<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KQ3FZBL" height="0" width="0" style="display:none;visibility:hidden">
Skip to content

Privacy Policy

Privacy Policy

1. Introduction

The protection of your personal details is of the utmost importance to Cyient Limited, India and all of its subsidiaries and affiliates operating globally (‘Cyient’), hence our use of the highest standards to ensure the protection of the right to data protection of our data subjects. This policy describes the means and purpose(s) for personal data collection, recording, organisation, structuring, storage and other processing activities as it concerns Cyient’s data subjects. This policy outlines how your personal data will be processed in accordance with the applicable laws on data protection (including but not limited to EU General Data Protection Regulation 2016/679, California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts , Health Insurance Portability and Accountability Act, 1996 (USA); The Privacy Act 1988 (Australia), including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK) as amended by UK GDPR, Information Technology Act 2000 (India) read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India) and other applicable privacy laws to the extent that they apply to Cyient’s data processing and business operations in other countries (the “Data Privacy Laws”).

2. Definitions:

Term

Description

"Personal Data"

Any information of a Data Subject which can be reasonably associated or link to an identifiable natural person or includes anyone who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. (This also includes Personal Information as defined under the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020).

"Personal Information" (applicable only to California residents)

Information pertaining to residents of California that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include information that is lawfully made available by federal, state or local government records, nor does it include “de-identified” or “aggregate customer information,” as those terms are defined pursuant to the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020). Cyient does not collect Personal Information from California residents who are under the age of 16.

"Sensitive Personal Data"

Defined as any information revealing an identified or identifiable natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic information, biometric information for the purpose of uniquely identifying a natural person, data concerning health, or information concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal convictions.

"Sensitive Personal Data" (applicable only to California residents)

Personal information that reveals: a consumer's social security, driver's license, state identification card, or passport number; a consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer's precise geolocation; a consumer's racial or ethnic origin (including national origin or ancestry), religious or philosophical beliefs, or union membership; and the contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication; a consumer's genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer's health (including pregnancy, childbirth and medical conditions related to them, physical or mental disability); personal information collected and analyzed concerning a consumer's sex life or sexual orientation (including, gender, gender identity, and gender expression); age; veteran status and citizenship.

"Process", "Processes", "Processed" or "Processing"

Means any operation or set of operations which is performed on Personal Data or Personal Information or Sensitive Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Consent"

Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Processing of their Personal Data, Personal Information and/or Sensitive Personal Data via a statement or by a clear affirmative action, signifies agreement to the processing of their Personal Data, Personal Information and/or Sensitive Personal Data.

"Data Subject"

Relates to a particular natural person (i.e., an identified or identifiable natural person to whom the Personal Data relates). In case of a minor/ individual with mental disabilities, the data subject would be represented by a legal representative (parent/ guardian). For the purpose of clarity of this Policy, “Data Subject” means Cyient’s current and previous employees, prospective candidates, current, prospective and previous customer personnel, current and previous partner/vendor personnel, website visitors, sub-contractors and visitors. For the purpose of California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020), data subject shall include California residents.

"Data Controller"

Means a person or organization who (either alone, or jointly, or in common) determines the purposes for which and the way any Personal Data is, or are to be, Processed. For the purposes of this Policy, references to Data Controller shall mean references to Cyient and its affiliates, where relevant.

"Data Processor"

Is a person or organisation who Processes the Personal Data on behalf of and under the instruction of the Data Controller.

"Third Party"

In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other than the Data Subject, the Data Controller, or any Data Processor or other person authorized to process data for the Data Controller.

"Sell," "selling," "sale," or "sold"

Means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data or Personal Information by the business to another business or a third party for monetary or other valuable consideration.

"Protected "Health Information" or "PHI"

Means any written, oral, or electronic health information that is created by and/or received from a Covered Entity or a Business Associate of a Covered Entity;

PHI includes, but is not limited to, any of the following documentation, if the documentation reveals an Individual’s identity and the Individual’s health status or payment issues:

  • medical records (such as hospital charts or doctor’s notes);
  • medical bills (such as bills for hospital or doctor’s services);
  • claims data (such as data on claims payments made by the Plans on an Individual’s behalf); and
  • insurance payment information (such as an explanation of benefits).

"Individual"

Means the person who is the subject of the protected health information.

"Covered Entity"

Means any health plan or any healthcare clearinghouse, or any healthcare provider who transmits PHI as per the standards developed by the Department of Health & Human Services (“HHS”) in electronic form.

"Business Associate"

Means an entity that performs or assists a Covered Entity with a function or service involving the use or disclosure of PHI. The term Business Associate also applies to subcontractors of a Business Associate entity who perform PHI-related functions.

"Electronic Media”

Means:

    1. Electronic storage material on which data is or may be recorded electronically, including devices in computers (e.g., hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or
    2. transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the Internet, extranet, intranet, leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Certain transmissions, including paper, voice via telephone, and facsimile, are not considered to be transmissions via electronic media if the information being exchanged did not exist in electronic form immediately before the transmission.

"Profiling"

Any form of automated processing of personal data where personal data is used to evaluate specific or general characteristics relating to an Identifiable Natural Person. In particular, to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement.

3. Scope

This Policy describes Cyient’s relationship with its affiliates, business partners, employees, and third parties providing services to Cyient (together “Cyient”, “we” or “us”). It covers Processing (including but not limited to collection, storage, usage, transmission and destruction) of Personal Data and Sensitive Personal Data of Cyient’s current and previous employees, prospective candidates, current, prospective and previous customers, current and previous partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by Cyient during the course of its business activities.

4. How we collect your Personal Data / Sensitive Personal Data

We will collect and process the following Personal Data / Sensitive Personal Data about you as follows:

Data Categories

How we collect your data

Customer and prospects Personal Data in Projects 

Directly from you, or from other customers, business partners,  and vendor referrals. Also refer to “Contact Data from Website,” “Marketing Data, Events and Initiatives”. 

Business Partner/Vendor or prospects Personal Data 

Directly from you, or from other customer/ business partners and vendor referrals. Also refer to “Contact Data from Website,” “Marketing Data, Events and Initiatives.”
Candidate Data

From third parties or other sources (for example, via recruitment agencies or Cyient employee referrals, but in each case only as far as legally permissible and necessary to fulfil the position in question), which may also include public sources such as professional networking platforms or job portals.
Directly from you in case you have directly applied through the website.
Employee Data Directly from you.
Visitor information Directly from you.
Contact data from Website Directly from you when you voluntarily fill out your information on the website through specific forms provided to receive information from us or to contact you. The information that you are required to fill out on the website includes your identity details and contact information (e.g., First Name, Last Name, Work Email, Company Name). In general, you may browse our website without providing any Personal Data about yourself. We do not collect any Sensitive Personal Data on our website.
Website Cookies Please refer to our Cookie Policy (GP-014-CKP) for information about the use of cookies on our website.
Marketing Data, Events and Initiatives Directly from you when you contact or are contacted by a Cyient representative via the Cyient website, events, conferences, workshops, or surveys you attend, by telephone, email, an online portal, or in person, or from professional networking platforms like LinkedIn and Twitter.

5. Purpose of processing Personal Data/ Sensitive Personal Data

  • To provide our products and services to you.

  • To set up, administer, and manage your relationship, associated accounts, and records.

  • To receive and respond to your communications and requests.

  • To notify you about promotional offers and general marketing in which you might be interested, based on our legitimate interest or upon your consent. You are always able to object to this by unsubscribing or by reaching out to the contact details in Section 16 – Complaints and Comments.

  • To consider you for potential job openings within our organization.

  • To carry out activities relating to your employment contract with us (including, but not limited to, processing your salary, administering benefits, managing and providing training relevant to your role, and managing your performance).

  • To carry out internal research for technological development and demonstration.

