Privacy Policy

Last Updated: 08/18/2022

Overview

GlobalLogic, a Hitachi Group Company, including GlobalLogic Inc., its parents, subsidiaries, and affiliated entities (“GlobalLogic,” “we,” “us,” “our”) respect your privacy and we are committed to protecting it through our compliance with this Privacy Policy and all applicable laws and regulations. We have created this Privacy Policy to inform you of our policies regarding the collection, use, and disclosure of personal information (also referred to here as “personal data”) as well as the rights and choices you may have associated with that information. For any requests or inquiries in relation to this Privacy Policy, please see the Contact Us section below.

If you are interested in applying to a job position in GlobalLogic, in addition to reading this privacy policy regulating processing of your personal data as a website visitor, please also read a Global Recruitment Privacy Notice and a recruitment privacy notice applicable to your region here.

If you prefer to read privacy related documents in another language, in the top right corner of our website you will find the list of our local sites.

Applicability and Scope

This Privacy Policy applies with respect to access to and use of GlobalLogic’s internet properties including, without limitation, newdesign.globallogic.com, microsites, mobile websites, mobile applications, and any other digital services or properties operated or used by GlobalLogic from time to time that link to this Privacy Policy (collectively referred to as the “Site(s)”). It is an integral part of the agreement between you and us concerning the use of the Site(s).

GlobalLogic’s internet properties are owned and operated by GlobalLogic Inc. The websites that are owned and operated by GlobalLogic may contain links to digital properties that are owned and operated by other companies. This Privacy Policy does not apply to websites and services that are owned and operated by unaffiliated third parties.

If you do not agree with our Terms of Services or this Privacy Policy, please discontinue use of our Sites immediately.

This Privacy Policy applies also to our processing of personal data of our business contacts, (potential) customers and (potential) suppliers, including people providing services to us through third parties such as outsourcing or recruitment entities.

This policy explains who we are, why and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to. It explains the rules applicable to processing of personal data by the companies of GlobalLogic group in business, commercial and marketing relations.

Variances to this policy may apply to regulate the processing of personal data in accordance with specific local laws, where they exist. At the end of the Policy, you may find additional country or region specific information for countries where GlobalLogic operates.

Glossary – Basic Concepts

Personal data / personal information – all information related to you that we process. For example: first name, last name, e-mail address, telephone number, information about your professional experience, etc.

Processing – all activities performed in regard to your personal data. For example: collecting, retaining, updating, sending messages to you, deleting data.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

UK GDPR – GDPR incorporated into law in the UK as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019.

CCPA – California Consumer Privacy Act of 2018.

Who are we

We are GlobalLogic. For our contact details please see the Contact Us section below.

As a rule, each of the companies from the GlobalLogic group independently decides about the purposes and methods of personal data processing, which means that each of them is a separate data controller – depending on which company you contact, conclude a contract with, run business relations with etc., this company, usually, will be the data controller of your personal data.

It may also happen that a particular company performs activities for another company from the GlobalLogic group, e.g. related to marketing – in this case, the company that performs such activities does not become the data controller of your personal data, but processes it on the basis of a data processing agreement concluded with data controller.

Except as otherwise described in this Privacy Policy, in most cases the entity responsible for processing personal data outside of the European Economic Area and the UK is GlobalLogic Inc. For questions, please see the Contact Us section below.

Whose Personal Data Do We Process

We may process personal data relating to you if:

• You are our prospective or actual customer, supplier or person providing us with services through a third party.
• You are someone (or you work for someone) to whom we want to advertise or market our services.
• You work for a customer or a supplier of ours, or for someone who uses our services or products developed by us (you are acting on behalf of one of the persons/entities mentioned above, e.g. as its employee or associate).
• You are interested in our activities (e.g. as the media).
• You are our employee, contractor or have expressed an interest in working for us.

Information We Do Not Collect – Children

We do not knowingly solicit data online from or market to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information without parental consent, we take steps to delete such information.

Information We Collect

We may process personal data relating to you that we have either obtained from you, or from somewhere else. Therefore, your personal data can be processed:

• when you have provided us with your personal data through various communication channels (e.g. by sending an inquiry/ offer via e-mail, telephone or form on our website);
• when signing or performing a contract, including when your personal data have been disclosed to us as a contact for the purpose of execution of a contract;
• when we have obtained your personal data from other sources (e.g. from a company that is our contractor/ client, including from another company of the GlobalLogic group, during events, or from publicly available sources/ websites).

