRX rather than frequent detach and reattach cycles.

PSM and eDRX

NB-IoT and LTE-M devices rely on PSM and eDRX to achieve multi-year battery life. PSM allows deep sleep while remaining registered. The device does not need to re-authenticate when it wakes. eDRX extends the interval at which the device listens for paging messages.

Incorrect timer configuration is the most common cause of worse-than-expected battery life. Values must match the reporting cadence and acceptable downlink latency. Test with the target carrier because timer negotiation varies by network.

Retry logic

Retry behaviour determines whether devices recover or enter destructive loops.

Constant interval retries generate excessive signalling, drain battery, and can trigger carrier barring.

Implement exponential backoff and define maximum intervals and attempt limits before extended sleep.

Firmware updates over the air

FOTA updates must be designed for cellular constraints. Use delta updates where possible, schedule updates during strong signal and available power, and prefer LTE-M over NB-IoT for larger payloads.

A common failure mode is an update that resets APN settings or band-locking, causing devices to go offline immediately after updating. Firmware update processes must preserve and re-apply network configuration.

Antenna design and selection

Antenna issues are one of the most common physical causes of IoT connectivity failure and one of the least discussed.

Poor antenna performance increases current draw during transmission, reduces throughput, increases attach failures, and creates intermittent connectivity that is difficult to diagnose.

Validate antenna performance in the actual deployment housing. Metal enclosures can attenuate signal significantly.

Security layers in IoT connectivity

Modern IoT security operates across five layers. A weakness in any layer can compromise the deployment.

SIM-level security
Cryptographic authentication via Ki and AKA. SIM-to-IMEI locking prevents extraction misuse. For eSIM, secure profile provisioning integrity is essential.

Network-level security
Licensed spectrum reduces interference and eavesdropping risk. Radio transport is encrypted. APN isolation separates IoT traffic from other network domains.

IP-level security
Private addressing reduces exposure. IPSec VPN tunnels protect data in transit. Firewalls enforce access control.

Application-level security
TLS protects payloads. IAM controls service access. Payload signing supports integrity.

Device-level security
Secure boot ensures only signed firmware runs. Encrypted storage protects credentials. Firmware signing prevents unauthorised code during updates.

A comprehensive architecture addresses all five layers. Network security alone is not sufficient.

Common IoT connectivity problems and how to diagnose them

These are the most frequent issues seen in real deployments.

Device authenticates but cannot pass data

Symptoms: The device shows registered or attached status, but no data flows and the cloud receives nothing.

Root cause: Almost always an APN issue. The device attached successfully but failed PDP context activation because the APN is wrong, the SIM is not provisioned for the APN, or authentication type does not match requirements.

Resolution: Verify the APN string exactly as specified, including case and spacing. Confirm the SIM is provisioned for that APN in the management platform. Reboot the modem after correction.

Device drains battery faster than expected

Symptoms: Battery life is far below design target.

Root cause: Weak signal forcing high transmit power, incorrect PSM or eDRX values keeping the device active too often, or aggressive retry loops after failures.

Resolution: Measure signal strength at the deployment location. Improve antenna performance or placement if required. Tune power mode configuration to match reporting needs. Implement exponential backoff retry logic.

Device connects intermittently

Symptoms: The device cycles online and offline with no obvious pattern.

Root cause: Often a radio technology mismatch or an antenna installation issue. The device may be configured to prefer NB-IoT where only LTE-M is available, or signal conditions may vary enough to break attach reliability.

Resolution: Confirm which technologies are available at the deployment location. Configure modem preferences appropriately. Validate antenna performance in the installed housing.

Roaming works internationally but not domestically

Symptoms: The device connects overseas but fails in the home market.

Root cause: Missing domestic roaming rules or an incorrect preferred network list. Some global SIMs support international roaming but lack domestic carrier agreements.

Resolution: Update the SIM profile to include domestic carrier access. Verify preferred network lists and provisioning for multi-carrier domestic use.

