Privacy Policy

GENERAL PRIVACY POLICY

Last Updated: 10 July 2024

Overview

GlobalLogic, a Hitachi Group Company, including GlobalLogic Inc., its parents, subsidiaries, and affiliated entities (“GlobalLogic,” “we,” “us,” “our”) respect your privacy and we are committed to protecting it through our compliance with this Privacy Policy and all applicable laws and regulations. We have created this Privacy Policy to inform you of our policies regarding the collection, use, and disclosure of personal information (also referred to here as “personal data”) as well as the rights and choices you may have associated with that information. For any requests or inquiries in relation to this Privacy Policy, please see the Contact Us section below.

If you are interested in applying to a job position in GlobalLogic, in addition to reading this privacy policy regulating processing of your personal data as a website visitor, please also read the Global Recruitment Privacy Notice and a recruitment privacy notice applicable to your region here.

If you prefer to read privacy related documents in another language, in the top right corner of our website you will find the list of our local sites.

Applicability and Scope

This Privacy Policy applies with respect to access to and use of GlobalLogic’s internet properties including, without limitation, newdesign.globallogic.com, microsites, mobile websites, mobile applications, and any other digital services or properties operated or used by GlobalLogic from time to time that link to this Privacy Policy (collectively referred to as the “Site(s)”). It is an integral part of the agreement between you and us concerning the use of the Site(s).

GlobalLogic’s internet properties are owned and operated by GlobalLogic Inc. The websites that are owned and operated by GlobalLogic may contain links to digital properties that are owned and operated by other companies. This Privacy Policy does not apply to websites and services that are owned and operated by unaffiliated third parties. 

If you do not agree with our Terms of Service or this Privacy Policy, please discontinue use of our Sites immediately. 

This Privacy Policy applies also to our processing of personal data of our business contacts, (potential) customers and (potential) suppliers, including people providing services to us through third parties such as outsourcing or recruitment entities.

This policy explains who we are, why and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to. It explains the rules applicable to processing of personal data by the companies of GlobalLogic group in business, commercial and marketing relations.

Variances to this policy may apply to regulate the processing of personal data in accordance with specific local laws, where they exist. At the end of the Policy, you may find additional country or region specific information for countries where GlobalLogic operates.

Glossary – Basic Concepts

Personal data / personal information – all information related to you that we process. For example: first name, last name, e-mail address, telephone number, information about your professional experience, etc.

Processing – all activities performed in regard to your personal data. For example: collecting, retaining, updating, sending messages to you, deleting data.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

UK GDPR – GDPR incorporated into law in the UK as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019.

CCPA – California Consumer Privacy Act of 2018, including as amended by the California Privacy Rights Act of 2020.

Who are we

We are GlobalLogic. For our contact details please see the Contact Us section below. 

As a rule, each of the companies from the GlobalLogic group independently decides about the purposes and methods of personal data processing, which means that each of them is a separate data controller – depending on which company you contact, conclude a contract with, run business relations with etc., this company, usually, will be the data controller of your personal data. 

It may also happen that a particular company performs activities for another company from the GlobalLogic group, e.g. related to marketing – in this case, the company that performs such activities does not become the data controller of your personal data, but processes it on the basis of a data processing agreement concluded with the data controller.

Except as otherwise described in this Privacy Policy, in most cases the entity responsible for processing personal data outside of the European Economic Area, Switzerland and the UK is GlobalLogic Inc. For questions, please see the Contact Us section below.

Whose Personal Data Do We Process

We may process personal data relating to you if:

• You are our prospective or actual customer, supplier or person providing us with services through a third party.
• You are someone (or you work for someone) to whom we want to advertise or market our services.
• You work for a customer or a supplier of ours, or for someone who uses our services or products developed by us (you are acting on behalf of one of the persons/entities mentioned above, e.g. as its employee or associate).
• You are interested in our activities (e.g. as the media).
• You are our employee, contractor or have expressed an interest in working for us.

Information We Do Not Collect – Children

We do not knowingly solicit data online from or market to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information without parental consent, we take steps to delete such information.

Information We Collect

We may process personal data relating to you that we have either obtained from you, or from somewhere else. Therefore, your personal data can be processed:

• when you have provided us with your personal data through various communication channels (e.g. by sending an inquiry/ offer via e-mail, telephone or form on our website);
• when signing or performing a contract, including when your personal data have been disclosed to us as a contact for the purpose of execution of a contract;
• when we have obtained your personal data from other sources (e.g. from a company that is our contractor/ client, including from another company of the GlobalLogic group, during events, or from publicly available sources/ websites).

