“We are committed to maintaining the privacy and security of the personal information provided by all of our clients and employees”.
This policy applies to the any personal information which Cigniti Technologies Limited may collect when you visit our website (https://www.cigniti.com), visit our office premises, during the process of prospecting, marketing, recruitment and exchanging information for the purpose of new business or expansion.
This policy applies in both the capacities – where we are acting as a data processor – for the Quality Engineering and testing services that we deliver to our existing and potential clients and also where we are acting as a Data controller with respect to the personal data of our website visitors, employees, email recipients and personal data collected from public sources; in other words, where we determine the purposes and means of the processing of that personal data.
Cigniti collects and processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our quality engineering and testing services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. Reference to a data subject means a natural person whose personal data is processed by a data controller or a data processor.
All the personal information mentioned in the table below is collected ‘directly’ (example – when you provide information to sign up for a newsletter, whitepaper, web resource or register to comment on a forum website) and ‘indirectly’ (example – through our website’s technology or cookies) including third-parties such as public authorities, websites and social media and networking platforms, suppliers/vendors proving or selling legitimate personal data. It is completely up to you to decide before providing any personal information.
We collect personal data of our clients, vendors/suppliers, prospects, website users, visitors (website and physical site), employees, candidates/potential employees, business contacts and shareholders. For any other specific data collection requirement not listed here and arising out of business requirements or required by law, we will issue the concerned individuals appropriate notice of the data to be collected and purpose for the same.
Please refer the table below for the categories of personal data and associated details –
|Personal Information Category||Details|
|Personal details||Name, Company, Email address and Phone number|
|Contact details and identifiers||Name, Company, Email address, Phone number and attachments, if any|
|Marketing, Lead generation/Inside Sales and related information||Name, Company, Email address and Phone number.|
Social media identifiers including the posts on social media by individual or company, publicly available information and identifiers including any analytics and profiles of the individual available, details from the third-party owned/sold personal data.
Data coming through online and offline marketing events including seminars, marketing campaigns (including ads), webinars, guest speakers, testimonials, workshops, road shows, business calls and meetups, trade fairs and similar events.
IP address, web history data, including operating system and browser type, page tracking data, traffic data, location data, blogs and other communication data coming in through chat bots.
Professional details, employment details including title/designation/role, company name, location and contact details coming through social networking sites, client referrals, publicly available sources and purchased contact lists.
|Sensitive personal data||We may collect certain types of sensitive personal data such as health related data, medical information about individuals and family members only when permitted by local law or with your consent, which is required for Mediclaim or medical insurance purposes.|
Other sensitive information such as biometric information or facial recognition might be used for authentication and/or surveillance purposes.
|Data captured in audio or video formats||This category includes personal data coming in through pictures, audio/video footage captured and recorded on CCTV cameras or surveillance monitoring systems and visitor management system.|
|Employment, recruitment and related data (for employees and contractors)||Name, Company, Email address and Phone number.|
Sensitive personal data includes unique national identification number, social security number, family information including marital/partnership status, ethnicity, beneficiary, parents, children (minor), dependents, health records (including disability) and related medical insurance information, emergency contact information, current and permanent residential address details.
Information about education and employment history, background verification details including criminal convictions and offences. These details are required to comply with legal obligations and to abide to our Code Of Business Conduct & Ethics (COBC).
Immigration related data including citizenship, passport data, residency or work permit details.
Payroll, taxation and related banking account data for processing paychecks and payments to vendors and other parties.
Information coming in from CV/resumes submitted through online portals, referrals, walk-ins, and emails including the sensitive personal information coming along with it.
Recruitment related information coming from third-party recruitment vendors, placement firms or job website or job fairs.
If you provide us with personal information on behalf of another data subject (example – referral candidate, visiting cards or email addresses in marketing events, purchased databases) you would be considered responsible for ensuring that you have the data subject’s consent for sharing the information with us.
We are also committed to protect the privacy of children aged 16 years or under. In case you belong to this category, kindly get your parent/guardian’s consent/written permission for sharing any personal information with us.
Please refer the table below for the purposes related to your personal data and the legal basis –
|Marketing, Sales and lead generation (including B2B marketing)||Legitimate interest for the proper administration of our website, business growth and communications with users/prospects|
|Contractual relationship||Necessary for the performance of a contract to which the data subject is a party|
|Managing business operations||Legitimate interest for the proper administration and business growth|
|Social Engineering (processing information found on publicly available sources, social media, networking site, analytics, cookies, stakeholder needs and sentiments)||Legitimate interest for the proper administration and business growth|
|All the activities related to recruitment/staffing (sourcing profiles, scheduling and conducting online/offline interviews, managing candidate databases and activities managed through Applicant Tracking System)||Legitimate interest for ensuring that Cigniti recruits suitable employees|
|Communication with data subjects||Legitimate interest for ensuring that Cigniti effectively communicates with data subjects within and outside the organization|
|All activities related to employment (onboarding, background verification, employment stint, payroll/benefits, insurance and employee exit)||Legitimate interest for the proper administration and employee benefits|
As per GDPR Article 6(1)(f) – Processing shall be lawful only if and to the extent that at least one of the following applies:
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
While we consider legitimate interests as reasonable grounds to process your personal information, we also ensure that these legitimate interests are not overridden by your interests and rights or freedoms you have in relation to the processing activities.
