Xoriant shall ensure that Personal Data relating to natural persons including employees (current as well as former) suppliers, and customers, are obtained and processed fairly and in accordance with the data subjects’ rights under Data Protection Laws and Regulations. Xoriant respects the privacy and is committed to promoting the responsible use of personal information and protecting individual’s privacy rights.DATA COLLECTION, Onward TRANSFER & PROCESSING
Xoriant may collect, store, use and disclose information about individuals which may constitute personal data
(including sensitive personal data under various Government Laws e.g. Indian IT Act Privacy rules, GDPR, etc.) for
lawful, explicit and legitimate purposes and for further processing of personal data consistent with those
Xoriant shall obtain consent from the data subject wherever appropriate and required for the processing of personnel information prior to collecting, storing and processing any personal data.
Xoriant shall not utilize an individual's personal data beyond the scope granted without prior consent from the individual and shall take measures to ensure that this principle is observed. An individual's personal data shall not be provided or otherwise disclosed to third parties other than Xoriant affiliates, investigators, or law enforcement personnel when consent has been obtained from the individual in question or when disclosure is legally mandated. To the extent permitted by applicable law, Xoriant may record and monitor electronic and voice communications to ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined above.
Any transfer of personal data to a third party shall take place only if, all necessary controls for Data protection are applied by the third party in order to ensure that the level of protection of personal data is guaranteed.
Xoriant takes prudent steps to safeguard the confidentiality and security of all personal data including taking
procedural and organizational steps to protect personal data. These steps include but are not limited to entering
into written agreements with all its vendors who process personal data which confirm with necessary data
In addition, Xoriant strives to protect personally identifiable information that it maintains or disseminate so it is not obtained by unauthorized individuals or used in unauthorized ways, including through the use of appropriate administrative, physical, and technical safeguards. E.g. Policies and procedures, Physical and logical access controls and encryptions.
Xoriant acknowledges that individuals have specific rights under data protection laws concerning their personal data, subject to certain conditions. These rights may include access to their personal data, correction of specific personal data, deletion of personal data, objection to particular processing of personal data, withdrawal of consent to any personal data processing based on consent, restriction of personal data processing, receipt of personal data in portable format, and protection from decisions solely based on automated processing that may have significant legal effects, depending on the location of the individual and the Xoriant entity acting as the data controller for their data. To exercise any of these rights, please complete the DSR Request Form available here.
Xoriant will not store/retain personal data beyond the time required to accomplish the purposes outlined in this privacy statement. After considering any legal, statutory, contractual, or legitimate requirements for retaining data, the personal data will be deleted from the systems.
Personal Data means any information relating to a living individual who can be identified directly or indirectly by an identifier such as:
- Name, identification number, image, location data or an online identifier.
- One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such individual.
- Birth date, address, personal phone number personal email address, race, nationality, ethnicity, origin, colour, religious or political beliefs or associations, age, sex, sexual orientation, marital status, family status, identifying number, code, fingerprints, blood type, inherited characteristics, health care history (including information on physical/mental disability); and educational, financial, criminal, history.
- Photographs of employee and internal gatherings.
Data Protection Laws and Regulations means, in the European Union, the Data Protection Directive 95/46/EC and the national statutory legislation passed in each Member State implementing this Directive, the General Data Protection Regulation (GDPR) 2016 / 679, as well as national law that exists outside the EU in each country.
European Union means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. Changes to the policy
Xoriant reserves the right to modify or amend this Policy at its own discretion. This policy is effective from July 2018. In order to check updates to this policy, please consult this page on a regular basis.Additional Information
If you would like to know more about Xoriant’s Privacy program, please Email us at DataSubjectResponse@Xoriant.Com.