Last Updated: 17 January 2023
The Megaport group of companies, being Megaport Limited and its subsidiaries (listed here) (“Megaport”, “we”, “us” or “our”) is committed to protecting the privacy of personal information (being any information relating to an identified or identifiable human being, as defined by applicable personal data and privacy laws) – more specifically, the privacy of each individual whose personal information we control the processing of in the course of our business (Data Subject or you).
As we process personal information in different contexts and for different reasons, this Policy is divided into different Parts, with our relevant controlling entity being specified in each Part (and you can access their contact information here). More specifically:
Part 1 relates to our customers and prospective customers;
Part 2 relates to our recruitment of future employees ;
Part 4 relates to our vendors and other business partners;
Part 5 relates to our PartnerVantage Programme
Part 6 contains general provisions affecting all categories of personal information, setting out where it is stored or shared, how it is protected, and what your rights as a data subject are.
Important terminology used throughout this Policy:
- NaaS – refers to any/all of our ‘network-as-a-service’ offerings, be it a Port, IX, VXC, MCR and/or MVE.
- MegaportOne – means our ‘MegaportONE’ software-as-a-service which is a provider-agnostic networking oversight and management tool.
- Portal – means Megaport’s NaaS user interface via which NaaS can be ordered and/or provisioned.
- Customer – means a company with a Portal account in its name for purposes of provisioning NaaS we provide to it and/or a company with a MegaportONE subscription.
- Reseller – means a NaaS Customer at the wholesale level who buys NaaS from us in order to resell it (in its own name) to other companies.
- Agent – means a company that helps us to find and/or manage our Customers in some way, be it by referring, selling, supporting, billing, provisioning or otherwise
- Partner – means a company participating in our ‘PartnerVantage Program’ (as described in Part 5).
- Related Offerings – means products or services complementary to our NaaS, being those that our SDN can be used to connect to from time to time, like the services of certain data center operators, cloud service providers and SD-WAN providers.
Megaport may update this Policy from time to time by posting the revised version on our website.
IMPORTANT: Megaport’s services are aimed at corporate customers who act through their duly authorized representatives. We thus have no need for, and do not knowingly process, any data related to minors. If you are under 18 years of age you should not use our website or attempt to register an account with us.
PART 1: CUSTOMERS & PROSPECTS
1.1 – Customers:
The personal data processing details relating to Customers are as follows:
Data Controller: The Megaport entity providing the Services to that Customer.
- Customer contact details, including the name, position, email address and phone numbers of Customers’ employees and representatives;
- Customer credit card details and credit information (to the extent that it relates to any individual);
- Customer representative passwords and usernames for accessing the Portal; and records of each customer’s use of our services and it’s communications with Megaport; and
- records of each Customer’s communications with Megaport, including any participation in Customer surveys.
How we collect it:
- From our Customers via their human representatives, be it in person (at networking events or otherwise), via phone, email, or by actively submitting it online, be it to us directly or via one of our Agents. Customers are responsible for the completeness and accuracy of the personal information so provided and for ensuring that the people to whom the information relates (ie customer’s employees or other representatives) have been notified and, where required by law, have consented. If a Customer does not provide Megaport with the personal information requested, our Services to that Customer may be restricted or prevented; and
- Pursuant to Part 1.2 (Prospective Customers) below.
Why we need it: Although Megaport’s business is not consumer-facing and our Customers are corporate entities, we need such personal information to promote, explain and provide our Services, including to carry out functions incidental thereto, like account management and service support. Doing so falls within Megaport’s legitimate and legally-protected interests. More specifically, we use such personal information to:
- process a Customer’s application, including carrying out checks for credit-worthiness;
- provision or connect each Customer’s Services;
- deal with Customer enquiries and providing customer support;
- manage each Customer’s Services, including account management, billing, processing payments and collecting debts;
- investigate complaints and carry out dispute resolution;
- administer our agreement with each Customer;
- product research and development, business planning and staff training;
- communicate with our Customers about our Services and promotions relating thereto (in the latter case, provided you have not opted-out of receiving such promotional material, which can be done via the unsubscribe links within those communications or by contacting email@example.com);
- communicate with out Customer about Related Offerings, subject to the requirements of direct marketing laws.
