As a globally integrated company, EGYXES’s business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the EGYXES organization, but also the world-wide processing, sharing and use of multiple types of information including information about an individual whose identity is apparent (either directly and indirectly), or can reasonably be ascertained from the information available or likely to be available (Personal Information).
This Policy letter sets forth the general principles which underlie EGYXES’s specific practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing Personal Information.
This Policy applies to all EGYXES personnel, operating units, and wholly owned subsidiaries worldwide and (as transferred and agreed) with suppliers/business partners who must act consistently with the principles contained in the policy. Country and industry-specific laws and regulations shall take precedence over this policy, to the extent applicable. The application of these principles is more particularly described in the applicable EGYXES Corporate Instructions (and any accompanying implementation Guidelines) relating to processing Personal Information. Please read this policy along with the company guidelines for use and processing of Personal Information to understand how EGYXES plans to achieve the set principles.
EGYXES remains committed to protecting the privacy and confidentiality of Personal Information of its Employees (including prospects and contractors), Clients, Client Customers, Business Partners and other identifiable individuals that it may receive, use, access, process, transfer or store as part of its business. Uniform practices for collecting, using, disclosing, storing, and retaining; disposing, accessing, transferring or otherwise processing such information assists EGYXES to process Personal Information fairly and appropriately.
EGYXES may collect personal information from various persons as part of the services it may render to them, or in the course of its business. Based on the information being collected and nature of services or requirement, EGYXES will apply suitable mechanisms to ensure that EGYXES has a lawful basis for receiving, accessing, using, processing, transferring, storing and/or disposing such personal information.
4. General Privacy Principles
These general principles apply to the processing of Personal Information world-wide by EGYXES.
EGYXES understands its accountability and responsibility for any Personal Information that it may receive, use, process, and store as part of its business. Accordingly, it will:
I. have appropriate corporate instructions, guidelines and other measures to be able to demonstrate that Personal Information is used/ stored / processed / retained / disposed / transferred in compliance with applicable law and other applicable guidelines;
II. Designate an individual or individuals who are accountable for the organization’s compliance with the Privacy principles; and
III. Ensure the availability of required policies, procedures and contacts for management of personal information; these being reviewed at a minimum annually or as and when there is a change warranted.
B. Fairness and Purpose:
EGYXES will collect adequate, relevant and necessary Personal Information, and will process such information fairly and lawfully for the purpose it is collected. The purpose of collection will be specified not later than at the time of data collection, or on each occasion of change of purpose.
EGYXES will keep Personal Information as accurate, complete and up-to- date as is necessary for the purpose for which it is processed; and provides appropriate channels for the same.
D. Disclosure and Data Sharing:
EGYXES will make Personal Information available inside or outside EGYXES under appropriate circumstances for business purpose only or as authorized by law. This may require EGYXES to transfer personal information to countries other than EGYXES operation’s country of business (including transfer to other entities or third parties). EGYXES will implement privacy principles for the use / processing/ transfer / storing/ disposal of personal information as may be prescribed under applicable laws.
E. Cross-Border Data Flows:
When conducting business, working on Company projects, or implementing new processes or systems, an operation may require the transfer of personal information to other entities or third parties that are located of the EGYXES operation’s country of business. While permissible data transfer mechanisms are defined by applicable law or regulation, examples include:
i. a data transfer agreement with the party who will access or obtain the personal information; or
ii. Notice to and/or approval from a country’s local data protection authority; or
iii. Notice to and/or consent from the individual whose data is to be transferred.
EGYXES will implement reasonable technical and organizational measures to safeguard Personal Information and instruct third parties processing Personal Information on behalf of EGYXES to process and manage it in a manner which is consistent with EGYXES standards (for EGYXES owned information) or EGYXES Client standards (for Client information), as may be applicable.
Upon request, EGYXES will, within a reasonable time, manner, and in a readily intelligible form provide individuals appropriate access to Personal Information retained by EGYXES. EGYXES has the right to deny the request; however, the reasons of denial will be provided. EGYXES will erase, rectify, complete, or amend the data pursuant to a justified request.
H. Retention and Disposal:
EGYXES will retain Personal information in a form that permits identification for no longer than as necessary for the fulfillment of the stated purpose, and should be disposed thereafter.
EGYXES will be transparent, and make readily available to individuals, specific information related to management of Personal Information.
EGYXES will follow appropriate policies and practices agreed with its clients for the safe handling of Personal Information that it processes on behalf of its clients.
5. Enforcement and Redressal
EGYXES will provide appropriate robust mechanisms for assuring compliance with the Principles, and address grievance and / or provide recourse for individuals who are affected by non-compliance with the Principles.
More Information on GDPR:
- GDPR >
What is GDPR?The GDPR is a new comprehensive data protection law effective from May 25, 2018 that strengthens the protection of personal data in light of modernization, rapid technological developments and more complex cross border data flows. It provides more power to the individuals whose personal information is being processed. It updates and replaces the data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What does GDPR regulate?Besides strengthening and standardizing user data privacy across the EU nations, GDPR will require new or additional obligations and liabilities on data controllers and data processors. GDPR focuses on lawful processing of data, providing transparency to the data subjects regarding processing activities performed on their data, keeping data accurate, restrictions on marketing activities, processing involving automated profiling of personal data and disclosing personal data to another party only after ensuring proper technical and organizational measures.
What counts as personal data under the GDPR?The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data organizations now collect about People, online identifiers such as IP addresses, cookies, and sensitive data such as a person’s caste, health records, and criminal records now qualify as personal data. Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
What are GDPR Readiness entail?Data: Govern and ensure the quality of data, assess what data is in use, its purpose. This is crucial for offering transparency and trust which is demanded from GDPR.
Governance: Translate GDPR into actions, norms and values. Consider effective measures which need to be taken Security: Protection of the fundamental privacy rights (e.g. protecting the security and confidentiality of Personal Data. For e.g. providing proper use, notice, consent, choice, access, rectification and erasure People, Processes and Communications: Train Employees on GDPR requirements. Employees need to understand the risks and impact of improper data use. Identify the impact of GDPR on processes and what changes may be required.