  • To use it for our legitimate business interests, such as improving website performance and user experience, identifying the right set of prospects and target accounts, ensuring the efficient management and operation of our business, conducting marketing activities designed to improve the products and services we offer to you, and administering the security of our business.

  • In the event that we sell or buy any business, assets, or shares in part or whole, to disclose your personal details to such relevant third parties involved on a need-to-know basis.

  • To interact with any Cyient representative via the Cyient website, events, conferences, workshops, or surveys you attend directly or via social media platforms.

  • To investigate and assist with the investigation of suspected unlawful, fraudulent, or other improper activity connected with the services (including, where appropriate, dealing with requests from regulatory bodies for the sharing of information).

  • To establish, exercise, or defend our legal rights or for the purpose of legal proceedings.

  • To activate website cookies and tracking technologies.

6. Lawful Grounds for processing Personal Data /Sensitive Personal Data

We are entitled to process your Personal Data or Sensitive Personal Data for the above-mentioned purposes on the basis of the following lawful grounds:

  • Performance of Contract: Performance of Contract: We may process your Personal Data or Sensitive Personal Data where necessary to enter into a contract with you or to perform our obligations under a contract with you. E.g., processing personal data for employment purposes (such as processing your salary, administering benefits) or providing services to our customers, which are necessary to execute the contract. If you do not provide Personal Data for processing under this legal basis, we may not be able to perform as per the respective contract.
  • Consent: Where permitted under applicable local laws, we may process your Personal Data or Sensitive Personal Data based on your prior consent. In such cases, you have the right to withdraw your consent at any time by contacting the details provided below in this Privacy Policy. In certain limited circumstances, even after the withdrawal of data subject consent, we may be entitled to continue processing your Personal Data where we have a lawful reason to do so and as previously communicated to you.
  • Legitimate Interests: We may process your Personal Data where it is necessary for our legitimate business interests as a company, which are outlined above and only if those interests do not override your rights and freedoms, when applicable.
  • Legal Obligations: We may process your Personal Data where it is necessary in order to comply with applicable legal and/or regulatory obligations, establish, exercise, or defend our legal rights, or for the purpose of legal proceedings and to prevent and respond to actual or potential fraud or illegal activities.
  • Vital Interest: We may process your Personal Data to protect your vital interests or those of another natural person.
  • Other "Public Interest" Grounds: We may process your Personal Data (or, where relevant, your Sensitive Personal Data) on other public interest grounds where it is subject to regulatory requirements and processing is necessary by us for the performance of a task mandated by governmental authorities, regulatory authorities, or any other law enforcement authorities in the public interest.

Processing Sensitive Personal Data: We may, where legally permissible, process your Sensitive Personal Data on the following lawful bases:

  • Explicit consent;
  • Legal obligations;
  • Protect your vital interests or those of another natural person where the person is physically or legally incapable of giving consent;
  • Legitimate interests, where permitted by applicable legislation;
  • Personal Data manifestly made public by the data subject;
  • Establishment, exercise, or defense of legal claims, or whenever courts are acting in their judicial capacity;
  • Public interest, or health;
  • Preventive or occupational medicine; and/or
  • Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

7. Change of Purpose

We will only use your Personal Data for the purposes for which we collect it. If we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis that allows us to do so without undue delay. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

8. Personal Data of Individuals below 16 years

If we are required to process Personal Data or Sensitive Personal Data of individuals below the age of 16 years, we shall do so by taking explicit written consent from their parents/legal guardians or in accordance with applicable legislation.

Note: If you are below the age of 16, we ask that you not provide any of your Personal Data on our website.

9. Consequences of not providing Personal Data/ Sensitive Personal Data

If you choose not to provide your Personal Data/Sensitive Personal Data that is mandatory for processing your request, we may not be able to provide the corresponding service.

10. Retention and Disposal of Personal Data/ Sensitive Personal Data

How long we continue to hold your Personal Data will vary principally depending on the purposes identified in this Policy for using the Personal Data and Sensitive Personal Data and our legal obligations under different laws and regulations.

