At Infobip, we are committed to protecting the privacy and personal data of all job candidates throughout the recruitment process. This Global Privacy Notice for Job Candidates („Notice”) outlines our practices and procedures to ensure that job candidates’ data is handled securely, transparently, and in compliance with relevant data privacy laws.
We aim to create a positive and respectful experience for all job candidates while safeguarding their personal data. This Notice explains how we process job candidates’ personal data during the recruitment process, from the moment you submit your application to join the Infobip team.
We will collect and process your personal data as a data controller. We use Workday, a cloud-based application, as our data processor for recruitment purposes. We ensure that Workday handles personal data in strict adherence to our instructions.
This Notice applies to all job candidates engaged in the recruitment process with Infobip. “Infobip”, “we” or “us” or „our“ refers to the member of Infobip Group that is responsible for your personal data.
When you apply for a job or internship with us, we may collect the following personal data:
- Basic identification and contact details, such as your first and last name, email address, phone number, and place of residence
- Professional information, including your education, previous work experience, and any other details you choose to share in your resume (CV) or application when expressing interest in joining our team
- Publicly available professional data, where permitted by applicable law, from business networking sites you use (e.g., LinkedIn), other sources (e.g., websites) if your resume or application includes links to such content
- Interview and selection process data, including information gathered during interviews, results of evaluation tests, interview notes, and feedback from colleagues involved in the selection process. We may also collect information from referees you have listed
- Background check data, if you are selected as a successful candidate, and if such checks are permitted under applicable legislation. A separate privacy notice will be provided to you prior to conducting any background checks.j
When you sign up to receive job posting updates, we collect your email address. We collect personal data from the following sources:
- Directly from you, when you submit your resume or application through our recruitment software or when you create an account to receive job posting updates.
- From recruitment agencies engaged to assist us in identifying potential candidates
- From publicly available sources, such as business networking platforms (e.g., LinkedIn), where permitted by law
- During the selection process, through evaluation tests, interviews, and references
- From background check agencies, if applicable and permitted by law. Where required, we will obtain your explicit consent before conducting such checks. These may include verification of identity, right to work, education, professional licenses, previous employment, references, company register checks, and criminal record checks
- During the recruitment and selection process, we will communicate with you regarding all matters related to your application. Additionally, we collect further information to review your professional qualifications and interests, enabling us to select the best candidate.
Lawful basis for processing
The legal basis for processing this information may include our legitimate interest in selecting qualified candidates, compliance with legal obligations, or your explicit consent, depending on the nature of the processing and the applicable legal requirements.
If you have been selected as the most suitable candidate for a job position or internship, you will be presented with an offer. If you accept, we will collect additional information to finalize and execute an agreement with you. The further collection and processing of your personal data will be carried out to conclude an employment or internship agreement with you or to take certain steps, at your request, prior to entering into that agreement. You will be presented with an Infobip Employee Privacy Notice, which applies to our staff and contains relevant privacy information.
Also, you can create a profile in our recruitment software, accessible on our Careers web page, to submit your resume, apply for available positions, or receive job posting updates. When submitting it, you will be informed about this Notice, which outlines how your personal data will be processed for recruitment purposes.
If you do not submit your resume directly to our recruitment software (e.g., when we receive it from a recruitment agency or when we find your professional details on business networking sites you use), we will send you an email with a link to the recruitment software and you will be asked to provide us your consent to keep your personal data for recruitment purposes. In such cases, we collect your personal data and contact you via email based on our legitimate interest in finding potential job candidates.
However, we need your consent for any further processing of your personal data. If you do not provide us with your consent within thirty days of receiving the email, we will delete your personal data from our database.
Automatic Decision Making
We may use technology to support certain stages of the recruitment process (e.g., filtering candidate lists based on predefined criteria for a specific job opening). However, all final decisions regarding candidate suitability are made by our recruitment team and not by automated means.
We collect and process your personal data through the recruitment platform of our processor, Workday Ltd. Your personal data is collected and stored on servers maintained by Workday in a data center located in the European Union. It is accessed and processed only by authorized members of Infobip’s recruitment team for the purposes of managing your application. However, if there is a problem with the platform, the Workday support team may have access to your personal data solely to resolve the problem. If you want to know more details about Workday’s privacy practices, you can refer to Workday’s Privacy Policy.
When you apply for a position with us, we collect and retain your personal data to evaluate your suitability for current or future roles. For candidates who are successfully hired and become Infobip employees, data retention is governed by the Infobip Employee Privacy Notice. Retention periods may vary depending on your location and applicable local legislation. We store personal data in accordance with applicable legal and regulatory requirements and retain it only for as long as necessary to fulfill the purposes for which it was collected.
For unsuccessful candidates, we retain personal data for 24 months, unless the candidate withdraws their consent or requests deletion of their data in recruitment software. Please note thatyou have the right to withdraw your consent at any time. If you wish to withdraw your consent, request the deletion of your personal data, or update your profile, you can do so directly by accessing your profile in our recruitment software.
Otherwise, you can always withdraw your consent as well as exercise your other rights by contacting our Data Protection Officer. For more information regarding your rights, please refer to Section 6. If requested by local authorities or if necessary to defend our legal rights, we may be required to retain this data for a different period.
We may share your personal data within Infobip Group companies (subsidiaries and affiliates). As a global organization, we may involve recruitment team members from different Infobip entities to support the recruitment process. In some cases, this may require international transfers of your personal data to the entities mentioned above.
All such transfers are carried out in accordance with applicable data protection laws, ensuring the confidentiality and security of your personal data.
This includes the implementation of appropriate technical, organizational, and contractual safeguards. For example, when transferring personal data outside the European Economic Area (EEA), we rely on mechanisms such as the European Commission’s Standard Contractual Clauses, where required.
Depending on the applicable privacy law, you may have specific rights regarding your personal data. Where granted by the applicable privacy law, you have the right to:
- Withdraw your consent to our processing of your personal data (to the extent such processing is based on your consent and consent is the only permissible basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal
- Request from us to access your personal data, which means requesting a copy of the personal data we hold about you
- Ask us to rectify (correct) your personal data that you think is inaccurate and to complete your personal data that you think is incomplete
- Ask us to erase your personal data in certain circumstances
- Ask us to restrict the processing of your personal data in certain circumstances
- If we process your personal data by automated means based on your consent or upon a contractual relation with you, you can exercise the right of data portability
- If we process your personal data upon our legitimate interest, you have the right to object to the processing
- If you want to object to the processing of your data for marketing purposes, you can do it at any time by using the unsubscribe link provided in our marketing communications
- You may also have specific rights in exceptional cases when we may carry out automated decision-making operations, including profiling.