Information You Voluntarily Provide to Us 

The scope of personal data we process depends on the information that is vital for a given relationship – it primarily encompasses content of documents, our communication, along with other information we have obtained from publicly available sources (e.g. LinkedIn). Personal data relating to you that we process may include:

• Your name, 
• Information regarding professional activity, including who you work for, and your job function or department, qualifications and information regarding services you are providing to us.
• Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the person that you work for).
• Information about you that you give us by communicating with us by phone, by e-mail, via our website, via social media or otherwise. It includes information you give us or that we obtain when you use our website, attend or subscribe to our events, supply us with goods or services, enquire about our services, place an order, enter a competition, promotion or survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for.
• Information relating to transactions with us involving you or the person that you work for (for example, details of products developed by us or services that we have supplied to, or obtained from you or the person you work for).
• Information about events to which you or those related to you are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).

Your submission of personal data is generally voluntary, but sometimes it may be necessary e.g. to conclude or execute a contract, to respond to your query or to communicate with you. 

Information We Collect Automatically

Information that we automatically obtain from you when you use our website, including:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us or social media handle used to connect with us.

Information We Collect from Other Sources

• Other information relating to you which is necessary for us to process in order to enter into or perform a contract with you or the person that you work for (for example, right to work information, information obtained from credit references agencies and/or vendor screening suppliers, where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone you work for or are otherwise related to). 
• Where legally allowed, some information we collect is from unaffiliated sources, including in some cases information that is publicly available, provided by or purchased from marketing business intelligence partners, or present on social media platforms. For instance, in the U.S. we may use ZoomInfo to obtain information about prospective customers, which can then be used within an advertising platform such as Google Ads to market our services to those individuals or to audiences that share similar attributes. Users who do not wish to be remarketed to or included in the creation of such “lookalike” audiences on Google’s Display Network may opt-out through their Google Ads Settings here. More information about ZoomInfo’s privacy practices and opting out of that service’s professional profiles may be found here: https://www.zoominfo.com/update/remove.

Cookies and Similar Technologies

We may use a variety of technologies to collect information about your device and use of our Sites. These technologies include first- and third-party cookies and web beacons. Most web browsers can be programmed to accept or reject the use of some or all of these technologies, although you must take additional steps to disable or control other technologies. 

If you want to learn the correct way to modify your browser settings, please use the Help menu in your browser or review the instructions provided by the following browsers: Internet Explorer, Google Chrome, Mozilla Firefox, Safari Desktop, Safari Mobile; and Android browser. 

For more information on how to opt-out of tracking technology from Google Analytics, click here.

Cookies – Our use of cookies to process personal data is explained in our Cookie Policy, which you should please read.

Interest-Based Advertising – Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/ or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

Residents of the EEA (including European Union), Switzerland and the UK may opt-out of online behavioral advertising served by the European Interactive Digital Advertising Alliance’s participating member organizations by visiting https://www.youronlinechoices.eu/.

To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering here: https://youradchoices.com/appchoices.

Do Not Track – Some newer web browsers have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit with information indicating that you do not want your activity to be tracked. We currently do not respond to browser “Do Not Track” signals, as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Privacy Policy.

Your image

From time to time GlobalLogic may organize or take part in a promotional event, e.g. a conference, fairs, lecture (“Event”), which you may attend as a guest, speaker, host, etc. (“Participant”). Events are usually recorded on videos or photographs (sometimes with a help of third party acting on our behalf), therefore your image, including voice and utterances (“Image”) may be recorded and used, with neither geographical nor temporal restriction, nor with restriction as to the medium and number of copies, for the purpose of sharing information about the Event and for promotional purposes of GlobalLogic.

To the extent permissible by law, participation in the Event is equivalent to each Participant granting free of charge consent to the use and multiple dissemination of their Image recorded during the Event. Such consent may be withdrawn at any time. Where, for the above activities of GlobalLogic, the applicable law requires explicit consent of the person whose Image has been recorded, GlobalLogic will collect such proper consent from you.

Please note, that if you decide to participate in an Event, your personal data, including an Image, might get published for indefinite period of time on the Internet, in a manner that may allow an unrestricted number of people to view it.

How We Use Your Personal Data; The purpose of processing

We process your personal data for the following purposes:

• To enter into, and to perform, contracts with you or the person that you work for.
• To: provide services to customers, obtain goods and services from suppliers and manage and administer our relationships with customers and suppliers, where you or the person that you work for may be the relevant customer or supplier of goods or services for these purposes.
• To respond to your query and for the purpose of further contact in this matter.
• To advertise, market and provide information about us or our services.
• To defend against or to make claims.
• To administer our website under our terms and for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.
• To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
• To keep our website and other systems safe and secure.
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising (adapted to your preferences).
• To make suggestions and recommendations about services that may interest you or the person that you work for and subject to your stated preferences, where relevant.
• To comply with applicable laws and regulatory obligations including to maintain appropriate records, and respond to lawful public authorities’ requests.
• We may process certain personal information in order to fulfill any other business or commercial purposes at your direction or with your consent.