Devices go offline after a firmware update

Symptoms: Many devices lose connectivity after a FOTA rollout.

Root cause: Updates reset APN, band-locking, or network preference rules to defaults.

Resolution: Ensure updates explicitly re-apply modem configuration after reboot. Test updates on a subset of devices before rollout. Include post-update health checks for APN and network configuration.

Excessive data consumption

Symptoms: Fleet data usage is far above expected.

Root cause: Usually application-layer behaviour, chatty protocols, repeated handshakes, overly frequent heartbeats, poor retry logic, or TLS renegotiation.

Resolution: Use lightweight protocols such as MQTT or CoAP for small payloads. Implement TLS session resumption. Extend heartbeat intervals. Configure SIM-level usage alerts to detect anomalies early.

Designing a reliable IoT connectivity architecture

A reliable deployment requires deliberate decisions at each layer.

SIM and carrier selection
Choose the SIM type and carrier access model based on geography, uptime requirements, and long-term flexibility.

Radio technology selection
Match the radio technology to the application and configure band-locking to reduce unnecessary scanning.

APN and IP routing configuration
Define public vs private routing, VPN termination requirements, and IP addressing based on security and reachability needs.

Device firmware tuning
Tune PSM and eDRX to real reporting cadence, implement backoff retry logic, preserve configuration during updates, and validate antenna performance in deployment housing.

Security across all layers
Address SIM authentication, APN isolation, VPN transport, application TLS, and device secure boot and signing. Do not rely on a single security layer.

Monitoring and diagnostics
Use a SIM management platform that provides real-time visibility into status, usage, session history, and failure patterns. Implement alerts and diagnostic workflows for common failure modes.

Frequently asked questions

What happens if the APN is configured incorrectly?
The device will authenticate and attach successfully, but PDP context activation will fail. The device appears connected at the radio layer but cannot send or receive data. Correct the APN and reboot the modem.

What is the difference between IMSI and IMEI?
IMSI is the subscriber identity stored on the SIM and used for network authentication. IMEI identifies the modem hardware. They serve different functions, and SIM-to-IMEI locking uses both.

Why does my IoT device battery drain faster than expected?
Most commonly weak signal causing high transmit power, poorly tuned PSM or eDRX timers, or aggressive retry logic after failed connections. Measure signal strength and tune power modes and retry behaviour.

What is a private APN and when do I need one?
A private APN creates an isolated data path between devices and your enterprise network, bypassing the public internet. It is effectively mandatory for sensitive deployments and strongly recommended for enterprise fleets requiring traffic control.

What protocols should IoT devices use for data transmission?
For small payloads, MQTT or CoAP are typically better than HTTPS because they reduce overhead and suit NB-IoT and LTE-M constraints. HTTPS fits higher bandwidth use cases on 4G or 5G.

What is the difference between PSM and eDRX?
PSM allows deep sleep while remaining registered, so the device does not re-authenticate on wake. eDRX extends paging listen intervals. PSM minimises power during long idle periods, while eDRX manages downlink latency in an intermediate power state.

Conclusion

IoT connectivity is an engineering discipline, not a configuration checkbox. The difference between a deployment that works at scale and one that generates constant operational issues comes down to technical fundamentals: how SIM authentication establishes trust, how APNs route traffic, how firmware behaviour affects battery life and reliability, and how security must be addressed across every layer from SIM to cloud.

Organisations that invest in understanding these mechanics, or partner with specialists who do, build deployments that are more reliable, more secure, more cost-efficient, and significantly easier to troubleshoot when issues arise.

M2M Connectivity provides the technical infrastructure and specialist support IoT deployments require, including enterprise-grade SIM authentication, private APN configurations, multi-network failover, eSIM provisioning, advanced diagnostics, and a local Australian team with deep experience in IoT connectivity engineering.