How we share it: To the extent necessary for the above purposes (or otherwise permitted by law), within the Megaport group and with other organisations such as:
- our Service-related suppliers, Resellers and Agents;
- our out-sourced service providers who perform functions and services on Megaport’s behalf, such as contact centre services, mailing functions, credit card payment processing, marketing, or IT services; (eg: Salesforce, Marketo, Intercom, and Stripe);
- credit reporting bodies, credit providers or debt collection agencies (where permitted by law);
- other telecommunications and information service providers;
- the companies providing Related Offerings and marketing partners who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws) provided that (a) you are entitled to object to us sharing your data in this manner; (b) if you’re Japanese, we will only do so with your prior consent; and (c) if you’re Californian, you may be entitled to opt-out from your data being ‘sold’ to them as described in Part 6 below;
- marketing partners who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws);
- our legal, accounting and financial advisers;
- Customer’s other authorised representatives.
How long we keep it: As long as needed to satisfy the above purposes, normally being for so long as the relevant Custoomer agreement is effective and for such period thereafter as required or permitted by law.
1.2. – Prospective Customers:
For purposes hereof ‘prospective Customers’ are those companies that do not yet have a Portal account or MegaportONE subscription in their name and the personal data processing details relating to them are as follows:
Data Controller: The Megaport entity operational in the relevant region, hoping to provide Services to the prospective Customer.
- prospective Customer contact details, including the name, position, email address and phone number of its employees and representatives
- records of any communications between us and the prospective customer
How we collect it: Directly and indirectly in various ways, i.e., via the prospective Customer’s representatives’ participation at conferences, trade shows, networking events, seminars and product demos; our Websites (as detailed in Part 3 hereof); the operators of third party websites on which our content has been published (subject to the notice and consent requirements of privacy- and direct marketing laws); publicly available sources (e.g. prospective Customer’s website; LinkedIn); our referral/sales Agents; and sometimes the providers of Related Offerings.
Why we need it: To promote and explain our Services to prospective Customers (in accordance with applicable direct marketing laws) and to carry out functions incidental thereto i.e., responding to enquiries, complaints and/or disputes, doing product research and development, business planning, and staff training. Doing so falls within Megaport’s legally protected legitimate interests.
How we share it: To the extent necessary for the above purposes (or otherwise permitted by law), Megaport may share such personal information within the Megaport group and with other organisations being:
- our Service-related suppliers, Resellers and Agents;
- our outsourced service providers performing functions on Megaport’s behalf, such as contact centre services, mailing functions, marketing, or IT services (eg: Salesforce and Marketo);
- our Related Offering providers who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws) provided that (a) you are entitled to object to us sharing your data in this manner; (b) if you’re Japanese, we will only do so with your prior consent; and (c) if you’re Californian, you may be entitled to opt-out from having your data ‘sold’ to them as described in Part 6 below;
- our legal and other professional advisers.
How long we keep it: As long as needed to satisfy the above purposes i.e., for so long as we are engaging in discussion with the prospective Customer prior to becoming a Customer (in which case Part 1.1 above applies to the continued retention of such personal data) or until 5 years after discussions have ceased.
PART 2: RECRUITMENT
The personal data processing details relating to our recruitment activities are as follows:
Data Controller: The relevant Megaport entity that will be employing the successful candidate.
Personal Information: The types of personal information processed include what one would ordinarily expect of any job application process, i.e.:
- contact details (such as your name, physical address, email address and phone number);
- employment-related information (such as information in your resume regarding previous work experience, skills, qualifications and referees, as well as your working rights and your police clearance, to the extent permitted under relevant employment laws); and
- records of the candidate’s communications with us (including information gathered during interviews); and
- whatever other information the candidate has chosen to include in their resume and/or cover letter.