Disposal of Personal Data or Sensitive Personal Data shall be handled with the utmost care and shall be governed in accordance with reasonable data security practices as detailed by Cyient's internal policies governing data disposal.

Personal Data or Sensitive Personal Data shall only be processed for the period necessary for the purposes for which it was originally collected as per Cyient's Data Retention Policy. These retention periods are subject to change only where deemed necessary in accordance with applicable law.

For more details, please refer to Cyient's Data Retention Policy.

11. Cross Border Transfer

We may transfer your Personal Data or Sensitive Personal Data to various countries where we operate.

We may transfer Personal Data or Sensitive Personal Data between our regional offices and data centres for the purposes described in this Policy. We may also transfer Personal Data or Sensitive Personal Data to our third-party suppliers, customers, or business partners in different geographic locations.

Where we transfer your Personal Data or Sensitive Personal Data outside your country, we will ensure that it is protected and transferred in a manner consistent with applicable Data Privacy Laws. This can be done in several ways, such as:

  • The country or the third party certified under the EU-US Data Protection Framework to which we send the Personal Data or Sensitive Personal Data that is approved by the European Commission as offering an "adequate" level of data protection;
  • Where applicable, we have implemented additional (technical, contractual [inter-company transfer agreements and standard contractual clauses] and/or organizational) measures to secure the transfer of your personal data;
  • The recipient organization has signed a contract based on "standard contractual clauses" approved by the European Commission, obliging them to protect your Personal Data or Sensitive Personal Data; and
  • In other circumstances, Data Privacy Laws may permit us to use other transfer mechanisms to transfer your Personal Data or Sensitive Personal Data outside of Europe. In all cases, however, any transfer of your Personal Data or Sensitive Personal Data will be compliant with applicable Data Privacy Laws.

You can obtain more details of the protection given to your personal data or sensitive personal data when it is transferred outside your country (including a sample copy of the safeguards) by contacting us using the details set out in section 16 - "Complaints and Comments".

12. Disclosure of Personal Data or Sensitive Personal Data

In compliance with applicable law, access to your personal data is restricted to only necessary persons or entities on a strictly need-to-know basis. Within the ambit of the applicable law, Cyient ensures that all persons or entities with whom your personal data are disclosed are compliant with the applicable data protection laws.

We may disclose some of your personal data/ sensitive personal data with the following recipients:

  • Any Cyient entity;
  • Internal departments, including your reporting manager, managers in the business areas, IT team, admin team, or any other team;
  • Third parties with whom we have a contractual relationship, including clients, payroll vendors, law firms, etc.; and
  • In the event that we sell or buy any business, assets, or shares, in part or whole, we may disclose your personal details to such relevant third parties involved, subject to the provisions of applicable laws.

With respect to disclosing personal data or sensitive personal data to third parties, written contracts with third parties will include restrictions prohibiting the third party from retaining, using, or disclosing personal data or sensitive personal data for any purpose except for performing the services specified in the contract, or as otherwise permitted by applicable data privacy laws. Cyient will seek to use data processors or sub-processors that are capable of providing sufficient security measures in accordance with applicable data privacy laws and shall put in place contractual mechanisms to ensure that the relevant data processor or sub-processor takes reasonable steps to ensure compliance with those measures.

Cyient does not sell your personal information to third parties or share your personal information obtained from your online activity on our website with third parties for targeted behavioral advertising, unless we have your consent.

13. Security of Personal Data and Sensitive Personal Data

In order to comply with our data security obligations under applicable Data Privacy Laws, we have adopted the following physical, technical and organizational security measures to ensure the security of your Personal Data and Sensitive Personal Data:

  • We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes, services, technologies, and/or platforms that involve processing Personal Data;
  • Considerations have been made for technical and organizational measures to enhance privacy (e.g., pseudonymization, anonymization, data minimization, data aggregation, etc.). In addition, we shall take appropriate technical and organizational measures to ensure that Personal Data collected or processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • With respect to the Personal Information of California residents, and in addition to the above, we will use measures to enhance the privacy of your Personal Information by using measures to “aggregate consumer information” or to “de-identify” such Personal Information as those terms are defined by the California Consumer Privacy Act of 2018 (CCPA), its further amendments, and related legal acts (such as the California Privacy Rights Act of 2020);
  • We shall ensure to implement reasonable processes to monitor the quality of the Personal Data and Sensitive Personal Data we store/ process;
  • Each business unit and support function within our organization has taken steps to assure that processed Personal Data and Sensitive Personal Data are complete and accurate;
  • We have implemented a process to ensure that our employees can review, update, and confirm the accuracy and completeness of their Personal Data and Sensitive Personal Data processed by us;
  • Third parties will only process your Personal Data upon our instructions, and they have agreed to treat the Personal Data confidentially and to keep it secure. We enter into specific agreements with such third parties to ensure compliance; and
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

14. Data Subject Rights

In accordance with the applicable law on data protection, Data Subjects have the following rights:

  • The right to access the Personal Data we process concerning you;
  • The right to rectification of any Personal Data that is inaccurate or incomplete;
  • The right to erasure of your Personal Data (also known as ‘the right to be forgotten’);
  • The right to restrict the processing of your Personal Data;
  • The right to data portability;
  • The right to object to the processing of your Personal Data;
  • Rights in relation to automated decision-making and profiling;
  • The right to lodge a complaint with the applicable Data Protection supervisory authority;
  • The right to withdraw your consent for processing your Personal Data;
  • The right to request disclosure of the categories and specific pieces of Personal Information that the business collects, sells, or discloses, which can be exercised by California residents;
  • The right to request information that we share with Third Parties for their own direct marketing purposes (if applicable), which can be exercised by California residents; and
  • The right to non-discrimination for California residents exercising their rights.

Please note that there may be circumstances in which we are legally entitled to refuse some of these requests. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Data Subject Rights:

Data Subject Rights

Europe including UK

US

Australia

Singapore

India

Right to Information / Access

Yes

Yes

Yes

Yes

Yes

Right to withdraw consent (opt out)

Yes

Yes

Yes

Yes

Yes

Right to Object processing

Yes

Yes

Yes

Yes

Yes

Right to Restrict processing

Yes

-

-

-

Yes

Right to Erasure (to be Forgotten)

Yes

Yes

Yes

-

Yes

Right to Rectification

Yes

Yes

Yes

Yes

Yes

Right of Data Portability

Yes

Yes

-

Yes

Yes

Right not subject to automated decision making/profiling

Yes

Yes

-

-

-

Right to Complain to the Supervisory authority

Yes

Yes

Yes

Yes

Yes

Right not to be subject to discrimination for the exercise of rights

-

California Residents

-

-

-

Opt out of sale of data

-

California Residents

-

-

-

To exercise the rights outlined above in respect of your Personal Data or Sensitive Personal Data, to receive more details, or if you belong to any other jurisdiction that is not listed above, you may raise a request by contacting us using the details mentioned under ‘Complaints and Comments’.

15. HIPAA Privacy and Security Requirements

Cyient may act as a ‘Business Associate’ under the Health Insurance Portability and Accountability Act (“HIPAA”). For details regarding Cyient’s obligations as a ‘Business Associate’ under HIPAA, please refer to the sections below.

15.1 Privacy Officer

Cyient’s Privacy Officer shall be the single point of contact for all queries related to HIPAA matters for Cyient. Please find the contact details in Section 16.

The Privacy Officer is also responsible for:

  • Development and implementation of policies and procedures pertaining to the protection of PHI and Cyient’s obligations thereof;
  • Compliance with the Privacy Rule;
  • Establishing a breach notification process and coordinating with the Covered Entity on any breaches;
  • Developing a training program; and
  • Monitoring changes in the law and procedures that affect PHI.

15.2 Business Associate Agreements

Cyient does not receive, access, use, or otherwise process PHI without a Business Associate Agreement (BAA). The BAA ensures that the PHI received from a Covered Entity or Business Associate (hereinafter the Cyient “customer”) is properly safeguarded in accordance with the applicable provisions of the HIPAA Privacy Rule, Security Rule, and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

The Privacy Officer shall maintain a log of all BAAs and manage any compliance requirements specified in such BAAs.

