Privacy Policy

1.0 Cigniti’s privacy policy

“We are committed to maintaining the privacy and security of the personal information provided by all of our clients and employees”.

2.0 Scope

This policy applies to the any personal information which Cigniti Technologies Limited may collect when you visit our website (https://www.cigniti.com), visit our office premises, during the process of prospecting, marketing, recruitment and exchanging information for the purpose of new business or expansion.

This privacy policy also covers the type of personal information that we collect and what do with do with the information collected through various sources. This policy also describes the cookies being used at the website and about third parties’ use of cookies.

This policy applies in both the capacities – where we are acting as a data processor – for the Quality Engineering and testing services that we deliver to our existing and potential clients and also where we are acting as a Data controller with respect to the personal data of our website visitors, employees, email recipients and personal data collected from public sources; in other words, where we determine the purposes and means of the processing of that personal data.

If you are a California resident, please see the below section on our specific privacy policy statement for California residents.

This privacy policy does not apply to the practices of any legal entities or companies that Cigniti does not control or own, or to any people that Cigniti does not manage or employ. In this policy, “we”, “us” and “our” refers to Cigniti Technologies Limited. For more information about us, please visit https://www.cigniti.com.

3.0 Information we collect

Cigniti collects and processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our quality engineering and testing services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. Reference to a data subject means a natural person whose personal data is processed by a data controller or a data processor.

All the personal information mentioned in the table below is collected ‘directly’ (example – when you provide information to sign up for a newsletter, whitepaper, web resource or register to comment on a forum website) and ‘indirectly’ (example – through our website’s technology or cookies) including third-parties such as public authorities, websites and social media and networking platforms, suppliers/vendors proving or selling legitimate personal data. It is completely up to you to decide before providing any personal information.

We collect personal data of our clients, vendors/suppliers, prospects, website users, visitors (website and physical site), employees, candidates/potential employees, business contacts and shareholders. For any other specific data collection requirement not listed here and arising out of business requirements or required by law, we will issue the concerned individuals appropriate notice of the data to be collected and purpose for the same.

Please refer the table below for the categories of personal data and associated details –

Personal Information CategoryDetails
Personal detailsName, Company, Email address and Phone number
Contact details and identifiersName, Company, Email address, Phone number and attachments, if any
Marketing, Lead generation/Inside Sales and related informationName, Company, Email address and Phone number.
Social media identifiers including the posts on social media by individual or company, publicly available information and identifiers including any analytics and profiles of the individual available, details from the third-party owned/sold personal data.
Data coming through online and offline marketing events including seminars, marketing campaigns (including ads), webinars, guest speakers, testimonials, workshops, road shows, business calls and meetups, trade fairs and similar events.
IP address, web history data, including operating system and browser type, page tracking data,  traffic data, location data, blogs and other communication data coming in through chat bots.
Professional details, employment details including title/designation/role, company name, location and contact details coming through social networking sites, client referrals, publicly available sources and purchased contact lists.
CookiesCookies and related geolocation data as per the Cookie policy described below.
Sensitive personal dataWe may collect certain types of sensitive personal data  such as health related data, medical information about individuals and family members only when permitted by local law or with your consent, which is required for Mediclaim or medical insurance purposes.

Other sensitive information such as biometric information or facial recognition might be used for authentication and/or surveillance purposes.

Data captured in audio or video formatsThis category includes personal data coming in through pictures, audio/video footage captured and recorded on CCTV cameras or surveillance monitoring systems and visitor management system.
Employment, recruitment and related data (for employees and contractors) Name, Company, Email address and Phone number.
Sensitive personal data includes unique national identification number, social security number, family information including marital/partnership status, ethnicity, beneficiary, parents, children (minor), dependents, health records (including disability) and related medical insurance information, emergency contact information, current and permanent residential address details.
Information about education and employment history, background verification details including criminal convictions and offences. These details are required to comply with legal obligations and to abide to our Code Of Business Conduct & Ethics (COBC).
Immigration related data including citizenship, passport data, residency or work permit details.
Payroll, taxation and related banking account data for processing paychecks and payments to vendors and other parties.
Information coming in from CV/resumes submitted through online portals, referrals, walk-ins, and emails including the sensitive personal information coming along with it.
Recruitment related information coming from third-party recruitment vendors, placement firms or job website or job fairs.

