PROTECTING YOUR PRIVACY – OUR COMMITMENT
This Policy is provided in a layered format, so you can click through to the specific areas set out below that may be of most interest to you.
- Tata Communications and your privacy
- How to contact us
- Personal data we collect about you and how we collect it
- How do we use the personal data we collect?
- What is the justification for these uses?
- When do we share the personal data we collect?
- International transfers of personal data
- Third-party ad networks
- Communications and marketing
- User Generated Content
- Third-Party Links
- What rights do I have in relation to my personal data ?
- Special information for residents of California, USA.
- How long will you retain my personal data ?
- Changes to this Policy
TATA COMMUNICATIONS AND YOUR PRIVACY
Regardless of whether you are our customer, a visitor to one of our various Tata Communications websites, or someone we deal with in our day to day business, protecting your privacy is important to us and is a responsibility that we take very seriously.
Who are we? This Policy applies to the different legal entities comprising the Tata Communications Group, each of which may process your personal data. This includes the Group’s UK subsidiary, Tata Communications (UK) Ltd. which is the controller of and responsible for this website. References to “we”, “our or “us” in this Policy refer to the relevant company within the Tata Communications Group that is responsible for processing your personal data, as indicated in any contract for products or services you may hold with us. A list of the legal entities which make up the Tata Communications Group can be accessed here .
Additional information on our personal data practices may be provided in contractual agreements, supplemental privacy statements, or notices provided to you prior to or at the time of collection of your personal data. For the purposes of this Policy, any reference to “Services” is a reference to all the products and services offered by Tata Communications, whether available online or offline, and any reference to “Sites” is a reference to any of the Tata Communications websites (including any mobile version of such websites), whether operated under the banner of Tata Communications or a brand name that we own.
HOW TO CONTACT US
For any questions about this Policy or our data protection practices or to exercise any rights you may have in relation to your personal data under applicable law, you use our self-service portal available he here. Our postal address for any questions is:
For individuals located in Germany, Singapore and India you can contact our Data Protection Officer (“DPO”) by using our DPO contact form available here
PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Account Information: Contact and related information that allows us to communicate with you. We obtain this information when you order or register to receive any of our Services or information about our Services. We collect or receive information from you when you sign up for our Services, create an online account with us, make a purchase, request details or a call back, submit a technical, customer or billing support request, participate in a contest or survey, provide us with feedback or otherwise contact us. The type of information that we collect depends on your interaction with us, but may include, your name, address, telephone number (business or personal), email address (business or personal), postal/billing address (business or residential), and any other information that you choose to provide or is necessary for us to provide Services to you.
Billing Information related to your commercial and financial relationship with us, such as the services we provide to you, the telephone numbers you call and text, your payment history, your credit history, your credit card numbers, social security number(where permitted by law), security codes and your service history.
Technical & Usage Information related to the Services we provide to you, including information about how you use our networks, services, products or websites. Some examples include:
- Equipment Data: Information that relates to and identifies the equipment on our and your networks that you may use or with which you interface for the Services you are receiving. Information might include equipment type, device identifiers, device status, serial numbers, settings, configuration, and software type.
- Network Performance & Usage: Information about the operation of the equipment, Services and applications you use on our networks. Examples of this might include: wireless device location and type; call records including where a call was made from and to as well as its date, time, duration and cost (but excluding the content of the calls); the number of text messages sent and received; voice minutes used; bandwidth used and similar information (though We also collect information like transmission rates and delays, data associated with remote monitoring services and security characteristics, and information about your use of our interconnected voice over internet protocol (VoIP) services (including services purchased offline).
- Location, direction and journey information: this will be collected based on any connected device you may use our Services on. It includes your ZIP/postal code and street address, as well as the whereabouts of your wireless device. Location Information is generated when your device communicates with cell towers, Wi-Fi routers or access points and/or with other technologies. Any connected device that you own, or which is otherwise linked to you will generate such information that will then be associated with you.
