Privacy Policy

1. Introduction

Last Updated on: 22/04/2024

At Invia (hereinafter referred to as “Invia,” “we,” “our”), we value and respect your privacy. We are committed to conducting the lawful, fair, and transparent processing of your personal data while ensuring its security and compliance with data protection and privacy laws such as EU General Data Protection Regulation (GDPR), Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act, the Indian Digital Personal Data Protection Act, 2023 (DPDPA), and additional legislations that confer powers or obligations upon us.

2. Scope of the Privacy Policy

This privacy policy outlines the processing of Personal Data provided or gathered on Invia’s websites (https://invia.com.au/ or http://invia.com.sg/ or http://www.invia.co.in/ and services), the applications where this policy is published, and processing done by all Invia entities. It is important to note that when you share information with us on a third-party site or platform (e.g., through our applications), that information may be independently collected by the third-party site or platform. The data we collect is governed by this privacy policy, while the information collected by the third-party website or third-party link on our website or platform is subject to its own privacy practices and policies. Any privacy preferences you set on the third-party site or platform do not affect our use of the information directly collected through our applications. Additionally, our sites and applications may feature links to external sites not under our ownership or control, and we are not accountable for the privacy practices of those sites. We advise you to exercise caution and review the privacy policies of such external sites upon leaving our platforms, as they may collect your Personal Data.

3. About Invia

Invia is an IT SAAS Solutions company started in 2007. We are headquartered in Sydney with a presence across South-East Asia and India. Invia specializes in solving the most complex of challenges and problems for a telecom operator in the B2B and B2B2X segments. We specialize in solutions that make it easy for enterprise, business, and government customers to love their telco. That is no trivial feet, but we love a challenge. Our digital solutions span the entire telco lifecycle. They provide a significant competitive edge to telcos helping them win large accounts, grow revenues, and retain customers by significantly uplifting the experience of their enterprise, business, and government customers and reducing their cost of operations. We are fortunate to work with leading telecom operators around the world.

4. How do we collect your personal data?

We collect Personal Data that you share with us when you request or purchase our products or services, provide your details, sign up with us, engage in public forums, or participate in various activities on our websites and applications. This includes your involvement in guest surveys or visits to our physical locations.
We collect Personal Data through technologies like your IP address and cookies. Understand the purpose, description, and functioning of cookies, please refer our cookie policy available here, which outlines the relevant details.

5. Types of Personal Data that we collect and its usage:

We collect your web cookies to provide you with the personalized content and user experience in line with cookie preferences opted by you or modified by you when you visit our website and interact with our products or services.
We collect your IP address and geo-location to track your location for the purpose of compliance with relevant data privacy regulation.
We collect your Personal Data such as first name, last name, email address, company name, country, phone number and your consent whenever you raise a request for RFP/RFI on our website.
We collect your Personal Data such as name, email address, phone number, cover letter, resume updated by you on our careers page for recruitment purposes.
We collect your Personal Data such as your name, email address, phone number and company name to meet contractual and legal obligations with you and to provide you with our products and services.
We collect your Personal Data that is voluntarily disclosed by you in public forums hosted on our websites and applications, including but not limited to publicly accessible posts.
We collect your Personal Data that is voluntarily disclosed by you in public forums hosted on our websites and applications, including but not limited to publicly accessible posts.
We collect your Personal Data such as name, address, email address, phone number and other relevant information for the purpose of your identity verification or fulfilment of your Data Subject Request.
We collect special category of personal data, also known as sensitive data, collected by our IT and HR departments. This includes biometric information, gender identification, medical certificates, facial recognition data, and COVID certification, among others. This processing is conducted for HR administration purposes, including but not limited to social security measures such as insurance, as well as legitimate interests such as physical security, in accordance with the principles outlined in the General Data Protection Regulation (GDPR)

Other Usages:

To operate, understand, optimize, develop, or improve our sites, applications, products, services, and operations, including by using guest survey research and analytics tools; and
To detect, investigate and prevent activities that may violate our policies, pose safety issues, or be fraudulent or illegal; and
To notify you about our products, change in our terms and privacy issues.

