ADHERENCE TO PRIVACY SHIELD PRINCIPLES - Hexaware

Introduction

Hexaware Technologies, Inc. (the “Company”) is a leading provider of IT, BPO and consulting services. Protecting customer’s privacy is important to the Company. The Company (hereinafter collectively referred to as the “Company,” “we,” “us” or “our”) adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Framework published by US Department of Commerce (“EU-U.S. and Swiss-U.S. Privacy Shield Principles”). For more information on the EU-U.S. and Swiss-U.S. Privacy Shield, please visit the US Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/welcome If there is any conflict between this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. This privacy policy outlines our general policy and practices for implementing the EU-US and Swiss-US Privacy Shield principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by the Company whether in electronic, paper or verbal format.

Hexaware Technologies, Inc. subject to the investigatory and enforcement powers Federal Trade Commission (FTC).

Definitions

“Personal Information” or “Information” means information that (1) is transferred from the EU and Swiss to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

Notice

Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties (“Third Party” means any individual or entity that is neither Hexaware nor an Hexaware Employee. Example: Service Providers: who help us to provide and support our services.) to which the Company discloses or may disclose that Information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Information for a purpose other than for which it was originally collected.

Personal Data Collection and Processing:

Hexaware collects only the required personal data from its customer, Visitors, and employees for the intended business purpose. Hexaware may also engage any third-party vendors as are necessary for data processing as per the business objectives/needs. Third party vendors are involved only with the appropriate contracts, terms & conditions / Model contractual clauses as per the data protection laws.

The personal data gets processed lawfully as per the Country-specific data protection regulation. This enables us to meets its contractual, regulatory and legal obligations, protect the security of our systems and that of our customers, as well as to fulfill other legitimate interests of Hexaware.

The ISO27001:2013 governs the processing of data based organizational and technical controls for which Hexaware is being audited every year. The data lifecycle management, retention, and safe disposal are also part of the above process. The rights of the data subjects are sufficiently taken care of by Hexaware to comply with the underpinning regulations.

The data that we collect from the individuals get processed for the following purpose

  • Research and analysis purposes that help us to understand the person visiting our websites and better equipped to serve our clients’ need.
  • To understand which part of our website is visited and how frequently.
  • To process job applications
  • To identify the person as soon as he/she registers in our website
  • To contact and respond to your questions
  • To provide better usability, troubleshooting and site maintenance
  • To maintain employee information to meet statutory and regulatory requirements
  • Not kept for longer than is necessary to fulfill the purpose(s) it is used for, subject to the Company’s document retention policy.

The company may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice

The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.

Onward Transfers

we recognize potential liability in cases of onward transfer to third parties. Prior to disclosing Personal Information to a third party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.

Data Security

Company shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Company cannot guarantee the security of Information on or transmitted via the Internet.

Data Integrity

Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

Access

Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

Enforcement

Company uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

If a complaint or dispute cannot be resolved through our internal process, we agree to cooperate and comply with the EU-U.S. and Swiss-U.S. Privacy Shield, EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to investigate all unresolved complaints.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield. We will post any revised policy on this website.

Information Subject to Other Policies

The Company is committed to following the Principles for all Personal Information within the scope of the EU-U.S. and Swiss-U.S.Privacy Shield. However, certain information is subject to policies of the Company that may differ in some respects from the general policies set forth in this privacy policy.

BINDING ARBITRATION

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Hexaware Technologies Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).

Contact Information

Questions, comments or complaints regarding the Company’s EU-U.S. and Swiss-U.S. Privacy Shield or data collection and processing practices can be mailed or emailed to:
Hexaware Technologies, Inc.
Attn: Legal Department
101 WOOD AVENUE SOUTH, Suite # 600
ISELIN, NJ 08830, USA
Contact eMail: legal@hexaware.com

Contact Us