The protection of your personal details of the utmost importance to Cyient Limited, India and all of its subsidiaries and affiliates operating globally (‘Cyient’), hence our use of the highest standards to ensure the protection of the right to data protection of our data subjects. This policy describes the means and purpose(s) for personal data collection, recording, organisation, structuring, storage and other processing activities as it concerns Cyient’s data subjects. This policy outlines how your personal data will be processed in accordance with the applicable laws on data protection(including but not limited to EU General Data Protection Regulation 2016/679;, California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020) (USA), Health Insurance Portability and Accountability Act, 1996 (USA); The Privacy Act 1988 (Australia) including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK) as amended by UK GDPR, Information Technology Act 2000 (India) read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India) and other applicable privacy laws to the extent that they apply to Cyient’s data processing and business operations in other countries. (the “Data Privacy Laws”).
Term |
Description |
"Personal Data" |
Any information of Data Subject which can reasonably associate or link to an identifiable natural person or could include anyone who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. (This also includes Personal Information as defined under the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020). |
"Personal Information" (applicable only to California residents) |
Information pertaining to residents of California that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include information that is lawfully made available from federal, state or local government records, nor does it include “de identified” or “aggregate customer information” as those terms are defined pursuant to the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020). Cyient does not collect Personal Information from California residents that are under the age of 16. |
"Sensitive Personal Data" |
Defined as any information revealing an identified or identifiable natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic information, biometric information for the purpose of uniquely identifying a natural person, data concerning health, or information concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal convictions. |
"Sensitive Personal Data" (applicable only to California residents) |
Personal information that reveals: a consumer's social security, driver's license, state identification card, or passport number; a consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer's precise geolocation; a consumer's racial or ethnic origin (including national origin or ancestry), religious or philosophical beliefs, or union membership; and the contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication; a consumer's genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer's health (including pregnancy, childbirth and medical conditions related to same, physical or mental disability); personal information collected and analyzed concerning a consumer's sex life or sexual orientation (including, gender, gender identity, and gender expression); age; veteran status and citizenship. |
"Process", "Processes", "Processed" or "Processing" |
Means any operation or set of operations which is performed on Personal Data or Personal Information or Sensitive Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
"Consent" |
Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Processing of their Personal Data, Personal Information and/or Sensitive Personal Data via a statement or by a clear affirmative action, signifies agreement to the processing of their Personal Data, Personal Information and/or Sensitive Personal Data. |
"Data Subject" |
Relates to a particular natural person (i.e., an identified or identifiable natural person to whom the Personal Data relates. In case of a minor/ individual with mental disabilities, the data subject would be represented by a legal representative (parent/ guardian). For the purpose of clarity of this Policy, “Data Subject” means Cyient current and previous employees, prospective candidates, current, prospective and previous customer personnel, current and previous partner/vendor personnel, website visitors, sub-contractors and visitors. For the purpose of California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020), data subject shall include California residents. |
"Data Controller" |
Means a person or organisation who (either alone, or jointly, or in common) determines the purposes for which and the way any Personal Data are, or are to be, Processed. For the purposes of this Policy, references to Data Controller shall mean references to Cyient and its affiliates, where relevant. |
"Data Processor" |
Is a person or organisation who Processes the Personal Data on behalf of and under the instruction of the Data Controller. |
"Third Party" |
In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other than the Data Subject, the Data Controller, or any Data Processor or other person authorized to process data for the Data Controller. |
"Sell," "selling," "sale," or "sold" |
Means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data or Personal Information by the business to another business or a Third Party for monetary or other valuable consideration. |
"Protected "Health Information" or "PHI" |
Means any written, oral, or electronic health information that is created by and/or received from a Covered Entity or a Business Associate of a Covered entity; PHI includes, but is not limited to, any of the following documentation, if the documentation reveals an Individual’s identity and the Individual’s health status or payment issues:
|
"Individual" |
Means the person who is the subject of the protected health information. |
"Covered Entity" |
Means any health plan or any healthcare clearinghouse, or any healthcare provider who transmits PHI as per the standards developed by the Department of Health & Human Services (“HHS”) in electronic form. |
"Business Associate" |
Means an entity that performs or assists a Covered Entity with a function or service involving the use or disclosure of PHI. The term Business Associate also applies to subcontractors of a Business Associate entity who perform PHI-related functions. |
"Electronic Media” |
Means:
|
"Profiling" |
Any form of automated processing of personal data where personal data is used to evaluate specific or general characteristics relating to an Identifiable Natural Person. In particular to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement. |
This Policy describes Cyient’s relationship with its affiliates, business partners, employees, and Third Parties providing services to Cyient (together “Cyient”, “we” or “us”). It covers Processing (including but not limited to collection, storage, usage, transmission and destruction) of Personal Data and Sensitive Personal Data of Cyient’s current and previous employees, prospective candidates, current, prospective and previous customers, current and previous partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by Cyient during the course of its business activities.