Need help designing your IoT connectivity architecture?
Talk to an IoT expert →

Take your business to the next level with a limited time offer

Start free trial Talk to sales
Close Menu
M2M-One-Logo_RBG.png
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. Please see below both M2M One & Sierra Wireless’ Website Privacy Policy.

1. Privacy Policy Statement

M2M One is committed to protecting your privacy, keeping your information safe and ensuring the security of your data. This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. This extends to both our control and processing of personal information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The National Privacy Principles (NPPs) govern the way in which we collect, use, disclose, store, secure and dispose your Personal Information.

The current policy will be in effect from 1 July 2020. We may need to update it over time but if we do, the updated version will be published.

2. What information we collect and control

The types of information we collect depends on how you use our products and services as well as the relationship we have with you as a customer. It may include information like your name, date of birth, contact details (including address, email address, phone number or mobile telephone number), bank account and credit card details, information to prove your identity (driver’s license or another approved ID), account username or password and your use of our products and services.

We may also collect more in-depth information including:

  • Financial and Credit information related to your financial relationship with us, such as your financial details, payment history, credit history, and your service history.
  • Information about your products and services including device-specific information such as your hardware model, operating system version, unique device and service identifiers, device status, serial numbers, settings, configuration and software and mobile network information.
  • Information about how you use your products and services such as:
  • Your network usage including time and duration of your communications as well as information about the operation of the equipment, services and applications you use on our networks
  • How you use our services to access the internet, such as the location of your devices when you are using our products and services
  • Information that allows us to identify you for verification purposes.
  • Technical Information about your products and services including details about our network performance including information about how you use our networks.

Some of the information collected may be sensitive information. If we need this type of information, we’ll ask you for information in accordance with applicable law.

You might also need to provide personal information about other individuals to us (e.g. about your authorised representative). If so, we rely on you to have informed those individuals that you are giving their personal information to us and to have advised them about this statement. It is important to be aware that if you access another party’s website or application using one of our products, that other party will deal with your personal information in accordance with its own privacy policy.

3. How do we collect your information

We collect personal information in the following ways:

We collect information directly from you when you:

  • Or your representative interacts with either us or one of our trusted partners. This might happen when you are setting up an account with us or using one of our products or services;
  • Order and/or register for a product or a service;
  • Interact with technical support and sales teams;
  • Use our website or social media sites;
  • Share information with us via forms, for example when you register for our trainings, events and newsletters.
  • Apply for a job with us.

We may also collect information about you:

  • From external sources like credit reports and marketing mailing lists;
  • Commercially available information. This can also include information gained from our partners, these partners include our business and commercial partners, and other affiliates;

 

4. How do we store your information

We take all reasonable steps to securely store your information using a combination of technical solutions, security controls and internal processes to protect information and our network from unauthorised use, modification, access and disclosure.

We may store your information in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves.

We endeavour to ensure that information is kept as current as possible and that irrelevant data is deleted or made anonymous as soon as reasonably practicable. However, some information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.

5. How do we use your information

We may use your personal information in the ways as outlined below:

  • To help us properly manage the products and services we provide to you. We also use your information for charging and billing and to identify potential breaches of our terms and conditions of service.
  • Communicate with you in order to provide you with our products, upgrades and services via email, SMS and social media.
  • Processing orders and applications and to enroll you as our customer.
  • Verifying identity, carrying out credit checks and reporting.
  • Generating bills, managing account, and carrying out debt-recovery.
  • Development of our products and services.
  • Communicate to you about all our products, services and offers that are relevant and are of interest to you. We may use the information we hold to market and promote them directly to you.
  • Identifying your location so we can send you emergency alerts.
  • Protecting our network and managing the data use and other uses of our network.