Video footage/images: when you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
We may collect the above personal data in the course of providing Services to you or to someone who has provided you with access to our Services. We may obtain this information in a number of ways, for example
- directly from you: for example, when you make a purchase or provide your details in order to subscribe to our Services, submit a web enquiry or set up an account with us;
- automatically: when personal data is generated through your use of our Services or our Sites; and
- from third party sources: we sometimes collect personal data about you from trusted third parties, in connection with Services that we provide to you or propose to provide to you, where appropriate and to the extent we have a justified basis to do so. These include fraud-prevention agencies, business directories, credit check reference/vetting agencies and connected network providers. Anyone who provides you with access to your Services may also provide us with your personal data in that context.
We may combine the personal data that we receive from such other sources with personal data you give to us and with information we automatically collect about you, for example where we need to run a credit check, and then compile a profile of you based on the credit check data and the personal data you have provided.
HOW DO WE USE THE PERSONAL DATA WE COLLECT?
We set out below some of the ways in which we process personal data:
- to fulfil obligations under contract. This includes providing our Services to you; to communicate with you about your use of our Services; to obtain and process payment from you and to fulfil your orders for Services and any obligations on us relating to those services;
- for the purpose for which you specifically provided the information to us, including, to respond to your inquiries, to provide any information that you request, to address technical support tickets, and to provide customer service support;
- to make our Services and communications more relevant to you, including generating customer profiles, delivering customized content to you, to offer location customization, personalized help and instructions, and to otherwise tailor your experiences while using our Sites or our Services;
- to better understand how customers and other third parties access and use our Sites and Services, both on an aggregated and individualized basis;
- to administer, monitor, improve and customize our Sites and Services, for our internal operations, including troubleshooting, network management and network optimisation, research and analytical purposes, so that we can provide our customers with a better customer experience;
- to notify you about our new product releases and service development, alerts, events, updates prices, terms, special offers and associated campaigns and promotions (including via newsletters). Therefore, we and selected third parties may use your personal data to send you marketing communications about products and services based on your preferences and interest. You have a choice and can object to our use of your personal data for marketing purposes. When we are required by law to do so, we will obtain your consent before using your personal data for marketing purposes. If you do opt out, we will stop sending you marketing communications, but we will continue sending you non-marketing communications that relate to the Services you are using (for example billing information, software update communications, password resets etc);
- if you attend an event, we may process information about you gathered in relation to the event and may share information about your attendance with your company. We may also permit designated event partner or conference sponsors to send you communications related to the event if you have shared your contact information at the event. Please note that sponsors from other companies may directly request information about you at their conference booths or presentations, and their use of your personal data that you provide to them will be subject to their privacy policies;
- to assist us in advertising our products and services in various mediums including, sending promotional emails, advertising our services on third party sites and social media platforms, direct mail, and by telemarketing;
- where we ask you for specific consent to a use of your personal data , we will use it in the ways we explain at the time of obtaining that consent; and
- in any way required by law, regulation or the public interest such as in response to requests or orders by government or law enforcement authorities conducting an investigation or to respond to an emergency. This use may require us to disclose your personal data including contact details and/or information about your usage of our Services to relevant authorities or to block, intercept or otherwise interfere with your use of our Services and any personal data generated by that usage. Achieving a balance between, on the one hand ensuring protections for the privacy and other fundamental human rights that may be exercised through use of our Services and, on the other, the exercise of lawful investigatory powers for the public good on the other can be complicated. We do not accede to such requests without careful consideration of all the circumstances. Even where we are legally obliged to disclose personal data , we will give careful consideration to the extent to which doing so will infringe on the fundamental rights, including the right to privacy, of any person whose personal data is to be disclosed or intercepted and we take whatever steps are practicable to mitigate and minimise any such infringement.
WHAT IS THE JUSTIFICATION FOR THESE USES?