How We Share Your Personal Data

We may share your personal data, where legally allowed, for the following purposes:

(a) When We Work Together – We may share information between and among GlobalLogic Inc., its parents, subsidiaries, and affiliated companies for purposes of management and analysis, decision making, and other business purposes. For example, we may share your information with our parents, subsidiaries and affiliated companies to process orders and requests, and to expand and promote our product and service offerings.

(b) When We Work with Service Providers – We may share your information with service providers that provide us with support services, such as website hosting, email and postal delivery, product and service delivery, analytics services, or conducting academic research. We contractually prohibit these service providers from retaining, using, or disclosing your personal information for any purpose other than performing agreed upon services for us.

(c) When We Work on Business Transactions – If we become involved with a merger, corporate transaction or another situation involving the transfer of some or all of our business assets, we may share your information with business entities or people involved in the negotiation or transfer.

(d) When Sharing Helps Us Protect Safety and Lawful Interests – We may disclose your information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms or supply terms and other agreements with you; or to protect the rights, property, or safety of GlobalLogic, our customers, employees or others. This includes exchanging information with other companies and organizations (including law enforcement bodies) for the purposes of fraud protection and other risk reduction.

(e) When We Work with Marketing Service Providers – We may share your information with marketing service providers to assess, develop and provide you with promotions and special offers that may interest you, administer contests, sweepstakes and events or for other promotional purposes.

(f) When You Give Consent – We may share information about you with other companies if you give us permission or direct us to share the information.

(g) When the Information Does Not Identify You – We may share your information in a way that does not identify you, in particular by combining it with similar information about other people and sharing the aggregated information for statistical analysis and other business purposes. For example, we may share information about your use of our Sites.

Who We Share Your Personal Data With

Access to your data is restricted to those who need it for the purposes outlined above, and generally they will only have access to that part of the data relating to you that is relevant to the particular purpose concerned. 

We may share your data with duly authorized GlobalLogic employees or professionals who assist us in running our business and who are subject to security and confidentiality obligations. Whenever personal data is disclosed to a third party in this way, it will only be to the extent necessary to perform their duties, to perform our contract with you or for the purposes of our legitimate interests.

We may share your personal data with:

• any member of our GlobalLogic group, which includes our parents, affiliates, subsidiaries, and their subsidiaries;
• appropriate third parties, including:

1. our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
2. our auditors, legal advisors and other professional advisors or service providers (e.g. entities that help us communicate with our contractors and clients, e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns, help us run a website, provide support and operation of our tools and ICT systems, banks, as well as companies that carry out our shipments);

• (in particular in relation to information obtained via our website) our advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; we do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience and subject to the cookie section of this policy;
• analytics and search engine providers that assist us in the improvement and optimization of our Sites and subject to the cookie section of this policy.

Legal Grounds for Our Processing of Your Personal Data

The basis on which we process your personal data is as follows (where legally applicable).

Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it (for example, some direct marketing activities), we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent to processing).

Otherwise, we will process your personal data only where the processing is necessary:

• for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
• for compliance with a legal obligation to which we are a subject; or
• for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most situations when we process your personal data in regard to a relationship that we have with the person that you work for will fall into this category).

Other applicable legal basis can be mentioned in the country-specific sections below.

Data Retention

We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived, unless it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject, or for another legitimate and lawful purpose. 

The above periods may be extended, if necessary, in the event of any claims and court proceedings – for the duration of these proceedings and their settlement. 

Sometimes your data may be available in the mediums such as the Internet for indefinite period.

International Transfers of Personal Data

GlobalLogic operates internationally and, therefore, personal data may be processed in countries which may not have data protection regulations as stringent as those in your country including in United States, India and Ukraine. We will transfer such information to third countries in accordance with the applicable privacy laws, in particular GDPR, particularly to each country in which GlobalLogic conducts business, or has a service provider, for the purposes set out in this document. 

GlobalLogic applies all required safeguards, including standard data protection clauses adopted by the relevant authorities. We may also transfer your data to a country that ensures an adequate level of protection according to the European Commission’s decision.

Security 

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. All personal data processed by us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee or warrant the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

You should be aware that other Internet sites that are linked from the Site(s) or from a GlobalLogic email message may contain privacy provisions that differ from the provisions of this Privacy Policy. To ensure your privacy is protected, we recommend that you review the privacy statements of these other linked sites, applications or other digital properties.

