Subex Policies

Privacy Policy

Introduction :

This Privacy Policy (the “Policy”) describes how Subex collects, uses and shares both information you provide to us and other information we collect about you in operation of our business.

In this Policy, when we use the term “Subex”, “we”, “us”, “our” or similar terms, we are referring to Subex Limited and its affiliate companies including Subex (UK) Limited, Subex Inc., Subex Americas Inc., Subex (Asia Pacific) Pte Ltd, Subex Middle East (FZE), Subex Assurance LLP, Subex Digital LLP and Subex Bangladesh Pvt Ltd.

This policy describes:

  • How to Contact Us
  • The Information We Collect
  • How Long Do We Keep Personal Data
  • How Do We Use Personal Data
  • Legal Basis for Processing Personal Data
  • Sharing of Personal Data with Third Parties
  • How we store Personal Data
  • Your rights
  • Cookies
  • Changes to this policy
  • Where does this policy not apply?

In certain places in this Policy, we may specifically reference the GDPR or DPDPA. By GDPR, we are referring to Regulation (EU) 2016/679 (General Data Protection Regulation). Similarly, we might refer to Digital Personal Data Protection Act, 2023 (hereinafter referred to as the “DPDPA”) or any other applicable laws, if there is a specific requirement we need to meet. For CPRA/CCPA compliance, we have a specific Notice that reads in continuation to this Notice.

How to contact us:

We are happy to respond to any inquiries you may have regarding collection, use, disclosure, transfer or processing of your personal data or the exercise of any of your rights. If you have questions or would otherwise like to contact us, please contact the Subex Data Protection Officer whose contact information is provided at the bottom of the last page of this policy.

Our registered office is at Pritech Park, SEZ Block -09, 4th Floor B Wing Survey No. 51 to 64/4 Outer Ring Road, Bellandur Village Varthur, Hobli, Bengaluru, Karnataka 560103, INDIA and our website is at We also maintain offices in Singapore, Dubai, London and Denver (Broomfield), Colorado in the U.S. You can find full contact information for each of these offices at

The information we collect:

It is first important to understand what we mean by “Personal Data”. We are referring to any information that is related to and identifiable with you, personally, that we have in our possession or control. Put more precisely, we mean to use the term Personal Data in the same manner as the GDPR and DPDPA.

Generally, we collect the following Personal Data as provided in Annexure 1

Generally, we collect Personal Data about

(i) our customers, vendors, business associates and potential customers, vendors and business associates (as well as their employees and representatives),

(ii) people who have expressed interest in our products and services (such as through visiting our website, visiting us at trade shows and otherwise by contacting us), and

(iii) our employees, contractors and people who have expressed interest in becoming our employees and contractors.

The types of Personal Data that we collect will depend on the specific purpose for which we are collecting it.

For an employee, we may need to retain the information collected during the job application process (and we may need to periodically update the information) but also we collect additional information such as may be required to provide certain employee benefits or simply to pay salaries. For people expressing an interest in our products such as by visiting our website, we may collect your contact information and other information that allows us to understand your visit to our website better such as IP address, which webpages you have visited and measurement of site performance. Please also see information below regarding our use of “cookies” when visiting our website. For customer, vendors and business associates, we may collect your contact information.

Simply put, it is our policy to retain the information we collect no longer than as reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations.

How do we use Personal Data:

When we collect Personal Data directly from you, we use the personal data for the purposes that are disclosed to you or for purposes that you would reasonably expect. For example, if you send us your CV in response to a job posting, we will use that information for purposes of evaluating you as a job candidate.

If you give us your contact information on our website as part of requesting more information, we expect we would use your contact information to communicate information regarding our products and services with you.

In terms of the DPDPA, we will be actively seeking your consent where legally required to do so.

In case it is consent, we have a defined process of keeping the Consent and dealing with it through the lifecycle of the personal data residing in our environment.

More specifically, we may use your personal data as follows:

  • if you are a customer, vendor or potential customer or vendor (or representative/employee of one of these entities), to contact you regarding products and services and generally for marketing and business development activities.
  • if you are a business associate (such as a company who might act as a local representative for us, a reseller or some other company who might enter into business transactions with us involving an end customer), or representative of a business associate, to contact you regarding our working relationship and generally for marketing and business development activities; if you are an employee or contractor or job applicant in the European Union, the Subex Privacy Policy and Notice for EU and UK Employees, Contractors and Applicants shall apply. If you are an employee, contractor or applicant outside of the European Union, in accordance with Subex policies; If you have provided personal data in connection with an interest in our products or services, to provide information on our products and services and to provide an overall pleasant and productive experience on our website.
  • Other reasons:
    • To comply with legal and regulatory requirements.
    • For legitimate business interests such as undertaking business research and analysis, managing the operation of our website, and managing our business.
    • To assist in reviewing and responding to complaints and questions including complaints and questions you may have.
    • To exercise and defend our legal rights or to comply with court orders; and
    • To prevent and respond to actual or potential illegal activities and fraud. Data Principal has voluntarily provided her Personal data for:

Subex collects the information of the Data Principal (Employee related information) for the purposes of

  1. Benefits provided by the State
  2. Medical emergency
  3. Medical treatment or health services
  4. employment or those related to safeguarding the employer from loss or liability, such as prevention of corporate espionage, maintenance of confidentiality of trade secrets, intellectual property, classified information or provision of any service or benefit sought by a Data Principal who is an employee.