In the EU, our justification (sometimes referred to as “legitimate” or “lawful basis” legal basis) for processing any particular category of personal data will vary depending on the information itself, our relationship with the subject of the personal data , the Service being provided, the specific legal and regulatory requirements of the country in which the Services are being provided, the personal data processed and many other factors. Subject to modifications in specific countries, the legal bases for our processing are as follows:
In order to communicate adequately with you as a user of our Services and to respond to your requests, we need to process information about you and therefore have a legitimate interest in processing this information to ensure the efficient and effective operation of our business;
In order to engage in transactions with customers, suppliers and business partners, and to process purchases and effect installation of our products and deliver Services, we need to process information about you as necessary to enter into or perform a contract with you;
We process personal data for marketing and sales activities based on your consent, where it is required and so indicated on our sites or at the time your personal data is collected, or further to our legitimate interest to market and promote our products and services;
We rely on our legitimate interests to process personal data and other information in order to analyse, develop, improve and optimise our Sites, products and Services, and to maintain the security and integrity of our Sites, network and systems. We also have a legitimate interest in using your personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary.; or
because applicable laws (including telecommunications laws), regulations or the public interest require us to, such as to comply with legal processes, law enforcement or regulatory authorities or to assist in the prevention, detection or prosecution of crime or to process an opt-out request
WHEN DO WE SHARE OR DISCLOSE THE PERSONAL DATA WE COLLECT?
Subject to obtaining your consent as may be required in some jurisdictions, we may share or disclose your personal data as necessary for the purposes described above and as further detailed below:
- Affiliates. We may disclose the personal data we collect from you to our subsidiaries. Where permitted by law and with your consent where required, our affiliates may use your information for the purposes indicated in this Policy, including to market their products and services to you. In processing your personal data, our affiliates follow practices at least as protective as those described in this Policy. A list of our subsidiaries and affiliates covered by this Policy and their locations is available here.
- Business, Sales and Marketing Partners. We may offer some of our Services together with or through third parties who may be system integrators, resellers, solution partners, network partners and affinity organizations. If we do so, we will need to share your personal data with these third parties to assist in providing and marketing that Service to you, as well as to enable the third parties to market their own products and services to you (with your permission, if required). We may also share your personal data with companies that are system integrators, resellers, solution partners, network partners and affinity organizations, and whom we believe might offer products and services of interest to you (again with your permission, if required).
- Third-Party Service Providers. We employ other companies and individuals to perform functions that are necessary for the provision of the Services or for any of the purposes described above. Examples include: where permitted, jointly offering a product or service, sending communications, processing payments, assessing credit and compliance risks to give you access to our Services, fraud and financial crime prevention detection and prosecution, analysing data, providing marketing and sales assistance (including advertising and event management), customer relationship management, providing training, these third parties include; system integrators, resellers, solution partners, network partners, affinity organizations, third party vendors, service providers, contractors or agents, and other carriers or providers that we may disclose personal data to where necessary to provide our Services or fulfil your requests or orders, as well as entities that provide website hosting, service/order fulfilment, customer service, and credit card processing, effecting payments, among others. These third-party service providers have access to personal data needed to perform the functions we have entrusted to them but may not use it for other purposes where they process your personal data on our behalf. Whenever we share personal data with third parties, we take steps to ensure that third party contracts contain appropriate protections for your personal data.
- Business Transfers. If we are acquired by or merge with another company, or if substantially all of our assets are transferred to another company (which may occur as part of bankruptcy proceedings), we may transfer your personal data to the other company. We may also need to disclose your personal data before any such acquisition or merger, for example to our advisers and any prospective purchaser’s adviser.
- Legal Protection and in Response to Legal Process. We may disclose the personal data we you hold about in order to comply with applicable law, in response to or to pursue judicial proceedings, court orders and in other legal processes. We may also disclose, transfer or share it when we believe in good faith that disclosure is necessary: to protect or enforce our rights; protect your safety or the safety of others; investigate or prevent fraud; to respond to government requests – including from government and national or international law enforcement authorities outside of your country of residence – or for national security, public safety and/or law enforcement purposes. Personal data shall only be disclosed when we in good faith believe that we are obliged to do so in accordance with the law or that there are compelling reasons of public interest for us to do so. This will only be after a careful evaluation of all legal requirements and other relevant considerations, including any infringement on the fundamental rights to privacy or freedom of expression that might be impacted by the disclosure.