Your Privacy Rights and Choices

To exercise your rights please contact us at privacy@globallogic.com or by other means as convenient for you. 

GlobalLogic respects all applicable privacy laws and your rights under the applicable legislation – in particular you can request that we delete your data, or withdraw your consent for personal data processing. You can also opt-out of receiving marketing communication by using the “unsubscribe” link included in the emails we send you, or by contacting us as described below.

For more details on your rights please see below additional information for the residents of the particular countries and regions. 

Please note that we are legally obliged to confirm your identity before we can process your request, so you may be asked to provide some further information.

Privacy Policy Updates

We reserve the right to amend the Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be indicated by the “Last updated” date at the beginning of this page. We encourage you to look for updates and changes to this Privacy Policy by checking this date when you access our Sites. 

Contact Us

You can contact us at privacy@globallogic.com, or at our postal address:

GlobalLogic’s headquarters
2535 Augustine Dr 5th Floor 

Santa Clara California 95054, United States of America

Attention: Chief Legal Officer

List of companies of the GlobalLogic group, including their contact details and information regarding data protection officer (if applicable) can be found here. 

ADDITIONAL INFORMATION FOR RESIDENTS OF ARGENTINA 

This section applies only to Argentine residents. GlobalLogic processes personal data in compliance with Argentine Personal Data Protection Law No. 25,326 (“PDPL”), Regulatory Decree No. 1558/2001 and the provisions and resolutions issued by the Argentine Agency of Access to Public Information (“AAAPI”).

Legal Basis for Our Processing of Your Personal Data

In addition of the legal bases introduced in the main body of this Policy we may also process your data for compliance with a scientific or professional relationship with you, provided that these are necessary for its development or fulfillment.

Your rights related to processing of your personal data 

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

You can also receive access to all of your personal data that we are processing (data copy).

2. Data rectification and update – if information about you is or has become inaccurate, incomplete or outdated, you have the right to demand that data is rectified, made complete, or updated. 
3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
4. Data removal – in certain situations, the PDPL gives you the right to remove your data. You can invoke this right if we are still processing your personal data, particularly in, for instance, the following cases:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
5. Objection – you have the right to object to some operations we perform on your personal data for direct marketing purposes. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 
6. Complaints to the relevant public authority – the AAAPI, in its capacity as controlling authority of the PDPL, is entitled to deal with complaints placed in connection to the infringements of personal data protection rules. Of course we encourage you to first contact us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF AUSTRALIA

This section applies only to Australian residents. GlobalLogic processes personal data in compliance with Australian Privacy Act – Privacy Act 1988 (Cth).

Direct marketing

We may use your personal information to identify a product or service that you may be interested in or to contact you about. We may, with your consent, use the personal information we have collected about you to contact you from time to time by email to tell you about new products or services and special offers that we believe may be of interest to you.

Access to and correction of your information

We will endeavour to ensure that the personal information collected from you is up to date, accurate and complete. 

You may request access to, or correction of, the personal information we hold about you at any time by contacting us at privacy@globallogic.com.  We will need to verify your identity before responding to your request. Subject to any applicable exceptions or requirements, we will provide you with access to the personal information you request within a reasonable time (and usually within 28 days). If we decide to refuse your request, we will tell you why in writing and how to complain.

Complaints

You can make a complaint in writing to privacy@globallogic.com or via another method identified in the “Contact Us” section above.  We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (“OAIC”) via the OAIC website, www.oaic.gov.au. 

ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“California Privacy Laws”) requires us to disclose the following additional information related to our privacy practices. If you are a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, this section applies to you in addition to the rest of this Privacy Policy. 

Categories of Personal Information Collected, Used, and Disclosed

In the preceding 12 months, depending how you interact with our Sites, we may have collected the following categories of Personal Information (as defined under Cal. Civ. Code §1798.140(v)(1)):

• Identifiers, such as your name, address, unique personal identifier, email, phone number, or similar identifiers.
• Commercial information, such as information relating to transactions with us involving you or the person that you work for (for example, details of products developed by us or services that we have supplied to, or obtained from, you or the person you work for), and information about events to which you or those related to you are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events.
• Internet or other electronic network activity information, such as technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and information about your visit, including your browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, and system configuration information.
• Geolocation data, such as geolocation, to the extent you have configured your device to permit us to collect such information.
• Inferences drawn from any of the information listed above, such as your preferences, characteristics, behavior and attitudes.

For more information about the Personal Information we collect and how we collect it, please refer to “Information We Collect” section above.

We collect your Personal Information for the business purposes described in the “How We Use Your Personal Data” above. 