Information You Voluntarily Provide to Us

The scope of personal data we process depends on the information that is vital for a given relationship
– it primarily encompasses content of documents, our communication, along with other information we have obtained from publicly available sources (e.g. LinkedIn). Personal data relating to you that we process may include in particular:

• Your name,
• Information regarding professional activity, including who you work for, and your job function or department, qualifications and information regarding services you are providing to us.
• Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the person that you work for).
• Information about you that you give us by communicating with us by phone, by e-mail, via our website, via social media or otherwise. It includes information you give us or that we obtain when you use our website, attend or subscribe to our events, supply us with goods or services, enquire about our services, place an order, enter a competition, promotion or survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for.
• Information relating to transactions with us involving you or the person that you work for (for example, details of products developed by us or services that we have supplied to, or obtained from, you or the person you work for).
• Information about events to which you or those related to you are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).

Your submission of personal data is voluntary, but sometimes it may be necessary e.g. to conclude or execute a contract, to respond to your query or to communicate with you.

Information We Collect Automatically

Information that we automatically obtain from you when you use our website, including:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us or social media handle used to connect with us.

Information We Collect from Other Sources

 Other information relating to you which is necessary for us to process in order to enter into or perform a contract with you or the person that you work for (for example, right to work information, information obtained from credit references agencies and/or vendor screening suppliers, where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone you work for or are otherwise related to).

• Where legally allowed, some information we collect is from unaffiliated sources, including in some cases information that is publicly available, provided by or purchased from marketing business intelligence partners, or present on social media platforms. For instance, in the U.S. we may use ZoomInfo to obtain information about prospective customers, which can then be used within an advertising platform such as Google Ads to market our services to those individuals or to audiences that share similar attributes. Users who do not wish to be remarketed to or included in the creation of such “lookalike” audiences on Google’s Display Network may opt-out through their Google Ads Settings here. More information about ZoomInfo’s privacy practices and opting out of that service’s professional profiles may be found here: https://www.zoominfo.com/update/remove.

Cookies and Similar Technologies

We may use a variety of technologies to collect information about your device and use of our Sites. These technologies include first- and third-party cookies and web beacons. Most web browsers can be programmed to accept or reject the use of some or all of these technologies, although you must take additional steps to disable or control other technologies.

I you want to learn the correct way to modify your browser settings, please use the Help menu in your browser or review the instructions provided by the following browsers: Internet Explorer, Google Chrome, Mozilla Firefox, Safari Desktop, Safari Mobile; and Android browser.

For more information on how to opt-out of tracking technology from Google Analytics, click here.

Cookies – Our use of cookies to process personal data is explained in our Cookie Policy, which you should please read.

Interest-Based Advertising – Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/ or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

Residents of the European Union may opt-out of online behavioral advertising served by the European Interactive Digital Advertising Alliance’s participating member organizations by visiting https://www.youronlinechoices.eu/.

To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering here: https://youradchoices.com/appchoices.

Do Not Track – Some newer web browsers have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit with information indicating that you do not want your activity to be tracked. We currently do not respond to browser “Do Not Track” signals, as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Privacy Policy.

Your image

From time to time GlobalLogic may organize or take part in a promotional event, e.g. a conference, fairs, lecture (“Event”), which you may attend as a guest, speaker, host, etc. (“Participant”). Events are usually recorded on videos or photographs (sometimes with a help of third party acting on our behalf), therefore your image, including voice and utterances (“Image”) may be recorded and used, with neither geographical nor temporal restriction, nor with restriction as to the medium and number of copies, for the purpose of sharing information about the Event and for promotional purposes of GlobalLogic.

To the extent permissible by law, participation in the Event is equivalent to each Participant granting free of charge consent to the use and multiple dissemination of their Image recorded during the Event. Such consent may be withdrawn at any time. Where, for the above activities of GlobalLogic, the applicable law requires explicit consent of the person whose Image has been recorded, GlobalLogic will collect such proper consent from you.

Please note, that if you decide to participate in an Event, your personal data, including an Image, might get published for indefinite period of time on the Internet, in a manner that may allow an unrestricted number of people to view it.