Upon termination of a BAA, Cyient will return or destroy all PHI that it received and maintains from the customer, and no copies of such information will be retained. If return or destruction is not feasible, Cyient shall continue to protect such PHI in accordance with the terms of the BAA and applicable law, until such time as the PHI remains in its possession and custody.

15.3 Use and Disclosure of Protected Health Information

Cyient shall use and disclose PHI solely in accordance with the permitted uses laid out in the Business Associate Agreement (BAA) between Cyient and its customer, and in compliance with the purposes and standards prescribed under HIPAA.

In the event that a mandatory disclosure request as prescribed in HIPAA is made directly to Cyient, whether by an Individual, in compliance with a legal directive, or to HHS (Department of Health & Human Services) for the purposes of enforcing HIPAA, Cyient shall, to the extent permitted by law, notify the customer from whom such PHI was received, and shall make the requested disclosure in line with the guidance issued by such customer.

Cyient shall not, in the absence of an authorization from the relevant Individuals, process PHI for any purpose other than the permitted purposes prescribed under applicable law and the BAA; provided, however, that the responsibility for obtaining such authorization shall rest solely and exclusively on the Cyient customer on whose behalf such processing shall occur, and Cyient shall not, to the extent permitted by law, be liable for any delay or failure by the customer to obtain the requisite authorizations.

15.4 Training

Cyient personnel that use, disclose, request, or have access to PHI in order to carry out their work-related functions are required to undergo the prescribed training to permit them to carry out functions in compliance with HIPAA. Training for employees with access to PHI will be provided within a reasonable period of time after their date of assignment to the relevant project. Where applicable, such personnel will be required to take a refresher training annually and at additional times as determined by the Privacy Officer.

  • Cyient will not make unsolicited marketing calls to a person who has said that they do not want those calls. In other words, there is a right to opt out, and no calls will be made to someone who has objected to or opted out of marketing calls.
  • Cyient will not make it difficult to opt out, for example, by requiring customers to complete a form or confirm in writing. As soon as a customer has clearly expressed that they do not want the calls, they must stop.
  • If a customer objects or opts out at any time, their details will be suppressed as soon as possible. Cyient will ensure not to simply delete their details entirely, as this would prevent proper record-keeping to ensure such calls are not made again.

16. Complaints and Comments

If you have any questions, comments or complaints related to the processing of your Personal Data or Sensitive Personal Data, or want to request a copy of the privacy policy or the definitions of terms used in the privacy policy, please contact our Global Compliance Team at: global.compliance@cyient.com

A. Individuals/data subjects from European Union (EU) and/or European Economic Area (EEA) may contact our:

  • Data Protection Officer using the contact details mentioned below:

    FIRST PRIVACY GmbH (EU/EEA) 

    Postal Address: Konsul-Smidt-Straße 88, 28217 Bremen

    Phone: +49 421 69 66 32-80

    Email: office@first-privacy.com

  • Or Contact us via the GDPR contact form.

B. Individuals/data subjects from India may contact our Grievance Officer using the contact details mentioned below:

  • Mr. Sudheendhra Putty (India)

    Email: Sudheendhra.Putty@cyient.com

  • Postal Address: Plot no. 11, Software Units Layout, Infocity, Madhapur, Hyderabad – 500081, Telangana, India.

C. Individuals/data subjects from USA and Canada may contact our Privacy Officer using the contact details mentioned below:

D. Individuals/data subjects from other regions may contact us via this contact form on our website.

If you consider that your data is not being processed in compliance with the law, you can also contact the relevant data protection supervisory authority using the following links:

o European Union

o The United Kingdom

o Australia

o Canada

17. Changes to this Policy

We reserve the right to update or modify this policy at any time to reflect changes in law or updates to our privacy practices. When we make changes to this policy, we will revise the “Updated” date at the top of this page.