You can exercise your rights or submit a complaint through our Privacy Rights Request Form available here. If you have any questions about how we use your personal data, you can contact our data protection officer by emailing: data-protection-officer(at)infobip.com.
If applicable to you, you can lodge a complaint:
- with the supervisory authority of the EU member state of your habitual residence, place of work, or place of the alleged infringement. If you want to file a complaint or contact the relevant data protection authority for any other reason, you may find contact details of EEA data protection authorities at https://edpb.europa.eu/about-edpb/board/members_en
- with the supervisory authority of the other countries. Please refer to Appendix 1 of this Notice (Specific Requirements of Local Privacy Regulations), specifically the section for information on Other languages, for any country-specific rights you may have.
At Infobip, we believe that security and privacy go hand in hand. To protect the personal data we collect and process, we have invested in the development, implementation, and ongoing improvement of a comprehensive range of technical and organizational security measures. These measures have been implemented in accordance with ISO 27001:2022 standard requirements, and you can read more about them here.
The list of our current and up-to-date certificates is available here.
We take care to train all our staff in the field of privacy and security, starting from their first day at Infobip through the onboarding process and continuously throughout their stay at Infobip. Before engaging a supplier, we verify their security practices and ensure alignment with applicable privacy laws. Once engaged, we continue to assess them on a regular basis.
If you have any questions regarding this Privacy Notice or our privacy practices, you may contact our Privacy team and Data Protection Officer via the email address data-protection-officer(at)infobip.com.
The most recent version of this Global Privacy Notice for Job Candidates governs how we collect, process, and disclose personal data. Any updates or changes to this Notice will be published on this page.
You can always check the date of the latest revision at the top of the Notice. The previous version is available HERE (valid until 2026-01-22).
In addition to, or as a derogation from, the Notice, the following provisions apply to the processing of personal data by Infobip within the scope of the Personal Data Protection Act (“PDPA”) (Act No. 25.326) and Decree No. 1558/2001 apply to the processing of personal data of employees in the context of activities conducted by an Infobip establishment in the Republic of Argentina, regardless of whether the processing takes place within Argentina.
IDENTITY OF THE PERSONAL DATA CONTROLLER
Your personal data will be processed by Infobip Latam S.A., with its registered office at Av. Dorrego 1789, Piso 2, Oficina 201/202, Buenos Aires (C1414CKM), Argentina, as the controller of your personal data. In addition to the information set out in Chapter 8 above, you have the right to:
(i) Request access to your personal data (for example, the right to be provided with certain information about Infobip’s processing of your personal data and to access that data, subject to exceptions). This right may only be exercised free of charge at intervals no shorter than six months, unless you demonstrate a legitimate interest in doing otherwise (Article 14(3) of Act No. 25.326).
(ii) Request rectification or correction of your personal data (for example, if your home address changes and Infobip needs up-to-date information).
(iii) Request erasure of your personal data in certain circumstances, including where it is no longer necessary for Infobip to process the data for the purposes for which it was collected.
(iv) Request restriction of the processing of your personal data (for example, if you dispute the accuracy of your data or if Infobip no longer needs the data but you require it for the establishment, exercise, or defense of legal claims).
(v) Request data portability (for example, the right to receive any personal data you have provided to Infobip in a structured, commonly used, and machine-readable format, as well as the right to require Infobip to transmit it to another controller when technically feasible).
(vi) Object to the processing of your personal data (for example, on grounds relating to your particular situation, where such processing is based on Infobip’s legitimate interests or on grounds of public interest).
(vii) Withdraw your consent (where such consent was obtained and relied upon for the purposes of processing). You also have the right to lodge a complaint with the local supervisory authority. If you consider that you have not been duly attended to in the exercise of your rights, you may file a claim with the la Agencia de Acceso a la Información Pública.
In addition to, or as a derogation from, the Notice, the following applies to the processing of personal data by Infobip within the scope of the Brazilian General Data Protection Law (“LGPD”), which applies to the processing of employees’ personal data in the context of Infobip’s activities in Brazil, regardless of whether the processing actually takes place in Brazil.
IDENTITY OF THE PERSONAL DATA CONTROLLER
Your personal data will be processed by Infobip Brasil Servicos de Valor Adicionado Ltda, located at Calçada das Margaridas nº. 163, sala 02, na Cidade de Barueri, Estado de São Paulo, CEP 06.453-038, C.N.P.J.nº 13.829.815/0001-20, Brazil, as the controller of your personal data.
DEFINITIONS
Under the LGPD, the following definition of sensitive data applies:
Sensitive Personal Data: Data that may be subject to additional protections or restrictions under applicable privacy laws. Sensitive personal data includes information relating to racial or ethnic origin, religious beliefs, political opinions, trade union or religious, philosophical or political organization membership, data concerning health or sex life, and genetic or biometric data.
TRANSFERS OUTSIDE OF BRAZIL
When local Infobip entities transfer your personal information outside Brazil, they do so in accordance with the terms of this Privacy Notice and in compliance with the LGPD and ANPD Standard Contractual Clauses (SCCs).
ADDITIONAL RIGHTS OVER PERSONAL DATA
In addition to the rights set out in Chapter 8 above, you have the right to:
(i) Obtain confirmation as to whether personal data concerning you is being processed and, if so, to request access to such data. This includes, among other things, information on the purposes of processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
(ii) Request correction of incomplete, inaccurate, or outdated personal data (e.g., if your home address changes and Infobip requires current information).
(iii) Request the anonymization, blocking, or erasure of unnecessary or excessive personal data, or of personal data processed in non-compliance with the LGPD (including where it is no longer necessary for Infobip to process the data for the original purpose).
(iv) Request data portability, upon express request, i.e., have the personal data you provided transmitted to another service or product provider, limited by our commercial or industrial secrets and in accordance with rules established by the relevant supervisory authority.
(v) Object to processing that is carried out on a legal basis other than consent, in the event of non-compliance with the LGPD (for example, based on your particular situation, where processing is based on Infobip’s legitimate interests).