We may also use Personal Data we obtain from other sources, as well as data we compile, for the above purposes.

Legal Basis for Processing Personal Data:

When we process the data for the purposes set forth above, it will be based on one or more of the following legal grounds:

  • Because it is necessary for us to do so to perform your instructions or a contract with you or your organization.
  • To comply with our legal obligations as well as to keep records of our compliance processes or tax records.
  • Because of our legitimate interests provided that those interests are not overridden by your interests or fundamental rights.
  • Because you have given us your consent to process your personal data in the way we are processing it.
  • Because you have either provided Consent or our falling under one of the categories of legitimate use as mentioned in DPDPA.

Sharing of Personal Data with third parties:

We share Personal Data with our affiliate companies, offices and employees internationally. Therefore, your Personal Data may be transferred to locations both inside and outside of the and other locations of Subex. We may also share your personal information outside of Subex such as with:

  • Affiliated Companies:  We may share your personal data among the Subex family of companies (these are companies which are controlled either directly or indirectly by Subex Limited).
  • Third party vendors and contractors and other service providers: We may share your personal data with these third-party vendors in their normal course of their providing services to us. These third parties will be bound by obligations of confidentiality with respect to your personal data.
  • Legal and government processes: We may share your personal data to comply with the law or legal processes or in response to a lawful request by a government agency.
  • Others pursuant to your consent: We may share your personal data with others pursuant to your consent to do so.

Where the GDPR applies and we transfer Personal Data outside the EU/UK, we will ensure it is protected and transferred in a manner consistent with the requirements of the GDPR. This may include: (a) sending the Personal Data to a country approved by the European Commission; (b) ensuring the recipient has signed a contract based on “model contractual clauses” approved by the European Commission; or (c) if the recipient is in the U.S and item b above does not apply, ensuring he recipient is a certified member of the EU-US Privacy Shield system. If you desire further details on any of these manners of sharing your personal data, please contact our Data Protection Office who contact information is on the last page of this Policy.

How do we store personal data:

Subex keeps your Personal Data in India and Subex takes reasonable steps to protect the security of your Personal Data as customarily done in the industry or as otherwise required by law.

Your Rights:

With respect to any of your personal data governed by the applicable laws (or where otherwise required by law), you have certain rights including:

  • Access: With certain exceptions, you have the right to request a copy of personal data we may hold about you. The exceptions include situations where providing your personal data may expose personal data of another person and situations where we are legally prevented from providing the information.
  • Rectification: Our goal is that any data, including personal data, that we keep is accurate. If you are aware that we have inaccurate personal data about you and you notify us, we will take reasonable steps to correct it.
  • Objecting or restricting processing: Under certain situations, you may be entitled to object to our processing of your personal data or to request we restrict the manner in which we process it. If you would like to object or request restriction, please notify us.
  • Portability: Under certain circumstances where you have provided personal data to us, you have the right to request that some of your personal data is provided to you in a structured, commonly used, computer-readable format. Or you may have the right to request we transmit your personal data to a third party in such a format.
  • Withdrawal of consent: If our legal basis for processing your personal is based solely on your consent, you have the right to withdraw your consent.
  • Requirement to provide data: To know whether providing the personal data is required by a statute, a contract (or necessary to enter a contract) and the consequences of failing to provide the personal data.
  • Automated Decision Making: To know whether we use automated decision making with respect to your personal data. We don’t.
  • Right to Nominate: You shall have the right to nominate, who shall exercise the rights of the Data on your behalf in the event of death or incapacity of the Data Principal.
  • Right of Correction: You shall have the right to request for correction, completion and updating of Personal Data. This includes the right to correct the inaccurate or misleading personal data, complete the incomplete personal data and update the personal data.
  • Right to erasure of Personal data: You also have the right to request erasure of their personal data. The Data Processor and the data fiduciary ensures to erase such data upon the request of the Data Principal.
  • Right of Grievance Redressal: You shall have the right to redressal of any grievances for any acts or omissions of the Data fiduciary and exercising your rights under the policy.

If you would like to contact us to notify that you wish to exercise one of these rights, please contact our Data Protection Officer whose contact information is on the last page of this Policy.

