For any questions about this Policy or our data protection practices or to exercise any rights you may have in relation to your personal data under applicable law, you use our self-service portal available here. Our postal address for any questions is:
Legal Compliance – Data Protection and Privacy
Tata Communications (America) Inc.
2355 Dulles Corner Boulevard
Herndon, VA 20171
For individuals located in Germany, Singapore and India you can contact our Data Protection Officer (“DPO”) by using our DPO contact form available here
Account Information: Contact and related information that allows us to communicate with you. We obtain this information when you order or register to receive any of our Services or information about our Services. We collect or receive information from you when you sign up for our Services, create an online account with us, make a purchase, request details or a call back, submit a technical, customer or billing support request, participate in a contest or survey, provide us with feedback or otherwise contact us. The type of information that we collect depends on your interaction with us, but may include, your name, address, telephone number (business or personal), email address (business or personal), postal/billing address (business or residential), and any other information that you choose to provide or is necessary for us to provide Services to you.
Billing Information related to your commercial and financial relationship with us, such as the services we provide to you, the telephone numbers you call and text, your payment history, your credit history, your credit card numbers, social security number(where permitted by law), security codes and your service history.
Technical & Usage Information related to the Services we provide to you, including information about how you use our networks, services, products or websites. Some examples include:
Equipment Data: Information that relates to and identifies the equipment on our and your networks that you may use or with which you interface for the Services you are receiving. Information might include equipment type, device identifiers, device status, serial numbers, settings, configuration, and software type.
Network Performance & Usage: Information about the operation of the equipment, Services and applications you use on our networks. Examples of this might include: wireless device location and type; call records including where a call was made from and to as well as its date, time, duration and cost (but excluding the content of the calls); the number of text messages sent and received; voice minutes used; bandwidth used and similar information (though We also collect information like transmission rates and delays, data associated with remote monitoring services and security characteristics, and information about your use of our interconnected voice over internet protocol (VoIP) services (including services purchased offline).
Location, direction and journey information: this will be collected based on any connected device you may use our Services on. It includes your ZIP/postal code and street address, as well as the whereabouts of your wireless device. Location Information is generated when your device communicates with cell towers, Wi-Fi routers or access points and/or with other technologies. Any connected device that you own, or which is otherwise linked to you will generate such information that will then be associated with you.
Video footage/images: when you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
We may collect the above personal data in the course of providing Services to you or to someone who has provided you with access to our Services. We may obtain this information in a number of ways, for example:
directly from you: for example, when you make a purchase or provide your details in order to subscribe to our Services, submit a web enquiry or set up an account with us;
automatically: when personal data is generated through your use of our Services or our Sites; and
from third party sources: we sometimes collect personal data about you from trusted third parties, in connection with Services that we provide to you or propose to provide to you, where appropriate and to the extent we have a justified basis to do so. These include fraud-prevention agencies, business directories, credit check reference/vetting agencies and connected network providers. Anyone who provides you with access to your Services may also provide us with your personal data in that context.
We may combine the personal data that we receive from such other sources with personal data you give to us and with information we automatically collect about you, for example where we need to run a credit check, and then compile a profile of you based on the credit check data and the personal data you have provided.
We set out below some of the ways in which we process personal data:
to fulfil obligations under contract. This includes providing our Services to you; to communicate with you about your use of our Services; to obtain and process payment from you and to fulfil your orders for Services and any obligations on us relating to those services;
for the purpose for which you specifically provided the information to us, including, to respond to your inquiries, to provide any information that you request, to address technical support tickets, and to provide customer service support;
to make our Services and communications more relevant to you, including generating customer profiles, delivering customized content to you, to offer location customization, personalized help and instructions, and to otherwise tailor your experiences while using our Sites or our Services;
to better understand how customers and other third parties access and use our Sites and Services, both on an aggregated and individualized basis;
to administer, monitor, improve and customize our Sites and Services, for our internal operations, including troubleshooting, network management and network optimisation, research and analytical purposes, so that we can provide our customers with a better customer experience;
to notify you about our new product releases and service development, alerts, events, updates prices, terms, special offers and associated campaigns and promotions (including via newsletters). Therefore, we and selected third parties may use your personal data to send you marketing communications about products and services based on your preferences and interest. You have a choice and can object to our use of your personal data for marketing purposes. When we are required by law to do so, we will obtain your consent before using your personal data for marketing purposes. If you do opt out, we will stop sending you marketing communications, but we will continue sending you non-marketing communications that relate to the Services you are using (for example billing information, software update communications, password resets etc);
if you attend an event, we may process information about you gathered in relation to the event and may share information about your attendance with your company. We may also permit designated event partner or conference sponsors to send you communications related to the event if you have shared your contact information at the event. Please note that sponsors from other companies may directly request information about you at their conference booths or presentations, and their use of your personal data that you provide to them will be subject to their privacy policies;
to assist us in advertising our products and services in various mediums including, sending promotional emails, advertising our services on third party sites and social media platforms, direct mail, and by telemarketing;
where we ask you for specific consent to a use of your personal data , we will use it in the ways we explain at the time of obtaining that consent; and in any way required by law, regulation or the public interest such as in response to requests or orders by government or law enforcement authorities conducting an investigation or to respond to an emergency. This use may require us to disclose your personal data including contact details and/or information about your usage of our Services to relevant authorities or to block, intercept or otherwise interfere with your use of our Services and any personal data generated by that usage. Achieving a balance between, on the one hand ensuring protections for the privacy and other fundamental human rights that may be exercised through use of our Services and, on the other, the exercise of lawful investigatory powers for the public good on the other can be complicated. We do not accede to such requests without careful consideration of all the circumstances. Even where we are legally obliged to disclose personal data , we will give careful consideration to the extent to which doing so will infringe on the fundamental rights, including the right to privacy, of any person whose personal data is to be disclosed or intercepted and we take whatever steps are practicable to mitigate and minimise any such infringement.