How We Use Your Personal Data; The purpose of processing

We process your personal data for the following purposes:

• To enter into, and to perform, contracts with you or the person that you work for.
• To: provide services to customers, obtain goods and services from suppliers and manage and administer our relationships with customers and suppliers, where you or the person that you work for may be the relevant customer or supplier of goods or services for these purposes.
• To respond to your query and for the purpose of further contact in this matter.
• To advertise, market and provide information about us or our services.
• To defend against or to make claims.
• To administer our website under our terms and for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.
• To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
• To keep our website and other systems safe and secure.
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising (adapted to your preferences).
• To make suggestions and recommendations about services that may interest you or the person that you work for and subject to your stated preferences, where relevant.
• To comply with applicable laws and regulatory obligations including to maintain appropriate records, and respond to lawful public authorities’ requests.
• We may process certain personal information in order to fulfill any other business or commercial purposes at your direction or with your consent.

How We Share Your Personal Data

We may share your personal data, where legally allowed, for the following purposes:

(a) When We Work Together – We may share information between and among GlobalLogic Inc., its parents, subsidiaries, and affiliated companies for purposes of management and analysis, decision making, and other business purposes. For example, we may share your information with our parents, subsidiaries and affiliated companies to process orders and requests, and to expand and promote our product and service offerings.

(b) When We Work with Service Providers – We may share your information with service providers that provide us with support services, such as website hosting, email and postal delivery, product and service delivery, analytics services, or conducting academic research. We contractually prohibit these service providers from retaining, using, or disclosing your confidential personal information for any purpose other than performing agreed upon services for us.

(c) When We Work on Business Transactions – If we become involved with a merger, corporate transaction or another situation involving the transfer of some or all of our business assets, we may share your information with business entities or people involved in the negotiation or transfer.

(d) When Sharing Helps Us Protect Safety and Lawful Interests – We may disclose your information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms or supply terms and other agreements with you; or to protect the rights, property, or safety of GlobalLogic, our customers, employees or others. This includes exchanging information with other companies and organizations (including law enforcement bodies) for the purposes of fraud protection and other risk reduction.

(e) When We Work with Marketing Service Providers – We may share your information with marketing service providers to assess, develop and provide you with promotions and special offers that may interest you, administer contests, sweepstakes and events or for other promotional purposes.

(f) When You Give Consent – We may share information about you with other companies if you give us permission or direct us to share the information.

(g) When the Information Does Not Identify You – We may share your information in a way that does not directly identify you, in particular by combining it with similar information about other people and sharing the aggregated information for statistical analysis and other business purposes. For example, we may share information about your use of our Sites.

Who We Share Your Personal Data With

Access to your data is restricted to those who need it for the purposes outlined above, and generally they will only have access to that part of the data relating to you that is relevant to the particular purpose concerned.

We may share your data with duly authorized GlobalLogic employees or professionals who assist us in running our business and who are subject to security and confidentiality obligations. Whenever personal data is disclosed to a third party in this way, it will only be to the extent necessary to perform their duties, to perform our contract with you or for the purposes of our legitimate interests.

We may share your personal data with:

• any member of our GlobalLogic group, which includes our parents, affiliates, subsidiaries, and their subsidiaries;
• appropriate third parties, including:
  1. our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for;
  2. our auditors, legal advisors and other professional advisors or service providers (e.g. entities that help us communicate with our contractors and clients, e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns, help us run a website, provide support and operation of our tools and ICT systems, banks, as well as companies that carry out our shipments);
• (in particular in relation to information obtained via our website) our advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; we do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience and subject to the cookie section of this policy;
• analytics and search engine providers that assist us in the improvement and optimization of our Sites and subject to the cookie section of this policy.

Legal Grounds for Our Processing of Your Personal Data

The basis on which we process your personal data is as follows (where legally applicable).

Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it (for example, some direct marketing activities), we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent to processing).

Otherwise, we will process your personal data only where the processing is necessary:

• for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
• for compliance with a legal obligation to which we are a subject; or
• for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most situations when we process your personal data in regard to a relationship that we have with the person that you work for will fall into this category).

Other applicable legal basis can be mentioned in the country-specific sections below.

Data Retention

We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived, unless it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject, or for another legitimate and lawful purpose.

The above periods may be extended, if necessary, in the event of any claims and court proceedings – for the duration of these proceedings and their settlement.

Sometimes your data may be available in the mediums such as the Internet for indefinite period.

