Telstra International Privacy Statement
Our commitment
Privacy matters to us and we know it matters to you. We are committed to protecting your privacy, keeping your personal information safe and ensuring the security of your data in accordance with applicable data protection laws.
Our Privacy Statement
This Privacy Statement applies to the processing of personal information relating to customers of Telstra Enterprise International businesses by the entities listed here (“we”, “us” or “our” in this Privacy Statement), excluding Pacific Business Solutions (China), Telstra PBS Limited and Digicel Pacific. Telstra Enterprise International is the global arm of Telstra’s business providing enterprise solutions outside of Australia. This Privacy Statement also applies to the personal information of end users of our international enterprise products and services.
This Privacy Statement explains how we collect, store, use and share (“process”) personal information when you or your end users (referred to collectively as “you”) use our products and services, or interact with us when we provide our international enterprise services.
For information on how we handle cookies, please refer to our Cookies Policy which can be found here.
For information on how we process personal information relating to our Australian businesses, please refer to our Australian Privacy Statement which can be found here.
This Privacy Statement came into effect on 1 July 2024. We may need to update it over time but if we do, we will post the updated version on our website at Tel.st/privacy-policy.
What personal information do we collect and process?
The types of personal information we collect and process depends on the Telstra products and services you have, how you use them, and our relationship with you. Generally, we may collect, use, disclose or otherwise process personal information that we need in order to verify you, provide you with our products and services, and communicate with you about them. This may include your name, date of birth, contact details, occupation, device ID, IP address and similar data.
Depending on the Telstra products and services you use, we may also collect the following personal information:
- Information about the products and services you have with us including technical information about your devices such as your hardware model, operating system version, the serial number of your devices, the settings on your devices, our network performance and how you use our networks.
- Information about how you use our products and services such as:
- Your network usage (e.g. the time and duration of your communications as well as information about the operation of the equipment, services, and applications you use on our networks)
- Your location or the location of your devices when you are using our products and services
- Information on the performance of your device on our network and similar data, or user activity on portals that we provide to you
- If enabled or requested as part of a product or service (e.g., Telstra’s security monitoring and voice solutions), usage logs (including browsing and email logs), communications content and call recordings that identify users.
You may also need to provide personal information about other individuals to us, such as your authorised representatives. If so, we rely on you to tell those individuals that you are giving us their personal information and about the information in this Privacy Statement and obtain relevant consent.
Telstra Enterprise International does not collect any personal information relating to children who are under 16 years old.
How do we collect your personal information?
There are three ways that we collect your personal information:
1. You give it to us when you or your representative submits an order form or interacts with us or one of our trusted partners. This might happen when you are setting up an account with us, using our products and services, filling out a form, or contacting us with a problem or query.
2. We collect it when you use our networks, products and services including our call centres and online services.
3. We obtain it from other sources such as regulators, business and marketing lead generation providers, industry associations, event providers and publicly available information sources. This could include public posts on social networking sites that you may use to interact with us. We may also collect information about you from our business and commercial partners and our service providers (like identity, sanctions and fraud checking services).
Depending on the Telstra products and services you use, we may also collect your personal information from other participants in the telecommunications (such as our wholesale and enterprise customers) sector.
We understand that you might not want to provide us particular personal information. If so, that may mean we are not able to provide you with the products or services you need.
How do we use your personal information?
We will only use your personal information when we have a legal basis to do so, such as:
- To perform a contract with you or your organisation – If you have ordered a product or service from us, we need to use your personal information so that we can provide that service to you, fulfil our contractual obligations towards you and bill you for it. If you don’t provide us the correct information, or if you ask us to delete it, we might not be able to provide you with the product or service you ordered from us.
- Consent you provide – Where we have informed you of the purposes for which your personal information will be processed and you have provided your consent for those purposes. We will obtain additional consent if the purpose of processing changes.
- To comply with legal obligations – At times, we will be legally required to process your personal information, including to assist law enforcement, judicial and government authorities and to meet other regulatory requirements.
- To fulfil a legitimate interest – We may also use your personal information where it is in our legitimate interest or that of a third party with whom we share your personal information, for the purpose of operating our business. These legitimate interests are set out as our purposes for processing your personal information below.
We use your personal information for the following purposes:
- Administration – To help us properly manage the products and services we provide to you; deal with your enquiries; to maintain and update our records; charging and billing and to identify breaches of our terms and conditions of service.
- Network, security, and fraud protection – To inform you of service and security issues; conduct audits and determine creditworthiness; detect and prevent fraud and money laundering, sanctions, terrorism financing and related risks; as well as secure and protect our network.
- Communication – To communicate with you to provide your organisation with our products and services.
- Networking and business development – To identify sales opportunities and prospective enterprise customers; update you about our products, services and special offers that may be relevant or of interest to your organisation.