(vi) Request the deletion of personal data processed on the basis of your consent. This right does not apply if Infobip processes your data under another legal basis, such as compliance with a legal or regulatory obligation.
(vii) Withdraw your consent at any time (where such consent was obtained and relied on for processing).
(viii) Request a review of decisions made solely based on automated processing of your personal data that affect your interests, including decisions intended to define your personal, professional, consumer, or credit profile, or aspects of your personality. You have the right to clear and adequate information regarding the criteria and procedures used for automated decisions, subject to our commercial and industrial secrecy.
(ix) Obtain information about the public and private entities with whom we share your personal data.
(x) Be informed about the possibility of denying consent and the consequences of such denial.
You also have the right to lodge a complaint with the national authority, known as the National Data Protection Authority (ANPD), and you may additionally or alternatively seek judicial redress for alleged infringements of applicable law if you have concerns regarding how we process your personal data.
In addition to, or as a derogation from, the Notice, the following applies to the processing of personal data by Infobip within the scope of the Federal Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (BC PIPA), the Alberta Personal Information Protection Act (AB PIPA), and the Quebec Act respecting the Protection of Personal Information in the Private Sector (collectively, “the Acts”). This applies to the processing of employees’ personal data in the context of Infobip’s activities in Canada, regardless of whether the processing actually takes place in Canada.
IDENTITY OF THE PERSONAL DATA CONTROLLER
Your personal data will be processed by Infobip Communications Inc, established in Canada, as the controller of your personal data.
PROCESSING OF PERSONAL DATA IN CANADA
Employee personal information in Canada will be collected, used, disclosed, transferred, and stored in accordance with this Notice and applicable law. For employees in the Province of Québec, consent will be requested for the collection, use, disclosure, transfer, and storage of personal data as outlined in this Notice. The retention period for employee personal data pertaining to Québec residents will be for as long as necessary for the purposes outlined in this Notice, unless the law allows or requires a longer period. After that time, your data may be retained for archival, statistical, or other permitted purposes in a non-identifiable form.
ACCOUNTABILITY
Infobip has designated a Privacy Officer who is responsible for compliance with this Notice and Canadian privacy law. You may request access to, or correction of, your personal data by contacting:
Data Protection Officer
Email: [email protected]
YOUR RIGHTS UNDER CANADIAN LAW
In addition to the rights set out in Chapter 8 above, you have the right to:
(i) Request access to your personal data held by Infobip.
(ii) Request correction of inaccurate or incomplete personal data.
(iii) Withdraw your consent (for employees in Québec and where consent is the legal basis for processing).
(iv) File a complaint with the appropriate privacy authority if you believe your rights under Canadian law have been violated.
REGULATORY AUTHORITIES
Depending on your province of residence, you may seek advice or lodge a complaint with: Office of the Privacy Commissioner of Canada (OPC) Office of the Information and Privacy Commissioner for British Columbia Office of the Information and Privacy Commissioner of Alberta (AB OIPC) Quebec Commission on Access to Information If appropriate, written complaints can be filed directly with the relevant Commissioner’s office.
In addition to, or as a derogation from, the Notice, the following applies to the processing of personal data by Infobip within the scope of Chilean data protection legislation (Law No. 21.719 and Law No. 19.628), which applies to the processing of employees’ personal data in the context of Infobip’s activities in Chile, regardless of whether the processing actually takes place in Chile.
IDENTITY OF THE PERSONAL DATA CONTROLLER
Your personal data will be processed by Infobip Chile Limitada, located at Avenida Suecia nº 0155, Oficina 1201, Comuna Providencia, Santiago de Chile, as the controller of your personal data. Sensitive personal data will only be processed with your explicit consent or when legally required or authorized.
TRANSFERS OUTSIDE OF CHILE
When Infobip transfers your personal information outside Chile, it does so in accordance with the terms of this Privacy Notice and in compliance with Chilean data protection laws, including approved contractual safeguards or your explicit consent, if required.
ADDITIONAL RIGHTS OVER PERSONAL DATA
In addition to the rights set out in Chapter 8 above, you have the right to:
(i) Obtain confirmation as to whether personal data concerning you is being processed and, if so, to request access to such data, including details on the purposes of processing, the data processed, and recipients.
(ii) Request correction of incomplete or inaccurate personal data (for example, if your home address changes and Infobip needs current information).
(iii) Request the deletion or blocking of personal data if it is processed without a legal basis, is outdated, or has been provided voluntarily/used for commercial communications.
(iv) Request a copy of your personal data (portability), in a structured, commonly used, and machine-readable format.
(v) Object to processing based on legitimate interest, direct marketing, advertising, market research, or opinion polling.
(vi) Withdraw your consent at any time (where such consent was obtained for processing).
(vii) Be informed about the possibility of denying consent and the consequences of such denial. You also have the right to lodge a complaint with the Personal Data Protection Agency once operational, and/or seek judicial redress for any alleged infringement of your data rights.
In addition to or in derogation of this Notice, the following country-specific requirements will govern the collection of personal data of Chinese citizens in compliance with the Personal Information Protection Law of the People’s Republic of China (“PIPL”) and other relevant Chinese data protection laws and regulations.
PROCESSING PURPOSES
1. Lawful basis for processing We process your personal data based on the following lawful grounds under the PIPL:
- We will obtain your informed and explicit consent for collecting and processing sensitive personal information, including background and criminal checks. You have the right to withdraw your consent at any time, subject to legal and contractual limitations.
- Processing necessary to enter into or perform an employment contract if you are successful in your application.
- Processing required to fulfill applicable laws, regulatory requirements, or government requests.
We will inform you separately and seek your explicit consent before conducting sensitive background checks or reputational checks or for cross-border transfer. In certain cases, we may need to collect personal information of minors under 14 years old, for example, if you provide information about your dependent children or minors related to you in employment-related matters. This information will be collected only when necessary for legitimate purposes such as benefits administration, family-related leave, or legal compliance.
TRANSFER DESTINATION
Your personal data may be transferred to: Countries:
Malaysia, Philippines, European Union member states, and the United Kingdom.
