1. Introduction

    The protection of your personal details of the utmost importance to Cyient Limited, India and all of its subsidiaries and affiliates operating globally (‘Cyient’), hence our use of the highest standards to ensure the protection of the right to data protection of our data subjects. This policy describes the means and purpose(s) for personal data collection, recording, organisation, structuring, storage and other processing activities as it concerns Cyient’s data subjects. This policy outlines how your personal data will be processed in accordance with the applicable laws on data protection(including but not limited to EU General Data Protection Regulation 2016/679;, California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020) (USA), Health Insurance Portability and Accountability Act, 1996 (USA); The Privacy Act 1988 (Australia) including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK) as amended by UK GDPR, Information Technology Act 2000 (India) read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India) and other applicable privacy laws to the extent that they apply to Cyient’s data processing and business operations in other countries. (the “Data Privacy Laws”).

    2. Definitions:

    Term

    Description

    "Personal Data"

    Any information of Data Subject which can reasonably associate or link to an identifiable natural person or could include anyone who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. (This also includes Personal Information as defined under the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020).

    "Personal Information" (applicable only to California residents)

    Information pertaining to residents of California that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include information that is lawfully made available from federal, state or local government records, nor does it include “de identified” or “aggregate customer information” as those terms are defined pursuant to the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020). Cyient does not collect Personal Information from California residents that are under the age of 16.

    "Sensitive Personal Data"

    Defined as any information revealing an identified or identifiable natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic information, biometric information for the purpose of uniquely identifying a natural person, data concerning health, or information concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal convictions.

    "Sensitive Personal Data" (applicable only to California residents)

    Personal information that reveals: a consumer's social security, driver's license, state identification card, or passport number; a consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer's precise geolocation; a consumer's racial or ethnic origin (including national origin or ancestry), religious or philosophical beliefs, or union membership; and the contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication; a consumer's genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer's health (including pregnancy, childbirth and medical conditions related to same, physical or mental disability); personal information collected and analyzed concerning a consumer's sex life or sexual orientation (including, gender, gender identity, and gender expression); age; veteran status and citizenship.

    "Process", "Processes", "Processed" or "Processing"

    Means any operation or set of operations which is performed on Personal Data or Personal Information or Sensitive Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    "Consent"

    Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Processing of their Personal Data, Personal Information and/or Sensitive Personal Data via a statement or by a clear affirmative action, signifies agreement to the processing of their Personal Data, Personal Information and/or Sensitive Personal Data.

    "Data Subject"

    Relates to a particular natural person (i.e., an identified or identifiable natural person to whom the Personal Data relates. In case of a minor/ individual with mental disabilities, the data subject would be represented by a legal representative (parent/ guardian). For the purpose of clarity of this Policy, “Data Subject” means Cyient current and previous employees, prospective candidates, current, prospective and previous customer personnel, current and previous partner/vendor personnel, website visitors, sub-contractors and visitors. For the purpose of California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020), data subject shall include California residents.

    "Data Controller"

    Means a person or organisation who (either alone, or jointly, or in common) determines the purposes for which and the way any Personal Data are, or are to be, Processed. For the purposes of this Policy, references to Data Controller shall mean references to Cyient and its affiliates, where relevant.

    "Data Processor"

    Is a person or organisation who Processes the Personal Data on behalf of and under the instruction of the Data Controller.

    "Third Party"

    In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other than the Data Subject, the Data Controller, or any Data Processor or other person authorized to process data for the Data Controller.

    "Sell," "selling," "sale," or "sold"

    Means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data or Personal Information by the business to another business or a Third Party for monetary or other valuable consideration.

    "Protected "Health Information" or "PHI"

    Means any written, oral, or electronic health information that is created by and/or received from a Covered Entity or a Business Associate of a Covered entity;

    PHI includes, but is not limited to, any of the following documentation, if the documentation reveals an Individual’s identity and the Individual’s health status or payment issues:

    • medical records (such as hospital charts or doctor’s notes);

    • medical bills (such as bills for hospital or doctor’s services);

    • claims data (such as data on claims payments made by the Plans on an Individual’s behalf); and

    • insurance payment information (such as an explanation of benefits).

    "Individual"

    Means the person who is the subject of the protected health information.

    "Covered Entity"

    Means any health plan or any healthcare clearinghouse, or any healthcare provider who transmits PHI as per the standards developed by the Department of Health & Human Services (“HHS”) in electronic form.

    "Business Associate"

    Means an entity that performs or assists a Covered Entity with a function or service involving the use or disclosure of PHI. The term Business Associate also applies to subcontractors of a Business Associate entity who perform PHI-related functions.

    "Electronic Media”

    Means:

    1. electronic storage material on which data is or may be recorded electronically, including devices in computers (e.g., hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or

    2. transmission media used to exchange information already in electronic storage media. Transmission media include, for ex, the Internet, extranet, intranet, leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Certain transmissions, including paper, voice via telephone, and facsimile, are not considered to be transmissions via electronic media if the information being exchanged did not exist in electronic form immediately before the transmission.

    "Profiling"

    Any form of automated processing of personal data where personal data is used to evaluate specific or general characteristics relating to an Identifiable Natural Person. In particular to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement.


    3. Scope

    This Policy describes Cyient’s relationship with its affiliates, business partners, employees, and Third Parties providing services to Cyient (together “Cyient”, “we” or “us”). It covers Processing (including but not limited to collection, storage, usage, transmission and destruction) of Personal Data and Sensitive Personal Data of Cyient’s current and previous employees, prospective candidates, current, prospective and previous customers, current and previous partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by Cyient during the course of its business activities.

    4. How we collect your Personal Data / Sensitive Personal Data

    We will collect and process the following Personal Data / Sensitive Personal Data about you as follows:

    Data Categories

    How we collect your data

    Customer and prospects Personal Data in Projects 

    Directly from you. Or from other customer/ business partner and vendor referral. Also refer to “Contact data from website”, “Marketing Data, Events and Initiatives”. 

    Business Partner/Vendor or prospects Personal Data 

    Directly from you. Other customer/ business partner and vendor referral. Also refer to “Contact data from website”, “Marketing Data, Events and Initiatives”.

    Candidate Data From Third Parties or other sources (for example via recruitment agencies or Cyient employee referral but in each case only as far as legally permissible and only as far as is necessary to fulfil the position in question), which may also include public sources such as professional networking platforms or job portals.

    Directly from you in case you have directly applied through the website.

    Employee Data Directly from you.
    Visitor information Directly from you.
    Contact data from Website Directly from you when you voluntarily fill out your information on the website through specific provided forms to receive information from us or to contact you. The information that you are required to fill out on the website are your identity information and contact details (e.g., First Name, Last Name, Work Email, Company Name). In general, you may browse our website without providing any Personal Data about yourself. On the website, we do not collect any of your Sensitive Personal Data.
    Website Cookies Refer to our Cookie Policy (GP-014-CKP (Website Cookie Policy)) for information about our website cookies.
    Marketing Data, Events and Initiatives Directly from you when you contact (or you have been contacted) or interact with any Cyient representative, via Cyient website or events or conferences or workshops or Surveys that you attend, by telephone, email, online portal or in person or from professional networking platforms like LinkedIn, Twitter.

    5. Purpose of processing Personal Data/ Sensitive Personal Data

    Cyient processes and stores your personal data in the following ways and for the following lawful purposes:

    • To provide our products and services to you;

    • To set-up, administer and manage your relationship, associated accounts and records;

    • To receive and respond to your communications and requests;

    • To notify you about promotional offers and general marketing in which you might be interested based on our legitimate interest or upon your consent. You are always able to object to this by unsubscribing or by reaching out to the contact details at section 16 - Complaints and Comments.

    • To consider you for potential job openings within our organisation;

    • To carry out activities relating to your employment contract with us (including, but not limited to, processing your salary, administering benefits, managing and providing training relevant to your role and managing your performance);

    • To carry out internal research for technological development and demonstration;

    • Use it for our legitimate business interests, such as improving website performance and user experience, to identify the right set of prospects and target accounts, managing the efficient management and operation of our business, conducting marketing activities designed to improve the products and services we offer to you, and administering the security of our business;

    • In the event that we sell or buy any business, assets or shares in part or whole, in order to disclose your personal details to such relevant third parties involved on a need-to-know basis;

    • To interact with any Cyient representative, via Cyient website or events or conferences or workshops or Surveys that you attend directly or via social media platforms;

    • To investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the services (including, where appropriate, dealing with requests from regulatory bodies for the sharing of information); and

    • To establish, exercise or defend our legal rights or for the purpose of legal proceedings.

    • To activate website cookies and tracking technologies.

    6. Lawful Grounds for processing Personal Data /Sensitive Personal Data

    We are entitled to Process your Personal Data or Sensitive Personal Data for the above-mentioned purposes on the basis of the following lawful grounds:

    • Performance of Contract: We may process your Personal Data or Sensitive Personal Data, where necessary to enter into a contract with you or to perform our obligations under a contract with you. E.g., processing of personal data for employment purposes (such as processing your salary, administering benefits) or providing services to our customers which are necessary to execute the contract. If you do not provide Personal Data for processing under this legal basis, we may not be able to perform as per the respective contract.
    • Consent: Where permitted under applicable local laws, we may process your Personal Data or Sensitive Personal Data based on your prior consent. In such cases, you have the right to withdraw your consent at any time by contacting the details below provided in this Privacy Policy. In certain limited circumstances, even after withdrawal of Data Subject consent, we may be entitled to continue processing your Personal Data where we have a lawful reason to do so and as communicated to you.
    • Legitimate Interests: We may process your Personal Data where it is necessary for our Legitimate Business Interests as a company, which are outlined above and always if those interests do not override your rights and freedoms, where applicable.
    • Legal Obligations: We may process your Personal Data where it is necessary in order to comply with applicable legal and/or regulatory obligations, establish, exercise or defend our legal rights or for the purpose of legal proceedings and to prevent and respond to actual or potential fraud or illegal activities.
    • Vital interest: We may process your Personal Data to protect your vital interests or of another natural person.
    • Other "Public Interest" Grounds: We may process your Personal Data (or where relevant, your Sensitive Personal Data) on other public interest grounds where it is subject to regulatory requirements where Processing is necessary by us for the performance of a task mandated by governmental authorities, regulatory authorities or any other law enforcing authorities in the public interest.

    Processing Sensitive Personal Data: We may, where legally permissible, process your Sensitive Personal Data on the following lawful bases:

    • Explicit consent;
    • Legal Obligations;
    • Protect your vital interests or of another natural person where the person is physically or legally incapable of giving consent;
    • Legitimate Interests, where permitted by applicable legislation.
    • Personal data manifestly made public by the data subject;
    • Establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity;
    • Public interest or health;
    • Preventive or occupational medicine; and/or
    • Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

    7. Change of Purpose

    We will only use your personal data for the purposes for which we collect it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so without undue delay. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

    8. Personal Data of Individuals below 16 years

    If we are required to process Personal Data or Sensitive Personal Data of individuals below the age of 16 years, then we shall do so by taking explicit written consent from their parents/legal guardians or in accordance with applicable legislation. 

    Note: If you are below the age of 16 years, then we do not want you to provide any of your Personal Data on our website.

    9. Consequences of not providing Personal Data/ Sensitive Personal Data

    If you choose not to provide your Personal Data/ Sensitive Personal Data that is mandatory to process your request, we may not be able to provide the corresponding service.

    10. Retention and Disposal of Personal Data/ Sensitive Personal Data

    How long we continue to hold your Personal Data will vary depending principally on the Purposes identified in this Policy for using the Personal Data and Sensitive Personal Data and our Legal obligations under different laws and regulations.

    Disposal of Personal Data or Sensitive Personal Data shall be handled with utmost care and shall be governed in accordance with reasonable data security practices as detailed by Cyient’s internal policies governing data disposal.

    Personal Data or Sensitive Personal Data shall only be processed for the period necessary for the purposes for which it was originally collected as per the Cyient’s Data Retention Policy. These retention periods are subject to change only where deemed necessary in accordance with applicable law.

    For more details, please refer Cyient’s Data Retention Policy.

    11. Cross Border Transfer

    We may transfer your Personal Data or Sensitive Personal Data to various countries where we operate.

    We may transfer Personal Data or Sensitive Personal Data between our regional offices and data centres for the purposes described in this Policy. We may also transfer Personal Data or Sensitive Personal Data to our Third-Party suppliers, customers or business partners in different geographic locations.

    Where we transfer your Personal Data or Sensitive Personal Data outside your country, we will ensure that it is protected and transferred in a manner consistent with applicable Data Privacy Laws. This can be done in several different ways, for instance:

    • the country or the third-party certified under the EU-US Data Protection Framework to which we send the Personal Data or Sensitive Personal Data t are approved by the European Commission as offering an “adequate” level of Data protection;
    • Where applicable, we have implemented additional (technical, contractual (inter-company transfer agreements and Standard Contractual Clauses) and/or organisational) measures to secure the transfer of your personal data;
    • The recipient organisation has signed a contract based on “standard contractual clauses” approved by the European Commission, obliging them to protect your Personal Data or Sensitive Personal Data; and
    • In other circumstances, Data Privacy Laws may permit us to use other transfer mechanism to transfer your Personal Data or Sensitive Personal Data outside of Europe. In all cases, however, any transfer of your Personal Data or Sensitive Personal Data will be compliant with applicable Data Privacy Laws.

    You can obtain more details of the protection given to your Personal Data or Sensitive Personal Data when it is transferred outside your country (including a sample copy of the safeguards) by contacting us using the details set out in section 16 - ‘Complaints and Comments’.

    12. Disclosure of Personal Data or Sensitive Personal Data

    In compliance with applicable law, access to your personal data is restricted to only necessary persons/entities on a strictly need-to-know basis. Within the ambit of the applicable law, Cyient ensures that all persons/entities with whom your personal data are disclosed are compliant with the applicable data protection laws.

    We may disclose some of your Personal Data/ Sensitive Personal Data with the following recipients:

    • Any Cyient entity;
    • Internal departments, including with your reporting manager, managers in the business areas, IT team, Admin Team or any other team;
    • Third parties with whom we have a contractual relationship, including clients, payroll vendor, law firm, etc.; and
    • In the event that we sell or buy any business, assets or shares in part or whole we may disclose your personal details to such relevant third parties involved, subject to the provisions of applicable laws.

    With respect to disclosing Personal Data or Sensitive Personal Data to Third Parties, written contracts with Third Parties will include restrictions prohibiting the Third Party from retaining, using or disclosing Personal Data or Sensitive Personal Data for any purpose except performing the services specified in the contract or as otherwise permitted by applicable Data Privacy Laws. Cyient will seek to use Data Processors or Sub processors that are capable of providing sufficient security measures in accordance with applicable Data Privacy Laws and shall put in place contractual mechanisms to ensure that the relevant Data Processor or Sub processor takes reasonable steps to ensure compliance with those measures.

    Cyient does not sell your Personal Information to Third Parties or share your Personal Information obtained from your online activity on our website with Third Parties for targeted behavioural advertising, unless we have your consent. 

    13. Security of Personal Data and Sensitive Personal Data

    In order to comply with our data security obligations under applicable Data Privacy Laws, we have adopted the following physical, technical and organizational security measures to ensure the security of your Personal Data and Sensitive Personal Data:

    • We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes/ services/ technologies and/or platforms that involve processing of Personal Data;
    • Considerations have been made for technical and organizational measures to enhance privacy (e.g., pseudonymization, anonymization, data minimization, data aggregation etc.). In addition, we shall take appropriate technical and organizational measures to ensure that Personal Data collected or processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