- Sharing Aggregated and De-Identified Information. We may use your personal data to create aggregated and anonymised information which we may share with third parties. Nobody can identify you from that anonymised information. In other circumstances we may pseudonymise your personal data before sharing it with a third party so that we can re-associate you with the information once it has been processed and returned to us. Whilst the third party will not be able to identify you from the pseudonymised information, we will still be able to. We treat pseudonymised data as though it were personal data and ensure the same level of protection for it when sharing with third parties.
INTERNATIONAL TRANSFER OF PERSONAL DATA
Subject to obtaining your consent as required in some jurisdictions, Tata Communications may transfer personal data across national borders in running our business and delivering the Services. In doing so, your personal data may be transferred to and processed by other Tata Communications entities and/or unrelated third parties outside of the country where you are located or where the personal data was collected.
All Tata Communications entities have signed an intra-group agreement applicable to transfer of personal data within and outside of the EU or to jurisdictions which do not provide adequate levels of protection for the personal data under applicable law. A list of our affiliates and their locations is available here. This agreement is based on the EU Commission standard contractual clauses (and which therefore contractually impose a standard of protection for the personal data transferred that is equivalent to that offered within the EU). This way we ensure that adequate protections are in place for the security of your personal data when we transfer it to one of our affiliates, wherever they may be located in the world. You can obtain a copy of these clauses by contacting us.
When we share your personal data with third parties unrelated to the Tata Communications Group, we require all such third parties to respect the security of that personal data and to treat it in accordance with applicable data protection laws. We also ensure that at the very least, the same level of protection of data is provided by the third parties, as is provided to you by us. Where we engage third-party service providers to process your personal data on our behalf, we do not allow them to use that personal data for their own purposes and only permit them to process it for our own specified purposes and in accordance with our instructions. When initiating such processor relationships, we will ensure that adequate safeguards are in place for your personal data using the data transfer mechanism most appropriate to the personal data and to the countries within or to which the personal data may be transferred. This mechanism may include: the use of the EU approved contractual clauses; ensuring that the recipient has implemented EU approved Binding Corporate Rules governing transfer or personal data; (in the US) is Privacy Shield Certified (EU and Swiss Privacy Shield) or certified under any equivalent successor programme; or confirming that the country in which the recipient is located has been formally confirmed as providing adequate protections for personal data by the EU.
For relevant jurisdictions only (e.g. Mexico, Russia, China and Argentina): By using the Services, you expressly agree to the transfers of personal data to third countries where this requires your consent.
THIRD-PARTY AD NETWORKS
We may use third parties such as network advertisers to display advertisements about Tata Communications on third party websites. Network advertisers select and display advertisements on third-party sites, based on your visits to our Sites as well as to other websites. This enables us and these third parties to tailor advertisements by displaying ads for products and services in which we believe you might be interested.
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”), the Digital Advertising Alliance (“DAA”), or, in Europe, the European Interaction Digital Advertising Alliance (“EIDAA”). For more information regarding this practice by NAI, EIDAA members and DAA members, and your choices regarding the use of this information used by these companies, including how to opt-out of third-party ad networks operated by NAI, DAA, and EIDAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp, www.aboutads.info/choices, and www.youronlinechoices.com. Please note that, should you opt out, you will continue to see advertising however it will not be tailored to your interests.
COMMUNICATIONS AND MARKETING
Where permitted by applicable law and, if required, with your consent, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail or other communication you have received or through our dedicated privacy portal accessible here. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you non-marketing communications about your account or any Services you have requested or received from us.