Note that, save for very specific roles which may necessitate police checks or other more specific types of background checks (as allowed by applicable law), we do not need any sensitive personal data (i.e. data relating to race, ethnicity, health, political opinions, religious, philosophical or other beliefs, political or trade union membership, biometrics, sexual orientation or criminal convictions) and a candidate’s provision thereof would be entirely voluntary.
How we collect it: Usually directly from the candidates, like when candidates provide information to us in person, by phone or email, via our Website and related recruitment system, or when they provide their details via our recruitment websites or social media accounts (including via job portals like Seek or LinkedIn). We may also collect certain information about candidates more indirectly from our recruitment agencies, candidates’ referees, background checking service providers, and from other public sources (eg LinkedIn profile).
Why we need it: Megaport will only process a candidate’s personal information to the extent necessary for the job application process and/or their subsequent employment with Megaport, as required by our legitimate legally-protected interests or applicable laws. More specifically, your personal information is used to assess and process your job application; to make a decision about whether to employ you; to deal with your queries and defend against potential claims in relation to the recruitment process; to consider you for future job opportunities with us (if you have consented to us retaining your details for such purpose); and, if you are hired, to make decisions about your employment with us. If we don’t receive the specific information we require, we may not be able to assess or proceed with a candidate’s job application. Note that voluntarily submitted data about veteran status, race and gender is used for statutorily-required aggregated reporting in specific jurisdictions, where relevant.
How we share it: To the extent necessary for the above purposes (or otherwise permitted by law), Megaport may share such personal information within the Megaport group and with other organisations being: our outsourced service providers performing functions on Megaport’s behalf (such as our recruitment system provider and other recruitment-related service providers); your referees; third parties who conduct background and police checks; and the institutions that issued your qualifications.
How long we keep it: Megaport deletes unsuccessful candidates’ personal information after the application process is finished (i.e. once a suitable candidate is hired) save for those who have consented to their data being retained for future employment offers, or applicable laws entitle or require Megaport to retain the information for longer (for example, to defend against potential legal claims related to the recruitment process). The successful candidate’s personal information will be retained and processed in accordance with Megaport’s internal employee-facing policies and processes.
PART 3: VISITORS TO THE MEGAPORT WEBSITES
This section applies to all visitors to the website www.megaport.com, partners.megaport.com, megaportone.com, mp1.ai, servicedeployed.io or any other Megaport website properties, subdomains and our Portal (Websites), whether visited by job applicants, customer or supplier representatives, or anyone else including our Portal (Websites), whether visited by job applicants, customer or supplier representatives, or anyone else.
Data Controller: Regardless of who may operate the specific Website, the Data Controller is the relevant Megaport entity (a) holding the relationship with the company you represent (if applicable), alternatively (b) operational in the region in which you or the company you represent are based.
Personal Information: We may collect and process the following personal data about you via the Websites:
- your name, business address, e-mail address, phone number, live web chat content and possibly your financial and credit card information (“Submitted Data”);
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet (from which we can infer your generalized location), your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform (“Technical Data”); and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, videos watched, and mouse-overs), and methods used to browse away from the page (“Behavioral Data”).
How we collect it:
- Submitted Data is actively provided by you directly when you fill in forms on the Websites or correspond with us via online chat, e-mail or otherwise (eg the phone number used to contact our customer service). This includes information you provide when you register with the Websites, subscribe to our Services and when you report a problem with any Website.
- Technical Data and Behavioural Data is automatically collected during each of your visits to the Website. This is enabled by various common tracking technologies like cookies (small files stored on an individual’s browser or computer hard drive to optimize the individual’s interaction with a website) and web beacons (tiny graphics files containing unique identifiers to recognize someone as having received an email or visited our website before). Some cookies are purely technical and necessary for the Website to work properly and others track user behavior in an aggregated anonymous fashion. However, where cookies are designed to track your behavior in a personally identifiable manner, they will only be deployed on your device if you consent thereto during your first visit to our Website. You can find more information about the individual cookies, which data is processed by them, how we use them and why, and how to give or withdraw your consent to them here (for www.megaport.com) and here (for partners.megaport.com).