We will collect and process the following Personal Data / Sensitive Personal Data about you as follows:
Data Categories |
How we collect your data |
Customer and prospects Personal Data in Projects |
Directly from you. Or from other customer/ business partner and vendor referral. Also refer to “Contact data from website”, “Marketing Data, Events and Initiatives”. |
Business Partner/Vendor or prospects Personal Data |
Directly from you. Other customer/ business partner and vendor referral. Also refer to “Contact data from website”, “Marketing Data, Events and Initiatives”. |
Candidate Data | From Third Parties or other sources (for example via recruitment agencies or Cyient employee referral but in each case only as far as legally permissible and only as far as is necessary to fulfil the position in question), which may also include public sources such as professional networking platforms or job portals.
Directly from you in case you have directly applied through the website. |
Employee Data | Directly from you. |
Visitor information | Directly from you. |
Contact data from Website | Directly from you when you voluntarily fill out your information on the website through specific provided forms to receive information from us or to contact you. The information that you are required to fill out on the website are your identity information and contact details (e.g., First Name, Last Name, Work Email, Company Name). In general, you may browse our website without providing any Personal Data about yourself. On the website, we do not collect any of your Sensitive Personal Data. |
Website Cookies | Refer to our Cookie Policy (GP-014-CKP (Website Cookie Policy)) for information about our website cookies. |
Marketing Data, Events and Initiatives | Directly from you when you contact (or you have been contacted) or interact with any Cyient representative, via Cyient website or events or conferences or workshops or Surveys that you attend, by telephone, email, online portal or in person or from professional networking platforms like LinkedIn, Twitter. |
Cyient processes and stores your personal data in the following ways and for the following lawful purposes:
To provide our products and services to you;
To set-up, administer and manage your relationship, associated accounts and records;
To receive and respond to your communications and requests;
To notify you about promotional offers and general marketing in which you might be interested based on our legitimate interest or upon your consent. You are always able to object to this by unsubscribing or by reaching out to the contact details at section 16 - Complaints and Comments.
To consider you for potential job openings within our organisation;
To carry out activities relating to your employment contract with us (including, but not limited to, processing your salary, administering benefits, managing and providing training relevant to your role and managing your performance);
To carry out internal research for technological development and demonstration;
Use it for our legitimate business interests, such as improving website performance and user experience, to identify the right set of prospects and target accounts, managing the efficient management and operation of our business, conducting marketing activities designed to improve the products and services we offer to you, and administering the security of our business;
In the event that we sell or buy any business, assets or shares in part or whole, in order to disclose your personal details to such relevant third parties involved on a need-to-know basis;
To interact with any Cyient representative, via Cyient website or events or conferences or workshops or Surveys that you attend directly or via social media platforms;
To investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the services (including, where appropriate, dealing with requests from regulatory bodies for the sharing of information); and
To establish, exercise or defend our legal rights or for the purpose of legal proceedings.
We are entitled to Process your Personal Data or Sensitive Personal Data for the above-mentioned purposes on the basis of the following lawful grounds:
Processing Sensitive Personal Data: We may, where legally permissible, process your Sensitive Personal Data on the following lawful bases:
We will only use your personal data for the purposes for which we collect it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so without undue delay. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If we are required to process Personal Data or Sensitive Personal Data of individuals below the age of 16 years, then we shall do so by taking explicit written consent from their parents/legal guardians or in accordance with applicable legislation.
Note: If you are below the age of 16 years, then we do not want you to provide any of your Personal Data on our website.