If you provide us with personal information on behalf of another data subject (example – referral candidate, visiting cards or email addresses in marketing events, purchased databases) you would be considered responsible for ensuring that you have the data subject’s consent for sharing the information with us.

We are also committed to protect the privacy of children aged 16 years or under. In case you belong to this category, kindly get your parent/guardian’s consent/written permission for sharing any personal information with us.

Please refer the table below for the purposes related to your personal data and the legal basis –

PurposeLegal basis
Marketing, Sales and lead generation (including B2B marketing)Legitimate interest for the proper administration of our website, business growth and communications with users/prospects
Contractual relationship Necessary for the performance of a contract to which the data subject is a party
Managing business operationsLegitimate interest for the proper administration and business growth
Complying with any legal obligation, or to enforce or apply our terms of use; or to protect the rights, property, or safety of Cigniti, our clients, or othersLegal obligation for the protection and assertion of our legal rights, your legal rights and the legal rights of others involved. We may process any of your personal data identified in this policy where necessary for the legal purposes such as Personal data collected under UKEU laws such as taxation, disclosure of employee salary details to HMRC (Her Majesty’s Revenue and Customs) establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure
Social Engineering (processing information found on publicly available sources, social media, networking site, analytics, cookies, stakeholder needs and sentiments)Legitimate interest for the proper administration and business growth
All the activities related to recruitment/staffing (sourcing profiles, scheduling and conducting online/offline interviews, managing candidate databases and activities managed through Applicant Tracking System)Legitimate interest for ensuring that Cigniti recruits suitable employees
Communication with data subjectsLegitimate interest for ensuring that Cigniti effectively communicates with data subjects within and outside the organization
All activities related to employment (onboarding, background verification, employment stint, payroll/benefits, insurance and employee exit) Legitimate interest for the proper administration and employee benefits

 

As per GDPR Article 6(1)(f) – Processing shall be lawful only if and to the extent that at least one of the following applies:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

While we consider legitimate interests as reasonable grounds to process your personal information, we also ensure that these legitimate interests are not overridden by your interests and rights or freedoms you have in relation to the processing activities.

Where mandated by law, we will obtain your prior consent for processing your personal information for the purposes mentioned above based. Submitting consent through forms, emails or through website (example – “I agree”, “By continuing to use this website, you agree to our cookie & privacy policy) shall be considered as your agreement to collect and process the Personal Information for the stated purpose.

In the event of a medical emergency or authorized by law, we may use your personal information considering the following lawfulness of processing as per GDPR Article 6(1)(d) and 6(1)(e) –

  • 6(1)(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

We do not generally seek to collect or process sensitive personal data also known as special categories (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) through this site. In the limited cases where we may seek to collect such data, we will do this in accordance with local data privacy law requirements.

4.0 What do we do with the information collected?

Cigniti requires this information to better understand the needs that you may have in terms of the services we offer and provide you with the better experience and services. We may also use this information for:

  • Internal records for correspondence.
  • Providing you with information you request, process online requests (job applications, resources) and for other purposes.
  • Improve our service offerings and personalize your experience.
  • Periodically sending promotional emails about new service offerings, webinars, technology events or any other information which we think you may find interesting using the email address which you have provided.
  • To send commercial e-mail to individuals or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws.
  • Contacting you for collection of feedback/surveys.
  • Collected information is used to update, maintain and track the marketing/lead generation efforts in a Customer Relationship Management (CRM) tool/database.
  • Any postings, comments or other content that you may post on our website or social media platforms.
  • We may transfer personal data to our contracted service providers and advisors who may be located in other countries. Adequate data protection is provided before any such data transfers are made.
  • Disclosing your personal data to third parties in the event that we sell or liquidate any part of our business or assets.
  • We may share your personal data (including special category of personal data) with third parties for a specific purpose (example – prospecting, recruitment, background verification, insurance). Any personal data processing conducted by an external agent or entity (third-party service provider) on our behalf shall be evidenced by a valid written contract between the involved parties. Such contract shall specifically set out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, the obligations and rights of the company.
  • International transfers of personal data may happen to countries outside the European Economic Area (“EEA”). Cigniti has global presence in other geographies outside the headquarter in Hyderabad, India. Please refer the list of our global office locations at – https://www.cigniti.com/offices-locations/. Transfers to any of our global offices will be protected by appropriate safeguards included in our Terms of Contract for data processing agreed between Cigniti and the other parties. This transfer or a set of transfers of personal data to a third country or an international organization shall take place when the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request. Cigniti’s formal compliance to ISO 27001 (Information Security Management Systems) ensure the adequacy of appropriate technical and organizational safeguards.

5.0 How secure is the information collected?

Cigniti is committed to ensuring that your personal information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Cigniti is certified with ISO 27001 (Information Security Management System) demonstrating formal compliance to protecting confidentiality, integrity and availability of the information collected, processed and stored. We also have a formal compliance towards System and Organization Controls (SOC) for Service Organizations – internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.

The IT team shall continuously develop and evaluate the Company’s security policy with respect to the processing of personal data. We strive to protect your information from unauthorized access, alteration, disclosure or destruction and have some key information security and physical security policies in place to safeguard the information. Some of the examples are – encryptions, physical and logical access control, user authentication, secure login using One Time Password (OTP), firewalls and latest antivirus and likewise.

Regarding your use of our websites it should be noted that the open nature of the Internet is such that information and personal data may flow over networks connecting you to our systems without security measures in some cases and may be accessed and used by people other than those for whom the data is intended. You acknowledge that, Cigniti can’t prevent the use (or misuse) of such personal data by others.

In case you follow a link to any of the sites which may be arising out of Cigniti’s website, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for these policies or sites. Please check these policies before you submit any personal data to these sites.

6.0 For how long do we retain the data?

We will retain your personal data only for as long as is necessary. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. If you have an association with us, we will only keep the data while your association is active or for as long as needed to provide services to you and, as further needed for us to comply with our legal and contractual obligations. When the personal data that has been collected is no longer required, Cigniti shall destroy or delete it in a secure manner in accordance with our information security policies and/or as per the official contract made with the other party.

7.0 How we use cookies? Cookie policy.

A cookie is a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server (definition: Wikipedia). Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit any website and allow the website to recognize your device. Cookies are used for authentication, tracking, and maintaining user-specific information and often contain a unique and anonymous identifier. Most web browsers automatically accept cookies, but you can change the settings in your browser to allow you to accept or decline cookies depending upon your preferences.

We analyze your IP and browser information to determine what is most effective about our website, to help us identify ways to improve it and make it more effective. Cigniti’s website does not usually refer to any other external website. In case where there is a reference to other website(s), Cigniti’s privacy policy does not apply to those websites. You are requested to read the privacy policy of these websites to gain more information.

By using our website, you agree that we can place cookies and other similar technologies on your device (including mobile devices) as explained in this Cookies policy. By continuing to use your mobile device to access this website, you agree that the following information may be collected: your unique device identifier, mobile device IP address, information about your device’s operating system, mobile carrier details and your location related information (to the extent permissible under applicable law).

