This Privacy Policy (the “Policy”) describes how Subex collects, uses and shares both information you provide to us and other information we collect about you in operation of our business.
In this Policy, when we use the term “Subex”, “we”, “us”, “our” or similar terms, we are referring to Subex Limited and its affiliate companies including Subex (UK) Limited, Subex Inc., Subex Americas Inc., Subex (Asia Pacific) Pte Ltd, Subex Middle East (FZE), Subex Assurance LLP, Subex Digital LLP and Subex Bangladesh Pvt Ltd.
This policy describes:
- How to Contact Us
- The Information We Collect
- How Long Do We Keep Personal Data
- How Do We Use Personal Data
- Legal Basis for Processing Personal Data
- Sharing of Personal Data with Third Parties
- How we store Personal Data
- Your rights
- Cookies
- Changes to this policy
- Where does this policy not apply?
In certain places in this Policy, we may specifically reference the GDPR or DPDPA. By GDPR, we are referring to Regulation (EU) 2016/679 (General Data Protection Regulation). Similarly, we might refer to Digital Personal Data Protection Act, 2023 (hereinafter referred to as the “DPDPA”) or any other applicable laws, if there is a specific requirement we need to meet. For CPRA/CCPA compliance, we have a specific Notice that reads in continuation to this Notice.
How to contact us:
We are happy to respond to any inquiries you may have regarding collection, use, disclosure, transfer or processing of your personal data or the exercise of any of your rights. If you have questions or would otherwise like to contact us, please contact the Subex Data Protection Officer whose contact information is provided at the bottom of the last page of this policy.
Our registered office is at Pritech Park, SEZ Block -09, 4th Floor B Wing Survey No. 51 to 64/4 Outer Ring Road, Bellandur Village Varthur, Hobli, Bengaluru, Karnataka 560103, INDIA and our website is at www.subex.com. We also maintain offices in Singapore, Dubai, London and Denver (Broomfield), Colorado in the U.S. You can find full contact information for each of these offices at www.subex.com/contact-us.
The information we collect:
It is first important to understand what we mean by “Personal Data”. We are referring to any information that is related to and identifiable with you, personally, that we have in our possession or control. Put more precisely, we mean to use the term Personal Data in the same manner as the GDPR and DPDPA.
Generally, we collect the following Personal Data as provided in Annexure 1
Generally, we collect Personal Data about
(i) our customers, vendors, business associates and potential customers, vendors and business associates (as well as their employees and representatives),
(ii) people who have expressed interest in our products and services (such as through visiting our website, visiting us at trade shows and otherwise by contacting us), and
(iii) our employees, contractors and people who have expressed interest in becoming our employees and contractors.
The types of Personal Data that we collect will depend on the specific purpose for which we are collecting it.
For an employee, we may need to retain the information collected during the job application process (and we may need to periodically update the information) but also we collect additional information such as may be required to provide certain employee benefits or simply to pay salaries. For people expressing an interest in our products such as by visiting our website, we may collect your contact information and other information that allows us to understand your visit to our website better such as IP address, which webpages you have visited and measurement of site performance. Please also see information below regarding our use of “cookies” when visiting our website. For customer, vendors and business associates, we may collect your contact information.
Simply put, it is our policy to retain the information we collect no longer than as reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations.
How do we use Personal Data:
When we collect Personal Data directly from you, we use the personal data for the purposes that are disclosed to you or for purposes that you would reasonably expect. For example, if you send us your CV in response to a job posting, we will use that information for purposes of evaluating you as a job candidate.
If you give us your contact information on our website as part of requesting more information, we expect we would use your contact information to communicate information regarding our products and services with you.
In terms of the DPDPA, we will be actively seeking your consent where legally required to do so.
In case it is consent, we have a defined process of keeping the Consent and dealing with it through the lifecycle of the personal data residing in our environment.
More specifically, we may use your personal data as follows:
- if you are a customer, vendor or potential customer or vendor (or representative/employee of one of these entities), to contact you regarding products and services and generally for marketing and business development activities.
- if you are a business associate (such as a company who might act as a local representative for us, a reseller or some other company who might enter into business transactions with us involving an end customer), or representative of a business associate, to contact you regarding our working relationship and generally for marketing and business development activities; if you are an employee or contractor or job applicant in the European Union, the Subex Privacy Policy and Notice for EU and UK Employees, Contractors and Applicants shall apply. If you are an employee, contractor or applicant outside of the European Union, in accordance with Subex policies; If you have provided personal data in connection with an interest in our products or services, to provide information on our products and services and to provide an overall pleasant and productive experience on our website.
- Other reasons:
- To comply with legal and regulatory requirements.
- For legitimate business interests such as undertaking business research and analysis, managing the operation of our website, and managing our business.