Please understand that each of these rights is subject to certain conditions under which we may refuse to grant the right such as, in certain cases, where we are legally required to retain certain personal data. If we have basis to refuse your request, we will explain that basis to you.

Your Duties

You also have the right to lodge a complaint with the relevant supervisory authority. If you would like to exercise this right and require assistance in obtaining contact information for the correct supervisory authority, please contact us.

  • You acknowledge to comply with the provisions of this privacy policy and all applicable laws in force while exercising your rights under this Policy.
  • You must not impersonate any person while providing any data for the specified purpose.
  • You must ensure to not supress any material information while providing your personal information for any purposes including but not limited to documentation, proof of identity, identification purposes or proof of address for any statutory benefits or compliance as required by the State or any of its instrumentalities.
  • You must not initiate or register a false or frivolous grievance or complaint with the Data officer.
  • You must ensure that the information provided is authentic, accurate and true to your knowledge while exercising your rights to correction and erasure requests.


We at Subex implement the following measures to ensure the data privacy and data protection are taken care.

  • Only collect necessary data and limit access to data
  • Identify sensitive data and classify it.
  • Monitor access to sensitive data.
  • Use endpoint security systems to protect your data.
  • Implement a risk-based approach to security.
  • Train employees to be diligent for phishing and other Cybersecurity risks.
  • Use multi-factor authentication to ensure only authorized persons are given only required access.
  • Stay on top of software updates and Vulnerabilities.
  • Encrypt data and take back up of critical data.
  • Establish and implement cybersecurity policies and update it as and when needed.

Breach Notification

In the case of personal data breach, the Data fiduciary shall without any undue delay inform the Data Protection Officer within a reasonable time period.


First, what is a cookie? Unfortunately, it is not a sweet treat that you get for having read this far. A “cookie” is a small data file that is stored on users’ computer, tablet, phone or other device when the user visits a website. Some cookies are deleted when the user close down his/her browser. These are known as session cookies. Others remain on users’ device until they expire or the user deletes them from user’s cache. These are known as persistent cookies. Persistent cookies enable the website to “remember” things about a returning user.

  • Subex’s website uses cookies to collect certain standard information from you. Assessing your requirements to deliver content more relevant to you and your interest and to improve the website;
  • To provide you with a personalized experience when visiting our website;
  • Provide statistics to Subex on how Subex website and portals are used; etc.

The preferences are divided into the following categories:

  • Necessary

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Functional

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

  • Advertisement

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

  • Uncategorized

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

You do not have to accept use of cookies on the Subex website; rather, you can set your browser to reject use of cookies. But, if you decline use of cookies, you may have a reduced experience on our website. You can also delete cookies from your device. To set your browser to reject use of cookies or to delete cookies on your device, please find further information in documentation of the browser you use.

More information on cookies can be found at and on other websites. Below is a list of the Cookies used in Subex website:

• _utma
• _utmb
• _utmc
• _utmz
• _cq

Please look at the Cookie Policy to enable access or disable access to the Cookies. We also may use Google Analytics to help us analyze the use of our website. Google Analytics generates statistical and other information by using cookies. This allows generation of reports about the use of the website. Google holds this information and provide us access to it. Google’s privacy policy is available at:

By using the Subex website, you agree to use of cookies for the limited purposes described above.

Changes to this policy:

We may choose to review and change this Policy from time-to-time and at any time. You should check this page periodically and whenever you have questions about how we manage privacy as changes are binding on you. If we decide to change this Policy in a manner which significantly impacts how we use, share or secure your personal data, if collection of that data was based on your consent, we will attempt to give you a chance to “opt-out” if doing so is allowed by law and is reasonably practical.

Where does this policy not apply:

While we generally respect your Personal Data, as noted in the Your Rights section, certain rights are presently only applicable when governed by the GDPR or where such rights are otherwise required to be given under applicable law. Also, this Policy also does not apply where we are processing Personal Data as a Processor for another party (such as we may do with respect to Personal Data from our customers). Our processing of Personal Data as a Processor is controlled and governed by our agreements with such third parties and their Privacy Policies

Effective 28th February 2024

Data Protection Officer:


Sl. No. Personal Data Element Mandatory Purpose
1. Full Name Yes Verification
2. Business Email Yes Verification and communication
3. Company Yes Employee verification, marketing, and analytics.
4. Job Title Yes Employee verification
5. Country Yes  
6. Phone Number Yes Verification and communication
7   No  
8. Qualifications Yes Employee verification
9. Working Organization Yes Verification, marketing and analytics
10. CV Yes Employment
11.   No Employment
12. IP Address Yes  

Objective :

India has enacted the ‘The Rights of Persons with Disabilities Act’, 2016 (“RPWD Act”) under which Subex is required to develop and publish a policy, with certain required provisions, related to employment of persons with disabilities (Chapter IV (8)(3)). The objective is to provide the policy required under the RPWD Act.