 

6. When do we share your information

We do not sell any information. We may share your information with other parties who provide services to us, including partners and contractors that assist us with providing our business processes and products and services. These services include:

  • Providing, managing or administering your product or service including customer enquiries and support services.
  • Installation, maintenance and repair services.
  • Mailing operations, billing and debt-recovery functions.
  • Information technology and network services.
  • Development, analysis and business intelligence functions.
  • Your authorised representatives or legal advisers
  • Third parties when you ask us to do so or when you consent to that disclosure for the purposes of preventing or investigation fraud, crime or misconduct relating to your account or services.
  • Credit providers or credit-reporting agencies for identity checking and credit related purposes such as credit-worthiness, credit rating, default listing, credit provision and financing under privacy act and credit reporting legislation.
  • Our dealers, business or commercial partners, legal advisers and other businesses we work with
  • The manager of the Integrated Public Number Database (IPND), and other organisations as required or authorised by law (please see www.acma.gov.au for more information)
  • Law enforcement and national security agencies, and other government and regulatory authorities as required or authorised by law
  • For the purposes of facilitating or implementing a transfer/ sale of all or part of our assets or business.

 

7. How can you access or correct your information

To ensure that we are able to provide you with the best products and services possible, it’s important that you make sure the information we hold about you is accurate, up-to-date and complete. If any of your details change you may contact us using the contact details below. You also have the right to request a copy of your information that we hold about you. There is no charge to submit a request or to correct information, however we may apply an administrative charge for providing access to your information on request. To make this request email us at: privacy@m2mone.com.au

8. How can you make a privacy complaint

You can also use our contact details to notify us of any privacy complaint you have against us. If you believe your privacy has been compromised, please contact us. We are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe on the response to the complaint.

While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also be able to lodge a complaint with a relevant regulator such as the Australian Information Commissioner or the Telecommunications Industry Ombudsman.

9. How can you contact us

If you have any questions in relation to this Privacy Statement, our management of your information or you would like a copy of this statement sent to you, please call us on (03) 9696 3011 or email us at privacy@m2mone.com.au. The office hours are Monday-Friday 8 am-5 pm EST.

Contact Details:

Email: privacy@m2mone.com.au

Phone: (03) 9696 3011

Updated: September 2020

Sierra Wireless and its subsidiaries (“Sierra Wireless”, “we”, “us” or “our”) respect your privacy. Sierra Wireless is committed to protecting the personal data in our custody and control.

This privacy policy (the “Privacy Policy”) describes how we collect, use and disclose your personal data as part of the activities of the websites operated by Sierra Wireless under the Sierra Wireless domain (such as sierrawireless.com, source.sierrawireless.com and mexchange.sierrawireless.com) (collectively, the “Website”). This Privacy Policy also describes the rights that you have as a data subject of the personal data processed by Sierra Wireless.

1. Identification of the Data Controller of your Personal Data and Sierra Wireless Data Protection Officer.

Whenever a Sierra Wireless entity collects, uses or transfers your personal data for its own purposes, that Sierra Wireless entity acts as a data controller of your personal data. The Sierra Wireless entity acting as a data controller of your personal data is the Sierra Wireless entity:

  • That operates the Website; and/or
  • Where applicable, that is located in your country and/or in the country you choose in the Website, and to which you send requests relating to Sierra Wireless services and/or products.

So as to better ensure the security of your personal data, Sierra Wireless has appointed a data protection officer (the “DPO”). You may contact the DPO, if you have any questions or concerns regarding this Privacy Policy and the manner in which Sierra Wireless processes your personal data, by sending an e-mail to dataprotectionofficer@sierrawireless.com.

 

2. Personal Data we Collect

Sierra Wireless collects your personal data from your use of the Website (e.g. visiting the Website pages, the blog, downloading case studies, watching videos on the Website and viewing infographics provided in the Website), when you create an account, from your subscription to the newsletter or any other e-mailing list,  from any request you send through the Website (e.g. using the sales contact form, the support form, the webinar form or the free white paper form), when you attend a seminar, a webinar or participate in an online survey or access a whitepaper, when you submit an entry for a contest or promotion, purchase a product or service from our online store, or when you attend an investor event or trade show and provide your personal data to us.