If you choose not to provide your Personal Data/ Sensitive Personal Data that is mandatory to process your request, we may not be able to provide the corresponding service.
How long we continue to hold your Personal Data will vary depending principally on the Purposes identified in this Policy for using the Personal Data and Sensitive Personal Data and our Legal obligations under different laws and regulations.
Disposal of Personal Data or Sensitive Personal Data shall be handled with utmost care and shall be governed in accordance with reasonable data security practices as detailed by Cyient’s internal policies governing data disposal.
Personal Data or Sensitive Personal Data shall only be processed for the period necessary for the purposes for which it was originally collected as per the Cyient’s Data Retention Policy. These retention periods are subject to change only where deemed necessary in accordance with applicable law.
For more details, please refer Cyient’s Data Retention Policy.
We may transfer your Personal Data or Sensitive Personal Data to various countries where we operate.
We may transfer Personal Data or Sensitive Personal Data between our regional offices and data centres for the purposes described in this Policy. We may also transfer Personal Data or Sensitive Personal Data to our Third-Party suppliers, customers or business partners in different geographic locations.
Where we transfer your Personal Data or Sensitive Personal Data outside your country, we will ensure that it is protected and transferred in a manner consistent with applicable Data Privacy Laws. This can be done in several different ways, for instance:
You can obtain more details of the protection given to your Personal Data or Sensitive Personal Data when it is transferred outside your country (including a sample copy of the safeguards) by contacting us using the details set out in section 16 - ‘Complaints and Comments’.
In compliance with applicable law, access to your personal data is restricted to only necessary persons/entities on a strictly need-to-know basis. Within the ambit of the applicable law, Cyient ensures that all persons/entities with whom your personal data are disclosed are compliant with the applicable data protection laws.
We may disclose some of your Personal Data/ Sensitive Personal Data with the following recipients:
With respect to disclosing Personal Data or Sensitive Personal Data to Third Parties, written contracts with Third Parties will include restrictions prohibiting the Third Party from retaining, using or disclosing Personal Data or Sensitive Personal Data for any purpose except performing the services specified in the contract or as otherwise permitted by applicable Data Privacy Laws. Cyient will seek to use Data Processors or Sub processors that are capable of providing sufficient security measures in accordance with applicable Data Privacy Laws and shall put in place contractual mechanisms to ensure that the relevant Data Processor or Sub processor takes reasonable steps to ensure compliance with those measures.
Cyient does not sell your Personal Information to Third Parties or share your Personal Information obtained from your online activity on our website with Third Parties for targeted behavioural advertising, unless we have your consent.
In order to comply with our data security obligations under applicable Data Privacy Laws, we have adopted the following physical, technical and organizational security measures to ensure the security of your Personal Data and Sensitive Personal Data:
In accordance with the applicable law on data protection, data subjects have the following rights:
Please note that there may be circumstances in which we are legally entitled to refuse some of these requests. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Data Subject Rights:
Data Subject Rights |
Europe including UK |
US |
Australia |
Singapore |
India |
Right to Information / Access |
Yes |
Yes |
Yes |
Yes |
Yes |
Right to withdraw consent (opt out) |
Yes |
Yes |
Yes |
Yes |
Yes |
Right to Object processing |
Yes |
Yes |
Yes |
Yes |
Yes |
Right to Restrict processing |
Yes |
- |
- |
- |
Yes |
Right to Erasure (to be Forgotten) |
Yes |
Yes |
Yes |
- |
Yes |
Right to Rectification |
Yes |
Yes |
Yes |
Yes |
Yes |
Right of Data Portability |
Yes |
Yes |
- |
Yes |
Yes |
Right not subject to automated decision making/profiling |
Yes |
Yes |
- |
- |
- |
Right to Complain to the Supervisory authority |
Yes |
Yes |
Yes |
Yes |
Yes |
Right not to be subject to discrimination for the exercise of rights |
- |
California Residents |
- |
- |
- |
Opt out of sale of data |
- |
California Residents |
- |
- |
- |
To exercise the rights outlined above in respect of your Personal Data/ Sensitive Personal Data, to receive more details or if you belong to any other jurisdiction that is not listed above, you may raise a request by contacting us on the details mentioned under ‘Complaints and Comments’.