The RPWD Act also provides that employers must:

  1. manage complaints related to the Act (Chapter II (3));
  2. maintain certain records related to employment of persons with disabilities and provide the records for inspection by Authorities (Chapter IV (9)); and
  3. maintain certain standards related to accessibility (Chapter VI (15)).

More important than complying with the RPWD Act, this policy is intended to state Subex’s commitment – even without the RPWD Act — to non-discrimination in the workplace and to clearly state that includes both a commitment to ensuring a workplace free of discrimination based on disabilities and a workplace where Subex will make reasonable accommodations to assist persons with disabilities with success in their jobs.

The full policy is stated below but the short form of this policy is:

  1. Subex does not allow discrimination against any person based on Subex makes employment decisions based on merit and provides and promotes equal opportunity to all regardless of disability;
  2. Subex will make reasonable accommodations to persons with disabilities to assist them in succeeding in their jobs; and
  3. Subex will comply with applicable law including the RPWD A copy of the RPWD Act is attached for easy reference.

When and to whom does this policy apply?

This policy’s specific provisions apply to Subex Limited and its affiliates in India (together, “Subex” or “Company”). However, the fact that this policy’s specific provisions only apply to Subex Limited and affiliates in India is not meant, in any way, to undermine or minimize Subex’s general, global, commitment to compliance with the law and to fair, non-discriminatory treatment.

This policy of equal opportunity is applicable to all the aspects of employment cycle, including the application and hiring process, corrective action, promotion and transfer, selection for training opportunities, compensation, termination and the application of service, retirement and employee benefit plan policies. Consistent with this policy, Subex is committed to making employment decisions based on merit, qualifications, business needs and other job-related criteria and as opposed to caste, creed, disabilities, sex, age, religion etc.

This policy covers all person with disabilities at all stages, including job applicants, interns/trainees, contractors, part-time & full-time employees and including those employees who acquire any disability during their work tenure in Subex.

Standards related to Employment (RPWD Act, Chapter IV, Clause (8)(3))

Subex will make reasonable accommodations for an individual’s disabilities by reasonably providing facilities and amenities to enable such persons to effectively perform their jobs. Exactly what accommodations are made will be decided on a case-by-case basis dependent both on the job function and the particular disability. (Chapter IV (8)(3)(a)).

Subex will also provide a list, as appropriate, of jobs that may have been identified as suitable for persons with disabilities. However, generally, it should be assumed that most, if not all jobs at Subex can be performed by persons with disabilities with Subex making reasonable accommodations. Thus, while the RPWD Act appears to require posting a list of jobs, it should simply be assumed that jobs posted by Subex are open for all applicants regardless of disability. (Chapter IV (8)(3)(b)).

Reasonably accommodations will be provided to any person with a disability during the job application and interviewing process, during on-boarding with the company and post-recruitment such as with respect to performance review, career advancement and training to provide a non-discriminatory environment for all of these purposes. For example, if accommodations are needed to ensure an employee has wheel chair access to attend an offsite training session, Subex will take reasonable efforts to ensure such access is provided or the training is provided at an alternative location. Subex will also reasonably accommodate special leaves required as a result of the disability (such as for medical treatments). (Chapter IV (8)(3)(c)).

In general, reasonable accommodations will be made to ensure assistive devices, barrier free accessibility and other provisions are provided for persons with disabilities. (Chapter IV (8)(3)(d)).

Subex has appointed a Liaison Officer who will assist with and review the recruitment process and provision of facilities and amenities for compliance with this policy. The Liaison Officer is also responsible for ensuring Subexians are educated and aware of this policy. If, at any time during the employment relationship with Subex (whether during the recruiting phase or during employment), an employee with disability requires any accommodation, he/she can immediately bring the issue to the attention of the Liaison Officer. The Liaison Officer can be contacted at: EO-Liaison- (Chapter IV (8)(3)(e)).

In no case will a person with a disability be required to pay any part of the costs for providing the reasonable accommodation. (Chapter IV (8)(4)).

Standards related to Accessibility (RPWD Act, Chapter VI, Clause 15)

Subex will comply with all Guidelines Standards as mentioned under the RPWD Act and Rules 2017, to the extent as applicable.

Subex will comply with standards of accessibility relating to information and communication technology.

Subex will comply with transport (bus) requirements to the extent applicable to Subex. However, such regulations are generally only applicable to use of cabs with 13 or more seats and, thus, generally not applicable to Subex.

Any person facing accessibility issues with facilities should report to the facilities team or to the Liaison Officer. Any person facing accessibility issues with the website should contact Marketing team or the Liaison Officer.