From time to time, Sierra Wireless receives personal data from business partners, vendors and distributors.

Sierra Wireless processes the following data that relates to you:

  • Identification data (such as first and last name, job title, e-mail address, business phone number, company industry, advertising identifiers);
  • Billing data (such as your billing and shipping addresses, credit card information);
  • Connection data (such as IP address, operating system, region and language as well as the date and time the Website was accessed);
  • Log data (such as the credentials used to access your account and/or other Website pages that require log-in credentials);
  • Activity data (such as the number and the Website pages you visited, if you send a request through a form provided by the Website).

 

3. How We Use Information Collected?

Sierra Wireless uses your personal data where it has obtained your consent to send you marketing communications (including by e-mail) related to products and/or services different from those you purchased and/or you requested information.

Sierra Wireless will use your personal data for its legitimate interest to operate its Website, provide you access to it and to its features, promote its activities and services including the following reasons:

  • Website visitor’s and prospect’s management, with respect to the access to the Website, to any of its pages and to the services provided (such as webinar, the white papers, the case studies, the video and the blog); provide information and enable interaction with our teams (sales team and any team dedicated to the provision of materials through the Website);
  • Improve the Website and its features, to better understand how you use the Website; better understand your needs;
  • Implement marketing activities specific to Sierra Wireless, with respect to e-mailing activities; newsletter; product and/or service information; and
  • Implement profiling and targeting activities so as to send you interest based advertisements.

Sierra Wireless will use your personal data where such processing is necessary to the performance of any sales agreement and/or product and/or service online order with you, including:

  • Client and prospect management, with respect to everyday internal business purposes in order to process your transactions, maintain your account(s), and provide customer service; manage, administer, collect or otherwise enforce accounts and protect them against fraud; keep you up to date on the latest product announcements, software updates, special offers or other information we think you would like to hear about either from us, including sending you direct marketing information or contacting you for market research;
  • Improve our services: to better understand your needs and provide you with better services; conduct market research in order to develop marketing strategies.

Sierra Wireless also uses your personal data for compliance with legal obligations to which Sierra Wireless is subject, including for legal and regulatory compliance, with respect to maintain business records for reasonable periods as required by applicable tax and other laws.

 

4. How Long do we Retain your Personal Data?

Sierra Wireless retains your personal data no longer than it is allowed under the applicable data protection laws and in any case, no longer than such personal data is necessary for the purpose for which it was collected or otherwise processed, unless a longer retention period is required by applicable law. This means that we will retain your personal data for a period not exceeding the greater of, where applicable, the:

  • Duration of your account;
  • Duration of the processing of your requests;
  • Period of time necessary for establishing, performing and terminating the contractual relationship you may have entered into with Sierra Wireless;
  • Three years as from the term of the contractual relationship or before if you object to the processing of your personal data for marketing purposes (for clients);
  • Three years as from the date where such personal data was collected or before if you object to the processing of your personal data for marketing purposes (for prospects);
  • Duration of the applicable statute of limitations; and
  • Regarding any information processed through cookies and/or similar technologies you have accepted, for a period of time not exceeding thirteen (13) months as from the date of their implementation. For more information on cookies and/or similar technologies implemented by Sierra Wireless, please see our cookie policy.

 

5. Information Sharing and Disclosure to Recipients

Sierra Wireless will grant access to personal data on a need-to-know basis.  Such access will be limited to the portion of the personal data that is necessary to perform the function for which such access is granted.

Sierra Wireless may need to disclose your personal data to provide you the materials, products or services you requested through the Website and/or perform any agreement entered with Sierra Wireless (including support services).

As a result, access to personal data within Sierra Wireless may include its authorized personnel in charge of support services, client management, prospect management, marketing services, sales services and billing services.

