The Megaport group of companies, being Megaport Limited and its subsidiaries (listed here) (“Megaport”, “we”, “us” or “our”) is committed to protecting the privacy of personal information (being any information relating to an identified or identifiable human being, as defined by applicable personal data and privacy laws)[1] – more specifically, the privacy of each individual whose personal information we control the processing of in the course of our business (Data Subject or you).

This Privacy Policy (“this Policy”) explains how Megaport companies collect, use, share, store and retain (i.e. ‘processes’) personal information when they do so as the ‘controller’ thereof (as such term is understood in Article 4 No. 7 EU Regulation 2016/679 (“GDPR”)).  (This means that details of how Megaport facilitates the transmission of our customers’ data as part of our services to them are not set out here, but are instead contained in our Global Services Agreement.)

As we process personal information in different contexts and for different reasons, this Policy is divided into different Parts, with our relevant controlling entity being specified in each Part (and you can access their contact information here). More specifically:

Part 1 relates to our customers and prospective customers;

Part 2 relates to our recruitment of future employees ;

Part 3 relates to all visitors to the Megaport websites, including the use of cookies;

Part 4 relates to our vendors and other business partners;

Part 5 contains general provisions affecting all categories of personal information, setting out where it is stored or shared, how it is protected, and what your rights as a data subject are.

Megaport may update this Policy from time to time by posting the revised version on our website.

IMPORTANT: Megaport’s services are aimed at corporate customers who act through their duly authorized representatives.  We thus have no need for, and do not knowingly process, any data related to minors.  If you are under 18 years of age you should not use our website or attempt to register an account with us.

PART 1: CUSTOMERS & PROSPECTS

1.1 – Customers:

In order to subscribe to any of our services, an account needs to be created on our customer-facing portal at portal.megaport.com (“Portal”), from where the customer can provision the services it would like. So, for purposes hereof, a ‘customer’ is any company with a Portal account and the personal data processing details relating to customers are as follows:

Data Controller: The Megaport entity providing the services to that customer.

Personal Information: 

  • customer contact details, including the name, position, email address and phone numbers of customers’ employees and representatives;
  • customer credit card details and credit information (to the extent that it relates to any individual);
  • customer representative passwords and usernames for accessing the Portal; andrecords of each customer’s use of our services and it’s communications with Megaport; and
  • records of each customer’s communications with Megaport, including any participation in customer surveys.

How we collect it: 

  • From our customers via their representatives, be it in person (at networking events or otherwise), via phone, email, or by actively submitting it via our website/s (as detailed in Part 3 hereof, including by attending our webinars). Customers are responsible for the completeness and accuracy of the personal information so provided and for ensuring that the people to whom the information relates (ie customer’s employees or other representatives) have been notified and, where required by law, have consented. If a customer does not provide Megaport with the personal information requested, our services to that customer may be restricted or prevented; and
  • Pursuant to Part 1.2 (Prospective Customers) below.

Why we need it:  Although Megaport’s business is not consumer-facing and our customers are corporate entities, we need such personal information to promote, explain and provide our  services, including to carry out functions incidental thereto, like account management and service support. Doing so falls within Megaport’s legitimate and legally-protected interests[2].  More specifically, we use such personal information to:

  • process a customer’s application, including carrying out checks for credit-worthiness;
  • provision or connect each customer’s services;
  • deal with customer enquiries and providing customer support;
  • manage each customer’s services, including account management, billing, processing payments and collecting debts;
  • investigate complaints and carry out dispute resolution;
  • administer our agreement with each customer;
  • product research and development, business planning and staff training; 
  • communicate with our customers about our services and promotions relating thereto (in the latter case, provided you have not opted-out of receiving such promotional material, which can be done via the unsubscribe links within those communications or by contacting privacy@megaport.com);
  • communicate about the non-Megaport services customers can connect to via Megaport’s SDN from time to time, like the services of certain data center operators, cloud service providers and SD-WAN providers (these being our “Business Partners”), subject to the requirements of direct marketing laws.

How we share it:  To the extent necessary for the above purposes (or otherwise permitted by law), within the Megaport group and with other organisations such as:

  • our service-related suppliers, resellers and agents;
  • our out-sourced service providers who perform functions and services on Megaport’s behalf, such as contact centre services, mailing functions, credit card payment processing, marketing, or IT services;  (eg: Salesforce, Marketo, Intercom, and Stripe);
  • credit reporting bodies, credit providers or debt collection agencies (where permitted by law);
  • other telecommunications and information service providers;
  • our Business Partners and marketing partners who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws) provided that you are entitled to object to us sharing your data in this manner and that, if you’re Japanese, we will only do so with your prior consent;
  • marketing partners who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws);
  • our legal, accounting and financial advisers;
  • customer’s other authorised representatives.

