PCS Wireless, LLC Privacy Policy

Effective Date: May 2026

1) Who we are and scope

PCS Wireless, LLC (“PCS,” “we,” “us,” or “our“) operates this website (the “Site”). PCS is part of a global group that includes affiliates established in other jurisdictions (collectively, the “PCS Group”). This Policy explains how PCS handles personal information collected through the Site and through offline business interactions relating to our relationships with business suppliers, customers, and partners. Unless otherwise stated, PCS acts as the controller for personal information covered by this Policy. Where PCS Group affiliates process personal information, this Policy applies to that processing except where that affiliate has published a separate region-specific privacy policy.

We conduct business offline and by contract. No purchases or sales occur on the Site. Orders and transactions with PCS are governed by our applicable customer terms and conditions.

PCS generally receives company information (for example, legal name, due-diligence/KYC information, and bank or payment information) and limited personal information about the employees and representatives of our business suppliers, customers, and partners who serve as our points of contact (for example, their name, role, work email, and telephone number). PCS may also receive limited personal information (such as name and shipping address) from business partners solely to provide logistics or return–shipment services. In those circumstances, the relevant business partner is the controller, and PCS acts only as a service provider or processor (as those terms are defined under applicable law), processing the information only on the partner’s behalf and on the partner’s documented instructions under a written agreement, not using it for any independent purpose (including marketing or profiling), and retaining it only as necessary to provide the service or comply with applicable law.

Program–specific notices. Certain programs (for example, device trade–in programs operated with partners) are governed by separate privacy notices made available in connection with those programs. Those programs may involve limited consumer information (name and shipping address to send return boxes/labels or manage reverse logistics) and receiving pre–owned devices; PCS applies data-wiping processes to devices it receives and does not intentionally access personal content on them. For clarity, individuals participating in a partner-operated program (such as a consumer trade-in program) will have been provided the applicable program-specific privacy notice at the time of collection by the partner as part of the partner’s checkout or enrollment process. That notice, not this Policy, governs the collection, use, and disclosure of personal information in connection with that program. This Policy governs personal information processed through the PCS Site and in connection with the general business activities described in Section 1. To the extent any provision of this Policy conflicts with a program-specific privacy notice for activities within the scope of that program, the program-specific notice controls.

This Policy does not govern the personal information of PCS Wireless, LLC’s or its affiliates’ own employees, workers, contractors, or job applicants, that is processed in an employment or recruitment context. That information is governed by separate employee or candidate privacy notices made available through HR or at the point of application. References in this Policy to ‘business contacts’ or ‘supplier, customer, and partner personnel’ mean personnel of our business counterparties, not PCS’s own personnel.

2) The personal information we collect

The personal information we collect in a business context may include:

• Identity and contact information about supplier, customer, and partner representatives including name, work email address, telephone number, job title, employer details, and records of communications or account interactions.
• Financial, due-diligence, and anti–fraud information provided by companies (such as bank details for settlement and screening results), to the extent necessary for onboarding, compliance, fraud prevention, and risk management.
• Logistics data, such as ship–to name, shipping address, courier label information, and return or RMA details, where needed to send packaging or labels or to receive returns. Where PCS receives this information from a business partner solely to perform services on the partner’s behalf, PCS processes it as a service provider or processor rather than as an independent controller.
• Technical/usage data collected through the Site, such as IP address, browser type, device information, pages viewed, and referring or exit pages, including through cookies and similar technologies (see Section 5).

We do not intentionally collect sensitive personal information through the Site, such as health information, racial or ethnic origin, or precise geolocation, unless required for a specific lawful purpose and described at the point of collection. The Site is intended for business users and is not directed to children.

3) How we use personal information

We use personal information to:

• Operate and improve the Site (analytics, security, troubleshooting).
• Respond to inquiries and manage our supplier/customer relationships.
• Onboard and verify counterparties (including due diligence, KYC/AML, fraud screening, sanctions screening, and related compliance checks as required or permitted by applicable law).
• Perform and administer contracts (including purchase orders, settlement, remittances, claims, RMAs, and reverse logistics).
• Protect PCS (IT and physical security, incident detection/prevention) and comply with laws (tax, accounting, reporting).
• Corporate transactions (due diligence and integration if we reorganize, merge, or sell part of our business).
• Logistics: Provide logistics, fulfillment, or return-shipment services where we receive personal information from business partners as a service provider or processor; in those cases, we use the information only to provide the contracted services in accordance with our written agreement and applicable law.

Marketing. We may send business-related updates about our services to business contacts. Where required, we will obtain consent, and recipients may opt out at any time (see Section 10).

4) Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data based on:

• Legitimate interests (including operating our business, managing supplier and customer relationships, securing the Site and our systems, preventing fraud, and improving our services) and provided that those interests are not overridden by the rights and freedoms of the individual;
• Contract (where processing is necessary to take steps at the request of the individual before entering into a contract or to perform a contract with your organization);
• Legal obligation (KYC/AML, taxation, recordkeeping); and
• Consent where required (e.g., certain cookies or electronic marketing).