Access to personal data by third parties may include: third-party service providers that require it as part of their job in order to perform services on Sierra Wireless’ behalf, for example repair services, technical support, mailing, billing, marketing, serve you interest-based advertisements, information technology and/or data hosting or processing services or similar services, or otherwise collect, use, disclose, store or process personal data on Sierra Wireless’ behalf for the purposes described in this Privacy Policy.

Subject to your consent, Sierra Wireless will disclose your personal data to our business partners so that you can receive from them special offers or other information including direct marketing information or contacting you for market research.

Sierra Wireless will disclose personal data with your preferred Sierra Wireless’ distributor to ensure customer satisfaction.
We may share personal data in the event of a proposed or actual financing, securitization, insuring, sale, assignment or other disposal of all or part of Sierra Wireless or our business or assets, for the purposes of evaluating and/or performing the proposed transaction.  Assignees or successors of Sierra Wireless or our business or assets may use and disclose your personal data for similar purposes as those described in this Privacy Policy.

Sierra Wireless will also disclose your personal data with your consent, if required to do so by law, to enforce our Terms of Use, in urgent circumstances, or to protect personal safety, the public or our Website.

 

6. International Data Transfers 

Due to the global nature of Sierra Wireless’ business, Sierra Wireless may disclose and transfer certain personal data to a foreign country.

6.1. Regarding Canadian data subjects

Sierra Wireless currently collects, stores and processes your personal data on servers located in Canada but such personal data may be accessed outside of Canada by authorized personnel who will then use and disclose your personal data in accordance with this Privacy Policy.

Sierra Wireless may also transfer your personal data to its third-party service providers who are located outside of Canada.

Sierra Wireless takes commercially reasonable contractual or other measures to protect your personal data if processed or handled by these third-party service providers. While your personal data is located outside Canada it will be subject to the legal requirements in those foreign countries applicable to our third-party service providers, for example, lawful requirements to disclose personal data to government authorities in those countries.

6.2. Regarding EU data subjects

Sierra Wireless may transfer your personal data to Sierra Wireless entities and third-party service providers located outside the European Union (“EU”) (such as in Canada).

To comply with EU data protection laws, including the General Data Protection Regulation (GDPR), Sierra Wireless has entered into a framework agreement, under the terms of which all Sierra Wireless data importers outside the EU are obligated to process and protect all personal data received from the EU in accordance with the controller-to-controller standard contractual clauses (the “Clauses”), as approved by the European Commission in order to protect all personal data received from the EU.

The transfers of data to third-party service providers (including to those listed in Section 5 above) are secured by implementing the safeguards required under the applicable data protection law (including contractual arrangements entered into with a third-party service provider).

 

7. Your Rights as Data Subject

As a data subject, you may have certain rights, including the:

Right to Access: the right to obtain confirmation from Sierra Wireless as to whether any personal data concerning you is processed by Sierra Wireless. This includes the right to access such personal data to obtain a copy of it free of charge (except for repetitive or excessive requests), and to be provided with a description of main features of the processing implemented in relation to your personal data, including:

  • (i) Purposes of such processing,
  • (ii) Categories of personal data concerned,
  • (iii) Recipients or categories of recipients of personal data,
  • (iv) The envisaged retention period or, if not possible, the criteria used to determine it,
  • (v) Existence of the right to request rectification or erasure of personal data, as well as the right to object to or request restriction of processing,
  • (vi) The right to lodge a complaint with a supervisory authority,
  • (vii) Information relating to any third party source of personal data if the data were not collected from you, and
  • (viii)The existence, the logic involved, the significance and the consequences of any automated decisions, including profiling.
  • If you are located in the EU, and your personal data is transferred outside the EU, you have the right to be informed of the appropriate safeguards implemented relating to such transfer.

Right to Rectification: the right to obtain without undue delay the rectification of inaccurate, incomplete or outdated personal data concerning you.