6. Legal Basis for Processing Your Personal Data with Invia

We collect and utilize your Personal Data when we have lawful grounds for such actions. In these instances, we acquire Personal Data that is reasonably essential to deliver our services to you.

Consent: Invia may process your personal data based on your consent. This means that we will obtain your consent before processing your personal data for specific purposes. Your consent is voluntary, and you have the right to refuse or withdraw it at any time without detriment. Upon withdrawal of your consent, we will cease processing your data for the specified purposes. Invia ensures that your personal data is processed securely and in accordance with applicable data privacy laws and regulations.

Contractual Necessity: Invia may process your personal data under the lawful basis of contractual necessity when it is crucial for the performance of a contract in which you are a participant or for taking steps before entering such a contract at your request. This means that we handle your personal data to fulfil our contractual obligations to you or to establish a contract with you. For instance, if you engage Invia’s services, we must process your personal data to provide the requested services, manage the client relationship, and manage associated administrative tasks.

Compliance with Legal Obligations: : Invia may process your personal data when necessary to fulfil a legal obligation imposed on us. This legal basis mandates the processing of personal data to meet our legal responsibilities, such as adhering to obligations under applicable laws, regulations, or court orders. For example, if there is a legal requirement to retain specific records, conduct due diligence checks, or report information to regulatory authorities, we will process the necessary personal data to fulfil these obligations.

Legitimate Interests: Invia relies on legitimate interests as a legal basis for processing your personal data, ensuring that these interests do not override your rights and interests. Our legitimate interests encompass various business purposes, including enhancing our services, developing new features, conducting research and analysis, ensuring the security of our systems, and promoting our business. When utilizing this legal basis, we thoroughly assess the impact on your privacy rights and only proceed with processing if it is reasonably expected and does not unduly infringe on your rights and freedoms.

Legitimate Interest of Third Parties: In specific cases, Invia may process your personal data based on the legitimate interests pursued by a third party, ensuring that such interests do not override your rights and interests. This means we may process personal data on behalf of a third party if it is necessary for their legitimate interests and does not disproportionately affect your rights. For example, if Invia acts as a data processor for a client, we may process personal data on their behalf to support their legitimate business purposes, such as providing HR or project management services.

7. Information Sharing

We do not share any Personal Data unless explicitly consented or agreed in the contract or mandated by law. For the reasons stated, your Personal Data may be disclosed to third-party entities engaged to support service provision, including maintenance, improvement, administration, technical issue resolution, hardware delivery oversight, or participation in customer research projects. Except for these designated third parties, we refrain from sharing information about you with any other entities, except:

With your explicit consent.
Within the scope of your reasonable expectations, or if our intention to do so has been communicated previously.
When legally required or authorized to disclose information.
When such disclosure is reasonably deemed necessary for law enforcement purposes or to safeguard public safety.

8. International Data Transfers

Your personal data may be transferred to countries where our affiliates and service providers operate. It is important to note that these countries may have differing data protection laws compared to your own country, and, in certain instances, these laws may not provide an equivalent level of protection.

We host customer data in line with data sovereignty laws where contractual terms or local law require it. For individuals who are residents of the European Economic Area (EEA) or the United Kingdom (UK), if we transfer your information to a third-party provider situated outside of Europe or a country without an adequacy decision by the European Commission, we assure you that these providers will enter into an agreement containing appropriate safeguards for your information. This commitment is fulfilled through the utilization of appropriate organizational measures such as EU Model Clauses (Standard Contractual Clauses or SCCs) and the UK International Data Transfer Addendum (UK IDTA), in accordance with the provisions outlined in the privacy policy.