The categories of third-parties with whom we may share your Personal Information are listed in the “Who We Share Your Personal Data With” section above.

California Privacy Rights 

If you are a California resident, you have rights in relation to your Personal Information as identified below; however, your rights are subject to certain exceptions and are not absolute. We may deny your request: (a) when denial of the request is required or authorized by law; (b) when granting the request would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.

• Right to Know. You may have the right to obtain a copy, or a list of categories of the Personal Information that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your Personal Information. 
• Right to Correct. You may request us to rectify, correct or update any of your Personal Information held by us that is inaccurate. 
• Right to Delete. Under certain circumstances, you may have the right to request that we delete the Personal Information that we hold about you. This right is not absolute, and we may refuse your right to delete if it is reasonably necessary for us to provide a service requested by you; to perform a contract between us; to maintain functionality and ensure security of our systems; to enable solely expected internal uses of your Personal Information; to exercise a right provided by law; or to comply with a legal obligation.
• Right to Portability. Under certain circumstances, you may have the right to receive Personal Information we hold about you in a structured, commonly used, and machine-readable format so that you can provide that Personal Information to another entity.
• Right to Opt Out of Sale/Share. You have the right to opt-out of the sale of your Personal Information in exchange for monetary or other valuable consideration, including sharing of your Personal Information to third parties for behavioral advertising purposes. We generally do not sell your Personal Information for profit, but like many websites, we use cookies, pixels, and similar technology, and we share certain information, such as your IP address or device identifiers, to certain third-party advertisers in order to improve your user experience and to optimize our marketing activities. To exercise your right to opt-out of sale or share of your personal information, please submit a request by checking the “Do Not Sell or Share My Personal Information” box and click “OK” in the Cookie Banner that may be accessed via our Privacy page (also by clicking here). Please note that you may still receive generalized ads after opting out of targeted advertising
• Right to Limit Use of Sensitive Information. To the extent your sensitive personal information (as that term is defined under California Privacy Laws) is used to infer characteristic about you, you have the right to direct us to stop such processing of your sensitive personal information for such purposes. We do not process any sensitive personal information to infer characteristics about you.
• Right to Object to Automated Decision-Making. You may have the right not to be subject to a decision that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement) which significantly impacts your rights. No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.
• Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your privacy rights.

Exercising Your California Privacy Rights

You may exercise your rights by contacting us at privacy@globallogic.com or via another method identified in the “Contact Us” section above. In your request, please make clear which right you would like to exercise. Before fulfilling your request, we are required by law to have you to verify the Personal Information we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes. 

If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.

Opt-Out Preference Signals. You may send your request to opt-out sale or sharing your personal information by configuring your device to automatically send opt-out preference signals. The Global Privacy Control signal is currently the only opt-out preference signal we can recognize. Please visit Global Privacy Control’s official site (https://globalprivacycontrol.org/#about) to learn how to configure your device to send such signals. Please note that the opt-out choice will only apply to your use of our Sites through the current browser or device you’re using and only so long as that browser’s cookies are not erased.

Direct Marketing If you are a California resident, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes. To request a notice, please submit your request at privacy@globallogic.com or by postal mail as described in the Contact Us section.

ADDITIONAL INFORMATION FOR RESIDENTS OF CHILE

This section applies only to Chilean residents whose data is processed by any GlobalLogic company. Personal data regulation is found mainly in Law No 19,628 on Privacy Protection (hereinafter, the “CLPPL”). 

Personal Data Processing

GlobalLogic group companies may treat your personal data only when permitted by the CLPPL or if you have provided us with a prior written authorization. You may revoke your authorization at any time in writing.

Your authorization is not needed if: (i) your personal data has been collected from public sources; or (ii) your personal data is being treated for the exclusive benefit of GlobalLogic group entities and their associates, for statistical or pricing purposes or in their general benefit.

Personal data shall be treated only for the purposes for which it has been collected, unless it has been collected from public sources. 

Rights Under the CLPPL

You are entitled to the following rights under the CLPPL:

1. Access right – you may request GlobalLogic to provide you with information regarding:

• Whether GlobalLogic is processing your personal data, which personal data are processing and for what purposes;
• The sources from where GlobalLogic collected your personal data; and
• Persons or entities to whom your personal data are being transferred.

You may also request a copy of all of your personal data that GlobalLogic is processing.