Subject to obtaining your consent as may be required in some jurisdictions, we may share or disclose your personal data as necessary for the purposes described above and as further detailed below:
Affiliates. We may disclose the personal data we collect from you to our subsidiaries. Where permitted by law and with your consent where required, our affiliates may use your information for the purposes indicated in this Policy, including to market their products and services to you. In processing your personal data, our affiliates follow practices at least as protective as those described in this Policy. A list of our subsidiaries and affiliates covered by this Policy and their locations is available.
Business, Sales and Marketing Partners. We may offer some of our Services together with or through third parties who may be system integrators, resellers, solution partners, network partners and affinity organizations. If we do so, we will need to share your personal data with these third parties to assist in providing and marketing that Service to you, as well as to enable the third parties to market their own products and services to you (with your permission, if required). We may also share your personal data with companies that are system integrators, resellers, solution partners, network partners and affinity organizations, and whom we believe might offer products and services of interest to you (again with your permission, if required).
Third-Party Service Providers. We employ other companies and individuals to perform functions that are necessary for the provision of the Services or for any of the purposes described above. Examples include: where permitted, jointly offering a product or service, sending communications, processing payments, assessing credit and compliance risks to give you access to our Services, fraud and financial crime prevention detection and prosecution, analysing data, providing marketing and sales assistance (including advertising and event management), customer relationship management, providing training, these third parties include; system integrators, resellers, solution partners, network partners, affinity organizations, third party vendors, service providers, contractors or agents, and other carriers or providers that we may disclose personal data to where necessary to provide our Services or fulfil your requests or orders, as well as entities that provide website hosting, service/order fulfilment, customer service, and credit card processing, effecting payments, among others. These third-party service providers have access to personal data needed to perform the functions we have entrusted to them but may not use it for other purposes where they process your personal data on our behalf. Whenever we share personal data with third parties, we take steps to ensure that third party contracts contain appropriate protections for your personal data.
Business Transfers. If we are acquired by or merge with another company, or if substantially all of our assets are transferred to another company (which may occur as part of bankruptcy proceedings), we may transfer your personal data to the other company. We may also need to disclose your personal data before any such acquisition or merger, for example to our advisers and any prospective purchaser’s adviser.
Legal Protection and in Response to Legal Process. We may disclose the personal data we you hold about in order to comply with applicable law, in response to or to pursue judicial proceedings, court orders and in other legal processes. We may also disclose, transfer or share it when we believe in good faith that disclosure is necessary: to protect or enforce our rights; protect your safety or the safety of others; investigate or prevent fraud; to respond to government requests – including from government and national or international law enforcement authorities outside of your country of residence – or for national security, public safety and/or law enforcement purposes. Personal data shall only be disclosed when we in good faith believe that we are obliged to do so in accordance with the law or that there are compelling reasons of public interest for us to do so. This will only be after a careful evaluation of all legal requirements and other relevant considerations, including any infringement on the fundamental rights to privacy or freedom of expression that might be impacted by the disclosure.
Sharing Aggregated and De-Identified Information. We may use your personal data to create aggregated and anonymised information which we may share with third parties. Nobody can identify you from that anonymised information. In other circumstances we may pseudonymise your personal data before sharing it with a third party so that we can re-associate you with the information once it has been processed and returned to us. Whilst the third party will not be able to identify you from the pseudonymised information, we will still be able to. We treat pseudonymised data as though it were personal data and ensure the same level of protection for it when sharing with third parties.