    • With respect to the Personal Information of California residents and in addition to the above, we will use measures to enhance the privacy of your Personal Information by using measures to “aggregate consumer information” or to “deidentify” such Personal Information as those terms are defined by the California Consumer Privacy Act of 2018 (CCPA), its further amendments and related legal acts (such as the California Privacy Rights Act of 2020);
    • We shall ensure to implement reasonable processes to monitor the quality of the Personal Data and Sensitive Personal Data we store/ process;
    • Each business unit & support function within our organisation has taken steps to assure that processed Personal Data and Sensitive Personal Data is complete and accurate;
    • We have implemented a process to ensure that our employees can review, update and confirm on the accuracy and completeness of their Personal Data and Sensitive Personal Data processed by us;
    • Third parties will only process your personal data on our instructions, and they have agreed to treat the personal data confidential and to keep it secure. We do enter into specific agreements with such third parties to ensure compliance; and
    • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

    14. Data Subject Rights

    In accordance with the applicable law on data protection, data subjects have the following rights:

    • The right to access the personal data we process concerning you;
    • The right to rectification of any personal data that is inaccurate or incomplete;
    • The right to erasure of your personal data (also known as ‘the right to be forgotten’);
    • The right to restrict the processing of your personal data;
    • The right to data portability;
    • The right to object to the processing of your personal data;
    • Rights in relation to automated decision making and profiling;
    • The right to lodge a complaint with an applicable data protection supervisory authority;
    • The right to withdraw your consent for processing your personal data;
    • The right to request disclosure of the categories and specific pieces of Personal Information that the business collects, sells or discloses can be exercised by California residents;
    • The right to request information that we share with Third Parties for their own direct marketing purposes (if applicable) can be exercised by California residents; and
    • The right to non-discrimination for California residents to exercise their rights.

    Please note that there may be circumstances in which we are legally entitled to refuse some of these requests. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

    Data Subject Rights:

    Data Subject Rights

    Europe including UK

    US

    Australia

    Singapore

    India

    Right to Information / Access

    Yes

    Yes

    Yes

    Yes

    Yes

    Right to withdraw consent (opt out)

    Yes

    Yes

    Yes

    Yes

    Yes

    Right to Object processing

    Yes

    Yes

    Yes

    Yes

    Yes

    Right to Restrict processing

    Yes

    -

    -

    -

    Yes

    Right to Erasure (to be Forgotten)

    Yes

    Yes

    Yes

    -

    Yes

    Right to Rectification

    Yes

    Yes

    Yes

    Yes

    Yes

    Right of Data Portability

    Yes

    Yes

    -

    Yes

    Yes

    Right not subject to automated decision making/profiling

    Yes

    Yes

    -

    -

    -

    Right to Complain to the Supervisory authority

    Yes

    Yes

    Yes

    Yes

    Yes

    Right not to be subject to discrimination for the exercise of rights

    -

    California Residents

    -

    -

    -

    Opt out of sale of data

    -

    California Residents

    -

    -

    -

    To exercise the rights outlined above in respect of your Personal Data/ Sensitive Personal Data, to receive more details or if you belong to any other jurisdiction that is not listed above, you may raise a request by contacting us on the details mentioned under ‘Complaints and Comments’.

    15. HIPAA Privacy and Security Requirements

    Cyient may act as a ‘Business Associate’ under the Health Insurance Portability and Accountability Act (“HIPAA”). For details regarding Cyient’s obligations as a ‘Business Associate’ under the HIPAA, please refer the sections below:

    15.1 Privacy Officer

    Cyient’s Privacy Officer shall be the single point of contact for all queries on HIPAA-related matters for Cyient. Please find the contact details in section 16:

    The Privacy Officer is also responsible for:

    • development and implementation of the policies and procedures pertaining to the protection of PHI and Cyient’s obligations thereof;
    • compliance with the Privacy Rule;
    • establishing a breach notification process and coordinating with the Covered Entity on any breaches;
    • developing a training program; and
    • monitoring changes in the law and procedures that affect PHI.

    15.2 Business Associate Agreements

    Cyient does not receive, access, use or otherwise process PHI without a Business Associate Agreement (BAA). The BAA ensures that the PHI received from a Covered Entity or Business Associate (hereinafter the Cyient “customer”) is properly safeguarded in accordance with the applicable provisions of the HIPAA Privacy Rule, Security Rule, and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).

