FacebookTwitterLinkedIn skip to content

Legal Process & Government Data Request Policy

1 Introduction

1.1 This Legal Process and Government Data Request Policy (the "Policy") sets out (i) guidelines for use by a law enforcement, regulatory, judicial or other government authority (together the "Requesting Authority") when seeking information from Syniverse and (ii) Syniverse's procedure for responding to a request received from a Requesting Authority to disclose personal data processed by Syniverse (hereafter "Data Disclosure Request").

1.2 Syniverse is committed to maintaining the privacy of the customers of Syniverse products and services (“Syniverse customers”) and its employees. Accordingly, other than in emergency situations as provided by law, information about Syniverse customers and employees will not be released without valid legal process. The information contained within this Policy is devised to provide information to a Requesting Authority regarding the legal process that Syniverse requires in order to disclose electronic information. The guidelines within this Policy are not intended to provide legal advice.

1.3 Where Syniverse receives a Data Disclosure Request, it will handle that Data Disclosure Request in accordance with this Policy. If applicable data protection law(s) require a higher standard of protection for personal data than is required by this Policy, Syniverse will comply with the relevant requirements of applicable data protection law(s).

2 Service of Legal Process

2.1 Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders Syniverse accepts service of subpoenas, search warrants, and court orders by email from government and law enforcement agencies, provided these are transmitted from the official email address of the requesting government or law enforcement agency. Government and law enforcement personnel submitting a legal request to Syniverse should transmit it directly from their official government or law enforcement email address to legalnotice@syniverse.com to the attention of the General Counsel. Legal process documents should be transmitted by email in PDF format, unless otherwise requested. Note: All US legal requests that are not made by a government or law enforcement agency must be either personally served at Syniverse’s headquarters: 8125 Highwoods Palm Way, Tampa, Florida 33647; or served through CT Corporation (Syniverse’s registered agent for service of process).

2.2 Managing and Responding to Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders Syniverse carefully reviews all legal requests to ensure that there is a valid legal basis for each request and complies with such legally valid requests. Where Syniverse determines that there is no valid legal basis or where a request is considered to be unclear, inappropriate or overbroad, Syniverse will object, challenge or reject the request.

2.3 Witness Testimony Subpoenas Syniverse will not waive service requirements nor accept service via electronic means for subpoenas seeking witness testimony. All subpoenas seeking witness testimony must either be personally served on Syniverse or served through Syniverse’s registered agent for service of process. Syniverse will resist subpoenas for witness testimony that are served with fewer than fourteen (14) days advance notice.

2.4 Emergency Requests Syniverse will not process a request for information on an emergency basis unless it relates to circumstance(s) involving imminent and serious threat(s) to: 1) the life/safety of individual(s); 2) the security of a State; 3) the security of critical infrastructure/installation(s). In order to request that Syniverse voluntarily disclose information on a voluntarily basis, the requesting government or law enforcement officer should contact the General Counsel through the email address identified above in Section 2.1 with the words “Emergency Request” in the subject line and an explanation of the information needed and emergency basis within the body of the request.

3 General Principle on Data Disclosure Requests

3.1 As a general principle, Syniverse does not disclose personal data in response to a Data Disclosure Request unless either:

  • such disclosure is required by law; or

  • taking into account the nature, context, purposes, scope and urgency of the Data Disclosure Request and the privacy rights and freedoms of any affected individuals, there is an imminent risk of serious harm that merits compliance with the Data Disclosure Requests in any event.

4 Handling of a Data Disclosure Request

4.1 Receipt of a Data Disclosure Request

4.1.1 If a Syniverse representative receives a Data Disclosure Request, the recipient of the request must pass it to Syniverse's Legal Department by forwarding the request to legalnotice@syniverse.com immediately upon receipt, indicating the date on which it was received together with any other information which may assist the Syniverse Legal Department to process the request.

4.1.2 The request does not have to be made in writing, made under a Court order, or mention data protection law to qualify as a Data Disclosure Request. Any Data Disclosure Request, howsoever made by a Requesting Authority, must be forwarded to the Legal Department for review.

4.2 Initial Steps

4.2.1 The Syniverse Legal Department will carefully review each and every Data Disclosure Request on a case-by-case basis. The Syniverse Legal Department will liaise with the Data Privacy Department as appropriate to handle the request to determine the nature, context, purposes, scope and urgency of the Data Disclosure Request, as well as its validity under applicable laws, in order to identify whether action may be needed to challenge the Data Disclosure Request and/or to notify the customer and competent data protection authorities in accordance with paragraph 5.

5 Notice of a Data Disclosure Request

5.1 Notice to the Customer:

5.1.1 If a request concerns personal data for which a customer is the controller, Syniverse will ordinarily ask the Requesting Authority to make the Data Disclosure Request directly to the relevant customer, and Syniverse will support the customer in accordance with the terms of its contract with the customer to respond to the Data Disclosure Request.

5.1.2 If this is not possible (for example, because the Requesting Authority declines to make the Data Disclosure Request directly to the customer, or the customer is unable to fulfill a lawful Data Disclosure Request), Syniverse will notify and provide the customer with the details of the Data Disclosure Request prior to disclosing any personal data, unless legally prohibited or where exigent circumstances exist that prohibit prior notification.

5.2 Notice to the Competent Data Protection Authorities:

5.2.1 If the Requesting Authority is located in a country that does not provide an adequate level of protection for the personal data in accordance with applicable data protection laws, then Syniverse will also put the request on hold in order to notify and consult with the competent data protection authorities, unless legally prohibited or where exigent circumstances exist that prohibits prior notification.

5.2.2 Where Syniverse is prohibited from notifying the competent data protection authorities and suspending the request, Syniverse will use its best efforts (taking into account the nature, context, purposes, scope and urgency of the request) to inform the Requesting Authority about its obligations under applicable data protection law and to obtain the right to waive this prohibition. Such efforts may include asking the Requesting Authority to put the request on hold so that Syniverse can consult with the competent data protection authorities, which may also, in appropriate circumstances, include seeking a court order to this effect. Syniverse will maintain a written record of the efforts it takes.

6 Transparency Reports

6.1 Syniverse commits to preparing an annual report (a “Transparency Report”), which reflects to the extent permitted by applicable laws, the number and type of Data Disclosure Requests it has received for the preceding year and the Requesting Authorities who made those requests. Syniverse shall make this report available upon request to competent data protection authorities, unless otherwise prohibited by law.

7 Bulk Transfers

7.1 In no event will any Syniverse representative transfer personal data to a Requesting Authority in a massive, disproportionate and indiscriminate manner that goes beyond what is reasonably requested pursuant to law and under the Requesting Authority’s jurisdiction.

8 Compliance

8.1 Any violation or attempted violation of this Policy may result in disciplinary action, up to and including termination.

9 Policy Review and Maintenance

9.1 This Policy shall be reviewed by the Legal Department and Data Privacy Department annually, or whenever there is a significant change that may affect its content, e.g., legislation, strategy or organization. Changes shall be approved by a member of the Legal Department and the Data Protection Officer.

10 Document History

10.1 Changes to this document are recorded below in chronological order:

Date: July 2021

Version: 1.0

Description of change: Creation of Policy

Modified by: T. Ford, J. Mouton & A. Palermo