International Transfers of Personal Data

GlobalLogic operates internationally and, therefore, personal data may be processed in countries which may not have data protection regulations as stringent as those in your country. We will transfer such information to third countries in accordance with the applicable privacy laws, in particular GDPR, particularly to each country in which GlobalLogic conducts business, or has a service provider, for the purposes set out in this document.

GlobalLogic applies all required safeguards, including standard data protection clauses adopted by the relevant data protection authorities. We may also transfer your data to a country that ensures an adequate level of protection according to the European Commission’s decision.

Security

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. All personal data processed by us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee or warrant the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

You should be aware that other Internet sites that are linked from the Site(s) or from a GlobalLogic email message may contain privacy provisions that differ from the provisions of this Privacy Policy. To ensure your privacy is protected, we recommend that you review the privacy statements of these other linked sites, applications or other digital properties.

Your Privacy Rights and Choices

To exercise your rights please contact us at privacy@globallogic.com or by other means as convenient for you.

GlobalLogic respects all applicable privacy laws and your rights under the applicable legislation – in particular you can request that we delete your data, or withdraw your consent for personal data processing. You can also opt-out of receiving marketing communication by using the “unsubscribe” link included in the emails we send you, or by contacting us as described below.

For more details on your rights please see below additional information for the residents of the particular countries and regions.

Please note that we are legally obliged to confirm your identity before we can process your request, so you may be asked to provide some further information.

Privacy Policy Updates

We reserve the right to amend the Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be indicated by the “Last updated” date at the beginning of this page. We encourage you to look for updates and changes to this Privacy Policy by checking this date when you access our Sites.

Contact Us

You can contact us at privacy@globallogic.com, or at our postal address:

GlobalLogic’s headquarters
1741 Technology Drive, Suite 400
San Jose CA 95110, United States of America
Attention: Chief Legal Officer

List of companies of the GlobalLogic group, including their contact details and information regarding data protection officer (if applicable) can be found here.

ADDITIONAL INFORMATION FOR RESIDENTS OF ARGENTINA

This section applies only to Argentine residents. GlobalLogic processes personal data in compliance with Argentine Personal Data Protection Law No. 25,326 (“PDPL”), Regulatory Decree No. 1558/2001 and the provisions and resolutions issued by the Argentine Agency of Access to Public Information (“AAAPI”).

Legal Basis for Our Processing of Your Personal Data

In addition of the legal bases introduced in the main body of this Policy we may also process your data for compliance with a scientific or professional relationship with you, provided that these are necessary for its development or fulfillment.

Your rights related to processing of your personal data

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

You can also receive access to all of your personal data that we are processing (data copy).

2. Data rectification and update – if information about you is or has become inaccurate, incomplete or outdated, you have the right to demand that data is rectified, made complete, or updated.
3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
4. Data removal – in certain situations, the PDPL gives you the right to remove your data. You can invoke this right if we are still processing your personal data, particularly in, for instance, the following cases:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
5. Objection – you have the right to object to some operations we perform on your personal data for direct marketing purposes. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
6. Complaints to the relevant public authority – the AAAPI, in its capacity as controlling authority of the PDPL, is entitled to deal with complaints placed in connection to the infringements of personal data protection rules. Of course we encourage you to first contact us at privacy@globallogic.com.

Additional information for residents of CALIFORNIA

This section applies only to California residents. Pursuant to the CCPA below is a summary of the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140(o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third-parties with whom we may share your Personal Information. As described further below, GlobalLogic does not “sell” your Personal Information.

We generally collect the following categories of Personal Information about you when you use our Sites:

• Identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices.
• Internet or other electronic information regarding your browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, and system configuration information.
• Your geolocation, to the extent you have configured your device to permit us to collect such information.
• Professional or employment-related information.
• Inferences about your preferences, characteristics, behavior and attitudes.

For more information about the Personal Information we collect and how we collect it, please refer to “Information We Collect” section above.

We collect your Personal Information for the business purposes described in the “How We Use Your Personal Data” above. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.

The categories of third-parties with whom we may share your Personal Information are listed in the “Who We Share Your Personal Data With” section above.

California Privacy Rights If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information or the security of our network systems.