Why we need it: We use such personal information to:
- enable you to use the Website and to provide our services, including by sending you promotional communications if you have opted-in thereto;
- administer the Website and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
- improve the Website to ensure that content is presented in the most effective manner for you and your computer (e.g. logging page visits indicates missing pages or other web server problems);
- keep the Website safe and secure (e.g. authentication cookies make sure you are the same person over a given “session” time); and
- deliver relevant advertising to you and to measure or understand the effectiveness of advertising we serve to you and others.
We use the above personal information only to the extent required for these legally protected legitimate interests, or where this is necessary to provide requested services.
How we share it: To the extent required for the above purposes, we may share such personal information within the Megaport group of companies and with suppliers and subcontractors we use for our Websites, services and marketing activity. Note specifically:
- The cookies on our Websites include those of our third-party service providers (e.g. Google Analytics or Intercom cookie) and possibly other third parties over which we have no control (such as advertising networks and providers of external services like web traffic analysis services). These cookies are likely to be analytical/performance cookies or targeting cookies;
- Third party advertisers, advertising networks, analytics- and search engine providers will only receive pseudonymized technical information from us unless directly identifying information is needed to process a specific request of yours (including any services) or you otherwise give your prior consent; and
How long we keep it: Megaport retains such personal information only to the extent required for the above purposes and as required or permitted by law.
PART 4: VENDORS & OTHER BUSINESS PARTNERS
Data Controller: For each of our Agents and other forms of service providers, suppliers, independent contractors and other business partners (each a “Vendor”), the controller of any relevant personal information is the Megaport entity holding the relevant account or business relationship with it, possibly in joint control with one or more other Megaport affiliates.
Personal Information: The personal data processed in relation to Vendors include their contact details (i.e. the name, position, email address and phone numbers of their employees/representatives and of the Vendors themselves if they’re sole proprietorships or partnerships); their communications with Megaport; and, if they’re sole proprietorships or partnerships, their banking details, invoices and service history.
How we collect it: Such personal information is collected directly from the Vendor via their websites or representatives (be it in person, via phone or email) or, if they are Agents using Portal accounts of their own to manage our Customers’ Services, then also via their Portal accounts. Vendors are responsible for the completeness and accuracy thereof and for ensuring that the people to whom the information relates have been notified and, where required by law, have consented. Personal information related to prospective Vendors is collected from publicly available sources (e.g. prospective Vendor’s website or LinkedIn), via participation at conferences and other networking events, via referrals from our existing business associates, and via our ‘VantageHub’ Website as described in Part 5 below.
Why we need it: We need such personal information to appropriately engage with the Vendor for purposes of managing our relationship with it, as required by our contract with it, alternatively in our legitimate and legally-protected interests. More specifically, we use it for prospective Vendor assessment and contract negotiation purposes as well as the ongoing administration of our agreement with each Vendor (including for paying invoices and raising service-related queries or complaints);
How we share it: To the extent necessary for the aforesaid purposes (or otherwise permitted by law), Megaport may share a Vendor’s personal information within the Megaport group, with Vendor’s other authorized representatives, and with our outsourced service providers who perform functions and services on our behalf (such as our financial and billing systems, mailing functions, IT services, and professional advisors).
How long we keep it: Vendor-related personal information is stored only as long as needed to satisfy the above purposes, normally being for so long as Vendor’s business relationship with us is effective and for such period thereafter as required or permitted by law.
PART 5: PARTNERVANTAGE PROGRAM
Our PartnerVantage Program (the Program) is aimed at companies willing and able to drive adoption of our Services in the market (either in their capacity as Reseller or Agent) and the Program-related platform at partners.megaport.com (‘VantageHub’) is where companies can find out more about the Program and apply to participate therein as a so-called ‘Partner’.