Recipients:
- Our overseas offices and subsidiaries
- Third-party recruitment service providers
- Background check agencies
- Legal and compliance advisors, if necessary
CONTACT
Under the PIPL, you also have the right to lodge a complaint with the relevant Chinese regulatory authority, the Cyberspace Administration of China (CAC), or its delegated local authorities.
In addition to, or as a derogation from, the Notice, the following applies to the processing of personal data by Infobip within the scope of Colombian data protection legislation (Law 1581 of 2012 and its regulatory decrees), which applies to the processing of employees’ personal data in the context of Infobip’s activities in Colombia, regardless of whether the processing actually takes place in Colombia.
IDENTITY OF THE PERSONAL DATA CONTROLLER
Your personal data will be processed by Infobip Colombia S.A.S., located at Carrera 11 B No. 97-56 Edificio Ápice Oficina 601, Bogotá, Colombia, as the controller of your personal data.
LEGAL BASES FOR PROCESSING
Personal data will be processed lawfully under Colombian law. Infobip may process your personal data:
- As authorized or required by law;
- When necessary to protect your health or life, especially in emergency situations where you are unable to give consent;
- For historical, statistical, or scientific purposes, or for medical or health emergencies;
- Based on your consent.
DEFINITIONS:
SENSITIVE PERSONAL DATA Sensitive personal data will only be processed where permitted by law, including when:
- The processing is necessary for reasons of substantial public interest as allowed by local law;
- The processing is necessary to protect your vital interests or those of another person in emergencies;
- The processing is necessary for the establishment, exercise, or defense of legal claims;
- You have given your explicit consent.
INTERNATIONAL DATA TRANSFERS
When Infobip shares or transfers your personal data internationally, such operations will comply fully with Colombian law, whether considered “transfers” or “transmissions” under local definitions.
ADDITIONAL RIGHTS OVER PERSONAL DATA
In addition to your rights set out in Chapter 8 above, under Colombian law you have the right to:
(i) Request access to your personal data.
(ii) Request correction or update of inaccurate or outdated personal data (e.g., change of address).
(iii) Request erasure of your personal data in certain circumstances, including when it is no longer necessary for the purpose for which it was collected.
(iv) Request information regarding Infobip’s processing of your data, including the means and purposes.
(v) Object to processing based on legitimate interests or public interest, notably if it relates to your specific situation.
(vi) Request evidence of consent (unless consent is not legally required for the processing).
(vii) Be informed by Infobip or its data processors about how your data is used.
(viii) Withdraw consent in certain circumstances, including when processing is no longer necessary.
(ix) Lodge a complaint with Colombia’s supervisory authority: Superintendencia de Industria y Comercio.
To exercise your rights, please contact Infobip using the details provided in Chapter 11. Infobip will respond as soon as possible and within the timeframe required by articles 14 and 15 of Law 1581 of 2012. If your request is denied, you will receive a reason for the denial.
If you believe your rights have not been adequately addressed, you may file a claim with the Superintendencia de Industria y Comercio.
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in Egypt:
DATA SUBJECT RIGHTS
In addition to the data subject’s rights stated under Section 6 of the Privacy Notice, you, as the data subject, enjoy the following additional rights:
- To object to the processing of personal data or its results whenever the same contradicts your fundamental rights and freedom.
- To get notified of any infringement of your personal data; and
- To submit a complaint before the Personal Data Protection Center (the “PDPC”) in any of the following cases:
- Infringement or breach of the right of personal data protection
- Failure to exercise your rights
- In relation to the decisions issued by the data protection officer for the personal data held by the processor or the controller in relation to the requests submitted to the data protection officer.
NOTIFICATION OF BREACH
Infobip shall notify the PDPC of any personal data infringement within seventy-two (72) hours of such infringement.
In the event that such infringement relates to national security protection concerns, then the notification shall be immediate.
In all cases, Infobip shall notify the data subject of the infringement of the personal data of the data subject and the measures taken within 3 (three) days from the date of notifying the PDPC.
In addition to or in derogation of this Policy, the following country-specific requirements shall apply to individuals residing in India pursuant to the Digital Personal Data Protection Act, 2023 („DPDPA“), and other relevant data protection laws and regulations.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
As per the DPDPA, 2023, you have certain rights with respect to your personal data, including:
- Withdraw your consent to our processing of your personal data (to the extent such processing is based on your consent and consent is the only permissible basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal
- Request from us to access your personal data, which means requesting a copy of the personal data we hold about you
- Ask us to rectify (correct) your personal data that you think is inaccurate and to complete your personal data that you think is incomplete
- Ask us to erase your personal data in certain circumstances
- Right to nominate, where you can nominate another Data Principal to exercise the above rights on your behalf in the event of death or incapacity
- Right to Grievance Redressal, where you can reach out to us if you believe any of the data protection obligations are not performed by us with respect to the processing of your personal data.
CONTACT
If you have any questions regarding this notice or our privacy practices, you may contact our Privacy team and Data Protection Officer via the email address [email protected].
In addition to or in derogation of this Notice, the following country-specific requirements will govern the collection of personal data of individuals in Indonesia will be governed by Law No. 27 of 2022 on Personal Data Protection, and other relevant data protection laws and regulations.
INTERNATIONAL DATA TRANSFER
In accordance with Indonesian personal data protection law, we only transfer your personal data internationally if appropriate safeguards are in place to ensure an adequate level of data protection equivalent to the standards in Indonesia.
These safeguards may include standard contractual clauses, binding corporate rules, or other measures approved under applicable regulations.
Your personal data will be accessed and processed only by authorized members of the Infobip recruitment team. Additionally, the Workday support team may access your personal data when necessary to provide support and resolve technical issues with the platform. By continuing to provide your personal data through this platform, you acknowledge and consent to such cross-border transfers consistent with applicable laws.
CONTACT
If you have any questions regarding this Notice or our data protection practices, you may contact our Data Protection Officer at the following email address: [email protected].
You may also contact us by postal mail at:
Data Protection Officer PT Infobip Technology Indonesia Menara Prima, 23rd Floor, Unit IJl. DR. Ide Anak Agung Gde Agung Blok 6.2, Kawasan Mega Kuningan, Jakarta 12950
In addition to or in derogation of this Notice, the following country-specific requirements will govern the collection of personal data of individuals in Japan will be governed by Act on the Protection of Personal Information (APPI), and other relevant data protection laws and regulations.