Access to Specific Information and Data Portability Rights Subject to certain exceptions, if you are a California resident you have the right to request a copy of the personal information that we collected about you during the 12 months before your request. Once we receive your request and verify your identity, we will disclose to you:

• The categories of personal information we have collected about you;
• The categories of sources for the personal information we have collected about you;
• Our business or commercial purpose for the information collection;
• The categories of third parties with whom we share that personal information;
• The specific pieces of personal information we collected about you;

Deletion Request Rights You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

Non-Discrimination We will not discriminate against you for exercising your right to know, delete, or opt-out of sales.

Opting-Out of Sale In the preceding twelve months we have not sold personal information as that term is generally understood. We do not sell personal information, but we recognize that the CCPA defines “Personal Information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale.” To the extent that making those identifiers and inferences about Sites visitors may be defined as selling under the CCPA, please see our consent manager in our Cookies Policy available here in order to opt out of the sale of such information.

In addition to the “Cookies and Similar Technologies” section above’s description for opting out of interest-based advertising and controlling browser settings, California consumers may also use the Digital Advertising Alliance’s tool to send requests under the CCPA for a web browser to opt out of the sale of personal information by some or all of that framework’s participating companies by accessing the DAA’s tool here: https://www.privacyrights.info/, or by downloading the DAA’s AppChoices mobile application opt-out here: https://www.privacyrights.info/appchoices.

Direct Marketing If you are a California resident, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes. To request a notice, please submit your request at privacy@globallogic.com or by postal mail as described in the Contact Us section.

ADDITIONAL INFORMATION FOR RESIDENTS OF CHILE

This section applies only to Chilean residents whose data is processed by any GlobalLogic company. Personal data regulation is found mainly in Law No 19,628 on Privacy Protection (hereinafter, the “CLPPL”).
Personal Data Processing

GlobalLogic group companies may treat your personal data only when permitted by the CLPPL or if you have provided us with a prior written authorization. You may revoke your authorization at any time in writing.

Your authorization is not needed if: (i) your personal data has been collected from public sources; or (ii) your personal data is being treated for the exclusive benefit of GlobalLogic group entities and their associates, for statistical or pricing purposes or in their general benefit.

Personal data shall be treated only for the purposes for which it has been collected, unless it has been collected from public sources.

Rights Under the CLPPL

You are entitled to the following rights under the CLPPL:

1. Access right – you may request GlobalLogic to provide you with information regarding:
   • Whether GlobalLogic is processing your personal data, which personal data are processing and for what purposes;
   • The sources from where GlobalLogic collected your personal data; and
   • Persons or entities to whom your personal data are being transferred.

You may also request a copy of all of your personal data that GlobalLogic is processing.

2. Opposition request right – you may oppose to the use of your personal data for advertising, market research or opinion polls purposes.
3. Modification request right – in the event that any personal data collected by GlobalLogic are proven to be erroneous, inaccurate, misleading or incomplete, you are entitled to request the modification of such personal data.
4. Deletion and blocking request right – you may request your personal data to be deleted if their storage lacks of legal grounds or if your personal data has expired. Moreover, you may also request the deletion or blocking of your personal data if such data have been voluntarily provided by you or your information is being used for commercial communications.
5. Free of charge copies – you are entitled to request a free of charge copy of your personal data or any modification or deletions made thereof. If new modifications or deletions are required, you may ask for an updated registry, free of charge, provided that the new modification or deletion has been requested by you six-months after your previous modification or deletion request.

To exercise any of the above mentioned rights please contact us at privacy@globallogic.com or by other means as convenient for you.

Additional information for residents of the European Union AND THe UK

This section applies to processing of personal data that is within the scope of the GDPR or UK GDPR – when it is carried out by a GlobalLogic group company that has its seat or establishment within the European Economic Area or concerns data subjects who are in the EEA or the UK. In case of any doubts please contact us at privacy@globallogic.com.

What is a legal basis of processing?

Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it (for example, direct marketing activities), we will obtain and rely on your consent in relation to the processing concerned.

Otherwise, we will process your personal data only where the processing is necessary:

• for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
• for the purposes of the legitimate interests (Art. 6(1)(f) GDPR) pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data; the following cases fall into this category – when we process your personal data in relation to a relationship that we have with the person that you work for, maintaining relations, building a positive image of GlobalLogic and marketing of GlobalLogic’s products and services, when we process your Image that can be qualified as personal data for the purposes of GlobalLogic promotion among current and potential employees, associates and business partners, when we defend against or make claims;
• for the fulfilment of a legal obligations of the data controller – the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which the controller is subject (Art. 6(1)(c) GDPR).