We do not use solely automated decision‑making that produces legal or similarly significant effects.

5) Cookies and similar technologies

We use cookies and similar technologies for functions such as operating the Site, maintaining security, remembering preferences, and understanding how the Site is used. These technologies may include strictly necessary cookies and, where used, analytics cookies. Where required by applicable law, we will request consent before using non-essential cookies. You can manage cookies through your browser settings and, where available, through any cookie settings tool presented on the Site.

6) How we share information

We share personal information only as needed to run our business:

• PCS Group companies, including our affiliates worldwide, for shared services such as IT hosting, finance, compliance, and support.
• Service providers (that perform services on our behalf, such as hosting, security, analytics, communications, due-diligence/KYC support, logistics, and professional advisory services) under contracts that limit their use of personal information to the services they provide to us.
• Counterparties and partners as necessary to perform contracts (e.g., shipping/returns).
• Legal, regulatory, and law enforcement requests as required by law.
• Business transfers (merger, acquisition, or reorganization).

Where PCS processes personal information solely as a service provider or processor on behalf of a business partner, PCS will handle the information in accordance with the applicable written agreement and will direct individuals to the relevant partner for rights requests, except where applicable law requires PCS to respond directly.

We do not sell personal information and we do not share it for cross‑context behavioral advertising (as those terms are defined under U.S. state privacy laws).

7) International data transfers

PCS is headquartered in the United States and operates as part of a global PCS Group. Personal information may be transferred between PCS and other PCS Group companies, and to service providers and other recipients, in jurisdictions outside the country in which it was originally collected. These jurisdictions may have data–protection laws that differ from those in your country. Where required by applicable law, we implement appropriate transfer safeguards (such as standard contractual clauses, adequacy decisions, or other legally recognized mechanisms) and apply technical and organizational measures to protect personal information in transit and at rest. You may contact us for additional information about the transfer mechanisms relevant to your personal information, where required by applicable law.

8) Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including meeting legal, accounting, audit, fraud–prevention, and compliance requirements. The PCS Group maintains a global records retention schedule designed to reflect applicable legal, regulatory, tax, accounting, audit, and operational requirements. Individual PCS Group affiliates may apply different or longer retention periods where required by the laws of their jurisdiction; where a region-specific privacy policy applies, the retention periods in that policy take precedence within its scope.

Unless a longer period is required by law, we generally apply the following retention periods:

• Contact information for supplier, customer, and partner representatives (name, work email, phone, role): retained for up to 3 years after the last meaningful business interaction or the end of the commercial relationship. PCS may retain this information for longer periods where required to comply with legal, tax, accounting, audit, fraud–prevention, or regulatory obligations, to establish or defend legal claims, or where a longer retention period is otherwise permitted or required by applicable law.
• KYC/AML and due‑diligence records: retained for 5 years after the end of the business relationship, or longer if required under applicable anti‑money‑laundering or financial‑compliance laws.
• Financial, transactional, and accounting records: retained for 7 years to comply with tax and accounting obligations. PCS may retain these records for longer periods where required under applicable law, to comply with audit or regulatory obligations, to maintain accurate financial reporting, or to establish or defend legal claims.
• Logistics and shipment/return records (including RMA details): retained for 3 years after fulfillment or closure of the relevant transaction. PCS may retain these records for longer periods where required under applicable law, by contract, to comply with audit or regulatory obligations, to support warranty or reverse‑logistics processes, or to establish or defend legal claims.
• Technical logs and website analytics data: retained for up to 24 months, unless retained longer for security, fraud prevention, legal compliance, audit purposes, or to investigate and defend claims, or unless de-identified or aggregated for longer-term analytics.

Where specific retention periods cannot be provided, we apply the following criteria to determine retention duration:

• statutory record‑keeping requirements in relevant jurisdictions;
• limitation periods for legal claims;
• operational needs for fraud prevention, security, or contract administration; and
• the necessity of maintaining accurate business records.

Once personal information is no longer required for these purposes, we delete or anonymize it in accordance with our global retention schedule and security protocols.

9) Security

We use administrative, technical, and physical safeguards designed to protect personal information. No system is 100% secure; if you suspect any unauthorized access or incident, please contact us immediately (see Section 12).

10) Your choices and rights

Marketing preferences. You can opt‑out of marketing emails at any time by using the link in the message or contacting us.

Cookies. You can manage cookies through your browser settings and, where available, any cookie settings tool on the Site.

Rights by region.

• EEA/UK: You may request access, correction, erasure, restriction, objection (including to processing based on legitimate interests), and portability. You also have the right to lodge a complaint with your local supervisory authority; we encourage you to contact us first so we can address your concern.

