Global Website Privacy Notice

  • Facebook
  • Twitter
  • Linkedin
  • Email

Genpact and our affiliated companies worldwide (“Genpact”) are a global professional services firm focused on delivering digital transformation for our clients. This privacy notice describes our approach to privacy, why we collect your personal data, what data we are collecting, how we process it, and how you can manage and delete your personal data.  

In this privacy notice, we also provide information about higher or different standards that apply in particular locations.   

Genpact is a controller or its equivalent under privacy laws where it decides how and why personal data is used. Where we act as a processor or its equivalent in our capacity of providing services to a client, we will only use personal data in accordance with specific written instructions from our client. In those cases, the client is the data controller or its equivalent for that personal data and will be responsible to data subjects for the way in which their personal data is processed. Where applicable and in accordance with privacy laws, we shall assist the relevant data controller in complying with your privacy rights. 

If you have any questions or concerns about this privacy notice or your personal data, please contact us at DPO.Genpact@Genpact.com

1. What personal data we collect and how we collect it.
2. Purpose and lawful basis for processing personal data. 
3. Security.
4. How we share your personal data.
5. International and group company transfers of personal data.
6. Data storage and retention.
7. Existence of automated profiling.
8. Data Subject rights:
a. Residents of California
b. Residents of Europe 
c. Residents of Poland
d. Residents of Australia
e. Residents of the Philippines
f. Residents of Mexico
9. Contact us and information regarding complaints. 
10. Changes to our privacy notice.

1. What personal data we collect and how we collect it.
Genpact collects the following personal data in one or more of the following ways. 

  • Your name or other unique identifier: Genpact uses this information in order to contact you in response to your request to do so or to receive marketing communications. 
  • On the ‘Contact Us’ page: Genpact uses the contact information you submit to enable us to respond to a general or business inquiry made by you, or on behalf of the company that you represent.  
  • Internet and network activity when you visit our website: Genpact uses cookies and web beacons to collect data on how you use our websites, including your IP address, pages visited, and length of time spent on the site. Please see our Cookies Notice for further information and to customize your cookie preferences.
  • When you use our Subscription Center: Genpact uses the information you provide, such as your name and email address, to provide subscription services. The subscription center also keeps track of your communication preferences and areas of interest (such as receiving newsletters, thought leadership content and/or marketing materials), that you have either opted in to, or opted out of.
  • Our career portal: Genpact collects education and employment information when you submit an application for a role at Genpact via our career portal. 
  • Email communications: If you receive our marketing communications, we will track when you receive, open, click a link in, or share an e-mail you receive from Genpact. Please refer to our Customer Privacy Notice for further details. To unsubscribe from Genpact marketing communications, please click here.
  • Information from other sources: Depending on your relationship with Genpact, Genpact may receive information about you from other sources, including but not limited to data vendors, insurance providers, auditors, travel service providers, consulting firms, background check service providers, and social media to ensure the accuracy and completeness of your personal data. 

2. Purpose and lawful basis for processing personal data. 
Genpact uses the personal information it has collected from you in the following ways: 

  • Consent: Where we require your consent, you will find opt-in mechanisms and you will have the ability to withdraw consent at all times. 
  • Contract: Where we need to perform a contract that we are about to enter into or have entered into with you. For example, when we perform services for you.
  • Legal or regulatory obligation: This includes maintaining records, performing compliance screening (such as anti-money laundering, financial or credit checks, fraud and crime prevention and detection analysis, and screening for compliance with trade sanctions and embargo laws). This also includes automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.
  • Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests. Our legitimate interest will include, for example, market research purposes, marketing purposes and appropriate controls to ensure our website, processes and procedures are running effectively, for the prevention and detention of against fraud and for Information Technology (IT) security purposes. You can contact us for further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities.

If processing personal data is subject to any other data protection laws, then the lawful basis for processing personal data may be different to that set out above. In those circumstances, the processing will be based on the applicable national or state laws. 

Genpact shall only process the received information to pursue our legitimate business interests. This includes screening resumes of prospective candidates, establishing communication with prospective customers (whom you represent) and personnel with general/business inquiries, and to enhance our user experience. Please visit our Customer Privacy Notice and our Candidate Privacy Notice for further details. 