Cyient may act as a ‘Business Associate’ under the Health Insurance Portability and Accountability Act (“HIPAA”). For details regarding Cyient’s obligations as a ‘Business Associate’ under the HIPAA, please refer the sections below:
Cyient’s Privacy Officer shall be the single point of contact for all queries on HIPAA-related matters for Cyient. Please find the contact details in section 16:
The Privacy Officer is also responsible for:
Cyient does not receive, access, use or otherwise process PHI without a Business Associate Agreement (BAA). The BAA ensures that the PHI received from a Covered Entity or Business Associate (hereinafter the Cyient “customer”) is properly safeguarded in accordance with the applicable provisions of the HIPAA Privacy Rule, Security Rule, and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).
The Privacy Officer shall maintain a log of all BAAs and manage any compliance requirements specified in such BAAs.
Upon termination of a BAA, Cyient will return or destroy all PHI that it received and maintains from the customer, and no copies of such information will be retained. If return or destruction is not feasible, Cyient shall continue to protect such PHI in accordance with the terms of the BAA and applicable law, until such time as the PHI remains in its possession and custody.
Cyient shall use and disclose PHI solely in accordance with the permitted uses laid out in the Business Associate Agreement between Cyient and its customer, and in compliance with the purposes and standards prescribed under HIPAA.
In the event that a mandatory disclosure request as prescribed in HIPAA is made directly to Cyient, whether by an Individual, in compliance with a legal directive, or to HHS (Department of Health & Human Services) for the purposes of enforcing HIPAA, Cyient shall, to the extent permitted by law, notify the customer from whom such PHI was received, and shall make the requested disclosure in line with the guidance issued by such customer.
Cyient shall not, in the absence of an authorization from the relevant Individuals, process PHI for any purpose other than the permitted purposes prescribed under applicable law and the BAA; provided however, that the responsibility for obtaining such authorization shall rest solely and exclusively on the Cyient customer on whose behalf such processing shall occur and Cyient shall not, to the extent permitted by law, be liable for any delay or failure by the customer to obtain the requisite authorizations.
Cyient personnel that use, disclose, request, or have access to PHI in order to carry out their work-related functions are required to undergo the prescribed training to permit them to carry out functions in compliance with HIPAA. Training for employees with access to PHI will be provided within a reasonable period of time after their date of assignment to the relevant project. Where applicable, such personnel will be required to take a refresher training annually and at additional times as determined by the Privacy Officer.
If you have any questions, comments or complaints related to the processing of your Personal Data or Sensitive Personal Data, or want to request a copy of the privacy policy or the definitions of terms used in the privacy policy, please contact our Global Compliance Team at: global.compliance@cyient.com
A. Individuals/data subjects from European Union (EU) and/or European Economic Area (EEA) may contact our:
FIRST PRIVACY GmbH (EU/EEA)
Postal Address: Konsul-Smidt-Straße 88, 28217 Bremen
Phone: +49 421 69 66 32-80
Email: office@first-privacy.com
B. Individuals/data subjects from India may contact our Grievance Officer using the contact details mentioned below:
Email: Sudheendhra.Putty@cyient.com
Postal Address: Plot no. 11, Software Units Layout, Infocity, Madhapur, Hyderabad – 500081, Telangana, India.
C. Individuals/data subjects from USA and Canada may contact our Privacy Officer using the contact details mentioned below:
Data Privacy Officer (USA and Canada)
Mr. Mark Mcgrath
Email ID: mark.mcgrath@cyient.com
D. Individuals/data subjects from other regions may contact us via this contact form on our website.
If you consider that your data is not being processed in compliance with the law, you can also contact the relevant data protection supervisory authority using the following links:
o Canada
We reserve the right to update or change this policy at any time to reflect changes in law or our current privacy practices. When we make changes to this policy, we will revise the “updated” date at the top of this page.
Find out more about how you can maximize impact through our services and solutions.*
*Suppliers, job seekers, or alumni, please use the appropriate form.
Cyient (Estd: 1991, NSE: CYIENT)delivers Intelligent Engineering solutions for Digital, Autonomous and Sustainable Future
© Cyient 2024. All Rights Reserved.