Right to Erasure: the right to obtain without undue delay the erasure of your personal data where:

  • (i) Such personal data is no longer necessary in relation to the purpose(s) for which it was collected or otherwise processed;
  • (ii) You withdraw the consent on which the processing was based, and there are no other legal grounds for the processing;
  • (iii) You object to the processing, as provided below;
  • (iv) Your personal data has been unlawfully processed;
  • (v) Your personal data has to be erased for compliance with a legal obligation. In some cases Sierra Wireless may refuse such request, notably where such data is necessary to comply with a legal obligation.

Right to Restriction: the right to restrict the processing of your personal data in the following cases:

  • (i) Where you claim inaccuracy of your personal data processed by us (the restriction being provided for a period enabling Sierra Wireless to verify the accuracy);
  • (ii) Where the processing appears unlawful, and you oppose the erasure and request the restriction of use of your personal data instead;
  • (iii) Where Sierra Wireless does not need such personal data for the purposes of processing, but such personal data is required by you for the establishment, exercise or defense of legal claims; and
  • (iv) Where an objection is raised by you in relation to the processing, pending the verification whether the legitimate grounds of Sierra Wireless override those of you.

Right to Object: the right to object, at any time and on legitimate grounds relating to your particular situation, to the processing of your personal data, including the processing for marketing purposes as well as the profiling related to such marketing activities.

Right to Data Portability: where the processing is based on your consent or on a sales contract, and where such processing is carried out by automated means, the right to request from Sierra Wireless:

  • (i) to communicate to you the personal data concerning you, in a structured, commonly used and machine-readable format, in order to be able to further transmit such personal data to another data controller; or
  • (ii) to directly transmit such personal data to such other data controller, if technically feasible.

Right to Withdraw Consent: where the processing of your personal data is based on consent, the right to withdraw such consent (subject to applicable contractual and legal restrictions) at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint: the right to lodge a complaint with the competent supervisory authority.

Where you are a French user you also have the right to contact Sierra Wireless to define the instructions for the processing of your personal data after your death.

In case you wish to exercise any of the rights here above mentioned, please contact us by sending an email to privacy@sierrawireless.com or by sending an e-mail to our DPO at dataprotectionofficer@sierrawireless.com.

 

8. Safeguards

We have implemented commercially reasonable physical, organizational and technological safeguards to protect personal data against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.  However, you should be aware that absolute security cannot be guaranteed.

 

9. Children’s Privacy Protection

Our Website does not target and is not intended to attract children under the age of 13. Sierra Wireless does not knowingly solicit personal data from children under the age of 13 or send them requests for personal data.

 

10. Third-Party Sites

Our Website may contain links to websites operated by other companies. Some of these third-party sites may be co-branded with a Sierra Wireless logo, even though they are not operated or maintained by Sierra Wireless.

Although we choose our business partners carefully, Sierra Wireless is not responsible for the privacy practices of web sites operated by third parties that are linked to our Website. Once you have left our Website, you should check the applicable privacy policy of the third party website to determine how they collect, use, disclose, and otherwise deal with personal data.

 

11. Your California Privacy Rights

Consumers residing in California have certain rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”) (California Civil Code Section 1798.100 et seq.) and the “Shine the Light” Law (California Civil Code Section 1798.83). If you are a California resident, then this Section 11 and the additional disclosures related to the collection, use, disclosure, and sale of personal information applies to you.

11.1. Collection and Use of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers (such as first and last name, email address, alias, postal address, online identifier, internet protocol address, operating system, account name, or other similar identifiers);
  • Categories of personal information described in California Civil Code § 1798.80(e) (such as name, telephone number, and address);
  • Characteristics of protected classifications under California or federal law;
  • Commercial information (such as billing data);
  • Internet or other electronic network activity information (such as connection data, operating system, region, language, date and time the Website was accessed, log data (such as the credentials used to access your account and/or other Website pages that require log-in credentials), or activity data (such as the number and the Website pages you visited, if you send a request through a form provided by the Website));
  • Geolocation data;
  • Audio, electronic, visual, thermal, olfactory, or similar information (such as voice recordings);
  • Professional or employment-related information (such as job title, business phone number, or company industry);
  • Education information; and
  • Inferences drawn from any of the above information.

