Copyright © 2025 by Nepean Networks. All rights reserved.
Privacy Policy
Nepean Networks Privacy Policy
Version: 2.1
Effective Date: 20/05/2025
Applies to:
Global Data Controller: Nepean Networks Pte. Ltd. (Singapore)
Associated Companies: Fusion Broadband Pty Ltd (Australia); Fusion Broadband South Africa (Pty) Ltd
(“Nepean Networks”, “we”, “us”, “our”).
1. Definitions
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Processing | Any operation on Personal Data — collection, storage, use, disclosure, erasure, etc. |
| Data Controller | Nepean Networks Pte. Ltd., which determines the purposes and means of Processing. |
| Data Processor / Sub-processor | Any third party that processes Personal Data on our behalf under contract. |
| Data Subject | The individual to whom the Personal Data relates. |
| Usage Data | Technical and interaction data collected automatically (e.g., IP address, device IDs, logs). |
| Consent | Freely given, specific, informed and unambiguous indication of the Data Subject’s wishes. |
| Excused Downtime | Outages due to Scheduled Maintenance, force majeure, Customer-controlled equipment failures, or upstream Internet incidents beyond our control. |
2. Data Controller
Global Controller: Nepean Networks Pte. Ltd. (Singapore) — privacy@nepeannetworks.com
We act as the sole Data Controller for all regions covered by this policy, including Australia, the EU/UK, the US, South Africa, and Asia.
3. Scope & Applicable Law
We collect and process Personal Data in compliance with:
EU/UK: GDPR & UK Data Protection Act 2018
Australia: Privacy Act 1988 & Australian Privacy Principles (APPs)
South Africa: POPIA
United States: CCPA & relevant state privacy statutes
Singapore: PDPA
Other Asian Markets: Applicable local regulations
4. Categories of Personal Data Collected
Identity & Contact Data: Name, email, phone, postal address
Account & Billing Data: Company name, job title, payment details
Usage & Technical Data: IP address, device/browser identifiers, log files, service configurations
Marketing & Communications Data: Preferences, consents, opt-in/opt-out history
Support & Enquiry Data: Correspondence records, support tickets
Sensitive Data: We do not collect “special categories” (e.g., health, biometric) except if explicitly provided with separate consent.
5. Purposes & Legal Bases for Processing
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Service Delivery & Billing | Account, Usage, Contact | Contract necessity; “Service Provider” under CCPA; APP 6; PDPA legitimate interest |
| Customer Support & Enquiries | Contact, Support Data | Contract necessity; Legitimate interest |
| Marketing & Promotions | Contact, Marketing Data | Consent (GDPR/PDPA); CCPA opt-out |
| Analytics & Performance Improvement | Usage, Technical Data | Legitimate interest; APP 6 |
| Compliance & Fraud Prevention | All categories | Legal obligation; Legitimate interest |
| Legal Claims & Disputes | All categories | Legal necessity; Legitimate interest |
6. Disclosure & Sub-processors
We may disclose Personal Data to:
Authorized Service Providers / Sub-processors (under confidentiality and data protection agreements).
Affiliated Entities for centralized business operations.
Regulators, courts or law-enforcement when mandated by law.
We will notify customers of significant changes at least 30 days in advance.
7. International Data Transfers
Where data is transferred across borders, we rely on:
EU/UK Transfers: Standard Contractual Clauses (Model Clauses).
Singapore Transfers: PDPA-approved contractual clauses.
South Africa Transfers: POPIA-compliant safeguards (model clauses).
Other Regions: Local adequacy findings or binding corporate rules.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Account & Billing | 7 years post-termination (tax & audit requirements) |
| Usage & Technical | 1 year for performance, security and troubleshooting |
| Marketing & Communications | Until consent withdrawal + 1 year archival |
| Support & Enquiries | 3 years after resolution |
| Legal & Compliance Records | 7–10 years per local statutory requirements |
After these periods, data is securely deleted or irreversibly anonymized.
9. Security Measures
We employ robust technical and organizational safeguards, including:
Encryption in transit (TLS 1.2+) and at rest
Access Controls with multi-factor authentication for internal systems
Regular Audits and vulnerability assessments
10. Data Breach Notification
In the event of a Personal Data breach, we will:
Contain & Investigate promptly.
Notify Supervisory Authorities within 72 hours (where legally required).
Inform Affected Data Subjects without undue delay if there is a high risk to their rights or freedoms.
Document all incidents and remediation steps.
Key Authority Contacts:
ICO (UK): https://ico.org.uk/concerns
EU DPA Directory: https://edpb.europa.eu/about-edpb/board/members_en
OAIC (Australia): https://www.oaic.gov.au/privacy/privacy-complaints
PDPC (Singapore): https://www.pdpc.gov.sg/Complaint-Management
PAIA (SA): https://justice.gov.za/inforeg/foip/paia.htm
CA AG (CCPA): https://oag.ca.gov/contact/consumer-complaint-against-business
11. Your Rights
11.1 GDPR (EU/UK)
Access, rectification, erasure, restriction, portability, objection, withdraw consent.
11.2 CCPA (California)
Know categories of Personal Data collected/shared.
Request deletion.
Opt-out of “sale” (we do not sell Personal Data).
Non-discrimination for exercising rights.
11.3 POPIA (South Africa)
Right to access, correct, object, and deletion under specified grounds.
11.4 PDPA (Singapore)
Access and correction requests.
Withdraw consent for marketing.
Exercise Your Rights:
Email privacy@nepeannetworks.com with:
Proof of identity
Details of your request (e.g. “Provide copy of my Personal Data”; “Delete my data”).
12. Cookies & Tracking
Our use of cookies and similar technologies is described in our separate Cookie Policy:
Manage preferences via our consent banner or your browser settings.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. The Effective Date and Version will indicate each update. Historic versions are archived at privacy-policy-archive
14. Contact Us
For any questions or concerns regarding this policy:
Data Privacy Officer
Nepean Networks Pte. Ltd.
Email: privacy@nepeannetworks.com