JOINT DATA MANAGEMENT RESPONSIBILITY
Your personal data may be jointly used with Infobip Group in accordance with Article 27.5.3 of the APPI within the scope necessary for achieving the purposes described in Section 2 of this Notice. Infobip G.K. (address: Dai-3 Meiwa Bldg. 4F, 4-31-3 Shinbashi, Minato-ku, Tokyo 105-0004), will be responsible for the management of your personal data.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
You may also have additional unique rights under the APPI, such as:
- You can ask us to delete or stop using your personal data if it was collected or used improperly, beyond the intended purpose, or if it is no longer needed.
- You can request us to stop sending your personal data to third parties if doing so breaks the law or harms your rights.
- You have the right to ask for information about:
- How we protect your personal data
- If and how your data is shared with foreign companies, including Infobip Group
- What security measures are in place for those companies
- How often we check that these companies follow proper data protection rules
- The countries your data is sent to and any challenges we face protecting your data there.
In addition to or in derogation of this Policy, the following shall apply to the processing of personal data for individuals residing in Malaysia pursuant to the Personal Data Protection Act (2010) and its amendments (“PDPA”), and other relevant data protection laws and regulations.
CONTACT
If you have any questions on how we use your personal data or if you wish to exercise a certain right or to limit the processing of your personal data or resolve a complaint regarding the processing of your personal data, you can contact our Data Protection Officer by sending an email to the following email address: [email protected] or via this telephone number: 603-8601 0105.
If, after contacting us, you consider that your data protection rights have not been upheld, you have the right to file a complaint directly with the supervisory authority, the Personal Data Protection Department (JPDP) under the Ministry of Communications and Multimedia Malaysia.
For further information and guidance, please visit their official website.
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in Mexico:
For the purposes of the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), and its regulatory provisions, personal data will be processed by Mobile Cloud Services Mexico SA DE CV, as the data controller, with an address at Paseo de la Reforma 180, 18th Floor, Office 1805, Col. Juárez, Del. Cuauhtémoc, CP 06600, Mexico City, Mexico, in its capacity as responsible for processing personal data.
Your Rights:
In addition to the rights described in Section 6 of this privacy notice, you have the right to:
- Access your personal data and learn the details about how it is being processed.
- Request the rectification of your information if it is inaccurate or incomplete.
- Request the cancellation of your personal data if you believe it is not required for any of the purposes stated in this notice.
- Object to the processing of your personal data for specific purposes.
- Limit the use or disclosure of your personal information.
- Revoke at any time the consent previously granted for the processing of your data, following the procedure established in this privacy notice.
To exercise any of these rights, or if you believe that you have not received an adequate response to your request, you may contact our Privacy Department at [email protected] or go directly to the National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI).
Additionally, when this notice refers to the transfer of your personal information, including national and international transfers, such actions will be carried out in accordance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties and other applicable regulations.
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in Nigeria:
HOW DO WE SECURE YOUR PERSONAL DATA
Please note that in relation to any personal data you submit to us online, we cannot guarantee the security of information transmitted over the internet or that unauthorised persons will not obtain access to personal data.
Infobip is not responsible and has no control over websites outside its domain. We do not monitor or review the content of other party’s websites which are linked from our website or media platforms. Please be aware that we are not responsible for the privacy practices, or content of these sites.
Infobip will not accept any responsibility for any loss or damage in any manner, howsoever caused, resulting from your disclosure to third parties of personal information.
Where we collect any special category personal information about your ethnic background, sexual orientation, political opinions, religion, trade union membership, or criminal record, we will apply additional security controls to protect that data.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We will seek your consent when we need to send your data to a country without an adequate data protection law. We will protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorization controls.
PERSONAL DATA BREACH
We have procedures to deal with any suspected personal data breach and will notify you where we are legally required to do so. In the event of a breach, we will notify the Nigeria Data Protection Commission within 72 hours of becoming aware of the breach.
CONSENT
You accept this privacy policy when you give consent upon access to our platforms, or use our services, content, features, technologies or functions offered on our website, digital platforms or visit any of our offices for official or non-official purposes.
This privacy policy governs the use of our platforms and services by users, unless otherwise agreed through a written contract. We may amend this privacy policy at any time by posting a revised version on our website, or placing such notice at conspicuous data collection points.
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in Pakistan:
To enable customers to exchange their communications through our Services, ensure the security of our network and Services, and handle billing and payments.
Why do we collect it, under which legal basis, and how do we use it?
Traffic data is generally kept in the form of communication detail records (in original).
The requirements to assess the original form shall be:
- Whether there exists a reliable assurance as to the integrity from the time when it was first generated in its final form;
- Whether the data has remained complete and unaltered, apart from the addition of any endorsement or any change which arises in the normal course of communication, storage, or display; and
- That the standard for reliability of the assurance shall be assessed with regard to the purpose for which the data was generated and all other relevant circumstances.
It will be ensured that data retained shall:
- remain accessible so as to be usable for subsequent reference;
- be originally generated, sent, or received, or can be shown to accurately represent the contents and form in which it was originally generated, sent, or received; and
- contain information that enables identification of the origin, destination, date, and time when data was generated, sent, or received.
INFORMATION FROM CHILDREN
Children under 18 are not eligible to use our products and services as customers. If we learn or are notified that it is the case, we will immediately take reasonable steps to delete that information from our records as quickly as possible. If you think a child under 18 is using our products or services as a customer, please contact us at [email protected].
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in Peru: For the purposes of Law No. 29733, the Personal Data Protection Law, its regulations, and other applicable provisions, personal data will be processed by INFOBIP PERU S.A.C., acting as the Data Controller, with its registered office at Avenida Dionisio Derteano 184, office no. 302, San Isidro, Lima, Peru.
Your rights:
In addition to the rights described in section 6 of this privacy notice, you have the right to:
- Access your personal data held by INFOBIP PERU S.A.C.
- Request the update, inclusion, or rectification of your personal information if it is inaccurate, incomplete, or outdated.
- Request the cancellation or deletion of your personal data in the cases provided by applicable law.
- Object to the processing of your personal data on legitimate grounds.
- Withdraw your consent at any time.
- Be informed about national and international transfers of your personal data.
To exercise any of these rights, as well as to make any inquiry or complaint related to the protection of your personal data, you may contact our Data Protection Officer at data-protection-officer(at)infobip.com or file a complaint with the National Authority for Personal Data Protection – Ministry of Justice and Human Rights (https://www.gob.pe/anpd ).
