Privacy matters to us and we know it matters to you. We are committed to protecting your privacy, keeping your personal information safe and ensuring the security of your data in accordance with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR) and various applicable privacy laws.
Our Privacy Statement
This Privacy Statement explains how we collect, store, use and share (“process”) your personal information when you use our products and services, or interact with us when we provide our enterprise services.
Telstra Enterprise International – the global arm of Telstra’s business providing enterprise solutions outside of Australia – operates different legal entities in the jurisdictions set out in our website here. This Privacy Statement applies to the processing of personal information by the Telstra Enterprise International entities (“we”, “us” or “our” in this Privacy Statement). If you need to give us personal information about other individuals in relation to our enterprise products and services, this Privacy Statement will also apply.
For information on how we handle cookies on this website, please refer to our Cookies Policy which can be found here.
For information on how we process personal information relating to our Australian businesses, please refer to our Australian Privacy Statement which can be found here.
This Privacy Statement was last updated on 31 March 2021. We may need to update it over time but if we do, we will post the updated version on our website at www.telstra.com.au/privacy.
What personal information do we collect and process?
The types of personal information we collect, and process depends on the Telstra products and services you have and how you use them. Generally, we may collect, use, disclose or otherwise process personal information we need in order to verify you, provide you with our products and services, and communicate with you about them. This may include your name, date of birth, contact details (such as work address, email address, phone number), occupation, device ID and IP address and similar data.
Depending on the Telstra products and services you use, we may also collect the following personal information:
- Information about the products and services you have with us including technical information about your devices such as your hardware model, operating system version, the serial number of your devices, the settings on your devices, our network performance and how you use our networks
- Information about how you use our products and services such as:
- Your network usage (e.g. the time and duration of your communications as well as information about the operation of the equipment, services, and applications you use on our networks)
- Your location or the location of your devices when you are using our products and services
- Information on the performance of your device on our network and similar data; other data on how you use our services
- For customers of Telstra’s voice solutions, depending on the product features that you have enabled, Telstra may collect communications content or call recordings that identify users.
You might also need to provide personal information about other individuals to us, such as your authorized representatives. If so, we rely on you to tell those individuals that you are giving us their personal information and about the information in this Privacy Statement and obtain relevant consent.
How do we collect your personal information?
There are three ways that we collect your personal information:
- You give it to us when you or your representative submits an order form or interacts with us or one of our trusted partners. This might happen when you are setting up an account with us, using our products and services, filling out a form, or contacting us with a problem or query.
- We collect it automatically when you use our networks, products and services including our call centres and online services.
- We obtain it from other sources such as regulators, business and marketing mailing list and database providers, industry associations, event providers, publicly available information sources, including public posts on social networking sites. We may also collect information about you from our business and commercial partners and our service providers (like identity and fraud checking services).
Depending on the Telstra products and services you use, we may also collect your personal information from other participants in the telecommunications (such as our wholesale and enterprise customers) sector. We understand that you might not want to give us particular personal information. If so, that may mean we are not able to provide you with the products or services you need.
How do we use your personal information?
We will only use your personal information when we have a legal basis to do so such as:
- To perform a contract with you or your organisation: If you have ordered a product or service from us, we need to use your personal information so that we can provide that service to you, fulfil our contractual obligations towards you and bill you for it. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.
- Consent you provide: Where we have informed you of the purposes for which your personal information will be used and you have provided your consent for those purposes. We would obtain additional consent if the purpose of processing changes.
- To comply with legal obligations: At times, we will be legally required to process your personal information, including to assist law enforcement, judicial and government authorities and to meet other regulatory requirements.
- To fulfil a legitimate interest: Where it is in our legitimate interest or that of a third party with whom we share your personal information, for the purpose of operating our business. These legitimate interests are set out as our purposes for processing your personal information below.
We use your personal information for the following purposes:
- Administration – To help us properly manage the products and services we provide to you; deal with your enquiries; to maintain and update our records; charging and billing and to identify breaches of our terms and conditions of service.