- Improvement – To develop new products and services; improve existing products and services; personalise services offered; and improve your user experience of our products and services.
- Development and analysis – To create aggregated and anonymised insights into industry trends and requirements, product enhancement and development, network and service performance and improvement, commercial pricing, for improving our business.
- Direct marketing – To conduct market research and surveys to improve our customer services; use advertising technology to send you information on products and services of potential interest to you; offer rewards and promotions; provide invitations to events and relevant advertising, including voice, mobile text and digital advertising.
How do we safeguard your personal information?
We may store your personal information in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers.
We use a combination of technical solutions, security controls and internal processes to help us protect your personal information and our network from unauthorised access and disclosure.
We aim to ensure that personal information is kept as current as possible, and that irrelevant or excessive data is destroyed or de-identified as soon as reasonably possible.
Telstra is subject to a number of requirements to retain information for different periods of time. When personal information is not subject to these legal retention requirements, we take steps to destroy or de-identify personal information when it is no longer required for a legitimate business reason.
Who do we share your personal information with?
We may share your information with other entities within the Telstra Group, as well as representatives from your organisation. In addition, we regularly share your personal information with certain third parties, as detailed in the table below.
Types of third parties we share your information with | The type of information we share |
Cloud storage providers |
|
Cloud hosting and platform providers of solutions we use to manage our business, such as those we use for customer relationship management and marketing campaign design and delivery |
|
Sales agents and lead generation providers |
|
Service delivery partners, such as telecommunications carriers or solution providers |
|
Professional and legal service providers |
|
Technical application providers and software support contractors |
|
Billing providers |
|
From time to time, we may also need to share your personal information with other parties to comply with laws or requests from regulatory authorities, to assist us with fraud and identity checking, to implement a transfer or sale of our assets or part of our business and to assist us in developing our business and corporate functions on an intermittent basis.
Cross-border transfer of personal information
We may transfer your personal information to a jurisdiction outside the location where the personal information was collected. To safeguard these transfers, where required by law, Telstra implements the Standard Contractual Clauses (“SCCs”) that have been adopted by the European Commission, available online here, and the UK Government, available online here, to provide an adequate level of data protection for your personal information. The SCCs ensure that entities within the Telstra Group and suppliers process personal information in accordance with the GDPR, which is widely recognised as a benchmark for privacy protection.
In some cases, it is not appropriate for us to implement the SCCs and we rely on other mechanisms that are provided by the laws of your jurisdiction, such as for the fulfilment of our contract with you or with your explicit consent.
For more details about a specific transfer of your personal information, please contact us using the details provided in the ‘How can you contact us’ section below.
What are your rights?
Depending on the jurisdiction where you are located, you may be entitled to various data subject rights to:
- Request access and obtain a copy of the personal information that we hold about you, including whether it has been sold or shared, and details about the categories of personal information held.
- Request for us to rectify, correct or update any personal information that we hold about you.
- Request for us to delete your personal information if we no longer need it.
- Request to restrict the processing of your personal information in certain circumstances, for example, if you are contesting the accuracy of the personal information, we hold about you.
- Object to the processing of your personal information in certain circumstances, or withdraw your consent. This right is absolute when we process your personal information for direct marketing.
- Exercise your right to data portability, meaning that you have a right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another organisation without hindrance from us.
- Nominate someone else to exercise your data subject rights in the event that you are no longer able to do so.
Telstra Enterprise International does not undertake profiling using sensitive information in a way that engages privacy rights in certain jurisdictions.
If you, or your authorised agent would like to exercise any of these rights, please contact us using the details provided in the ‘How can you contact us’ section below. We may require additional information from you for verification purposes upon receipt of your request. This information will depend on the right you are exercising and the legal requirements of the jurisdiction in which you are located. Telstra does not discriminate against individuals for exercising their privacy rights.
We will respond to your request in a timely manner and within required timeframes.
How can you make a privacy complaint?
You can use the details provided in the ‘How you can contact us’ section be low to notify our Chief Privacy Officer or regional Data Protection Officers of any privacy complaint that you may have against us. We are committed to acknowledging your complaint in a prompt manner.
While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, in many jurisdictions, you have the right to lodge a complaint with your local regulator.
How can you contact us?
You may contact us via email at privacy@online.telstra.com.au for any questions about this Privacy Statement, our management of your personal information or if you would like to exercise any of your rights set out in the ‘What are your rights’ section above. If required, you may also request a copy of this statement in a language other than English. Residents of California may also contact Telstra at our toll-free number: 833-257-2122.
You can download our Privacy Statement (PDF, 1MB) or read it in full at www.telstra.com.au/privacy.
View our Privacy Policy (PDF, 414KB) in Korean.
July 2024