Privacy Policy

1. Who We Are

SUBNET Solutions Inc. ("SUBNET", "we", "us", "our") is a software solutions company that develops and provides remote device management software for the electric utility industry. Our registered office is located at #110, 916 42 Avenue SE, Calgary, Alberta T2G 1Z2, Canada.

This Privacy Policy covers the SUBNET.com website (the "Website"). SUBNET software products, including PowerSYSTEM Center, SubSTATION Server, and related tools, are governed by separate license and service agreements between SUBNET and the customer. This policy does not replace or modify those agreements.

This policy should be read alongside our Terms of Service and Cookie Policy.

For privacy questions, contact us at privacy@SUBNET.com.

2. Information We Collect

Contact Information

When you request a demo, submit a contact form, or communicate with us directly, we may collect:

• Name and job title
• Email address and phone number
• Company name and industry
• Project requirements and use case details
• Substation fleet information (number of sites, equipment vendors)

Technical Information

We automatically collect basic technical information when you visit the Website:

• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring website
• Geographic region (country level only)

Usage Information

We collect aggregated usage data through Google Analytics 4 operating in cookieless mode. This includes page views and navigation patterns but does not include personal identifiers, stored IP addresses, or cross-site tracking data.

Cookies

We use minimal cookies, limited to essential security cookies from Cloudflare. Our analytics run without cookies and our fonts are self-hosted. For complete details, see our Cookie Policy.

3. How We Collect Information

4. Legal Basis for Processing

We process personal information on the following legal grounds:

5. How We Use Your Information

We use the information we collect to:

• Respond to demo requests, inquiries, and technical questions
• Provide information about our products and services
• Send product updates and security advisories (with your consent)
• Improve website content and user experience
• Maintain website security and prevent fraud
• Comply with legal and regulatory obligations
• Analyze aggregate website usage trends (no individual tracking)

We process your information only for the purposes described above. If we need to use it for a materially different purpose, we will notify you and, where required by law, obtain your consent.

6. Information Sharing

We do not sell, rent, or trade your personal information.

We may share your information in the following limited circumstances:

• Service providers: Trusted third parties operating under confidentiality and data processing agreements, including Cloudflare (security and CDN), Google (analytics), and email service providers.
• Legal requirements: When required by law, court order, regulatory investigation, or legal process.
• Protection of rights: To protect the rights, property, or safety of SUBNET, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. You would be notified of any change in ownership or control.

All third-party processors are bound by data processing agreements or equivalent contractual safeguards that require them to protect your information to the same standard as this policy.

7. International Data Transfers

SUBNET is based in Canada and may process data across jurisdictions:

• Primary processing: Canada, recognized as providing adequate data protection under the EU GDPR
• CDN and security: Cloudflare global network, governed by Cloudflare's data processing addendum
• Analytics: Google Analytics 4, data processed per Google's data processing terms

Where personal information is transferred to jurisdictions that do not provide adequate data protection, we rely on Standard Contractual Clauses or equivalent legal safeguards to protect your information.

Contact privacy@SUBNET.com for information about specific transfer mechanisms.

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

• Contact inquiries: 3 years for business relationship management
• Technical support records: 5 years for service improvement and compliance
• Marketing consents: Until you withdraw consent or become inactive (2+ years)
• Website analytics: Aggregated data retained indefinitely (contains no personal identifiers)

Some data must be retained for legal, regulatory, or security purposes even after a deletion request. We determine retention periods based on the nature and sensitivity of the information, the purposes for which we process it, and applicable legal requirements.

We review retained data periodically and delete information that is no longer needed.

9. Data Security

We take reasonable technical and organizational measures to protect your information:

• TLS encryption for all data in transit, enforced via Cloudflare
• Cloudflare web application firewall and DDoS protection
• Access controls limiting who within SUBNET can access personal information
• Regular review of data collection, storage, and processing practices
• Breach notification procedures in compliance with applicable laws

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. We will notify you and the relevant regulatory authorities of data breaches where legally required: within 72 hours under GDPR and as soon as practicable under PIPEDA.

10. Your Privacy Rights

Rights for All Visitors

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Objection: Object to processing of your information for direct marketing
• Withdraw Consent: Stop marketing communications at any time, without affecting the lawfulness of prior processing

Additional Rights for EU/UK Residents (GDPR)

• Restrict Processing: Ask us to suspend processing in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Object to Legitimate Interest: Object to processing based on our legitimate interests where your situation warrants it
• Supervisory Authority: Lodge a complaint with your national data protection authority

Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of what personal information we collect and share
• Right to Opt Out: We do not sell or share personal information for cross-context behavioral advertising
• Non-Discrimination: We will not treat you differently for exercising your privacy rights

Additional Rights for Canadian Residents (PIPEDA)

• Challenge Compliance: File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have not handled your information in accordance with PIPEDA

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Our website analytics are aggregated and anonymous, and are not used to make decisions about individual visitors. We do not use your personal information to train artificial intelligence or machine learning models.

12. Children's Privacy

Our Website and services are directed at business professionals in the electric utility industry. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have inadvertently collected information from a child, we will delete it promptly. If you believe we have collected a child's information, please contact privacy@SUBNET.com.

13. Direct Marketing

We only send marketing communications with your prior consent. You may opt out at any time by:

• Using the unsubscribe link included in every marketing email
• Emailing privacy@SUBNET.com with "Unsubscribe" in the subject line

Opting out of marketing does not affect transactional communications, such as responses to your inquiries or service-related notices.

14. Third-Party Websites

Our Website contains links to external resources, including industry publications, partner websites, and standards organizations. We do not control and are not responsible for the content, privacy practices, or availability of third-party websites. This Privacy Policy applies only to SUBNET.com. We encourage you to review the privacy policies of any external sites you visit.

15. Industry Considerations

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or applicable law. Changes will be reflected by updating the "Last updated" date at the top of this page. For significant changes, we will post a prominent notice on the Website.

Continued use of the Website after changes are posted constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

17. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid by a court of competent jurisdiction, the remaining provisions continue in full force and effect. No provision of this policy is intended to limit or exclude liability where prohibited by applicable law.

18. Contact and Complaints

For privacy questions, to exercise your rights, or to report concerns: