This Policy is provided in a layered format, so you can click through to the specific areas set out below that may be of most interest to you.
Regardless of whether you are our customer, a visitor to one of our various Tata Communications websites, or someone we deal with in our day to day business, protecting your privacy is important to us and is a responsibility that we take very seriously.
Who are we? This Policy applies to the different legal entities comprising the Tata Communications Group, each of which may process your personal data. This includes the Group’s UK subsidiary, Tata Communications (UK) Ltd. which is the controller of and responsible for this website. References to “we”, “our or “us” in this Policy refer to the relevant company within the Tata Communications Group that is responsible for processing your personal data, as indicated in any contract for products or services you may hold with us. A list of the legal entities which make up the Tata Communications Group can be accessed here.
Additional information on our personal data practices may be provided in contractual agreements, supplemental privacy statements, or notices provided to you prior to or at the time of collection of your personal data. For the purposes of this Policy, any reference to “Services” is a reference to all the products and services offered by Tata Communications, whether available online or offline, and any reference to “Sites” is a reference to any of the Tata Communications websites (including any mobile version of such websites), whether operated under the banner of Tata Communications or a brand name that we own.
For any questions about this Policy or our data protection practices or to exercise any rights you may have in relation to your personal data under applicable law, you use our self-service portal available here. Our postal address for any questions is:
Legal Compliance – Data Protection and Privacy
Tata Communications (America) Inc.
2355 Dulles Corner Boulevard
Herndon, VA 20171
For individuals located in Germany, Singapore and India you can contact our Data Protection Officer (“DPO”) by using our DPO contact form available here
Account Information: Contact and related information that allows us to communicate with you. We obtain this information when you order or register to receive any of our Services or information about our Services. We collect or receive information from you when you sign up for our Services, create an online account with us, make a purchase, request details or a call back, submit a technical, customer or billing support request, participate in a contest or survey, provide us with feedback or otherwise contact us. The type of information that we collect depends on your interaction with us, but may include, your name, address, telephone number (business or personal), email address (business or personal), postal/billing address (business or residential), and any other information that you choose to provide or is necessary for us to provide Services to you.
Billing Information related to your commercial and financial relationship with us, such as the services we provide to you, the telephone numbers you call and text, your payment history, your credit history, your credit card numbers, social security number(where permitted by law), security codes and your service history.
Technical & Usage Information related to the Services we provide to you, including information about how you use our networks, services, products or websites. Some examples include:
Video footage/images: when you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
We may collect the above personal data in the course of providing Services to you or to someone who has provided you with access to our Services. We may obtain this information in a number of ways, for example:
We may combine the personal data that we receive from such other sources with personal data you give to us and with information we automatically collect about you, for example where we need to run a credit check, and then compile a profile of you based on the credit check data and the personal data you have provided.
We set out below some of the ways in which we process personal data:
In the EU, our justification (sometimes referred to as “legitimate” or “lawful basis” legal basis) for processing any particular category of personal data will vary depending on the information itself, our relationship with the subject of the personal data , the Service being provided, the specific legal and regulatory requirements of the country in which the Services are being provided, the personal data processed and many other factors. Subject to modifications in specific countries, the legal bases for our processing are as follows:
In order to communicate adequately with you as a user of our Services and to respond to your requests, we need to process information about you and therefore have a legitimate interest in processing this information to ensure the efficient and effective operation of our business;
In order to engage in transactions with customers, suppliers and business partners, and to process purchases and effect installation of our products and deliver Services, we need to process information about you as necessary to enter into or perform a contract with you;
We process personal data for marketing and sales activities based on your consent, where it is required and so indicated on our sites or at the time your personal data is collected, or further to our legitimate interest to market and promote our products and services;
We rely on our legitimate interests to process personal data and other information in order to analyse, develop, improve and optimise our Sites, products and Services, and to maintain the security and integrity of our Sites, network and systems. We also have a legitimate interest in using your personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary.; or
because applicable laws (including telecommunications laws), regulations or the public interest require us to, such as to comply with legal processes, law enforcement or regulatory authorities or to assist in the prevention, detection or prosecution of crime or to process an opt-out request.
Subject to obtaining your consent as may be required in some jurisdictions, we may share or disclose your personal data as necessary for the purposes described above and as further detailed below:
Subject to obtaining your consent as required in some jurisdictions, Tata Communications may transfer personal data across national borders in running our business and delivering the Services. In doing so, your personal data may be transferred to and processed by other Tata Communications entities and/or unrelated third parties outside of the country where you are located or where the personal data was collected.
All Tata Communications entities have signed an intra-group agreement applicable to transfer of personal data within and outside of the EU or to jurisdictions which do not provide adequate levels of protection for the personal data under applicable law. A list of our affiliates and their locations is available here. This agreement is based on the EU Commission standard contractual clauses (and which therefore contractually impose a standard of protection for the personal data transferred that is equivalent to that offered within the EU). This way we ensure that adequate protections are in place for the security of your personal data when we transfer it to one of our affiliates, wherever they may be located in the world. You can obtain a copy of these clauses by contacting us.