Records (RPWD Act, Chapter IV, Clause 9)

As required by the RPWD Act, Subex shall maintain records with the following information:

  1. The number of persons with disabilities who are employed and their dates of employment;
  2. The name, gender and address of each such person;
  3. The nature of the disability for each such person;
  4. The nature of the work being done by each such person;
  5. The kind of facilities and accommodations made for each such

Maintaining these records shall be the responsibility of the Liaison Officer. The information shall be maintained in a confidential file which shall only be made available to: (a) the HR and Legal teams as necessary for evaluation and analysis of obligations of Subex under this policy; (b) supervisors and managers for the purposes of assuring they understand the accommodations that will be made; (c) security personnel to the extent required for evacuation planning for emergencies; and (d) authorities as required under Chapter IV, Clause 9(2). In all cases, the information that is shared will be limited to only information that is required to be shared to accomplish the purposes of this policy.

Questions, compliments and complaints (RPWD Act, Chapter II, Clause 3)

If you have any questions, compliments or complaints regarding this policy, the primary point of contact should be the Liaison Officer who can be reached at

If any aggrieved person raises a complaint related to discrimination based on a disability, Subex will conduct an investigation and provide information to the aggrieved person regarding the outcome of the investigation. Any person who has any questions, concerns or complaints about this policy or any issue related to it, the company encourages the employee to talk to the Liaison Officer, his/her Supervisor, Department Head, respective Human Resources Business Partner, the Corporate Human Resources Department or the Legal Team.

Under no circumstance shall any Subexian (including the Liaison officer, a supervisor or manager or a member of HR or legal) take any retaliatory action based on any person raising any good faith complaint (whether to Subex or to any government official) regarding Subex’s actions related to this policy.

Document Version Control

Version 1.0September 2018Legal DepartmentDrafted Equal Opportunity Policy

Approved and authorized by:

David Halvorson, General Counsel

Vinod Kumar, Chief Executive Officer

Mohan Sitharam, Chief People Officer

Introduction :

Subex, like all employers, must collect, store and process data relating to its employees, contractors and applicants in order to manage the employment relationship or potential employment relationship. Subex is committed to being transparent regarding how it collects and uses that data and is committed to meeting its data protection obligations.

What information does Subex collect?

Subex collects and processes a range of information about you and the list of such data may seem lengthy at first glance. However, you will quickly understand that such data is necessary to properly manage the employment relationship with you and is of the type of data normally processed by employers. The types of data may include:

  • your name, address and contact details, including email address and telephone number, date of birth and gender;
  • the terms and conditions of your employment;
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with Subex;
  • information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
  • details of your bank account and national insurance number;
  • information about your marital status, next of kin, dependents and emergency contacts;
  • information about your nationality and entitlement to work in the UK;
  • information about your criminal record;
  • details of your schedule (days of work and working hours) and attendance at work;
  • details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;

assessments of your performance, including appraisals, performance reviews and ratings, training

  • you have participated in, performance improvement plans and related correspondence;
  • information about medical or health conditions, including whether or not you have a disability for which Subex needs to make reasonable adjustments;
  • details of trade union membership; and
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

Subex collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

In some cases, Subex collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.

Data is stored in a range of different places, including in your personnel file, in Subex’s HR management systems and in other IT systems (including Subex’s email system).

Why does Subex process personal data?

Subex needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefit and insurance entitlements.

In some cases, Subex needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the country of employment, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.

In other cases, Subex has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee/applicant data allows Subex to:

  • run recruitment and promotion processes;
  • maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
  • operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
  • operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
  • operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
  • obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
  • operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that Subex complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
  • ensure effective general HR and business administration;
  • provide references on request for current or former employees;
  • respond to and defend against legal claims; and
  • maintain and promote equality in the workplace.

Where Subex relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.

If we keep certain special categories of personal data, such as information about health or medical conditions, it is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).

Where Subex processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.

Who has access to data?

Your information will be shared internally within the Subex companies, including with members of the HR and recruitment team (including payroll), your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.

Subex shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks. Subex may also share your data with third parties, for example, in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.

Subex also shares your data with third parties (including Subex (UK) affiliate companies) that process data on its behalf in connection with payroll, the provision of benefits and the provision of occupational health services and travel advisors and travel agencies in connection with your business travel needs.

Your data may be transferred to countries outside the European Economic Area (EEA) to: (a) Subex (UK) affiliate companies to allow management, accounting and finance and HR at the affiliates to process the data for purposes as specified above; and (b) to third parties such as travel agencies and travel companies to allow services to be provided to you. Data is transferred outside the EEA on the basis of Data Processing Agreements including Standard Contractual Clauses.

How does Subex protect data?

Subex takes the security of your data seriously. Subex has internal policies and controls in place to mitigate the risk of your data being lost, accidentally destroyed, misused or disclosed, and or accessed except as outlined in this policy/

Where Subex engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

For how long does Subex keep data?

Subex will generally hold your personal data for the duration of your employment and for seven years following the end of your employment.