- Network, security, and fraud protection – To inform you of service and security issues; conduct audits and determine creditworthiness; detect and prevent fraud and money laundering, terrorism financing and related risks; secure and protect our network.
- Communication – To communicate with you to provide your organisation with our products and services.
- Networking and business development – To identify sales opportunities and prospective enterprise customers; update you about our products, services and special offers that may be relevant or of interest to your organisation.
- Improvement – To develop new products and services; improve existing products and services; personalise services offered; improve your user experience of our products and services.
- Development and analysis – To create aggregated and anonymized information to gain high level insights into industry trends and requirements, product enhancement and development, network and service performance and improvement, commercial pricing, for improving our business.
- Marketing – To conduct market research and surveys to improve our customer services; use advertising technology to send you information on products and services of potential interest to you; offer rewards and promotions; provide invitations to events and relevant advertising, including voice, mobile text and digital advertising.
How do we safeguard your personal information?
We may store your personal information in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers.
We use a combination of technical solutions, security controls and internal processes to help us protect your personal information and our network from unauthorised access and disclosure.
We will retain the personal information for the periods required for the purposes for which such information was processed. We aim to ensure irrelevant or excessive data is deleted or made anonymous as soon as reasonably possible. However, we might need to keep some personal information for a longer period in order to comply with legal and regulatory obligations or for other legitimate business reasons.
When do we share your personal information?
We may share your information with entities within the Telstra Group, as well as representatives from your organization. In addition, we regularly share your personal information with certain third parties, as detailed in the table below. However, Telstra does not sell personal information relating to any of our enterprise customers.
Who we share it with
Name and employment information for employees of existing and prospective enterprise customers, including work contact details
Communications from you, including complaints
Communications content and call recordings
Technical information, such as network usage and call records
From time to time, we may also need to share your personal information with other parties to comply with laws, to assist us with fraud and identity checking, to implement a transfer or sale of our assets or part of our business, and with other service providers that assist us in developing our business and corporate functions on an intermittent basis.
Cross-border transfer of personal information
We may transfer your personal information to a jurisdiction outside the location where the personal information was collected. To safeguard these transfers, Telstra usually implements the Standard Contractual Clauses (“SCCs”) that have been adopted by the European Commission, available online here, to provide an adequate level of data protection for your personal information. The SCCs ensure that all entities within the Telstra Group and suppliers process personal information in accordance with the GDPR, which is widely recognised as the gold standard of privacy protection.
In some cases, it is not appropriate for us to implement the SCCs and we rely on other mechanisms that are provided by the laws of your jurisdiction, such as for the fulfilment of our contract with you or with your explicit consent.
For more details about a specific transfer of your personal information, please contact us using the details provided in the ‘How can you contact us’ section below.
What are your rights?
Depending on the jurisdiction where you are located, you may be entitled to various data subject rights you can:
- Request access and obtain a copy of the personal information that we hold about you.
- Request for us to rectify, correct or update any personal information that we hold about you.
- Request for us to delete your personal information if we no longer need it.
- Request to restrict the processing of your personal information in certain circumstances for example, if you are contesting the accuracy of the personal information, we hold about you.
- Object to the processing of your personal information in certain circumstances. This right is absolute when we process your personal information for direct marketing.
- Exercise your right to data portability, meaning that you have a right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another organisation without hindrance from us. We will send your information in an electronic format.
- Withdraw your consent for us to provide a service or to use your information for marketing at any time by contacting your account representative..
We will respond to your request in a timely manner and within required timeframes.
How can you make a privacy complaint?
You can use the details provided in the ‘How you can contact us’ section below to notify our Chief Privacy Officer or regional Data Protection Officers of any privacy complaint you may have against us. We are committed to acknowledging your complaint in a prompt manner.
While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, you may also be able to lodge a complaint with the relevant regulator in your jurisdiction.
How can you contact us?
You may contact us via email at firstname.lastname@example.org for any questions about this Privacy Statement, our management of your personal information or if you would like to exercise any of your rights set out in the ‘What are your rights’ section above.
You can download a pdf copy of this Privacy Statement on our website, at www.telstra.com.au/privacy.