National and international transfers of your personal information will be carried out only in accordance with Law No. 29733 and its regulations. To prevent the loss, misuse, alteration, unauthorized access, and theft of personal data or confidential information provided by users, INFOBIP PERU S.A.C. has adopted the legally required levels of security and personal data protection, as well as all technical measures within its reach to adequately protect your information.
Any change to this privacy notice will be communicated in a timely manner.
In addition to or in derogation of this Policy, the following country-specific requirements shall apply to individuals residing in the Republic of Korea pursuant to the Personal Information Protection Act (PIPA) (개인정보 보호법, Act No. 16930, amended 4 Feb 2020), and other relevant data protection laws and regulations.
DATA CONTROLLER AND CONTACT INFORMATION
The data controller responsible for your personal data is Infobip Limited Liability Company, located at 7F, 38, Seocho-daero 52-gil, Seocho-gu, Seoul, Republic of Korea (서울시 서초구 서초대로 52길 38 크란츠빌딩 7층).
[Department in Charge of Protection of Personal Information]
Name of Department: Corporate Privacy
Email: [email protected]
PROCESS AND METHOD OF DESTRUCTION OF PERSONAL DATA
Except as otherwise required by law, your personal data is securely disposed of without delay when
(i) you revoke your consent for our use of personal data,
(ii) the purpose of our collection and use of the personal data has been accomplished, or
(iii) the legal retention period has expired. If applicable law requires the preservation of personal data that otherwise would be disposed of, the personal data is transferred to a separate database and then disposed of after the period determined by the applicable law.
Personal data is disposed of using a method that is reasonably likely to prevent the personal data from being restored or reused.
We will permanently destroy any personal data recorded or saved in electronic format by using a means that can ensure that it cannot be restored and recovered. Personal data printed on paper will be destroyed by shredding or incineration thereof.
HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Your personal data may be transferred overseas within Infobip Group companies (subsidiaries and affiliates). As a global company, we may engage our subsidiaries and affiliates, which employ members of our recruitment team, to complete the recruitment process. Specifically, we transfer personal data overseas as follows:
- Recipient: Infobip Affiliates
- Country to which Your Personal Data is to be Transferred: Countries included in the list of Affiliates
- Time and Method of Transfer: Transmission of data through the information network as needed from time to time
- Types of Your Personal Data to be Transferred: All types listed within Section 1
- Purposes of Use by Recipients: Complete recruitment process
- Period of Retention of Use by Recipient: Until the purpose is completed
Your explicit consent will be requested unless another legal basis applies. Refusal or withdrawal of your consent may hinder our ability to process your application.
WHAT ARE YOUR RIGHTS WITH REGARD TO PERSONAL DATA?
You may exercise your data subject rights as a data subject under the PIPA through a legal representative or agent delegated by you. In such cases, the legal representative or agent must provide documentation demonstrating their proper authorization to act on your behalf.
Acceptable documentation includes, but is not limited to, a power of attorney or other legally recognized authorization. If, after contacting us, you consider that your rights were not upheld, you can file a complaint with the Personal Information Protection Commission of Korea (https://www.pipc.go.kr/eng/).
In addition to or in derogation of the Privacy Notice, the following shall apply to the processing of personal data for individuals residing in the Philippines pursuant to the Data Privacy Act of 2012 (Republic Act No. 10173) (“DPA”), and other relevant data protection laws and regulations. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
-
Right to Access: your request from us to access your personal data, including the request for information about the processing of your personal data concerning the following:
- Contents of personal data and categories of data that were processed;
- Sources from which personal data was obtained, if personal data was collected from a third-party;
- Identities and addresses of recipients of personal data;
- Purposes of processing;
- Information on exceptional cases of automated processes where the data will or is likely to be made as the sole basis for any decision significantly affecting or will affect you as a data subject;
- Date of which the personal data was last accessed and modified concerning the data subject; and
- The designation, name, or identity and address of the employer.
- Right to be Indemnified: upon the finding that our processing of your personal data has violated the DPA, you have the right to be indemnified of any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of his or her rights and freedoms as a data subject.
CONTACT
If you have any questions regarding this notice or our privacy practices, you may contact our Privacy team and Data Protection Officer via the email address data-protection-officer(at)infobip.com. If, after contacting us, you consider that your rights were not upheld, you can file a claim directly to the supervisory authority, the Philippines’ National Privacy Commission (https://www.privacy.gov.ph/).
In addition to or in derogation of the Privacy Notice, the following applies to processing of personal data for individuals residing in Saudi Arabia:
Whilst we rely on legitimate interest as our lawful basis for processing for the purposes of complying with the PDPL and for the purposes of complying with the applicable laws and regulations of Saudi Arabia, we will seek your express consent to process your personal data where:
We rely on legitimate interests within the Privacy Notice; and
Where an alternative lawful basis for processing is not available.
In addition to or in derogation of this Notice, the following country-specific requirements will govern the collection of personal data of individuals in Singapore will be governed by Personal Data Protection Act (PDPA) and other relevant data protection laws and regulations.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Under the PDPA, you have the right to request access to their personal data held by an organization. This includes the right to receive a copy of the personal data and information on how it has been used or disclosed in the preceding 12 months before the request. You also have the right to lodge complaints with the Personal Data Protection Commission (PDPC) at https://www.pdpc.gov.sg/.
CONTACT
If you have any questions regarding this Notice or our data protection practices, you may contact our Data Protection Officer at the following email address: [email protected].
You may also contact us by postal mail at: Data Protection Officer Infobip Mobile Services Pte Ltd 50 Raffles Place, #34-01, Singapore Land Tower Singapore 048623
In addition to or in derogation of the Privacy Notice, the following applies to processing of personal data for individuals or existing juristic persons where the responsible party (i.e. controller) is domiciled in South Africa; or the responsible party (controller) is not domiciled in South Africa but makes use of automated or non-automated means in South Africa, unless the means is only to forward personal data through South Africa and whenever the processing of personal data falls within the ambit of South Africa’s Protection of Personal Information Act, 2013 (POPIA):
DEFINITIONS
When this Privacy Notice is used for South Africa:
- The term “you” shall include a natural person and a juristic person (company).
