This Privacy Policy outlines the privacy and data protection practices followed by Xoriant Corporation (hereinafter referred to as “Xoriant”), its affiliates and unaffiliated third parties with respect to information gathering, dissemination and protection.
Policy StatementXoriant shall ensure that Personal Data relating to natural persons including employees (current as well as former) suppliers, and customers, are obtained and processed fairly and in accordance with the data subjects’ rights under Data Protection Laws and Regulations. Xoriant respects the privacy and is committed to promoting the responsible use of personal information and protecting individual’s privacy rights.
DATA COLLECTION, Onward TRANSFER & PROCESSINGXoriant may collect, store, use and disclose information about individuals which may constitute personal data
(including sensitive personal data under various Government Laws e.g. Indian IT Act Privacy rules, GDPR, etc.) for
lawful, explicit and legitimate purposes and for further processing of personal data consistent with those
purposes.
Xoriant shall obtain consent from the data subject wherever appropriate and required for the processing of
personnel information prior to collecting, storing and processing any personal data.
Xoriant shall not utilize an individual's personal data beyond the scope granted without prior consent from the
individual and shall take measures to ensure that this principle is observed. An individual's personal data shall not
be provided or otherwise disclosed to third parties other than Xoriant affiliates, investigators, or law enforcement
personnel when consent has been obtained from the individual in question or when disclosure is legally mandated.
To the extent permitted by applicable law, Xoriant may record and monitor electronic and voice communications to
ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined
above.
Any transfer of personal data to a third party shall take place only if, all necessary controls for Data protection are
applied by the third party in order to ensure that the level of protection of personal data is guaranteed.
Xoriant takes prudent steps to safeguard the confidentiality and security of all personal data including taking
procedural and organizational steps to protect personal data. These steps include but are not limited to entering
into written agreements with all its vendors who process personal data which confirm with necessary data
protection regulations.
In addition, Xoriant strives to protect personally identifiable information that it maintains or disseminate so it is
not obtained by unauthorized individuals or used in unauthorized ways, including through the use of appropriate
administrative, physical, and technical safeguards. E.g. Policies and procedures, Physical and logical access
controls and encryptions.
Xoriant recognizes the right of data subjects at reasonable intervals to seek / request a copy of the personal data
held in relation to them by Xoriant. If any personal data is found to be wrong, the individual concerned has the
right to ask us to amend, update or delete it, as appropriate. In some circumstances individuals also have a right
to object to the processing of their personal data as per the prevailing laws. Xoriant shall process the personal
data solely in accordance with the business purposes for which it was intended.
Privacy consent can be withdrawn easily and at any time by the data subject by informing to appropriate authority
within Xoriant or emailing us at SIRT@xoriant.com
Personal data will not be retained/stored for a period more than necessary to fulfil the purposes outlined in this
privacy statement. The personal data shall be deleted from the systems after evaluating if there are any legal,
statutory, contractual or legitimate purpose that expects Xoriant to retain data.
Personal Data means any information relating to a living individual who can be identified directly or indirectly by an identifier such as:
- Name, identification number, image, location data or an online identifier.
- One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such individual.
- Birth date, address, personal phone number personal email address, race, nationality, ethnicity, origin, colour, religious or political beliefs or associations, age, sex, sexual orientation, marital status, family status, identifying number, code, fingerprints, blood type, inherited characteristics, health care history (including information on physical/mental disability); and educational, financial, criminal, history.
- Photographs of employee and internal gatherings.
Data Protection Laws and Regulations means, in the European Union, the Data Protection Directive 95/46/EC and the national statutory legislation passed in each Member State implementing this Directive, the General Data Protection Regulation (GDPR) 2016 / 679, as well as national law that exists outside the EU in each country.
European Union means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. Changes to the policy
Xoriant reserves the right to modify or amend this Policy at its own discretion. This policy is effective from July 2018. In order to check updates to this policy, please consult this page on a regular basis.
Additional InformationIf you would like to know more about Xoriant’s Privacy program, please email us at datasubjectresponse@xoriant.com.
Also, by continuing to use our website, you consent to the use of cookies. To know more, please refer to our Cookie Policy.
If you would like to exercise any of your rights with respect to your personal data, please submit a request using our webform available here.