Your rights

As a data subject, you have a number of rights which may include the right to:

  • access and obtain a copy of your data on request;
  • require Subex to change incorrect or incomplete data;
  • require Subex to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where Subex is relying on its legitimate interests as the legal ground for processing; and
  • ask Subex to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override Subex’s legitimate grounds for processing data.

If you would like to exercise any of these rights or have concerns on whether Subex has complied with the law, please contact the Subex Data Protection Officer whose contact information is at the end of this policy.

If you believe that Subex has not complied with your data protection rights, you may also contact the Information Commissioner.

What if you do not provide personal data?

You have some obligations under your employment contract to provide Subex with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide Subex with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable Subex to enter a contract of employment with you, to process payment of your salary and to administer certain benefits. If you do not provide other information, this will hinder Subex’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

Is Automated decision-making employed using your personal data?

No, decisions are not based solely on automated decision-making.

Who can I contact for more information?

Subex (UK) Limited (“Subex”) is the data controller for the data discussed in this policy. Subex’s mailing address is 1st Floor, Rama, 17 St Ann’s Road, Harrow, Middlesex, HA1 1JU UK. You may also contact your HR representative or the Data Protection Officer whose contact details are set out below.

Effective 25 May 2018

Data Protection Officer:

Introduction :

Subex believes in high principles of integrity in doing its business. This Policy sets forth the respective principles and rules and how anti-bribery practices are implemented. This Policy addresses a variety of contexts in which bribery issues may arise.

Applicability & Purpose

This policy apply to all officers, directors, managers, employees (hereinafter referred as to the “Subexians”) of any Subex group company (“Subex”) (including employees temporarily transferred to affiliates and vendors), agents, representatives or anyone else doing business in the name of or with Subex, including the suppliers, contractors, or subcontractors (collectively referred to herein as “Covered Parties”).

Subex has a zero-tolerance approach to acts of bribery, by Subexians or Covered Parties. Any breach of this policy will be regarded as a serious matter of concern by Subex which is likely to result in disciplinary action.

It is our policy to conduct all our business in an honest and ethical manner. The purpose of this policy is to establish controls, implement and enforce effective systems to ensure compliance with all applicable anti- bribery and corruption regulations.

Definition of Bribery

Bribery means offering, giving or promising (or authorizing someone to offer, give, or promise) an improper benefit, directly or indirectly, with the intention of influencing or rewarding the behavior of someone to obtain or retain a commercial advantage.

For purposes of this Policy, each of the examples below is referred to as a “bribery offence”.

1. Bribes

  • A Bribe is an inducement or reward offered, promised or provided in order to gain any commercial, contractual, regulatory or business or personal advantage.

*An inducement is something which helps to bring about an action or desired result

*A business advantage means that one of the party is placed in a better position (financially, economically, or by way of reputation, or in any other way which is beneficial) either than its competitors or than it would otherwise have been had the bribery or corruption not taken place.

2. Kickbacks

Payments of any portion of a contract made to employees of another contracting party or the utilization of other techniques, such as subcontracts, purchase orders or consulting agreements, to channel payment to public officials, political parties, party officials or political candidates, to employees of another contracting party, or their relatives or business associates.

3. Extortion

Directly or indirectly demand or accept a bribe, facilitation payment or kickback through force or threat.

Gifts & Hospitality

The policy does not prohibit normal and appropriate hospitality to or from third parties.

The practice of giving gifts and hospitality is recognized as an established and important part of doing business. However, it is prohibited when they are used as bribes. Subexians must consider that practice of gifts and hospitality varies between countries and sectors and what may be normal and acceptable in one country may not be so in another. To avoid committing a bribery offence, the gift or hospitality must be:

  1. Reasonable and justifiable in all the circumstances
  2. Intended to improve the image of Subex, better present its products and services or establish cordial relations. The giving or receiving gifts or hospitality is acceptable under this Policy if all the following requirements are met:

a. It is not made with the intention of influencing a third party to obtain/ retain business or a business advantage or to reward the provision or retention of business or a business advantage or in explicit or implicit exchange for favours/ benefits or for any other corrupt purpose

b. It complies with local laws and customs

c. It does not include cash or a cash equivalent (such as gift certificates or vouchers)

d. It is appropriate in the circumstances. For example, in U.S. it is customary for small gifts to be given at Christmas time or a gift during Diwali in India

e. Considering the reason for the gift or hospitality, it is of an appropriate type and value and given at an appropriate time. It is given openly, not secretly and in a manner that avoids the appearance of impropriety


Anti-Bribery Committee shall be reachable at

What is unacceptable (Red Flags)

The following is a list of things that may indicate the possible existence of corrupt practices and should be kept in mind:

    1. Accept an offer of a gift of any size from any Third Party which is in negotiation with, or is submitting a proposal with Subex
    2. Give, promise to give or offer, any payment, gift, hospitality or advantage with the expectation or hope that a business advantage will be given or received or to reward a business advantage already given
    3. Give, promise to give or offer, any payment, gift or hospitality to a government official, agent or representative to “facilitate” or expedite a routine procedure
    4. Accept or solicit any payment, advantage, gift or hospitality from a Third Party that you know or suspect is being offered with the expectation that it will obtain a business advantage for them
    5. Threaten or retaliate against, another employee who has refused to commit a bribery offence or who has raised concerns under this Policy
    6. Engage in any activity that might lead to a breach of this Policy

Anti Bribery Compliance, Awareness and Training

Anti-bribery awareness is a mandatory requirement. Dissemination of this policy for new joinees shall be carried out at the time of induction and this policy shall be shared with all existing Subexians.  At a minimum, all Subexians in a position to give or receive bribes, or to detect such activity, should receive anti-corruption compliance training.

Training should highlight:

  • Company’s commitment towards Anti-bribery
  • Anti-Bribery policies and procedures
  • Details of Anti-bribery Committee
  • Potential “red flags”
  • How to report and escalate violations or potential violations

Along with employees in Procurement, facilities and administration, sales, finance, and partner management teams, and any other team which deals with external parties shall be provided training, on an annual basis. All Subexians shall be provided with a copy of this policy. Every Subexian shall read, understand and comply with this Policy. If any Subexians has doubts or concerns, he / she should contact Legal team or the Anti bribery Committee.

Adopting policies for third parties

Subex expects all Covered Parties doing business with Subex to approach issues of bribery and corruption in a manner that is consistent with the principles set out in this Policy. Subex requires all Covered Parties to cooperate and ensure compliance with these standards, to continue the business relationship.

In order to maintain the highest standards of integrity, with respect to any dealings with a Covered Party, following must be ensured by Procurement and Partner Management team (as the case may be):

  1. For every substantial value deal (as decided by the Anti bribery Committee) conduct due diligence enquiries to review the integrity records of any Covered Party before entering a commercial relationship with them
  2. Fully document the engagement process and the final approval of the selection of any Covered Party
  3. Implement a program to provide appropriate information on this Policy to all Covered Parties engaged in business relationship with Subex
  4. Make a formal commitment in writing by Covered Parties, to abide by Anti-bribery provisions of Subex. Contractual agreements will include appropriate wording making it possible to withdraw from the relationship if any of the Covered Parties fail to abide by this Policy
  5. Fees and commissions agreed shall be appropriate and justifiable remuneration for legitimate services rendered

In the event of any doubt on the integrity of a Covered Party, it is the employee’s responsibility to contact the Anti-Bribery Committee via e-mail or in person as soon as possible.

Communication & Training

  1. HR team shall ensure that all Subexians are aware of the Policy, the Policy shall be uploaded on the Subex NET.
  2. HR team shall ensure that training on this Policy will form part of the induction process for all Subexians
  3. Subexians will also be communicated in case of any changes or updates in the Anti-Bribery Policy
  4. Legal team shall be responsible for governance of this policy by tracking the actions of stakeholders on compliance tool. Legal team shall generate a report of compliance which shall be presented to Board of Directors.
  5. Subex’s zero-tolerance approach to bribery and corruption must be communicated to all Covered Parties at the outset of our business relationship with them and as appropriate thereafter.
  6. For any concerns or queries, Subexians can reach out at Legal Team or Anti-bribery Committee. For any complaints Subexians can reach out to Anti Bribery Committee.
  7. Management shall provide annual compliance report in relation to this Policy to the Board of Directors


Responsibility Description
Management Overall responsibility for ensuring that this Policy complies with Subex’s legal and ethical obligations, and that all those under Subexians and Suppliers/Contractors of Subex control comply with it
Legal Governance and update to the policy
HR Employee Communication & training
Procurement and Partner Management – Ensuring appropriate communication and training to covered parties – Commitment from Covered Parties about abiding by the policy – Demonstrating higher standards of integrity
Employees Report concerns and instances of breach of the policy to Reporting Managers or Anti-Bribery committee
Anti-Bribery Committee – To resolve the concerns and Queries – To investigate the instances and take appropriate actions. Also, provide report to management – To review the policy periodically

Introduction :

This notice is in relation to the consumer data privacy regulations under the California Privacy Rights Acts(“CPRA”) and the California Consumer Privacy Act (“CCPA”). Some of the sections in the main Privacy Policy and would read into this Notice.

The objective of this Notice is intended to provide all Subex users and job applicants who are California residents with the following notice concerning our use of your personal data:


General Requirements

The basic requirements of maintaining the personal data through its life cycle i.e. collection, processing, storing, transferring and disposal are based on the explicit purposes mentioned in the Privacy policy and are specifically compatible to the purpose.

This privacy notice section for California residents supplements the information contained in this Notice and it applies solely to all visitors, users, and others who reside in the State of California. 