Data Controller: The Megaport entity holding the relevant Program relationship with the Partner (or prospective Partner), possibly in joint control with one or more other Megaport affiliates.
The personal information processed by us solely in the context of the Progam, as well as our collection methods and purposes, are set out in the table below:
|Personal Information||How we collect it||Why we need it|
|Non-Partner VantageHub visitors||Technical and Behavioural data, as described in Part 3 above||As described in Part 3 above||As described in Part 3 above|
|Prospective Partners||Personal data actively submitted as part of their Program participation application, including data about the prospective Partner’s shareholders, directors, and other key staff (such as their names, job titles and business contact details) (“Partner Application Data”)||Actively submitted by the prospective Partner’s representative via VantageHub and possibly also via email. The prospective Partner is responsible for the completeness and accuracy of the personal information so provided and for ensuring that the people to whom the information relates have been notified and, where required by law, have consented||To assess the prospective Partner’s suitability for participation in our Program. So, if a prospective Partner does not provide all the personal information requested, our ability to assess its suitability for Program participation may be constrained and the application may be rejected. We also use it to contact the prospective Partner in relation to its application and if successful, to facilitate contract negotiations and administer its participation in the Program|
|Partners who are Resellers||The names, job titles and contact details associated with the Resellers’ own customers/clients (Resale Contacts Data)||Actively provided to us by the participating Reseller when it submits a ‘Deal Registration’ via VantageHub and/or if it inserts such Resale Contacts Data into its Portal account (and more specifically into the Portal sub-accounts it may have created)||To verify the Partner’s entitlement to Program benefits associated with the existence and nature of the Reseller’s customers|
How we share it: To the extent necessary for the aforesaid purposes (or otherwise permitted by law), Megaport may share the personal information within the Megaport group, with the Partner’s (or prospective Partner’s) other authorized representatives, and with our outsourced service providers who perform functions and services on our behalf (such as the VantageHub platform operator, Zift Solutions, Inc).
How long we keep it: Progam-specific personal information is stored only as long as needed to satisfy the above purposes, normally being for so long as the Partner remains a participant in the Program and for such period thereafter as required or permitted by law.
PART 6: GENERAL
Where personal information is stored and processed: Megaport operates in various countries globally and the organisations that Megaport may share personal information with may be located in countries both within and outside of the European Union (“EU”), including the United States, Canada, Australia, New Zealand, Singapore, Hong Kong, the Philippines, Japan and the United Kingdom. Note that the personal data protection and privacy laws in certain non-EU countries may not be as protective of personal data as they are within the EU and may thus expose you to certain risks (such as a lower standard of protection applying to the processing of your personal information, or your having fewer rights to access your personal information, or there not being a regulatory body dedicated to personal data protection in that country that you can approach). Megaport will take all reasonable steps to ensure that recipients in such countries comply with a level of data protection that is considered to be adequate from the perspective of EU data protection laws (such as being subject to standard contractual clauses approved by the European Commission), but you nevertheless acknowledge the aforesaid potential risks to your data being processed in such countries. Customers in the United States likewise acknowledge that their personal information may be processed outside of the United States.
How else we may share personal information: Megaport may further disclose personal information as follows:
- Mergers & Acquisitions: to a specific third party and its advisors in order to facilitate an acquisition or sale of assets between such third party and Megaport. This is most likely to occur in relation to a purchase (or potential purchase) by such third party of any Megaport entity or its business or assets (as customer-related data and employee-related data may be part of the assets so sold);
- Regulatory & Contractual Compliance: To government, law enforcement & regulatory bodies where required to comply with our legal obligations or to enforce our agreements, as well as to other companies and organizations who assist us with fraud protection and credit risk reduction; and
- Other: Save for the above and for sharing certain personal information with the providers of Related offerings (as explained in Part 1), Megaport does not generally share or sell any personal data to third parties to use for their own purposes, but if we should decide to do so for any reason, it will be on the basis of our overriding legitimate interests, on prior notice to you, and with you being entitled to object thereto. Of course, if you’re Japanese, we will only do so with your prior consent and if you’re Californian you may opt-out of any ‘selling’ via our Californian opt-out page.