• United States (certain states): Depending on your state of residence and the nature of your interaction with PCS, you may have rights to request accessto, correction of, deletion of, or a portable copy of certain personal information, and to appeal a decision on your Because PCS does not currently sell personal information or share it for cross-context behavioral advertising, rights to opt out of those activities do not apply to our current practices. Where PCS processes personal information solely on behalf of a business partner (for example, limited shipping information used for return–logistics services), the partner is the controller of that information. Individuals should generally direct rights requests to the relevant partner. PCS will assist the partner in responding to verified requests as required by the applicable agreement and law.

To exercise your rights, contact us at privacy@pcsww.com. We may need to verify your identity before processing your request, consistent with applicable law. If you use an authorized representative, we may request information sufficient to verify both your identity and the representative’s authority. Verification may include confirming information we already hold about you or requesting additional details needed to authenticate your identity. If you authorize a representative to submit a request on your behalf, PCS UK may require information sufficient to verify both your identity and the representative’s authority, including a signed authorization or other documentation permitted by applicable law.

11) Third‑party links

The Site may link to third‑party websites or services. Their privacy practices are governed by their own policies; please review them.

12) Contact us

PCS Wireless, LLC
Attn: Legal Department
11 Vreeland Road, Florham Park, NJ 07932, USA
Email: privacy@pcsww.com

If you are in the EEA or UK, you may also contact your local data–protection authority. Where required by applicable law, PCS will provide additional local contact or representative details in the relevant region-specific notice or addendum.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version and its effective date on this page. Material changes will be communicated where required by law.

REGION‑SPECIFIC ADDENDA

EEA / UK Data Protection Addendum

1. Scope

This Addendum supplements the main Policy with information specific to processing of personal data relating to individuals located in the European Economic Area (‘EEA’) or the United Kingdom (‘UK’). It applies to processing by PCS Wireless, LLC and by PCS Group affiliates that do not maintain a separate region-specific privacy policy under Section 1 of the main Policy. Where a region-specific privacy policy applies to a PCS Group affiliate’s processing, that policy governs processing within its scope.

2. PCS Establishments in the EU and UK

The PCS Group includes affiliates established in the Netherlands and the United Kingdom. Where relevant to particular processing activities, those establishments may be taken into account in determining the application of EU GDPR or UK GDPR.

3. Article 27 EU/UK Representative

PCS has assessed its processing activities and does not believe that appointment of a representative under Article 27 EU GDPR or Article 27 UK GDPR is required at this time. PCS will continue to review that assessment as its processing activities evolve and will publish representative details if required by applicable law.

4. Legal Bases for Processing

Where PCS processes personal data relating to EEA/UK individuals, PCS relies on one or more of the following legal bases:

• Legitimate interests, including business operations, supplier and customer management, security, and fraud prevention.
• Performance of a contract with a business customer or supplier.
• Compliance with legal obligations, including tax, accounting, and due‑diligence requirements.

5. Cross‑Border Data Transfers

Where transfers of personal data occur within the PCS Group or to third‑country recipients, PCS uses appropriate safeguards, such as:

• EU Standard Contractual Clauses (SCCs),
• the UK International Data Transfer Addendum, or
• another mechanism recognized by applicable law.

6. Data Subject Rights

Individuals in the EEA/UK may exercise their rights of access, rectification, erasure, restriction, portability, and objection, as permitted under GDPR/UK GDPR.

Requests may be submitted to: privacy@pcsww.com

PCS will respond to data subject requests within the time frames required by GDPR/UK GDPR or other applicable law, including any permitted extensions.

7. Complaints

Individuals may lodge complaints with:

• their local EEA supervisory authority, or

• the UK Information Commissioner’s Office (ICO)

U.S. STATE PRIVACY ADDENDUM

1. Scope

This Addendum applies to residents of U.S. states that have enacted comprehensive consumer privacy laws, to the extent those laws apply to PCS’s processing of personal information. PCS monitors changes in state privacy laws and updates this Addendum as appropriate.

2. Applicability to PCS

PCS primarily operates in a business–to–business context. The applicability of U.S. state privacy laws may depend on the state law at issue, the nature of the relationship with the individual, and any available exemptions or thresholds.
PCS will honor rights where required by applicable law.

3. Your Rights Where Applicable

If a U.S. state privacy law applies to your interaction with PCS, you may have rights to:

• Access personal information
• Correct inaccuracies
• Delete personal information
• Obtain a portable copy of personal information
• Opt out of certain processing, where required by law
• Appeal a denial of your request, where required by law

You may exercise applicable rights by contacting privacy@pcsww.com.

4. No Sale or Sharing

PCS does not sell personal information or share it for cross‑context behavioral advertising, as those terms are defined under U.S. state privacy laws.

5. Non‑Discrimination

PCS will not discriminate against any individual for exercising rights available under applicable U.S. state privacy laws.