We process data regarding use of our website for the purpose of proper management of our website, to improve its performance, ensure its security, adapt its content to your preferences. In addition, we gather this data for internal purposes, including resolving issues, conducting data analyses, testing, research, statistics, and for survey purposes. The legal basis of our activities is your consent, except for cases when the use of such data is essential for the functioning of our website (electronic provision of a service to you within that scope); in such cases the legal basis will be our legitimate interest (Art. 6(1)(f) GDPR).

How long do we process your personal data

As a rule, personal data will be processed:

• for the purposes of conclusion and performance of a contract – for the duration of the contract and its settlement;
• on the basis of our legitimate interest – until the objection to such processing or the fulfilment of the purpose for which the data has been processed;
• on the basis of your consent – until withdrawal of such consent or fulfilment of the purpose for which it was given;

unless the law requires that we process such data for a longer period, or in case of potential claims, for such claim’s limitation period specified by law – whichever is longer.

Your rights related to processing of your personal data

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

   You can also receive access to all of your personal data that we are processing (data copy).

2. Access to your personal data if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
3. Consent withdrawal you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.

1. Data erasure – in certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right where one of the following grounds applies:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
   • you object to the processing of your personal data for marketing purposes;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
2. Restriction of processing you can demand that we restrict our activities in principle only to storing information about you when:
   • you contest the accuracy of personal data we are processing – for a period of time that allows us to verify the accuracy of the personal data;
   • the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;
   • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
   • GlobalLogic no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims;
   • you have objected to the processing of your personal data – only until such time as it is determined whether our legitimate grounds override yours.
3. Data portability you have the right to receive your data in a structured, commonly-used and machine-readable format, and also to transmit your data to another data controller, if:
   • the processing is based on your consent or on a contract; and
   • the processing is carried out by automated means.
4. Objection you have the right to object to some operations we perform on your personal data on grounds related to your particular situation, particularly in the following cases:
   • when our processing is based on our legitimate interest;/li>
   • when we process your personal data for purposes related to scientific or historical research, or for statistical purposes.

   When despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defense of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).

   Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

5. Complaints to the relevant public authority in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority. You can find list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en. The relevant public authority in the UK is the Information Commissioner’s Office https://ico.org.uk/global/contact-us/. Of course we encourage you to first contact us at privacy@globallogic.com.
6. You can obtain a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF INDIA

1. Personal Data or information as described in the overview section of this policy should be read as below:
   a.     Personal Information/Personal Data means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person;
   b.     Sensitive Personal Data or Information includes information relating to password, financial information such as bank account, credit card etc., physical psychological and mental health condition, sexual orientation, medical records and history, biometric information, any such details provided to body corporate for providing service or received by it for processing, stored and processed under lawful contract or otherwise. Sensitive personal data or information does not include any information freely available or accessible in public domain and/or information furnished under the Right to Information Act, 2005 or under any other prevalent law.
2. The information provider shall have the option of withdrawing/reviewing/amendment of the information provided.
3. GlobalLogic India does not collect/process sensitive personal data.
4. All data privacy matters are handled by the Grievance officer, Name and contact address: Diljeet Singh and Alok Malik grievance.privacyIndia@globallogic.com
5. GlobalLogic India Private Limited and GlobalLogic Technologies Private Limited are ISO 27001 certified.

ADDITIONAL INFORMATION FOR RESIDENTS OF ISRAEL

This section applies to residents of Israel and relates to the Israeli Privacy Protection Law 5741-1981 and the relevant regulations promulgated thereto on data transfer and data security.

1. You have the right to review your personal information processed by us. To do so, please contact us at the following email address: privacy@globallogic.com. We are entitled to provide you with access to review your personal information at our offices. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject.
2. If, upon review of your personal information processed by us, you believe the personal information is inaccurate, incomplete, or incorrect, you may reach us at privacy@globallogic.com and request that the personal information be corrected or deleted. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it.

ADDITIONAL INFORMATION FOR RESIDENTS OF JAPAN

This section applies to the personal data concerning Japanese residents processed by any GlobalLogic company. Please see here about GlobalLogic globally and in Japan. Personal data regulation is found mainly in the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended, hereinafter, the “APPI”)

Your rights related to processing of your personal data

You have the right to make following requests on your personal data to GlobalLogic Japan, Ltd.:

1. Provision of the purpose of use of your personal data;
2. isclosure of your personal data;
3. Correction, addition, or deletion of your personal data;
4. Suspension of use or erasure of your personal data;
5. Suspension of provision of your personal data to a third party; and
6. Making any claim or complaint about the handling of your personal data.

