Skip to content
SUBNET Solutions Inc.

Privacy Policy

Last updated: August 20, 2025

At SUBNET, we understand that privacy is critical—especially when dealing with critical infrastructure data. This policy explains how we collect, use, and protect your information in plain language.

Information We Collect

Contact Information

When you request a demo or contact us, we collect:

  • Name and job title
  • Email address and phone number
  • Company name and industry
  • Project requirements and use case details
  • Substation fleet information (number of sites, equipment vendors)

Technical Information

We automatically collect basic technical information:

  • IP address and geographic location
  • Browser type and version
  • Pages visited and time spent
  • Referring website information

Cookies & Website Data

We use minimal cookies for essential functionality and privacy-focused analytics. For complete details about our cookie usage, data retention periods, and privacy controls, see our dedicated Cookie Policy.

How We Use Your Information

Legal Basis (GDPR): We process your data based on legitimate interests for business operations, your consent for marketing communications, and contractual necessity for service delivery.

  • Responding to demo requests and technical inquiries
  • Providing customer support and technical assistance
  • Sending relevant product updates and security advisories (with your consent)
  • Improving our website performance and user experience
  • Complying with legal and regulatory obligations
  • Protecting our systems and preventing fraud
  • Conducting security assessments and compliance audits

Information Sharing & Data Transfers

We do not sell, rent, or trade your personal information. We may share information only in these specific circumstances:

When We Share Data

  • With your explicit written consent
  • To comply with legal requirements, court orders, or regulatory investigations
  • To protect our rights, property, or safety, or that of our users
  • With trusted service providers under strict confidentiality agreements (cloud hosting, email services)
  • In password reset emails, your IP address is included for security verification
  • With industry partners for joint compliance initiatives (only with your permission)

Data Retention

We retain your personal data only as long as necessary:

  • Contact inquiries: 3 years for business relationship management
  • Technical support records: 5 years for service improvement
  • Some data must be retained for administrative, legal, or security purposes even after deletion requests
  • Marketing consents: Until you withdraw consent or become inactive (2+ years)

Social Media & External Content

Social Media Features

Our website includes social media features such as LinkedIn share buttons and embedded content. These features may:

  • Collect your IP address and track which pages you visit on our site
  • Set cookies to enable proper functionality
  • Be hosted by third parties or directly on our site

Your interactions with these features are governed by the privacy policies of the companies providing them, not this policy.

Embedded Content

Our articles and pages may include embedded content from other websites (videos, images, articles). This embedded content behaves exactly as if you visited the other website directly, meaning these sites may:

  • Collect data about you and use cookies
  • Embed additional third-party tracking
  • Monitor your interaction with embedded content, especially if you're logged into their services

Industry & Regulatory Compliance

For Electric Utility Professionals

If you work in the regulated electric utility industry or are subject to additional privacy laws (NERC CIP, FERC regulations, provincial utility commissions), you may need to:

  • Disclose your interactions with OT security vendors to your compliance team
  • Ensure vendor relationships meet your organization's cybersecurity requirements
  • Report technology evaluations to regulatory bodies as required
  • Maintain records of critical infrastructure security consultations

We can provide documentation to support your compliance requirements upon request.

International Compliance

Our data handling practices comply with:

  • GDPR (European Union) - Full compliance for EU residents
  • PIPEDA (Canada) - Canadian privacy law compliance
  • CCPA/CPRA (California) - Enhanced rights for California residents
  • LGPD (Brazil) - Data protection for Brazilian users

Data Security & Protection

We protect your information with enterprise-grade security measures:

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication for all accounts
  • Regular penetration testing and security audits

Operational Security

  • Role-based access controls
  • Employee security training and background checks
  • Incident response and breach notification procedures
  • Regular security assessments and updates

Your Privacy Rights

Quick Access: Email privacy@subnet.com with "Data Request" in the subject line for fastest processing.

Universal Rights

Regardless of your location, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Ask us to correct inaccurate information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Objection: Object to processing of your information for direct marketing
  • Portability: Receive your data in a machine-readable format
  • Withdraw Consent: Stop marketing communications at any time

Enhanced Rights (EU/UK/California Residents)

  • Right to Restrict Processing: Limit how we use your data
  • Data Protection Officer: Contact our DPO for privacy concerns
  • Supervisory Authority: File complaints with your local data protection authority
  • Non-Discrimination: We won't treat you differently for exercising your rights

External Websites & Links

Our website contains links to other websites, including:

  • Industry publications and technical resources
  • Partner and vendor websites
  • Regulatory and standards organizations
  • Customer case study references

Important: We do not control and are not responsible for the content or privacy practices of these external websites. Our provision of links does not constitute endorsement of these sites, their content, or their practices. This Privacy Policy applies only to SUBNET's website and services.

International Data Transfers

SUBNET operates globally with data processing in multiple jurisdictions:

  • Primary Processing: Canada (adequacy decision under GDPR)
  • Cloud Services: North America and Europe (AWS/Azure with appropriate safeguards)
  • Analytics: European Union (Plausible Analytics - GDPR compliant)
  • Support Services: Processed locally in your region when possible

All international transfers are protected by appropriate safeguards including Standard Contractual Clauses and adequacy decisions.

Terms of Use & Related Policies

This Privacy Policy works together with our other legal documents:

Related Policies

  • Terms of Use - Website usage rules
  • Cookie Policy - Detailed cookie information
  • Data Processing Agreements (for enterprise customers)
  • Security and Compliance Documentation

For Customers

  • Service Level Agreements include additional privacy terms
  • Support contracts define data handling procedures
  • Enterprise agreements may include custom privacy provisions
  • Training programs have separate confidentiality terms

Contact Us

For privacy questions, to exercise your rights, or report concerns:

Privacy Team

Email: privacy@subnet.com

Fastest response - usually within 24 hours

Data Protection Officer: dpo@subnet.com

For complex privacy matters (EU residents)

Mail: Privacy Officer
SUBNET Solutions Inc.
#110, 916 42 Avenue SE
Calgary, AB T2G 1Z2, Canada

Response Times

General inquiries: Within 2 business days
Data access requests: Within 30 days (GDPR standard)
Data deletion requests: Within 30 days (verified requests)
Breach notifications: Within 72 hours (if applicable)
Urgent security matters: Same business day

Changes to This Policy

We may update this privacy policy to reflect changes in our practices, services, or applicable law. When we make significant changes, we will notify you by:

  • Email notification to registered users (at least 30 days advance notice)
  • Prominent notice on our website
  • Update notification in our customer portal
  • Direct communication for enterprise customers

Minor updates (typos, formatting, clarifications) may be made without notification. We encourage you to review this policy periodically for the latest information.