In the event of a medical emergency or authorized by law, we may use your personal information considering the following lawfulness of processing as per GDPR Article 6(1)(d) and 6(1)(e) –
- 6(1)(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person
- 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
We do not generally seek to collect or process sensitive personal data also known as special categories (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) through this site. In the limited cases where we may seek to collect such data, we will do this in accordance with local data privacy law requirements.
Cigniti requires this information to better understand the needs that you may have in terms of the services we offer and provide you with the better experience and services. We may also use this information for:
- Internal records for correspondence.
- Providing you with information you request, process online requests (job applications, resources) and for other purposes.
- Improve our service offerings and personalize your experience.
- Periodically sending promotional emails about new service offerings, webinars, technology events or any other information which we think you may find interesting using the email address which you have provided.
- To send commercial e-mail to individuals or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws.
- Contacting you for collection of feedback/surveys.
- Collected information is used to update, maintain and track the marketing/lead generation efforts in a Customer Relationship Management (CRM) tool/database.
- Any postings, comments or other content that you may post on our website or social media platforms.
- We may transfer personal data to our contracted service providers and advisors who may be located in other countries. Adequate data protection is provided before any such data transfers are made.
- Disclosing your personal data to third parties in the event that we sell or liquidate any part of our business or assets.
- We may share your personal data (including special category of personal data) with third parties for a specific purpose (example – prospecting, recruitment, background verification, insurance). Any personal data processing conducted by an external agent or entity (third-party service provider) on our behalf shall be evidenced by a valid written contract between the involved parties. Such contract shall specifically set out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, the obligations and rights of the company.
- International transfers of personal data may happen to countries outside the European Economic Area (“EEA”). Cigniti has global presence in other geographies outside the headquarter in Hyderabad, India. Please refer the list of our global office locations at – https://www.cigniti.com/offices-locations/. Transfers to any of our global offices will be protected by appropriate safeguards included in our Terms of Contract for data processing agreed between Cigniti and the other parties. This transfer or a set of transfers of personal data to a third country or an international organization shall take place when the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request. Cigniti’s formal compliance to ISO 27001 (Information Security Management Systems) ensure the adequacy of appropriate technical and organizational safeguards.
Cigniti is committed to ensuring that your personal information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Cigniti is certified with ISO 27001 (Information Security Management System) demonstrating formal compliance to protecting confidentiality, integrity and availability of the information collected, processed and stored. We also have a formal compliance towards System and Organization Controls (SOC) for Service Organizations – internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.
The IT team shall continuously develop and evaluate the Company’s security policy with respect to the processing of personal data. We strive to protect your information from unauthorized access, alteration, disclosure or destruction and have some key information security and physical security policies in place to safeguard the information. Some of the examples are – encryptions, physical and logical access control, user authentication, secure login using One Time Password (OTP), firewalls and latest antivirus and likewise.
Regarding your use of our websites it should be noted that the open nature of the Internet is such that information and personal data may flow over networks connecting you to our systems without security measures in some cases and may be accessed and used by people other than those for whom the data is intended. You acknowledge that, Cigniti can’t prevent the use (or misuse) of such personal data by others.
In case you follow a link to any of the sites which may be arising out of Cigniti’s website, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for these policies or sites. Please check these policies before you submit any personal data to these sites.
We will retain your personal data only for as long as is necessary. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. If you have an association with us, we will only keep the data while your association is active or for as long as needed to provide services to you and, as further needed for us to comply with our legal and contractual obligations. When the personal data that has been collected is no longer required, Cigniti shall destroy or delete it in a secure manner in accordance with our information security policies and/or as per the official contract made with the other party.
A cookie is a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server (definition: Wikipedia). Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit any website and allow the website to recognize your device. Cookies are used for authentication, tracking, and maintaining user-specific information and often contain a unique and anonymous identifier. Most web browsers automatically accept cookies, but you can change the settings in your browser to allow you to accept or decline cookies depending upon your preferences.
By using our website, you agree that we can place cookies and other similar technologies on your device (including mobile devices) as explained in this Cookies policy. By continuing to use your mobile device to access this website, you agree that the following information may be collected: your unique device identifier, mobile device IP address, information about your device’s operating system, mobile carrier details and your location related information (to the extent permissible under applicable law).
- Type of cookies used –
- Cigniti also uses “Session” cookies which are temporary and once you close the browser window, they are deleted from your device.
- Along with this Cigniti also uses “Persistent” cookies which remain on your device for a longer period and are used by the website to recognize your device when you return.