How long we keep it:  As long as needed to satisfy the above purposes, normally being for so long as customer’s Global Services Agreement is effective and for such period thereafter as required or permitted by law.

1.2. – Prospective Customers

For purposes hereof ‘prospective customers’ are those companies that have not yet created any account on our Portal and the personal data processing details relating to them are as follows:

Data Controller: The Megaport entity operational in the relevant region, hoping to provide services to the prospective customer.

Personal Information:  

  • prospective customer contact details, including the name, position, email address and phone number of its employees and representatives
  • records of any communications between us and the prospective customer 

How we collect it:  Directly and indirectly in various ways, i.e., via the prospective customer’s representatives’ participation at conferences, trade shows, networking events, seminars and product demos; our Website (as detailed in Part 3 hereof); publicly available sources (e.g. prospective customer’s website; LinkedIn); our referral/sales agents, and sometimes our Business Partners.

Why we need it:  To promote and explain our services to prospective customers (in accordance with applicable direct marketing laws) and to carry out functions incidental thereto i.e., responding to enquiries, complaints and/or disputes, doing product research and development, business planning, and staff training. Doing so falls within Megaport’s legally protected legitimate interests.  

How we share it:  To the extent necessary for the above purposes (or otherwise permitted by law), Megaport may share such personal information within the Megaport group and with other organisations being: 

  • our service-related suppliers, resellers and agents;
  • our outsourced service providers performing functions on Megaport’s behalf, such as contact centre services, mailing functions, marketing, or IT services (eg: Salesforce, Marketo, and Intercom); 
  • our Business Partners who may also process it in their capacities as controllers (subject to privacy laws and direct marketing laws) provided that you are entitled to object to us sharing your data in this manner and that, if you’re Japanese, we will only do so with your prior consent;
  • our legal and other professional advisers.

How long we keep it:  As long as needed to satisfy the above purposes i.e., for so long as we are engaging in discussion with the prospective customer prior to becoming a customer (in which case Part 1.1 above applies to the continued retention of such personal data) or until 5 years after discussions have ceased. 

PART 2: RECRUITMENT

The personal data processing details relating to our recruitment activities are as follows:

Data Controller:  The relevant Megaport entity that will be employing the successful candidate.

Personal Information: The specific personal information collected depends on what a candidate chooses to provide to us. Of course if we don’t receive the specific information we need, we may not be able to assess or proceed with his/her job application furtherThe types of personal information processed include:

  • contact details (such as your name, physical address, email address and phone number);
  • employment-related information (such as information in your resume regarding previous work experience, qualifications and referees, as well as your working rights and your police clearance, to the extent permitted under relevant employment laws); and
  • records of the candidate’s communications with us (including information gathered during interviews).

Note that we do not require, and candidates should not submit, any sensitive personal data (that is data relating to racial or ethnic origin, political opinions, religious or other beliefs, political or trade union membership, philosophical beliefs, health, biometrics, sexual orientation or criminal convictions).

How we collect it:  Usually directly from the candidates, like when candidates provide information to us in person, by phone or email, via our Website, or when they provide their details via our recruitment websites or social media accounts (including via job portals like Seek or LinkedIn).  We may also collect information about candidates more indirectly from our recruitment agencies, candidates’ referees, and from other public sources (eg LinkedIn profile).

Why we need it:  Megaport will only process a candidate’s personal information to the extent necessary for the job application process and/or their subsequent employment with Megaport, as required by our legitimate legally-protected interests or applicable laws.  More specifically, your personal information is used to assess and process your job application; to make a decision about whether to employ you; to deal with your queries and defend against potential claims in relation to the recruitment process; to consider you for future job opportunities with us (if you have consented to us retaining your details for such purpose); and, if you are hired, to make decisions about your employment with us. 

How we share it:  For the above purposes and to the extent permitted by law, we may share such personal information within the Megaport group of companies, as well as with recruitment agencies and other third parties we engage to provide recruitment services on our behalf; your referees; third parties who conduct background and police checks; and the institutions that issued your qualifications.

How long we keep it:  Megaport deletes unsuccessful candidates’ personal information after the application process is finished (i.e. once a suitable candidate is hired) save for those who have consented to their data being retained for future employment offers, or applicable laws entitle or require Megaport to retain the information for longer (for example, to defend against potential legal claims related to the recruitment process). The successful candidate’s personal information will be retained and processed in accordance with Megaport’s internal employee-facing policies and processes.

PART 3: VISITORS TO THE MEGAPORT WEBSITES

This section applies to all visitors to the website www.megaport.com or any other Megaport website properties, including our Portal (Websites), whether visited by job applicants, customer or supplier representatives, or anyone else.