1. Opposition request right – you may oppose to the use of your personal data for advertising, market research or opinion polls purposes.
2. Modification request right – in the event that any personal data collected by GlobalLogic are proven to be erroneous, inaccurate, misleading or incomplete, you are entitled to request the modification of such personal data. 
3. Deletion and blocking request right – you may request your personal data to be deleted if their storage lacks of legal grounds or if your personal data has expired. Moreover, you may also request the deletion or blocking of your personal data if such data have been voluntarily provided by you or your information is being used for commercial communications.
4. Free of charge copies – you are entitled to request a free of charge copy of your personal data or any modification or deletions made thereof. If new modifications or deletions are required, you may ask for an updated registry, free of charge, provided that the new modification or deletion has been requested by you six-months after your previous modification or deletion request.

 To exercise any of the above mentioned rights please contact us at privacy@globallogic.com or by other means as convenient for you.

ADDITIONAL INFORMATION FOR RESIDENTS OF THE  EUROPEAN ECONOMIC AREA (EEA, INCLUDING EU), SWITZERLAND AND THE UK

This section applies to processing of personal data that is within the scope of the GDPR or UK GDPR – when it is carried out by a GlobalLogic group company that has its seat or establishment within the European Economic Area (including the European Union), Switzerland or the UK or concerns data subjects who are in the EEA, Switzerland or the UK. In case of any doubts please contact us at privacy@globallogic.com. 

What is the legal basis of processing?

Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it (for example, direct marketing activities), we will obtain and rely on your consent in relation to the processing concerned.

Otherwise, we will process your personal data only where the processing is necessary:

• for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
• for the purposes of the legitimate interests (Art. 6(1)(f) GDPR) pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data; the following cases fall into this category – when we process your personal data in relation to a relationship that we have with the person that you work for, maintaining relations, building a positive image of GlobalLogic and marketing of GlobalLogic’s products and services, when we process your Image that can be qualified as personal data for the purposes of GlobalLogic promotion among current and potential employees, associates and business partners, when we defend against or make claims;
• for the fulfilment of our legal obligations– the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).

We process data regarding use of our website for the purpose of proper management of our website, to improve its performance, ensure its security, adapt its content to your preferences. In addition, we gather this data for internal purposes, including resolving issues, conducting data analyses, testing, research, statistics, and for survey purposes. The legal basis of our activities is your consent, except for cases when the use of such data is essential for the functioning of our website (electronic provision of a service to you within that scope); in such cases the legal basis will be our legitimate interest (Art. 6(1)(f) GDPR). 

How long do we process your personal data

As a rule, personal data will be processed:

• for the purposes of conclusion and performance of a contract – for the duration of the contract and its settlement plus a reasonable period, depending on the circumstances (generally, the applicable statute of limitation period);
• on the basis of our legitimate interest – until the objection to such processing or the fulfilment of the purpose for which the data has been processed;
• on the basis of your consent – until withdrawal of such consent or fulfilment of the purpose for which it was given;
• on the basis of legal obligation – for as long as is necessary to comply with the applicable legal obligations;

unless the law or an authority requires that we process such data for a longer period, or in case of potential claims, for such claim’s limitation period specified by law – whichever is longer. 

Once the relevant storage periods have elapsed, your Personal Data will be destroyed, deleted, or irreversibly anonymized.

Your rights related to processing of your personal data 

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

You can also receive access to all of your personal data that we are processing (data copy).

2. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete. 
3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
4. Data erasure – in certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right where one of the following grounds applies:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
   • you object to the processing of your personal data for marketing purposes;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
5. Restriction of processing – you can demand that we restrict our activities in principle only to storing information about you when:
   • you contest the accuracy of personal data we are processing – for a period of time that allows us to verify the accuracy of the personal data;
   • the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;
   • GlobalLogic no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims;
   • you have objected to the processing of your personal data – only until such time as it is determined whether our legitimate grounds override yours.
6. Data portability – you have the right to receive your data in a structured, ommonly-used and machine-readable format, and also to transmit your data to another data controller, if: 
   • the processing is based on your consent or on a contract; and
   • the processing is carried out by automated means.
7. Objection – you have the right to object to some operations we perform on your personal data on grounds related to your particular situation, particularly in the following cases: 
   • when our processing is based on our legitimate interest;
   • when we process your personal data for purposes related to scientific or historical research, or for statistical purposes.

When despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defense of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

8. Complaints to the relevant public authority – in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority. You can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en. The relevant public authority in the UK is the Information Commissioner’s Office https://ico.org.uk/global/contact-us/. The relevant public authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html. Of course we encourage you to first contact us at privacy@globallogic.com.
9. You can obtain a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF INDIA

1. Personal Data or information as described in the overview section of this policy should be read as below:
2. Personal Information/Personal Data means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person;
3. Sensitive Personal Data or Information includes information relating to password, financial information such as bank account, credit card etc., physical psychological and mental health condition, sexual orientation, medical records and history, biometric information, any such details provided to body corporate for providing service or received by it for processing, stored and processed under lawful contract or otherwise. Sensitive personal data or information does not include any information freely available or accessible in public domain and/or information furnished under the Right to Information Act, 2005 or under any other prevalent law.
4. The information provider shall have the option of withdrawing/reviewing/amendment of the information provided. 
5. GlobalLogic India does not collect/process sensitive personal data.
6. All data privacy matters are handled by the Grievance officer, Name and contact address: Diljeet Singh and Alok Malik grievance.privacyIndia@globallogic.com
7. GlobalLogic India Private Limited and GlobalLogic Technologies Private Limited are ISO 27001 certified.

ADDITIONAL INFORMATION FOR RESIDENTS OF ISRAEL

This section applies to residents of Israel and relates to the Israeli Privacy Protection Law 5741-1981 and the relevant regulations promulgated thereto on data transfer and data security. 

1. You have the right to review your personal information processed by us. To do so, please contact us at the following email address: privacy@globallogic.com. We are entitled to provide you with access to review your personal information at our offices. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject. 
2. If, upon review of your personal information processed by us, you believe the personal information is inaccurate, incomplete, or incorrect, you may reach us at privacy@globallogic.com and request that the personal information be corrected or deleted. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it. 
3. As GlobalLogic operates worldwide, your data may be transferred outside of Israel and onward. This is done in line with applicable legal requirements, in a safe and transparent manner. By providing to us your data, you consent to such data transfers.

ADDITIONAL INFORMATION FOR RESIDENTS OF JAPAN

This section applies to the personal data concerning Japanese residents processed by any GlobalLogic company. Please see here about GlobalLogic globally and in Japan. Personal data regulation is found mainly in the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended, hereinafter, the “APPI”)

Your rights related to processing of your personal data

You have the right to make following requests on your personal data to GlobalLogic Japan, Ltd.:

1. Provision of the purpose of use of your personal data;
2. Disclosure of your personal data;
3. Correction, addition, or deletion of your personal data;
4. Suspension of use or erasure of your personal data; 
5. Suspension of provision of your personal data to a third party; and
6. Making any claim or complaint about the handling of your personal data.

Please contact us at the following email address: privacy@globallogic.com to make such request. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it.

Safeguarding Measures

We have implemented the following measures to prevent unauthorized access to the  personal data as well as the loss, falsification, compromise or other issue of the  personal data.

1. Establishment of Basic Policy – We have established a basic policy to ensure the proper handling of personal data as an organization.
2. Internal Rules for Handling Personal Data – We have established internal rules for the handling of personal data that stipulate handling methods, responsible persons, and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc.
3. Organizational Safety Control Measures – We appoint a person responsible for the handling of personal data, clarified the responsibilities of that person, and is operating in accordance with the rules and regulations concerning the handling of personal data. We establish a system for reporting to and communicating with the responsible person when we become aware of a fact or indication of a violation of the APPI or regulations. The status of the handling of personal data is regularly inspected or audited.
4. Personnel Safety Control Measures – We provide regular information security training to our employees to ensure proper handling of data.
5. Physical Security Control Measures – We control employee access to rooms and restrict the equipment, etc. that employees may bring into areas where personal data is handled. In addition, we take measures to prevent theft of equipment and electronic media that processes personal data, as well as encryption and password protection of personal data to prevent divulgence of personal data when carried. Furthermore, when deleting personal data or disposing of equipment, electronic media, etc., we have a procedure to properly complete such process by adopting measures by which deleted data cannot be easily restored.
6. Technical Security Control Measures – We implement appropriate access control on the information systems that process personal data and authentication of employees who use such systems by user IDs and passwords. We take measures to prevent compromise of information by continuously monitoring the security of our information systems.
7. Personal Data Protection outside Japan – We may process and store your personal data outside Japan, in other countries where GlobalLogic group operates, including in the EU and in the USA. We are aware of the systems for the protection of personal data in those countries and take necessary and appropriate measures for the secure management of personal data.

Shared use of Personal Data

We will share and jointly use the personal data among GlobalLogic companies as follows:

1. The personal data will be shared with and jointly used by GlobalLogic companies.
2. The information to be shared are First name, Last name, e-mail address, telephone number and information about your professional experience, etc.
3. The scope of GlobalLogic companies jointly using the personal data is GlobalLogic Inc., its parents, subsidiaries, and affiliated entities. Please see here about GlobalLogic globally.
4. The purpose of joint use of the personal data is for management and analysis, decision making, and other business purposes as well as those purposes described in the Section “How We Use Your Personal Data; The purpose of processing” of this Privacy Policy.