Subject to obtaining your consent as required in some jurisdictions, Tata Communications may transfer personal data across national borders in running our business and delivering the Services. In doing so, your personal data may be transferred to and processed by other Tata Communications entities and/or unrelated third parties outside of the country where you are located or where the personal data was collected.All Tata Communications entities have signed an intra-group agreement applicable to transfer of personal data within and outside of the EU or to jurisdictions which do not provide adequate levels of protection for the personal data under applicable law. A list of our affiliates and their locations is available here. This agreement is based on the EU Commission standard contractual clauses (and which therefore contractually impose a standard of protection for the personal data transferred that is equivalent to that offered within the EU). This way we ensure that adequate protections are in place for the security of your personal data when we transfer it to one of our affiliates, wherever they may be located in the world. You can obtain a copy of these clauses by contacting us.When we share your personal data with third parties unrelated to the Tata Communications Group, we require all such third parties to respect the security of that personal data and to treat it in accordance with applicable data protection laws. We also ensure that at the very least, the same level of protection of data is provided by the third parties, as is provided to you by us. Where we engage third-party service providers to process your personal data on our behalf, we do not allow them to use that personal data for their own purposes and only permit them to process it for our own specified purposes and in accordance with our instructions. When initiating such processor relationships, we will ensure that adequate safeguards are in place for your personal data using the data transfer mechanism most appropriate to the personal data and to the countries within or to which the personal data may be transferred. This mechanism may include: the use of the EU approved contractual clauses; ensuring that the recipient has implemented EU approved Binding Corporate Rules governing transfer or personal data; or confirming that the country in which the recipient is located has been formally confirmed as providing adequate protections for personal data by the EU.For relevant jurisdictions only (e.g. Mexico, Russia, China and Argentina): By using the Services, you expressly agree to the transfers of personal data to third countries where this requires your consent.
Where permitted by applicable law and, if required, with your consent, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail or other communication you have received or through our dedicated privacy portal accessible here. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you non-marketing communications about your account or any Services you have requested or received from us.
We may invite you to post content on our Sites, including your comments, pictures, and any other information that you would like to make available on our Sites. If you post content to our Sites, the information that you post will be available to other visitors to our Sites. If you post your own content on our Sites or Services, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
Our Sites and our online Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites neither do we have any control over information that is submitted to or collected by, these third parties.Our Sites may include social media plugins such as “like” and “share” buttons. By clicking on such a plugin, the data you want to “like” or “share” will be provided to the relevant social media site. We are not responsible for the practices of such third-party social media sites once you have clicked on any such “like” or “share” button.
At Tata Communications, security is our highest priority. We design and deliver our systems and Services with your security and privacy in mind. We maintain a wide variety of compliance programs and accreditations that validate our security controls. Click here to learn more about the security compliance programs in place for [certain of] our Services. To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the personal data we collect through our Sites and in the provision of our Services. We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal data that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal data that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so. If you have a user name and password to access our Services, you should take steps to protect against unauthorized access to your password, phone and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity or other security breach caused by you.
Under the law of many countries, you have certain rights in relation to your personal data that is held by us and we respect and observe these rights. Such rights may include the rights to: ask us to confirm that we are processing your personal data, ask us for a copy of your personal data (including information regarding who we share your personal data with); to correct, delete or restrict (stop any active) processing of your personal data; to limit the use and disclosure of your personal data; and to ask us to share (port) your personal data to another person, such as another provider of telecommunications services.In addition, in certain countries you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). Where applicable, you can also withdraw the consent you have given us to process your personal data and request information on the consequences of not providing such consent.These rights may be limited, for example: if fulfilling your request would reveal personal data about another person; where it would infringe the rights of a third party (including our rights); or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.To exercise any of these rights, to raise any concerns about our privacy practices, or to obtain other privacy related information, you can get in touch with us, see our contact details above. If you have unresolved concerns, you may have the right to complain to your relevant national data protection authority. For example, in the UK this is the Information Commissioner’s Office (ICO) – https://ico.org.uk/make-a-complaint/. Please do contact us before making such a complaint however as we would appreciate the opportunity to investigate and address your concerns first.
As described in this Policy, we may make your personal data available to third parties for their marketing purposes. If you do not want us to share your personal data with third parties, you may opt-out of this information sharing by emailing us at link
If you are a California resident, then, subject to certain limits under California law, you may ask us to provide you with a list of certain categories of personal data we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year as well as the identity of those third parties. To make such a request, residents of the State of California may contact us through our dedicated privacy portal accessible here.
We retain personal data for as long as and/or for no longer than we are permitted to do by applicable law, regulation, tax or accounting practice or the terms of any governmental telecommunications licenses or authorizations to which we may be subject. We also delete personal data in accordance with any contractual obligations that we may be subject to (for example if we are processing personal data on behalf of one of our customers rather than for our own business purposes).Where maximum or minimum data retention periods are not otherwise stipulated, we determine appropriate retention period for the personal data by considering: the amount, nature and sensitivity of the personal data contained in the records; the potential risk of harm from unauthorised use or disclosure of personal data; the purposes for which we process the personal data and whether we may be able achieve those purposes through other means; whether the personal data can be permanently and effectively anonymised; the security measures in place in relation to that personal data and any other relevant factors.For China only: your personal data may be stored in countries in which we transfer personal data as per the information provided under International Transfer of Personal Data above