How we protect personal information: Megaport stores personal information electronically and sometimes in hard copy form, treating it all as confidential. We take a range of measures to protect the security of personal information, including by storing electronic information in password-protected servers that are in restricted and monitored areas. We do not store full credit card details on our own systems, but instead makes use of a PCI DSS-compliant payment service provider.
How to access and correct your personal information: Megaport takes all reasonable steps to ensure that the personal information we hold is accurate, complete and up to date. Customer representatives can access and correct most Customer-related personal information (such as contact details) directly via the Customer’s Portal account. Similarly, Agents who have Portal accounts pursuant to their agreement with us can access and correct most of their personal information directly via that Portal account. Otherwise, personal information can be accessed and corrected by contacting Megaport at firstname.lastname@example.org.
Your other rights: You may have the right under applicable law to not receive any direct marketing messages from us. European, UK, and Californian residents have additional rights, specifically, the right to request information about the personal data of yours we process (including as to who we may have shared it with and why, and the safeguards implemented for any transfers), to get copies thereof, to demand the correction of incorrect data, to demand its deletion or the blocking or restriction of the processing thereof, and to data portability in certain situations.You may also be entitled to object to the processing of your personal data, provided the reason for the objection relates to your special situation and provided it is data we process based on one of our protectable legitimate interests. If you reside in California, you may be entitled to opt-out of having your personal data sold (see our Californian opt-out page for this) and in some other territories (e.g France), you may be entitled to direct how you wish your personal data to be used after your death. If our personal data processing is based on your consent, you may at any time freely withdraw your consent to the future processing thereof. You can exercise such rights at any time by contacting us at email@example.com. You may also lodge a complaint with your local data protection supervisory authority (see for eg: https://edpb.europa.eu/about-edpb/board/members_en)
Verifiable Consumer Requests (California Residents) California residents may request what personal information we collected, used and disclosed to third parties in the preceding 12 months. They may also submit a request that we correct or delete the personal information we have collected from them. Individuals may designate an authorized agent to submit a request on their behalf. We may ask for additional information, such as mailing address or telephone in order to verify the identity of the individual submitting the request. Authorized agents must submit proof of authorization from the owner of the data being requested. If we are unable to verify the requestor’s identity, we will need to deny the request. In the event a request is denied, we will provide you with an explanation of the denial. Requests may be submitted by sending an email to firstname.lastname@example.org with the subject line “California Verifiable Consumer Request”. We will reply to your requests within 45 days or provide you with an explanation on why it may take more than 45 days to comply with your request. We will not discriminate against you for exercising any of your data rights. We do not charge a fee to process or respond to your requests unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Anonymous data: We do not permanently anonymize any personal data save (a) as part of producing certain aggregated anonymous survey result reports (in which case, if Customer-related, the reports may be shared with our Agents, Resellers or providers of Related Offerings) or (b) as an alternative to deletion where deletion is not reasonably possible.
Links to third party websites: Our Websites may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Contact Megaport: If you have an enquiry regarding
privacy, or you wish to raise a complaint, please contact email@example.com.
 E.G. by Art. 4 (1) of the GDPR.
 E.G. under Art. 6 para 1 lit f) of the GDPR
 E.G. under Art. 6 para 1 lit c) of the GDPR.
 E.G. under Art. 15 of the GDPR.
 E.G. under Art. 13.1(f) of the GDPR
 E.G. under Art. 16 of the GDPR.
 E.G. under Art. 17 of the GDPR.
 E.G. under Art. 18 of the GDPR.
 E.G. under Art 20 of the GDPR
 E.G. under Art. 21 of the GDPR.