    The Privacy Officer shall maintain a log of all BAAs and manage any compliance requirements specified in such BAAs.

    Upon termination of a BAA, Cyient will return or destroy all PHI that it received and maintains from the customer, and no copies of such information will be retained. If return or destruction is not feasible, Cyient shall continue to protect such PHI in accordance with the terms of the BAA and applicable law, until such time as the PHI remains in its possession and custody.

    15.3 Use and Disclosure of Protected Health Information

    Cyient shall use and disclose PHI solely in accordance with the permitted uses laid out in the Business Associate Agreement between Cyient and its customer, and in compliance with the purposes and standards prescribed under HIPAA.

    In the event that a mandatory disclosure request as prescribed in HIPAA is made directly to Cyient, whether by an Individual, in compliance with a legal directive, or to HHS (Department of Health & Human Services) for the purposes of enforcing HIPAA, Cyient shall, to the extent permitted by law, notify the customer from whom such PHI was received, and shall make the requested disclosure in line with the guidance issued by such customer.

    Cyient shall not, in the absence of an authorization from the relevant Individuals, process PHI for any purpose other than the permitted purposes prescribed under applicable law and the BAA; provided however, that the responsibility for obtaining such authorization shall rest solely and exclusively on the Cyient customer on whose behalf such processing shall occur and Cyient shall not, to the extent permitted by law, be liable for any delay or failure by the customer to obtain the requisite authorizations.

    15.4 Training

    Cyient personnel that use, disclose, request, or have access to PHI in order to carry out their work-related functions are required to undergo the prescribed training to permit them to carry out functions in compliance with HIPAA. Training for employees with access to PHI will be provided within a reasonable period of time after their date of assignment to the relevant project. Where applicable, such personnel will be required to take a refresher training annually and at additional times as determined by the Privacy Officer.

    • Cyient will not make unsolicited marketing calls to a person who has said that they don’t want those calls. In other words, there is a right to opt out, and you cannot call someone who has objected to or opted out of marketing calls;
    • Cyient will not make it difficult to opt out, for example by asking customers to complete a form or confirm in writing. As soon as a customer has clearly said that they don’t want the calls, they must stop; and
    • If a customer objects or opts out at any time, their details will be suppressed as soon as possible. Cyient will ensure not to simply delete their details entirely, otherwise there is no way of ensuring that such calls to them are not made again.

    16. Complaints and Comments

    If you have any questions, comments or complaints related to the processing of your Personal Data or Sensitive Personal Data, or want to request a copy of the privacy policy or the definitions of terms used in the privacy policy, please contact our Global Compliance Team at: global.compliance@cyient.com

    A. Individuals/data subjects from European Union (EU) and/or European Economic Area (EEA) may contact our:

    • Data Protection Officer using the contact details mentioned below:

      FIRST PRIVACY GmbH (EU/EEA) 

      Postal Address: Konsul-Smidt-Straße 88, 28217 Bremen

      Phone: +49 421 69 66 32-80

      Email: office@first-privacy.com

    • Or Contact us via the GDPR contact form.

    B. Individuals/data subjects from India may contact our Grievance Officer using the contact details mentioned below:

    • Mr. Sudheendhra Putty (India)

      Email: Sudheendhra.Putty@cyient.com

    • Postal Address: Plot no. 11, Software Units Layout, Infocity, Madhapur, Hyderabad – 500081, Telangana, India.

    C. Individuals/data subjects from USA and Canada may contact our Privacy Officer using the contact details mentioned below:

    D. Individuals/data subjects from other regions may contact us via this contact form on our website.

    If you consider that your data is not being processed in compliance with the law, you can also contact the relevant data protection supervisory authority using the following links:

    o European Union

    o The United Kingdom

    o Australia

    o Canada

    17. Changes to this Policy

    We reserve the right to update or change this policy at any time to reflect changes in law or our current privacy practices. When we make changes to this policy, we will revise the “updated” date at the top of this page.

    Talk to Us

    Find out more about how you can maximize impact through our services and solutions.*

    *Suppliers, job seekers, or alumni, please use the appropriate form.