- The term “controller” shall refer to a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. Reference to “Data Controller” in the Privacy Notice shall be to “Responsible Party” when the processing of personal information falls under the ambit of POPIA.
The term “Personal Data” shall refer to information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- Information relating to the race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
- Information relating to the education or the medical, financial, criminal, or employment history of the person;
- Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
- The biometric information of the person;
- The personal opinions, views, or preferences of the person;
- Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature, or further correspondence that would reveal the contents of the original correspondence;
- The views or opinions of another individual about the person; and
- The name of the person if it appears with other Personal Information relating to the person, or if the disclosure of the name itself would reveal information about the person.
The term “processor” shall refer to a person who processes personal information for a responsible party (i.e., controller) in terms of a contract or mandate, without coming under the direct authority of that party. Reference to “Data Processor” in the Privacy Notice shall be to “Operator” when the processing of personal data falls under the ambit of POPIA.
The term “applicable privacy law” shall include all laws and regulations applicable to the processing of personal data in South Africa, including the Protection of Personal Information Act, 2013, as amended or replaced from time to time, and the Regulations thereunder.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
When the processing of personal data falls within the ambit of POPIA, the main entity responsible for the processing of personal data as described in this Privacy Notice – the controller (“Responsible Party”) – is Infobip Africa (Pty) Ltd. For the purposes of South African data protection laws, Infobip Limited has appointed an Information Officer. Our Information Officer is contactable via the email data-protection-officer(at)infobip.com. HOW DO WE OBTAIN YOUR PERSONAL DATA?
In addition to what is stated above, please note that the provision of personal data by you is voluntary. However, if you do not provide the personal data, Infobip may not be able to effectively manage the relationship we have with you.
WHAT PERSONAL DATA DO WE COLLECT, WHY, AND ON WHICH LEGAL BASIS, HOW DO WE USE IT, AND FOR HOW LONG DO WE KEEP IT?
In addition to what is stated above, in the case where we process personal data, sometimes that personal data is defined by POPIA as special personal information, in which case we use one of the following legal bases for processing: The processing is necessary for the establishment, exercise, or defence of a right or obligation in law; or The data subject has freely given their informed, specific consent to the processing.
HOW DO WE CARRY OUT INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA?
Where the processing of personal data falls under the ambit of POPIA, we will only transfer your personal data outside of South Africa to countries that provide an adequate level of data protection similar to that of POPIA or where we are satisfied that there is an appropriate justification under POPIA for the transfer, such as a binding transfer agreement.
To the extent that prior authorisation from the Information Regulator is required for the transfer of special personal information or personal data relating to children to third parties in foreign countries that do not provide an adequate level of data protection, we will ensure that such prior authorisation requirements are complied with, as required.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
In South Africa, if you have any questions about how we use your personal data or wish to exercise a specific right or resolve a complaint regarding the processing of your personal data, you can contact our Information Officer by sending an email to [email protected].
If applicable to you, you can lodge a complaint with the Information Regulator.
If you want to file a complaint or contact the Information Regulator for any other reason, the Information Regulator’s contact details are:
Information Regulator
Woodmead North Office Park 54 Maxwell Drive Woodmead Johannesburg 2191 Email: [email protected]
In addition to or in derogation of this Policy, the following shall apply to the processing of personal data for individuals residing in Taiwan (Republic of China) pursuant to the Taiwan Personal Data Protection Act (“PDPA”) and any other relevant data protection laws and regulations.
CONTACT
If you believe that your rights under the PDPA have not been adequately protected or upheld after contacting us, you have the right to file a complaint with the competent authority in Taiwan. Currently, inquiries and complaints may be addressed to the Preparatory Office of the Personal Data Protection Commission or to your local competent authority responsible for personal data protection. Further information can be found at https://www.ndc.gov.tw (until the official Personal Data Protection Commission is established).
Data Controller:
Taiwan Infobip Limited
Address: Rm. B2, 7F., No.49, Sec. 3, Minsheng E. Rd., Zhongshan Dist., Taipei City 10478,
Phone number: +886 2 6617 5988
Email: data-protection-officer(at)infobip.com
In addition to or in derogation of this Policy, the following country-specific requirements shall apply to individuals residing in Thailand pursuant to the Personal Data Protection Act B.E. 2562 (2019) („PDPA“), and other relevant data protection laws and regulations.
CROSS-BORDER TRANSFER
In case of a cross-border transfer of your personal data, we will ensure that the destination country or third-party recipient has adequate data protection. We may also obtain your consent before transferring such data internationally in accordance with the PDPA.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
Right to Data Portability: Request to receive, transmit, or transfer your personal data from us to a third party in a format that can be automatically read and processed by automated tools or devices, and allows for automatic use or disclosure of such personal data.
CONTACT
Where we are a data controller processing personal data of a Thai data subject, you may contact us via the following:
Data Controller:
Infobip (Thailand) Limited
Address: 1788 Singha Complex Building, Room 1902, 19th floor, New Petchaburi Road, Bang Kapi, Huai Khwang, Bangkok 10310
Phone number: +66 2 651 9384 / +668 3597 8588
Email: [email protected]
In addition to or in derogation of this Policy, the following requirements apply to the processing of personal data for individuals residing in Vietnam or whose personal data is processed in Vietnam, pursuant to the Personal Data Protection Law (PDPL), Decree 13/2023/ND-CP, and other relevant Vietnamese data protection laws and regulations.
PROCESSING PURPOSES1. LEGAL BASIS OF PROCESSING
Under the Vietnamese data protection laws and regulations, all processing activities related to the recruitment process will rely on your explicit consent as the primary basis for processing your personal data throughout the recruitment process.
HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data within Infobip Group companies (subsidiaries and affiliates). As a global company, we may engage our subsidiaries and affiliates, where we have employed members of our recruitment team, to complete the recruitment process. A separate consent will be explicitly collected before we perform any cross-border data transfer of your personal data outside of Vietnam unless permitted by relevant laws.
WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Under the Vietnamese data protection law (Decree 13/2023/ND-CP and the Personal Data Protection Law), you, as a job candidate, have the following rights: To request an explanation of how your personal data is processed, including details about processing activities.
To complain to the Ministry of Public Security (Department of Cybersecurity and Hi-Tech Crime Prevention Authority – A05) if you believe your data protection rights have not been upheld.