  • Why do we use cookies? – To ensure a better experience. Cookies do a lot of different things, such as navigating between different pages efficiently, remembering user preferences and helping us to ensure that content that is seen is more relevant to you and your interests.
  • How do we use cookies – We use a Customer Relationship Management (CRM) platform to manage and track or ‘do not track’ cookies.
  • Do we use cookies for marketing and analytics? – Cigniti, based on the requirement, may use information collected from our cookies to identify user behavior and to serve content and offers based on your profile, and for the other related purposes. Some of the cookies we use don’t collect information that identifies a visitor. For example – Performance cookies (refer below) and Targeting cookies (refer below) where you are not a registered user. In other cases, we can associate cookie information with an identifiable individual. For example – If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message; and when you click a link in a marketing e-mail you receive from us, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.
  • Type of cookies used –
    • Cigniti also uses “Session” cookies which are temporary and once you close the browser window, they are deleted from your device.
    • Along with this Cigniti also uses “Persistent” cookies which remain on your device for a longer period and are used by the website to recognize your device when you return.
    • Strictly Necessary cookies – These cookies are essential in order to enable you to navigate around the site and use its features. Without these, services you have asked for cannot be provided and may result into a meagre user experience.
    • Functionality cookies – These cookies allow a site to remember choices you make (such as your username or the region you are in) and provide more enhanced, personal features. These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you’ve been on the Internet outside our site.
    • Performance cookies – These cookies collect information about your visit and use of this website, for instance which pages you visit the most often, and if you get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is anonymous and is only used to improve how this website works.
    • Targeting cookies – These cookies are used to deliver content more relevant to you and your interests; and limit the number of times you see the same content; and also, to help measure the effectiveness of the advertising campaign, if any; and understand users’ behavior. They are usually placed on behalf of advertising networks with the site operator’s permission. They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization. Cigniti does not use third-party advertising on our site, so we do not use these Targeting cookies for advertising but we use them for gathering analytics and intelligence about the site.
  • Do we analyze personal data? – We may. Cigniti, based on the requirement and as part of Social Engineering, may combine data from publicly available sources, and from our e-mail, website, and personal interactions with you (this includes information collected across our different sources). We combine this data to better assess your experience, to better offer and sell relevant goods and/or services and to perform the other activities described throughout our privacy policy. The legal basis for this processing and analysis is our legitimate interest for the proper administration and business growth.
  • Do we use cookies from any third parties? – Some cookies we use are from third party companies, such as Google Analytics, LinkedIn Analytics and through the Customer Relationship Management (CRM) tool to provide us with web analytics and intelligence about our sites. These companies use programming code to collect information about your interaction with our sites, such as the pages you visit, the links you click on and how long you are on our sites. This code is only active while you are active on our website. For more information on how these companies collect and use information on our behalf, please refer to their respective privacy policies. Cigniti may use non-tracking cookie technologies such as web beacons (including conversion pixels) or other technologies for similar purposes as above and we may include these on our sites, in marketing e-mail messages or our newsletter, to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity.
  • Do we allow not to use cookies? – Possible to an extent. By using Cigniti’s website you agree that we can place cookies on your device including mobile device. If you want to remove existing cookies from your device you can do this using your browser options. If you want to block future cookies being placed on your device you can change your browser settings to do this. Please bear in mind that deleting and blocking cookies will have an impact on your user experience as parts of the site may no longer work or take more time than usual to load the required contents. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies.

8.0 How can you control the information provided? Your rights.

We would like to make sure you are fully aware about the all the data protection rights. Every data subject is entitled (in the circumstances and under the conditions, and subject to the defined exceptions, as set out in applicable law) to following rights for individuals –