USER GENERATED CONTENT
We may invite you to post content on our Sites, including your comments, pictures, and any other information that you would like to make available on our Sites. If you post content to our Sites, the information that you post will be available to other visitors to our Sites. If you post your own content on our Sites or Services, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
Our Sites and our online Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites neither do we have any control over information that is submitted to or collected by, these third parties.
Our Sites may include social media plugins such as “like” and “share” buttons. By clicking on such a plugin, the data you want to “like” or “share” will be provided to the relevant social media site. We are not responsible for the practices of such third-party social media sites once you have clicked on any such “like” or “share” button.
At Tata Communications, security is our highest priority. We design and deliver our systems and Services with your security and privacy in mind. We maintain a wide variety of compliance programs and accreditations that validate our security controls. Click here to learn more about the security compliance programs in place for [certain of] our Services.
To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the personal data we collect through our Sites and in the provision of our Services.
We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal data that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal data that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
If you have a user name and password to access our Services, you should take steps to protect against unauthorized access to your password, phone and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity or other security breach caused by you.
WHAT RIGHTS DO I HAVE IN RELATION TO MY PERSONAL DATA ?
Under the law of many countries, you have certain rights in relation to your personal data that is held by us and we respect and observe these rights. Such rights may include the rights to: ask us to confirm that we are processing your personal data, ask us for a copy of your personal data (including information regarding who we share your personal data with); to correct, delete or restrict (stop any active) processing of your personal data; to limit the use and disclosure of your personal data; and to ask us to share (port) your personal data to another person, such as another provider of telecommunications services.
In addition, in certain countries you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). Where applicable, you can also withdraw the consent you have given us to process your personal data and request information on the consequences of not providing such consent.
These rights may be limited, for example: if fulfilling your request would reveal personal data about another person; where it would infringe the rights of a third party (including our rights); or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, to raise any concerns about our privacy practices, or to obtain other privacy related information, you can get in touch with us, see our contact details above. If you have unresolved concerns, you may have the right to complain to your relevant national data protection authority. For example, in the UK this is the Information Commissioner’s Office (ICO) – https://ico.org.uk/make-a-complaint/. Please do contact us before making such a complaint however as we would appreciate the opportunity to investigate and address your concerns first
Special information for residents of California, USA
As described in this Policy, we may make your personal data available to third parties for their marketing purposes. If you do not want us to share your personal data with third parties, you may opt-out of this information sharing by emailing us at link
If you are a California resident, then, subject to certain limits under California law, you may ask us to provide you with a list of certain categories of personal data we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year as well as the identity of those third parties. To make such a request, residents of the State of California may contact us through our dedicated privacy portal accessible here.
HOW LONG WILL YOU RETAIN MY PERSONAL DATA
We retain personal data for as long as and/or for no longer than we are permitted to do by applicable law, regulation, tax or accounting practice or the terms of any governmental telecommunications licenses or authorizations to which we may be subject. We also delete personal data in accordance with any contractual obligations that we may be subject to (for example if we are processing personal data on behalf of one of our customers rather than for our own business purposes).
Where maximum or minimum data retention periods are not otherwise stipulated, we determine appropriate retention period for the personal data by considering: the amount, nature and sensitivity of the personal data contained in the records; the potential risk of harm from unauthorised use or disclosure of personal data; the purposes for which we process the personal data and whether we may be able achieve those purposes through other means; whether the personal data can be permanently and effectively anonymised; the security measures in place in relation to that personal data and any other relevant factors.
For China only: your personal data may be stored in countries in which we transfer personal data as per the information provided under International Transfer of Personal Data above
CHANGES TO THIS POLICY
We regularly review and may make changes to this Policy from time-to-time. To ensure that you are always aware of how we use your personal data we will update the online version of this Policy from time-to-time to reflect any changes to our use of your personal data. We may also make changes to comply with developments in applicable law or regulatory requirements. Where it is practicable, we will notify you by other means prior to changes materially affecting you such as by posting a notice on our Sites or sending you a notification. However, we encourage you to review this Policy periodically to be informed of any changes to how we use your personal data .