When there is any change in the matters described above, we will amend this Privacy Policy and make it public without delay.

ADDITIONAL INFORMATION FOR RESIDENTS OF MEXICO

This section applies only to Mexican residents, GlobalLogic processes personal data in compliance with the Federal Law for the Protection of Personal Data Held by Private Parties (“LFPDPPP”), its Regulation of the Federal Law for the Protection of Personal Data Held by Private Parties (“RLFPDPPP”) and its Guidelines for the Notice of Privacy, hereinafter “Mexican Data Protection Legislation”.  

Personal Data Collected

We inform you that the personal data we collect is established in the sections “Information we Collect”, “Information you Voluntary Provide to Us”, “Information we collect automatically”, “Information We Collect from Other Sources”, “Cookies and Similar Technologies” and “Your Image”.

We remind you that we do not collect sensitive personal data as established in the Mexican legislation for the protection of personal data. 

How We Use Your Personal Data; The purpose of processing

In the section “How we use your Personal Data; the Purpose of the Treatment” the purposes established in said section will be considered as necessary under the Mexican data protection legislation with the exception of the following which will be considered voluntary: 

• To advertise, market and provide information about us or our services.
• To measure or understand the effectiveness of advertising we serve to you or others, and to deliver appropriate advertising (suited to your preferences).
• To make suggestions and recommendations about services that may be of interest to you or the person you work for and subject to your preferences, if applicable.

For voluntary purposes, you may object through the mechanisms established in the section “ARCO Rights and other rights”. 

Transfers of Personal Data

Regarding the section “How We Share Your Personal Data” and “ Who We Share Your Personal Data With”, we inform you that the transfers marked in subsections “c) When We Work on Business When we work in commercial operations” your consent is necessary.

Also, for the purpose established in subsection “e) When We Work with Marketing Service Providers” your consent is necessary.

By accepting this Privacy Notice, you consent to data transfers that require your consent. However, you may oppose them at any time through the mechanisms established in the section “ARCO Rights and other Rights”.

 ARCO Rights and other Rights

As the owner of your personal data, you can exercise your rights of Access, Rectification, Cancellation and Opposition (the well-known “ARCO” rights), request the limitation of the use and disclosure of your personal data, oppose secondary purposes, oppose the transfers that require your consent, revoke the consent you have given us to process your personal data. 

To exercise your rights and know the procedures, you can write to privacy@globallogic.com

Your request must contain, at least, the following information: a) name, address or other means to communicate the answer; b) document that proves your identity or your personality as representative of the owner of the personal data; c) clear description of the personal data in respect of which you wish to exercise a right and which right you wish to exercise; d) elements or documents that facilitate the location of the data; e) In case of requesting the right of rectification, you must indicate the corresponding modifications to the personal data.

We will respond to your request within 20 business days of receiving your request. If appropriate, we will make it effective within the following 15 business days.

It will be understood that we have given you access to your personal data when we make it available to you, regardless of what means or format, as long as it is understandable. Before giving you access to your data, you have to prove your identity, this is for your own security. 

ADDITIONAL INFORMATION FOR RESIDENTS OF UKRAINE

This section applies only to processing of personal data collected within the territory of Ukraine, specifically by a GlobalLogic group company (as a data controller) that has its seat or establishment in Ukraine.

Privacy Rights. Within described processing, you have all rights of the data subject set by Art. 8 of the Law of Ukraine “On Personal Data Protection”. Among other, you have the following rights:

1. Information on your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • sources of your data collection;
   • where we are processing your personal data;
   • what categories of data we are processing;
   • who is the recipient of your data and details of transfers;
   • whether we use automatic decision making and its mechanism.
2. Access to your personal data – you can receive access to all of your personal data that we are processing.
3. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete. 
4. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
5. Data erasure – you may request deletion of your data if they are inaccurate or are processed unlawfully or as otherwise prescribed by law.
6. Restriction of processing – you can demand that we limit our activities regarding your personal data.
7. Objection – you have the right to object to some operations we perform on your personal data for special reasons related to your personal situation. When despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
8. Complaints to the relevant public authority – in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority or to the court. For Ukraine the supervisory authority is the Ukrainian Parliament Commissioner for Human Rights. You may find contacts of his office at https://www.ombudsman.gov.ua/. Of course we encourage you to first contact us at privacy@globallogic.com.

International Data Transfers. As mentioned, GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of the EU/EEA, which may not have data protection regulations as stringent as those in EEA. Providing to us your data you agree on their transfer outside Ukraine and the EEA. In any case, for such international transfers we ensure use of appropriate guarantees regarding non-interference to your personal and family life.