CONTACT
If you believe that your rights under the PDP have not been adequately protected or upheld after contacting us, you have the right to file a complaint with the:
Infobip Co., Ltd
Address: Itaxa building, 126 Nguyen Thi Minh Khai street, Xuan Hoa Ward, Ho Chi Minh City
Phone number: +886 2 6617 5988
Email: data-protection-officer(at)infobip.com
In addition to or in derogation of the Privacy Notice, the following applies to the processing of personal data for individuals residing in the UAE: Where applicable, the controller is Infobip Gulf FZ LLC (20714), EIB Building No.1, Office 302, Dubai Internet City, P.B. 500284, Dubai, United Arab Emirates.
Whilst we will continue to rely on legitimate interests as our lawful basis for processing for the purposes of complying with the GDPR, for the purposes of complying with UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (“PDPL”), we will seek your express consent to process your personal data in each case where:
We rely on legitimate interests within the Privacy Notice; and
Where an alternative lawful basis for processing is not available (including, but not limited to, performance of a contract).
Subject to certain limited exceptions, where we rely on your consent, you will have the right to withdraw that consent at any time.
This section provides residents of U.S. states with enacted comprehensive privacy laws—including, but not limited to, California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, and others (collectively, “Applicable State Privacy Laws”)—with additional information regarding our collection, use, and disclosure of their personal information, as well as their privacy rights under those laws.
This supplement applies to Infobip’s processing of personal information subject to Applicable State Privacy Laws. If you are a resident of a state with more expansive privacy rights, additional disclosures or rights may apply to you.
CATEGORIES OF PERSONAL INFORMATION COLLECTED AND DISCLOSED
While our processing of personal information may vary based on your relationship and interactions with Infobip, the table below identifies, in general, the categories of personal information that we collect and the categories of third parties to whom we may disclose such information for business or commercial purposes:
| CATEGORIES OF PERSONAL INFORMATION COLLECTED BY INFOBIP | CATEGORIES OF THIRD PARTY DISCLOSURES FOR A BUSINESS OR COMMERICAL PURPOSE |
| Professional or employment-related information Current or past job history or performance evaluations. | Service providers Affiliates and subsidiaries Advisors and agents Others as required by law, or authorized or directed by you |
| Education information Information about an individual’s educational history, such as the schools attended, the degrees you were awarded, and associated dates. | Service providers Affiliates and subsidiaries Advisors and agents Others as required by law, or authorized or directed by you |
| Protected classification characteristics under state or federal law We collect some information that is considered a protected classification under state or federal law, such as your gender, date of birth, citizenship, marital status, and disability status. | Service providers Affiliates and subsidiaries Advisors and agents Others as required by law, or authorized or directed by you |
DISCLOSURE TO PROTECT US OR OTHERS Infobip is committed to protecting your privacy and providing transparency and control over how your personal data is used, shared, and disclosed.
SOURCES OF PERSONAL INFORMATION
Generally, we may collect personal information from the following categories of sources:
- Directly from you
- Recruitment agencies
- Social and professional/business networks (e.g., LinkedIn)
PURPOSES OF COLLECTION, USE, DISCLOSURE, AND PROCESSING
As described in Section 2 of our Privacy Notice, we collect, use, and process personal information to provide our services, respond to and fulfill your orders and requests, as otherwise directed or consented to by you, and for the following business or commercial purposes:
- Security and protection of rights
- Legal proceedings and compliance
- General business and operational support
Sensitive Personal Information
We do not use or disclose sensitive personal information except as reasonably necessary to:
- Comply with applicable laws or obligations
We do not use sensitive personal information for purposes inconsistent with applicable state law (such as inferring personal characteristics beyond legal requirements or without your explicit consent).
OUR APPROACH TO SELLING, SHARING, AND DISCLOSING PERSONAL DATA
Infobip does not sell or share your personal information in exchange for monetary consideration Infobip does not “sell” or “share” personal or sensitive personal information of minors under 16 years old as defined by state or federal law.
Your Rights
Depending on your residency and subject to certain limitations, you may have the following rights under state privacy laws (e.g., CCPA/CPRA in California, VCDPA in Virginia, CPA in Colorado, CTDPA in Connecticut, UCPA in Utah, and others):
- Right to Know/Access: Request details about personal information we have collected, including categories of data, sources, business/commercial purposes, and third-party disclosures.
- Right to Correction: Request correction of inaccurate personal information.
- Right to Deletion: Request deletion of personal information, subject to exceptions.
- Right to Data Portability: (In some states) Request a portable copy of your personal information.
- Right to Opt Out
- Right to Limit Use of Sensitive Personal Information: (Where applicable) Limit use and disclosure of sensitive personal information.
- Right Against Discrimination: Not be discriminated against for exercising your privacy rights.
Sensitive Personal Information
You also have the right to request restrictions on the processing of your sensitive personal information. Where applicable, we will mark such information accordingly and limit processing to certain permitted purposes. At this time, however, Infobip does not use or disclose sensitive personal information for purposes other than those described in this Privacy Notice or otherwise permitted by applicable law. These uses cannot currently be limited under California law.
SUBMITTING PRIVACY REQUESTS
To exercise your rights, or to have an authorized agent make a request on your behalf, you may contact us at: Email: data-protection-officer(at)infobip.com We will verify your identity (and, if applicable, your agent’s authority) as required by law before fulfilling your request.
AUTHORIZED AGENT
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request regarding your personal information. You may also make a verifiable consumer request on behalf of your minor child. Authorized agents may initiate a request on behalf of another individual by emailing us at data-protection-officer(at)infobip.com . Agents must provide proof of their authorization; we may also require that the consumer directly verify their identity and the agent’s authority.
VERIFICATION
To protect your privacy, we will take the following steps to verify your identity before fulfilling your request by matching the information you provide with our records. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the individual about whom we collected personal information (or an authorized representative).
- Describe your request in sufficient detail to allow us to understand, evaluate, and respond appropriately.
If we are unable to adequately verify a request, we will notify the requester. We will process verified requests in accordance with applicable law. RETENTION We retain personal information only as reasonably necessary for the purposes described above, or as otherwise disclosed to you at the time of collection. CONTACT INFORMATION For more information about our privacy practices, contact us at: data-protection-officer(at)infobip.com.