- To assist in reviewing and responding to complaints and questions including complaints and questions you may have.
- To exercise and defend our legal rights or to comply with court orders; and
- To prevent and respond to actual or potential illegal activities and fraud. Data Principal has voluntarily provided her Personal data for:
Subex collects the information of the Data Principal (Employee related information) for the purposes of
- Benefits provided by the State
- Medical emergency
- Medical treatment or health services
- employment or those related to safeguarding the employer from loss or liability, such as prevention of corporate espionage, maintenance of confidentiality of trade secrets, intellectual property, classified information or provision of any service or benefit sought by a Data Principal who is an employee.
We may also use Personal Data we obtain from other sources, as well as data we compile, for the above purposes.
Legal Basis for Processing Personal Data:
When we process the data for the purposes set forth above, it will be based on one or more of the following legal grounds:
- Because it is necessary for us to do so to perform your instructions or a contract with you or your organization.
- To comply with our legal obligations as well as to keep records of our compliance processes or tax records.
- Because of our legitimate interests provided that those interests are not overridden by your interests or fundamental rights.
- Because you have given us your consent to process your personal data in the way we are processing it.
- Because you have either provided Consent or our falling under one of the categories of legitimate use as mentioned in DPDPA.
Sharing of Personal Data with third parties:
We share Personal Data with our affiliate companies, offices and employees internationally. Therefore, your Personal Data may be transferred to locations both inside and outside of the and other locations of Subex. We may also share your personal information outside of Subex such as with:
- Affiliated Companies: We may share your personal data among the Subex family of companies (these are companies which are controlled either directly or indirectly by Subex Limited).
- Third party vendors and contractors and other service providers: We may share your personal data with these third-party vendors in their normal course of their providing services to us. These third parties will be bound by obligations of confidentiality with respect to your personal data.
- Legal and government processes: We may share your personal data to comply with the law or legal processes or in response to a lawful request by a government agency.
- Others pursuant to your consent: We may share your personal data with others pursuant to your consent to do so.
Where the GDPR applies and we transfer Personal Data outside the EU/UK, we will ensure it is protected and transferred in a manner consistent with the requirements of the GDPR. This may include: (a) sending the Personal Data to a country approved by the European Commission; (b) ensuring the recipient has signed a contract based on “model contractual clauses” approved by the European Commission; or (c) if the recipient is in the U.S and item b above does not apply, ensuring he recipient is a certified member of the EU-US Privacy Shield system. If you desire further details on any of these manners of sharing your personal data, please contact our Data Protection Office who contact information is on the last page of this Policy.
How do we store personal data:
Subex keeps your Personal Data in India and Subex takes reasonable steps to protect the security of your Personal Data as customarily done in the industry or as otherwise required by law.
Your Rights:
With respect to any of your personal data governed by the applicable laws (or where otherwise required by law), you have certain rights including:
- Access: With certain exceptions, you have the right to request a copy of personal data we may hold about you. The exceptions include situations where providing your personal data may expose personal data of another person and situations where we are legally prevented from providing the information.
- Rectification: Our goal is that any data, including personal data, that we keep is accurate. If you are aware that we have inaccurate personal data about you and you notify us, we will take reasonable steps to correct it.
- Objecting or restricting processing: Under certain situations, you may be entitled to object to our processing of your personal data or to request we restrict the manner in which we process it. If you would like to object or request restriction, please notify us.
- Portability: Under certain circumstances where you have provided personal data to us, you have the right to request that some of your personal data is provided to you in a structured, commonly used, computer-readable format. Or you may have the right to request we transmit your personal data to a third party in such a format.
- Withdrawal of consent: If our legal basis for processing your personal is based solely on your consent, you have the right to withdraw your consent.
- Requirement to provide data: To know whether providing the personal data is required by a statute, a contract (or necessary to enter a contract) and the consequences of failing to provide the personal data.
- Automated Decision Making: To know whether we use automated decision making with respect to your personal data. We don’t.
- Right to Nominate: You shall have the right to nominate, who shall exercise the rights of the Data on your behalf in the event of death or incapacity of the Data Principal.
- Right of Correction: You shall have the right to request for correction, completion and updating of Personal Data. This includes the right to correct the inaccurate or misleading personal data, complete the incomplete personal data and update the personal data.
- Right to erasure of Personal data: You also have the right to request erasure of their personal data. The Data Processor and the data fiduciary ensures to erase such data upon the request of the Data Principal.
- Right of Grievance Redressal: You shall have the right to redressal of any grievances for any acts or omissions of the Data fiduciary and exercising your rights under the policy.
If you would like to contact us to notify that you wish to exercise one of these rights, please contact our Data Protection Officer whose contact information is on the last page of this Policy.