For examples of more specific information we collect and the sources of such collection, please see Section 2 above.

We collect personal information for the business or commercial purposes as described in Section 3 above.

11.2. Disclosure of Personal Information

We may share your personal information with third parties as described in Section 5 above. Sierra Wireless does not sell personal information (i.e., we do not exchange your personal information directly for monetary compensation). We do allow our advertising partners to collect certain device identifiers and electronic network activity via our services to show ads that are targeted to your interests. To opt-out of having your personal information used for targeted advertising purposes, which may be classified as a “sale” under the CCPA, please contact us as set out in Section 11.6 below. Only you or your authorized agent acting on your behalf may make a request to opt-out.

In the preceding 12 months, we have disclosed for a business purpose or sold (as defined under the CCPA) all the categories of personal information set out in Section 11.1 to:

  • Our subsidiaries and affiliates;
  • Internet service providers;
  • Data analytics providers;
  • Our business partners who perform marketing activities at the direction of Sierra Wireless;
  • Third-party service providers, affiliates, vendors, subcontractors, and payment processors that interact with us in connection with the products and/or services we offer; and
  • As otherwise described in Section 5 above.

11.3. Your Consumer Rights

If you are a California resident, then you have the right to (i) request more information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months, (ii) request deletion of your personal information, (iii) opt-out of the sale of your personal information, if applicable, and (iv) be free from discrimination for exercising your rights under the CCPA. You may make these requests by contacting us as set out in Section 11.6 below. Before processing your request, we must verify your identity.

Only you or an authorized agent acting on your behalf may make a verifiable request regarding your personal information. To qualify as a verifiable request, you or your authorized agent must:

  • Provide enough information so that we may verify your identity as the person about whom we collected personal information, such as by confirming the email address we have on file for you or your recent purchase history; and
  • Describe your request with sufficient detail such that we may properly understand, process, and respond accurately.

Upon receipt of your request, we will contact you directly, based on the contact information we have collected, or you have provided, to outline the steps needed to verify your identity.

11.4. Authorized Agents

For an authorized agent to be recognized as acting on your behalf, you must either:

  • Verify your identity directly with Sierra Wireless as set out above and provide explicit authorization permitting your agent to act on your behalf; or
  • Provide (or have your agent provide) legal proof of Power of Attorney.

11.5. Shine the Light

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us as set out in Section 11.6 below.

11.6. Contact Information

In case you wish to exercise any of the rights as set out in this Section 11, you may reach us by email, telephone, or by mail as follows:

Email: privacy@sierrawireless.com

Toll-free Telephone: 1-877-687-7795

Postal Address:
Sierra Wireless, Inc.
Attention: Legal Department
13811 Wireless Way
Richmond, British Columbia V6V 3A4
Canada

12. Changes to this Privacy Policy

If Sierra Wireless makes any substantial changes to this Privacy Policy, we will make reasonable efforts to notify you of such changes by posting an announcement on our Website.

We urge you to review this Privacy Policy frequently so that you are aware of the most current version. Your continued provision of personal data or use of our services following any changes to this Privacy Policy constitutes your acceptance of any such changes.

This Privacy Policy was last updated on:

VERSION NO. UPDATE
DATE
1
June 30, 2014
2
April 30, 2020
3
September 17, 2020

 

13. Questions or Suggestions

If you have questions or concerns about our collection, use, or disclosure of your personal data, or if you require any additional information, please contact our DPO at dataprotectionofficer@sierrawireless.com.

14. Manage your Information 

You may contact our DPO at dataprotectionofficer@sierrawireless.com to update you information, where applicable.

At any time, you can withdraw the consent given to the processing of your data by sending an email to privacy@sierrawireless.com.