9. Technical and Organizational Measures

Invia implements robust technical and organizational measures to safeguard your personal data. These measures include, but are not limited to, firewall protection, encryption, password protection, access control mechanisms, log monitoring, Data Loss Prevention (DLP) tools, and Multi-Factor Authentication (MFA). Additionally, Invia holds security certifications such as ISO 27001 and GDPR compliance. These measures are designed to ensure the confidentiality, integrity, and availability of your personal data, and to protect it against unauthorized access, disclosure, alteration, or destruction. Invia continually reviews and enhances these measures to mitigate risks and comply with applicable data privacy laws and regulations.

10. Data Retention and Disposal

We retain your personal data only for as long as necessary to fulfil the purposes outlined in our privacy policy and internal data retention policy, including legal, accounting, or reporting requirements. The specific retention period may vary depending on the nature of the data and the applicable laws or regulations.

Once the retention period expires, or when your personal data is no longer needed for the specified purposes, we undertake to securely delete, anonymize, or irreversibly de-identify the information.

If there are statutory obligations that require us to retain certain data for a more extended period, we will ensure compliance with such requirements.

11. Your Privacy Rights and Control Over Your Personal Data with Invia

Individuals residing in the European Economic Area, Australia, Singapore, Thailand and across the globe are entitled to specific legal rights concerning their personal data being processed by Invia including but not limited to:

Right to Information: You have the right to be informed about the processing of your personal data by Invia, including details such as the purposes, recipients, and legal basis for the processing.

Right to Access: You can confirm whether Invia is processing your personal data and, if so, obtain access to that data.

Right to Data Portability: You have the right to receive a copy of your personal data from Invia in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller.

Right to Correction: You can request Invia to correct or amend inaccurate or incomplete personal data.

Right to Erasure: Under certain circumstances, you have the right to request Invia to delete or remove your personal data.

Right to Restrict Processing: You can request Invia to limit the processing of your personal data under specific conditions.

Right to Object: You have the right to object to Invia’s processing of your personal data based on specific grounds, such as legitimate interests or direct marketing.

Right to Non-Discrimination: You are entitled to be free from discriminatory practices or treatment by Invia based on the exercise of your data protection rights.

Right to Additional Information: You can request additional information about the processing of your personal data by Invia beyond what is typically provided in privacy notices or disclosures.

Right to Withdraw Consent: You have the right to withdraw consent given to Invia for the processing of your personal data at any time.

Right to Make Complaints: If you believe your rights regarding personal data have been violated by Invia, you have the right to lodge a complaint with a data protection authority.

Right to Opt-Out of Sale: You can opt out of the sale or disclosure of your personal data to third parties by Invia for monetary or other valuable consideration.

Right to Object to Automated Decision-Making: You have the right to object to decisions made solely based on automated processing, including profiling, by Invia that significantly affect you.

Exercising Your Rights with Invia: You can exercise your rights under the applicable regulation by reaching out to Invia through the email address privacy@invia.com.au or by using the provided form. To ensure the security of your request, Invia will verify it using information associated with your account, including your email address. In certain cases, government identification may be requested. Alternatively, you can designate an authorized agent to act on your behalf, provided they furnish proof of authorization.

12. Children’s Data Protection Clause:

We do not intentionally target our products or services towards individuals under the age of 16, and we do not knowingly gather personal information from children under 16 years of age. If you become aware that a person under the age of 16 has unintentionally provided us with personal data, kindly contact us immediately. We will promptly take necessary measures to delete such information and ensure compliance with applicable data protection laws concerning children.

13. Changes to this Privacy Policy

Invia reserves the right to update or make changes to this privacy policy as necessary. Anymodifications will be communicated through a notification on our platform or by other appropriate means. It is advisable to regularly review this privacy policy to stay informed about how your information is being handled. Continued use of our website, products or services after the effective date of any changes indicates your acceptance of the modified privacy policy.

14. Contact Us:

For any inquiries or concerns regarding your privacy or this privacy policy, please reach out to us at privacy@invia.com.au. We are committed to addressing your questions and ensuring the protection of your Personal Data.