When we share your personal data with third parties unrelated to the Tata Communications Group, we require all such third parties to respect the security of that personal data and to treat it in accordance with applicable data protection laws. We also ensure that at the very least, the same level of protection of data is provided by the third parties, as is provided to you by us. Where we engage third-party service providers to process your personal data on our behalf, we do not allow them to use that personal data for their own purposes and only permit them to process it for our own specified purposes and in accordance with our instructions. When initiating such processor relationships, we will ensure that adequate safeguards are in place for your personal data using the data transfer mechanism most appropriate to the personal data and to the countries within or to which the personal data may be transferred. This mechanism may include: the use of the EU approved contractual clauses; ensuring that the recipient has implemented EU approved Binding Corporate Rules governing transfer or personal data; or confirming that the country in which the recipient is located has been formally confirmed as providing adequate protections for personal data by the EU.
For relevant jurisdictions only (e.g. Mexico, Russia, China and Argentina): By using the Services, you expressly agree to the transfers of personal data to third countries where this requires your consent.
We may use third parties such as network advertisers to display advertisements about Tata Communications on third party websites. Network advertisers select and display advertisements on third-party sites, based on your visits to our Sites as well as to other websites. This enables us and these third parties to tailor advertisements by displaying ads for products and services in which we believe you might be interested.
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”), the Digital Advertising Alliance (“DAA”), or, in Europe, the European Interaction Digital Advertising Alliance (“EIDAA”). For more information regarding this practice by NAI, EIDAA members and DAA members, and your choices regarding the use of this information used by these companies, including how to opt-out of third-party ad networks operated by NAI, DAA, and EIDAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp, www.aboutads.info/choices, and www.youronlinechoices.com. Please note that, should you opt out, you will continue to see advertising however it will not be tailored to your interests.
Where permitted by applicable law and, if required, with your consent, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail or other communication you have received or through our dedicated privacy portal accessible here. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you non-marketing communications about your account or any Services you have requested or received from us.
We may invite you to post content on our Sites, including your comments, pictures, and any other information that you would like to make available on our Sites. If you post content to our Sites, the information that you post will be available to other visitors to our Sites. If you post your own content on our Sites or Services, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
Our Sites and our online Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites neither do we have any control over information that is submitted to or collected by, these third parties.
Our Sites may include social media plugins such as “like” and “share” buttons. By clicking on such a plugin, the data you want to “like” or “share” will be provided to the relevant social media site. We are not responsible for the practices of such third-party social media sites once you have clicked on any such “like” or “share” button.
At Tata Communications, security is our highest priority. We design and deliver our systems and Services with your security and privacy in mind. We maintain a wide variety of compliance programs and accreditations that validate our security controls. Click here to learn more about the security compliance programs in place for [certain of] our Services. To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the personal data we collect through our Sites and in the provision of our Services. We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal data that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal data that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so. If you have a user name and password to access our Services, you should take steps to protect against unauthorized access to your password, phone and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity or other security breach caused by you.
Under the law of many countries, you have certain rights in relation to your personal data that is held by us and we respect and observe these rights. Such rights may include the rights to: ask us to confirm that we are processing your personal data, ask us for a copy of your personal data (including information regarding who we share your personal data with); to correct, delete or restrict (stop any active) processing of your personal data; to limit the use and disclosure of your personal data; and to ask us to share (port) your personal data to another person, such as another provider of telecommunications services.
In addition, in certain countries you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). Where applicable, you can also withdraw the consent you have given us to process your personal data and request information on the consequences of not providing such consent.
These rights may be limited, for example: if fulfilling your request would reveal personal data about another person; where it would infringe the rights of a third party (including our rights); or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, to raise any concerns about our privacy practices, or to obtain other privacy related information, you can get in touch with us, see our contact details above. If you have unresolved concerns, you may have the right to complain to your relevant national data protection authority. For example, in the UK this is the Information Commissioner’s Office (ICO) – https://ico.org.uk/make-a-complaint/. Please do contact us before making such a complaint however as we would appreciate the opportunity to investigate and address your concerns first.
As described in this Policy, we may make your personal data available to third parties for their marketing purposes. If you do not want us to share your personal data with third parties, you may opt-out of this information sharing by emailing us at link
If you are a California resident, then, subject to certain limits under California law, you may ask us to provide you with a list of certain categories of personal data we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year as well as the identity of those third parties. To make such a request, residents of the State of California may contact us through our dedicated privacy portal accessible here.
We retain personal data for as long as and/or for no longer than we are permitted to do by applicable law, regulation, tax or accounting practice or the terms of any governmental telecommunications licenses or authorizations to which we may be subject. We also delete personal data in accordance with any contractual obligations that we may be subject to (for example if we are processing personal data on behalf of one of our customers rather than for our own business purposes).
Where maximum or minimum data retention periods are not otherwise stipulated, we determine appropriate retention period for the personal data by considering: the amount, nature and sensitivity of the personal data contained in the records; the potential risk of harm from unauthorised use or disclosure of personal data; the purposes for which we process the personal data and whether we may be able achieve those purposes through other means; whether the personal data can be permanently and effectively anonymised; the security measures in place in relation to that personal data and any other relevant factors.
For China only: your personal data may be stored in countries in which we transfer personal data as per the information provided under International Transfer of Personal Data above