Data Controller:  Megaport (Services) Pty Limited operates the Websites, but does so for the relevant Megaport entity servicing the customer you represent (if applicable) or the region in which you are based, such Megaport entity being the relevant data controller under this Part 3.

Personal Information: We may collect and process the following personal data about you via the Websites:

  • your name, address, e-mail address, phone number, live web chat content and possibly your financial and credit card information (“Submitted Data”);
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet (from which we can infer your generalized location), your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform (“Technical Data”); and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, videos watched, and mouse-overs), and methods used to browse away from the page (“Behavioral Data”).

How we collect it:

  • Submitted Data is actively provided by you directly when you fill in forms on the Websites or correspond with us via online chat, e-mail or otherwise (eg the phone number used to contact our customer service). This includes information you provide when you register with the Websites, subscribe to our Services and when you report a problem with any Website. 
  • Technical Data and Behavioural Data is automatically collected during each of your visits to the Website. This is enabled by various common tracking technologies like cookies (small files stored on an individual’s browser or computer hard drive to optimize the individual’s interaction with a website) and web beacons (tiny graphics files containing unique identifiers to recognize someone as having received an email or visited our website before).  Some cookies are purely technical and necessary for the Website to work properly and others track user behavior in an aggregated anonymous fashion. However, where cookies are designed to track your behavior in a personally identifiable manner, they will only be deployed on your device if you consent thereto during your first visit to our Website..  You can find more information about the individual cookies, which data is processed by them, how we use them and why, and how to give or withdraw your consent to them here.

Why we need it: We use such personal information to:

  • enable you to use the Website and to provide our services, including by sending you promotional communications if you have opted-in thereto;
  • administer the Website and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
  • improve the Website to ensure that content is presented in the most effective manner for you and your computer (e.g. logging page visits indicates missing pages or other web server problems); 
  • keep the Website safe and secure (e.g. authentication cookies make sure you are the same person over a given “session” time); and
  • deliver relevant advertising to you and to measure or understand the effectiveness of advertising we serve to you and others.

We use the above personal information only to the extent required for these legally protected legitimate interests,[3] or where this is necessary to provide requested services.[4]

How we share it:  To the extent required for the above purposes, we may share such personal information within the Megaport group of companies and with suppliers and sub-contractors we use for our Websites, services and marketing activity.  Note specifically:

  • The cookies on our Website include those of our third-party service providers (e.g. Google Analytics or Intercom cookie) and possibly other third parties over which we have no control (such as advertising networks and providers of external services like web traffic analysis services). These cookies are likely to be analytical/performance cookies or targeting cookies;
  • Third party advertisers, advertising networks, analytics- and search engine providers will only receive pseudonymized technical information from us (e.g. IP addresses) unless directly identifying information is needed to process a specific request of yours (including any services) or you otherwise give your prior consent; and
  • Our Websites may incorporate social media features enabling you to share content on social media (eg a Facebook ‘like’ button) and in doing so, you will be sharing your IP address and the page you are visiting with such social media site, subject to its privacy policy and practices.

How long we keep it:  Megaport retains such personal information only to the extent required for the above purposes and as required or permitted by law.

PART 4: VENDORS & OTHER BUSINESS PARTNERS

Data Controller: For each of our service providers, suppliers, independent contractors and other business partners (each a “Vendor”), the controller of any relevant personal information is the Megaport entity holding the relevant account or business relationship with it, possibly in joint control with one or more other Megaport affiliates.

Personal Information:  The personal data processed in relation to Vendors include their contact details (i.e. the name, position, email address and phone numbers of their employees/representatives and of the Vendors themselves if they’re sole proprietorships or partnerships); their communications with Megaport; and, if they’re sole proprietorships or partnerships, their banking details, invoices and service history.

How we collect it:  Such personal information is collected directly from the Vendor via their websites or representatives (be it in person, via phone or email). Vendors are responsible for the completeness and accuracy thereof and for ensuring that the people to whom the information relates have been notified and, where required by law, have consented.  Personal information related to prospective Vendors is collected from publicly available sources (e.g. prospective Vendor’s website or LinkedIn), via participation at conferences and other networking events, or via referrals from our existing business associates.

Why we need it:  We need such personal information to appropriately engage with the Vendor for purposes of managing our relationship with it, as required by our contract with it, alternatively in our legitimate and legally-protected interests. More specifically, we use it for prospective Vendor assessment and contract negotiation purposes as well as the ongoing administration of our agreement with each Vendor (including for paying invoices and raising service-related queries or complaints);

How we share it:  To the extent necessary for the aforesaid purposes (or otherwise permitted by law), Megaport may share a Vendor’s personal information within the Megaport group, with Vendor’s other authorized representatives, and with our outsourced service providers who perform functions and services on our behalf (such as our financial and billing systems, mailing functions, IT services, and professional advisors). 