Please understand that each of these rights is subject to certain conditions under which we may refuse to grant the right such as, in certain cases, where we are legally required to retain certain personal data. If we have basis to refuse your request, we will explain that basis to you.
Your Duties
You also have the right to lodge a complaint with the relevant supervisory authority. If you would like to exercise this right and require assistance in obtaining contact information for the correct supervisory authority, please contact us.
- You acknowledge to comply with the provisions of this privacy policy and all applicable laws in force while exercising your rights under this Policy.
- You must not impersonate any person while providing any data for the specified purpose.
- You must ensure to not supress any material information while providing your personal information for any purposes including but not limited to documentation, proof of identity, identification purposes or proof of address for any statutory benefits or compliance as required by the State or any of its instrumentalities.
- You must not initiate or register a false or frivolous grievance or complaint with the Data officer.
- You must ensure that the information provided is authentic, accurate and true to your knowledge while exercising your rights to correction and erasure requests.
Security
We at Subex implement the following measures to ensure the data privacy and data protection are taken care.
- Only collect necessary data and limit access to data
- Identify sensitive data and classify it.
- Monitor access to sensitive data.
- Use endpoint security systems to protect your data.
- Implement a risk-based approach to security.
- Train employees to be diligent for phishing and other Cybersecurity risks.
- Use multi-factor authentication to ensure only authorized persons are given only required access.
- Stay on top of software updates and Vulnerabilities.
- Encrypt data and take back up of critical data.
- Establish and implement cybersecurity policies and update it as and when needed.
Breach Notification
In the case of personal data breach, the Data fiduciary shall without any undue delay inform the Data Protection Officer within a reasonable time period.
Cookies:
First, what is a cookie? Unfortunately, it is not a sweet treat that you get for having read this far. A “cookie” is a small data file that is stored on users’ computer, tablet, phone or other device when the user visits a website. Some cookies are deleted when the user close down his/her browser. These are known as session cookies. Others remain on users’ device until they expire or the user deletes them from user’s cache. These are known as persistent cookies. Persistent cookies enable the website to “remember” things about a returning user.
- Subex’s website uses cookies to collect certain standard information from you. Assessing your requirements to deliver content more relevant to you and your interest and to improve the website;
- To provide you with a personalized experience when visiting our website;
- Provide statistics to Subex on how Subex website and portals are used; etc.
The preferences are divided into the following categories:
- Necessary
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
- Functional
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
- Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
- Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
- Advertisement
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
- Uncategorized
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
You do not have to accept use of cookies on the Subex website; rather, you can set your browser to reject use of cookies. But, if you decline use of cookies, you may have a reduced experience on our website. You can also delete cookies from your device. To set your browser to reject use of cookies or to delete cookies on your device, please find further information in documentation of the browser you use.
More information on cookies can be found at www.allaboutcookies.org and on other websites. Below is a list of the Cookies used in Subex website:
• _utma
• _utmb
• _utmc
• _utmz
• _cq
Please look at the Cookie Policy to enable access or disable access to the Cookies. We also may use Google Analytics to help us analyze the use of our website. Google Analytics generates statistical and other information by using cookies. This allows generation of reports about the use of the website. Google holds this information and provide us access to it. Google’s privacy policy is available at: https://www.google.com/privacypolicy.html
By using the Subex website, you agree to use of cookies for the limited purposes described above.
Changes to this policy:
We may choose to review and change this Policy from time-to-time and at any time. You should check this page periodically and whenever you have questions about how we manage privacy as changes are binding on you. If we decide to change this Policy in a manner which significantly impacts how we use, share or secure your personal data, if collection of that data was based on your consent, we will attempt to give you a chance to “opt-out” if doing so is allowed by law and is reasonably practical.
Where does this policy not apply:
While we generally respect your Personal Data, as noted in the Your Rights section, certain rights are presently only applicable when governed by the GDPR or where such rights are otherwise required to be given under applicable law. Also, this Policy also does not apply where we are processing Personal Data as a Processor for another party (such as we may do with respect to Personal Data from our customers). Our processing of Personal Data as a Processor is controlled and governed by our agreements with such third parties and their Privacy Policies
Effective 28th February 2024
Data Protection Officer:
dpo@subex.com
ANNEXURE 1
Sl. No. | Personal Data Element | Mandatory | Purpose |
1. | Full Name | Yes | Verification |
2. | Business Email | Yes | Verification and communication |
3. | Company | Yes | Employee verification, marketing, and analytics. |
4. | Job Title | Yes | Employee verification |
5. | Country | Yes | |
6. | Phone Number | Yes | Verification and communication |
7 | No | ||
8. | Qualifications | Yes | Employee verification |
9. | Working Organization | Yes | Verification, marketing and analytics |
10. | CV | Yes | Employment |
11. | No | Employment | |
12. | IP Address | Yes |