- Strictly Necessary cookies – These cookies are essential in order to enable you to navigate around the site and use its features. Without these, services you have asked for cannot be provided and may result into a meagre user experience.
- Functionality cookies – These cookies allow a site to remember choices you make (such as your username or the region you are in) and provide more enhanced, personal features. These cookies cannot track your browsing activity on other websites. They don’t gather any information about you that could be used for advertising or remembering where you’ve been on the Internet outside our site.
- Performance cookies – These cookies collect information about your visit and use of this website, for instance which pages you visit the most often, and if you get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is anonymous and is only used to improve how this website works.
- Targeting cookies – These cookies are used to deliver content more relevant to you and your interests; and limit the number of times you see the same content; and also, to help measure the effectiveness of the advertising campaign, if any; and understand users’ behavior. They are usually placed on behalf of advertising networks with the site operator’s permission. They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization. Cigniti does not use third-party advertising on our site, so we do not use these Targeting cookies for advertising but we use them for gathering analytics and intelligence about the site.
We would like to make sure you are fully aware about the all the data protection rights. Every data subject is entitled (in the circumstances and under the conditions, and subject to the defined exceptions, as set out in applicable law) to following rights for individuals –
- The right to be informed – where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards.
- The right of access – You have the right to request us for copies of your personal data that we may hold. We may ask you to confirm the identity and/or charge you a small fee for this service.
- The right to rectification – You have the right to request us to correct any information that you believe is inaccurate or incomplete.
- The right to erasure (‘right to be forgotten’) – You have the right to request us to erase your personal data, under certain conditions as defined by the GDPR.
- The right to restriction of processing – You have the right to request us to restrict the processing of your personal data, under certain conditions as defined by the GDPR.
- The right to data portability – You have the right to request us that we transfer the data that we have collected to another organization, or directly to you, under certain conditions as defined by GDPR.
- The right to object – You have the right to object to our processing of your personal data, under certain conditions as defined by GDPR.
- Rights in relation to automated individual decision-making, including profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling.
- The right to withdraw consent – You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you shall be informed thereof. It shall be as easy to withdraw consent as to give it.
- The right to lodge a complaint – You shall have the right to lodge a complaint with supervisory authority in case you believe that your data privacy rights have been violated. You are encouraged to seek resolution of complaint from us while still having the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Cigniti with a competent court (either in the country where you live or work or where the privacy rights have been violated).
- You may use the following link to raise a complaint with the ICO (Information Commissioner’s Office) – the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals) https://ico.org.uk/make-a-complaint/
Contact details of ICO are as follows-
Information Commissioner’s Office,
Wycliffe House, Water Lane, Wilmslow
Cheshire, SK9 5AF
Telephone: +44 303 123 1113
Fax: +44 1625 524510
We shall provide information on action taken on a request under GDPR Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject. Certain data subject rights are unavailable for certain types of lawful basis. For example – Contract and Consent basis does not have right to object (but you still have the right to withdraw consent) and Legitimate Interest does not have right to portability.
As a user, you may choose to restrict the information that we have collected or the way in which the same would be used, in the following ways:
- Whenever you are providing personal information through, ensure that the explicit consent is checked. In case you do not want to provide the consent, personal information shall not be collected in the first place.
- Contact us (firstname.lastname@example.org) if you wish to update your personal information.
- In case you have previously subscribed or agreed to us for sharing your personal information for direct marketing purposes, you may opt out the same anytime by writing an email to email@example.com.
- We do not use automated decision making (including profiling) when processing your data.
Cigniti shall not sell, distribute or lease your personal information to third parties unless we have your explicit consent to do so or are required by law to do so.
We are not directly in the business of selling personal information, but there may be limited circumstances where we share personal information in a manner that may be a “sale” as defined under California law. The following definition are referred as per CCPA 1798.140 –
- (o) (1) “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
- (o) (2) “Personal information” does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
- (o) (3) “Personal information” does not include consumer information that is deidentified or aggregate consumer information.
- (t) (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.
This privacy notice enables you to request us to refrain from selling your personal information in accordance with California law. As a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA). You may opt-out from any selling (as defined in “CCPA”) of your personal information by contacting us for ‘Do Not Sell My Personal Information (CCPA)’ via an email to firstname.lastname@example.org. Please note that this right is limited to only California residents and is not absolute. We reserve the necessary rights to question, ask to prove the identity and deny the request in the event of any suspicious or fraudulent opt-out requests.
Cigniti Technologies Limited
6th Floor, ORION Block, “The V” (Ascendas),
Plot No#17 Software Units Layout, Madhapur,
Hyderabad, Telangana, India – 500081
Cigniti Technologies (UK) Limited
30 Churchill Place
Phone: +44 203 865 6044
You may alternatively visit our website – https://www.cigniti.com/contact-us/.
This policy was last updated on 01-Jun-2020.