How long we keep it:  Vendor-related personal information is stored only as long as needed to satisfy the above purposes, normally being for so long as Vendor’s business relationship with us is effective and for such period thereafter as required or permitted by law. 

PART 5: GENERAL

Where personal information is stored and processed:  Megaport operates in various countries globally and the organisations that Megaport may share personal information with may be located in countries both within and outside of the European Union (“EU”), including the United States, Canada, Australia, New Zealand, Singapore, Hong Kong, the Philippines, Japan and the United Kingdom.  Note that the personal data protection and privacy laws in certain non-EU countries may not be as protective of personal data as they are within the EU and may thus expose you to certain risks (such as a lower standard of protection applying to the processing of your personal information, or your having fewer rights to access your personal information, or there not being a regulatory body dedicated to personal data protection in that country that you can approach).  Megaport will take all reasonable steps to ensure that recipients in such countries comply with a level of data protection that is considered to be adequate from the perspective of EU data protection laws (such as being subject to standard contractual clauses approved by the European Commission), but you nevertheless acknowledge the aforesaid potential risks to your data being processed in such countries. 

How else we may share personal information:  Megaport may further disclose personal information as follows:

  • Mergers & Acquisitions: to a specific third party and its advisors in order to facilitate an acquisition or sale of assets between such third party and Megaport.  This is most likely to occur in relation to a purchase (or potential purchase) by such third party of any Megaport entity or its business or assets (as customer-related data and employee-related data may be part of the assets so sold);
  • Regulatory & Contractual Compliance: To government, law enforcement & regulatory bodies where required to comply with our legal obligations or to enforce our agreements, as well as to other companies and organizations who assist us with fraud protection and credit risk reduction; and
  • Other:   Save for the above and for sharing certain personal information with our Business Partners (as explained in Part 1), Megaport does not generally share or sell any personal data to third parties to use for their own purposes, but if we should decide to do so for any reason, it will be on the basis of our overriding legitimate interests, on prior notice to you, and with you being entitled to object thereto (unless you’re Japanese, in which case we will only do so with your prior consent). [5]

How we protect personal information:  Megaport stores personal information electronically and sometimes in hard copy form, treating it all as confidential. We take a range of measures to protect the security of personal information, including by storing electronic information in password-protected servers that are in restricted and monitored areas. We do not store full credit card details on our own systems, but instead makes use of a PCI DSS-compliant payment service provider.

How to access and correct your personal information:  Megaport takes all reasonable steps to ensure that the personal information we hold is accurate, complete and up to date. Customer representatives can access and correct most Customer-related personal information (such as contact details) directly via the customer’s Portal account.  Otherwise, personal information can be accessed and corrected by contacting Megaport at privacy@megaport.com.

Your other rights: You have the right to not receive any direct marketing messages from us.  You have the right to request information about the personal data of yours we process (including as to who we may have shared it with and why, and the safeguards implemented for any transfers),[6] to get copies thereof,[7] to demand the correction of incorrect data,[8] to demand its deletion[9] or the blocking or restriction of the processing thereof,[10] and to data portability in certain situations.[11]You may also be entitled to object to the processing of your personal data, provided the reason for the objection relates to your special situation and provided it is data we process based on one of our protectable legitimate interests.[12] In some territories (eg France), you may be entitled to direct how you wish your personal data to be used after your death. If our personal data processing is based on your consent, you may at any time freely withdraw your consent to the future processing thereof.  You can exercise such rights at any time by contacting us at privacy@megaport.com.  You may also lodge a complaint with your local data protection supervisory authority (see for eg: https://edpb.europa.eu/about-edpb/board/members_en)

Anonymous data: We do not permanently anonymize any personal data save (a) as part of producing certain aggregated anonymous survey result reports (in which case, if customer-related, the reports may be shared with our sales agents or Business Partners) or (b) as an alternative to deletion where deletion is not reasonably possible.

Links to third party websites:  Our Websites may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Contact Megaport:  If you have an enquiry regarding privacy, or you wish to raise a complaint, please contact privacy@megaport.com.


[1] E.G. by Art. 4 (1) of the GDPR.

[2] E.G. under Art. 6 para 1 lit f) of the GDPR

[4] E.G. under Art. 6 para 1 lit c) of the GDPR.

[5] If you’re Californian, note that we do not currently meet the specified thresholds for the applicability of the California Consumer Protection Act of 2018.

[6] E.G. under Art. 15 of the GDPR.

[7] E.G. under Art. 13.1(f) of the GDPR

[8] E.G. under Art. 16 of the GDPR.

[9] E.G. under Art. 17 of the GDPR.

[10] E.G. under Art. 18 of the GDPR.

[11] E.G. under Art 20 of the GDPR

[12] E.G. under Art. 21 of the GDPR.


View PDF View summary of changes