  • The right to be informed – where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards.
  • The right of access – You have the right to request us for copies of your personal data that we may hold. We may ask you to confirm the identity and/or charge you a small fee for this service.
  • The right to rectification – You have the right to request us to correct any information that you believe is inaccurate or incomplete.
  • The right to erasure (‘right to be forgotten’) – You have the right to request us to erase your personal data, under certain conditions as defined by the GDPR.
  • The right to restriction of processing – You have the right to request us to restrict the processing of your personal data, under certain conditions as defined by the GDPR.
  • The right to data portability – You have the right to request us that we transfer the data that we have collected to another organization, or directly to you, under certain conditions as defined by GDPR.
  • The right to object – You have the right to object to our processing of your personal data, under certain conditions as defined by GDPR.
  • Rights in relation to automated individual decision-making, including profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling.
  • The right to withdraw consent – You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you shall be informed thereof. It shall be as easy to withdraw consent as to give it.
  • The right to lodge a complaint – You shall have the right to lodge a complaint with supervisory authority in case you believe that your data privacy rights have been violated. You are encouraged to seek resolution of complaint from us while still having the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Cigniti with a competent court (either in the country where you live or work or where the privacy rights have been violated).
    • You may use the following link to raise a complaint with the ICO (Information Commissioner’s Office) – the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals) https://ico.org.uk/make-a-complaint/

Contact details of ICO are as follows-

Information Commissioner’s Office,
Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF
Telephone: +44 303 123 1113
Fax: +44 1625 524510

We shall provide information on action taken on a request under GDPR Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. Certain data subject rights are unavailable for certain types of lawful basis. For example – Contract and Consent basis does not have right to object (but you still have the right to withdraw consent) and Legitimate Interest does not have right to portability.

As a user, you may choose to restrict the information that we have collected or the way in which the same would be used, in the following ways:

  • Whenever you are providing personal information through, ensure that the explicit consent is checked. In case you do not want to provide the consent, personal information shall not be collected in the first place.
  • Contact us (info@cigniti.com) if you wish to update your personal information.
  • In case you have previously subscribed or agreed to us for sharing your personal information for direct marketing purposes, you may opt out the same anytime by writing an email to unsubscribe@cigniti.com.
  • We do not use automated decision making (including profiling) when processing your data.

Cigniti shall not sell, distribute or lease your personal information to third parties unless we have your explicit consent to do so or are required by law to do so.

Cigniti may transfer personal information if it acquires, or is acquired by or merged with, another company. In this event, we will notify you before your personal information is migrated/ported to the new organization or comes under the jurisdiction of another privacy policy.

9.0 Privacy statement for California residents

We are not directly in the business of selling personal information, but there may be limited circumstances where we share personal information in a manner that may be a “sale” as defined under California law. The following definition are referred as per CCPA 1798.140 –

  • (o) (1) “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
  • (o) (2) “Personal information” does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
  • (o) (3) “Personal information” does not include consumer information that is deidentified or aggregate consumer information.
  • (t) (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

This privacy notice enables you to request us to refrain from selling your personal information in accordance with California law. As a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA). You may opt-out from any selling (as defined in “CCPA”) of your personal information by contacting us for ‘Do Not Sell My Personal Information (CCPA)’ via an email to unsubscribe@cigniti.com. Please note that this right is limited to only California residents and is not absolute. We reserve the necessary rights to question, ask to prove the identity and deny the request in the event of any suspicious or fraudulent opt-out requests.  

10.0 Contact us

If you have any queries or complaints regarding this privacy policy or in case you would like to contact our Data Protection Officer (DPO), please feel free to write an email to privacy@cigniti.com or via post at the below address –

India Address:
Cigniti Technologies Limited
6th Floor, ORION Block, “The V” (Ascendas),
Plot No#17 Software Units Layout, Madhapur,
Hyderabad, Telangana, India – 500081

UK Address:
Cigniti Technologies (UK) Limited
30 Churchill Place
London
United Kingdom
E14 5RE
Phone: +44 203 865 6044

You may alternatively visit our website – https://www.cigniti.com/contact-us/.

11.0 Updates to privacy policy

Cigniti may change this policy from time to time and the latest copy shall be made available at https://www.cigniti.com/privacy-policy/. Users of the policy are requested to occasionally visit the link provided for latest updates to ensure that they make themselves aware of any changes. You continue to agree with the updated privacy policy till you explicitly convey us about your disagreement.

This policy was last updated on 01-Jun-2020.