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The following is a list of categories of personal information which need to be articulated if collected from California residents within the last twelve (12) months.

We only collect the following information only after obtaining consent from you:

  1. Identifiers such as a real name, Internet Protocol address, email address, account name,
  2. Characteristics of protected classifications under California or federal law. The California protected characteristics are as follows:
    • national origin (Only when consent is obtained.
  3. Geolocation data
  4. Professional or employment-related information
  5. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). (This includes the name or address of a student or their family members; personal identifiers of the student such as a student number; and any information that indirectly identifies a student.) ( Only when consent is obtained).
  6. Categories of personal information described in subdivision (e) of Section 1798.80, such as name, address and telephone number.
    Education information, such as information provided on your transcript. Professional or employment information, such as information provided on your resume.


We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases on our Service.
  • Automatically from you. For example, through cookies we set on your device as you navigate through our Service.
  • From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, third-party vendors for payment processing, or other third-party vendors that we use to provide the service to you.

For Subex Job Applicants or Employees Residing in California

When applying for a job position with Subex, we may collect these specific categories or personal data as described in Annexure I of the Privacy Policy.

The foregoing information is collected and used for the express and limited purposes of:

We use the personal data collected for the specified purpose only. We also retain only until there is a reasonable assumption that such retention no longer serves the express and limited purposes for which your personal data was collected, upon which the information will be securely deleted.

Under CCPA/CPRA, personal information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CPRA’s scope, such as:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994


Your Rights under the CPRA/CCPA

The Act provides California residents with specific rights regarding their personal information. If you are a resident of California, you have the following rights:

 The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.

 The right to request. You have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once received and your request and identity confirmed we will disclose:-

  • The categories of personal information we collected about you
  • The categories of sources for the personal information we collected about you
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom we share that personal information
  • The specific pieces of personal information we collected about you
  • If we sold your personal information or disclosed your personal information for a business purpose, we will disclose to you:
    • The categories of personal information categories sold
    • The categories of personal information categories disclosed.

Subex is required to provide such disclosures to you in writing, by postal or electronic mail at your option, in a readily useable format that allows you to transmit the information from one entity to another without hinderance. Subex may, at its discretion, require you to authenticate your identity and request prior to our acting upon any request for disclosure.

Disclosures will be provided to you at no cost.

You may submit your request for disclosures by email at

 Right to Correct

You have the right to request that Subex correct any of your personal data which we have collected that is inaccurate.  Once we have received and verified your individual request for correction, Subex will use commercially reasonable efforts to correct the inaccuracies pursuant to your direction.

 Sale of Personal Information

We do not conduct any “Sale or Personal Information” or have any commercial purposes for collecting Personal information. That means we do not sell your personal data and do not share the information for commercial purposes.

In the event that some process is regarded as a sale of Personal data as per CCPA/CPRA, you have the right to direct the organization to not share your personal information to Third Parties.

The right to delete Personal Data. You have the right to request the deletion of your Personal Data, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct Our Service Providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our Service Providers to:

  • Complete the transaction for which We collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to direct us to limit the use and disclosure of your Sensitive Personal Information to uses/disclosures that are reasonably necessary to provide our goods and services, or as needed:

  • to ensure security and integrity; to prevent fraud or illegal activity.
  • for physical safety.
  • for short-term, transient use, including for non-personalized advertising.
  • to perform services on behalf of the business.
  • to verify or maintain the quality or safety of a service or device owned, manufactured, manufactured for, or controlled by us.
  • and to improve, upgrade, or enhance such services or devices.

Right to Access Information about Automated Decision Making and Right to Opt-Out of Automated Decision-Making Technology

We do not use Automated Decision-Making technology and therefore no information is generated from automated decision-making techniques.

Right of No Retaliation

You have the right not to be discriminated against for exercising any of our consumer’s rights, including by:

  • Denying goods or services to you
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to you.
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or service.


Use of Personal Information for Business Purposes

We may use or disclose personal information We collect for “business purposes” (as defined under the CCPA/CPRA), which may include the following examples:

  • To operate our Service and provide you with our Service.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Service.
  • To fulfil or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.
  • For internal administrative and auditing purposes.
  • To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.

If we decide to collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes we will update this Privacy Policy.


Disclosure of Personal Information for Business Purposes

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business:

Please note that the categories listed above are those defined in the CPRA. This does not mean that all examples of that category of personal information were in fact disclosed but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.

When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.


Sharing of Personal Information

We may share your personal information identified in the above categories with the following categories of third parties:

  • Service Providers
  • Our affiliates
  • Our business partners
  • Third party vendors to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell the personal information of Consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by contacting Us.

If you have reason to believe that a child under the age of 13 (or 16) has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.

For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

Get started with Subex
Request Demo Contact Us
Request a demo