Please contact us at the following email address: privacy@globallogic.com to make such request. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it.

Safeguarding Measures

We have implemented the following measures to prevent unauthorized access to the  personal data as well as the loss, falsification, compromise or other issue of the  personal data.

1. Establishment of Basic Policy – We have established a basic policy to ensure the proper handling of personal data as an organization.
2. Internal Rules for Handling Personal Data – We have established internal rules for the handling of personal data that stipulate handling methods, responsible persons, and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc.
3. Organizational Safety Control Measures – We appoint a person responsible for the handling of personal data, clarified the responsibilities of that person, and is operating in accordance with the rules and regulations concerning the handling of personal data. We establish a system for reporting to and communicating with the responsible person when we become aware of a fact or indication of a violation of the APPI or regulations. The status of the handling of personal data is regularly inspected or audited.
4. Personnel Safety Control Measures – We provide regular information security training to our employees to ensure proper handling of data.
5. Physical Security Control Measures – We control employee access to rooms and restrict the equipment, etc. that employees may bring into areas where personal data is handled. In addition, we take measures to prevent theft of equipment and electronic media that processes personal data, as well as encryption and password protection of personal data to prevent divulgence of personal data when carried. Furthermore, when deleting personal data or disposing of equipment, electronic media, etc., we have a procedure to properly complete such process by adopting measures by which deleted data cannot be easily restored.
6. Technical Security Control Measures – We implement appropriate access control on the information systems that process personal data and authentication of employees who use such systems by user IDs and passwords. We take measures to prevent compromise of information by continuously monitoring the security of our information systems.
7. Personal Data Protection outside Japan – We may process and store your personal data outside Japan, in other countries where GlobalLogic group operates, including in the EU and in the USA. We are aware of the systems for the protection of personal data in those countries and take necessary and appropriate measures for the secure management of personal data.

Shared use of Personal Data

We will share and jointly use the personal data among GlobalLogic companies as follows:

1. The personal data will be shared with and jointly used by GlobalLogic companies.
2. The information to be shared are First name, Last name, e-mail address, telephone number and information about your professional experience, etc.
3. The scope of GlobalLogic companies jointly using the personal data is GlobalLogic Inc., its parents, subsidiaries, and affiliated entities. Please see here about GlobalLogic globally.
4. The purpose of joint use of the personal data is for management and analysis, decision making, and other business purposes as well as those purposes described in the Section “How We Use Your Personal Data; The purpose of processing” of this Privacy Policy.

When there is any change in the matters described above, we will amend this Privacy Policy and make it public without delay.

ADDITIONAL INFORMATION FOR RESIDENTS OF UKRAINE

This section applies only to processing of personal data collected within the territory of Ukraine, specifically by a GlobalLogic group company (as a data controller) that has its seat or establishment in Ukraine.

Privacy Rights. Within described processing, you have all rights of the data subject set by Art. 8 of the Law of Ukraine “On Personal Data Protection”. Among other, you have the following rights:

1. Information on your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • sources of your data collection;
   • where we are processing your personal data;
   • what categories of data we are processing;
   • who is the recipient of your data and details of transfers;
   • whether we use automatic decision making and its mechanism.
2. Access to your personal data – you can receive access to all of your personal data that we are processing.
3. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete.
4. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
5. Data erasure – you may request deletion of your data if they are inaccurate or are processed unlawfully or as otherwise prescribed by law.
6. Restriction of processing – you can demand that we limit our activities regarding your personal data.
7. Objection –  you have the right to object to some operations we perform on your personal data for special reasons related to your personal situation. When despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
8. Complaints to the relevant public authority in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority or to the court. For Ukraine the supervisory authority is the Ukrainian Parliament Commissioner for Human Rights. You may find contacts of his office at https://www.ombudsman.gov.ua/. Of course we encourage you to first contact us at privacy@globallogic.com.

International Data Transfers. As mentioned, GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of the EU/EEA, which may not have data protection regulations as stringent as those in EEA. Providing to us your data you agree on their transfer outside Ukraine and the EEA. In any case, for such international transfers we ensure use of appropriate guarantees regarding non-interference to your personal and family life.