You also have the option to subscribe/opt-in to receive newsletters, thought leadership content and/or marketing materials. You can always opt out by using our Subscription Center or writing to Marketing.GDPR@Genpact.com. Genpact shall adhere to your preferences.

3. Security.
Genpact implements industry standard security measures to keep your personal data secure and confidential, including but not limited to:

  • Restriction of access to your personal data to Genpact employees strictly on a need-to-know basis, such as responding to an inquiry or request.
  • Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with applicable rules, laws, legislation and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and/or destruction. It is important that you also make every effort to protect your password and computer from unauthorized access. Be sure to sign off when you are finished using a shared computer.
  • Disciplinary action against Genpact employees who misuse personal data, which is a violation of Genpact policies.

4. How we share your personal data.

  • The personal data Genpact collects from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, Genpact engages third parties to respond to any queries raised by you or to establish business communications, including marketing communications, to prospective customers. For information on the third party vendors partnered with Genpact, please click here.
  • Genpact shares your personal data with service providers, which, depending on your relationship with Genpact, may include but is not limited to payroll processors, cloud service providers, and administration support providers. Personal data shared with these service providers is for business purposes only.
  • Genpact has offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Please click here to see a list of the locations within our corporate group.
  • Where required or permitted by law, information may be provided to others, such as, but not limited to regulators and enforceable government directives.
  • From time to time, Genpact will consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar transaction. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to third parties involved in the transaction. In these instances, Genpact will continue to ensure your personal data is protected and Genpact will provide any impacted data subjects notice before any personal data is transferred or subject to a different privacy policy.

5. International and group company transfers of personal data.
We are part of an international group of companies and transfer personal data concerning you to countries across the globe. Safeguards are put in place under applicable data protection laws to ensure the safe transfer of data between regions. You can find a list of the locations within our corporate group here. We transfer personal data between our group companies and data centers for the purposes described above. 

Your personal data will be stored in databases located in regions across the globe including India. The databases are controlled by our administrative staff located outside of the European Union including in India and can be accessed electronically.

Specific transfer mechanisms outside of the European Union under the GDPR: Where we transfer personal data outside the EU and between our group companies, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission, or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards. To find out more about standard contractual clauses, click here.

If you would like more information on any of the data transfer mechanisms we rely on, please contact us at DPO.Genpact@Genpact.com

6. Data storage and retention.
Genpact shall retain your personal data pursuant to the business purposes and in line with our retention policies. We will only keep your personal data for as long as is reasonably necessary taking into consideration the purposes outlined above or to comply with legal, accounting or reporting requirements under applicable law(s).

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Personal data received from prospective candidates shall be retained in accordance with the retention criteria set out in our Candidate Privacy Notice

Personal data received from prospective customers shall be retained for the duration of the prospective customer’s business relationship with Genpact and in accordance with the retention criteria set out in our Customer Privacy Notice

For more information on where and how long your personal data is stored, please contact us at DPO.Genpact@Genpact.com.

7. Existence of automated profiling.
Genpact uses automated profiling in limited circumstances relating to email campaigns.  As part of our email campaigns, we track when you receive, open, click a link in, or share an e-mail you receive from Genpact using a Genpact managed automated solution. The automated solution profiles the information tracked to evaluate your interest in Genpact’s service offerings and/or promotions. This enables us to identify and target potential customers and/or business partners and aims to provide you with relevant and timely content based on your indicated interests.

8. Data Subject Rights.
You may have certain rights in relation to your personal data pursuant to data protection laws in your jurisdiction. To exercise such rights, please contact DPO.Genpact@Genpact.com. The rights for certain jurisdictions are explained in further detail below.

Residents of California:

  • The right to know what information the business collects, discloses, and if applicable, sells (as the term is defined in section 1798.140(t) of the California Consumer Privacy Act (CCPA)).
  • The right to access what personal information has been collected about you by making a proper Verifiable Consumer Request (VCR). Through a VCR, you may request:
  1. the categories of personal information collected about you in the preceding 12 months;
  2. the categories of sources from which personal information is collected;
  3. the business or commercial purpose for collecting personal information;
  4. the categories of third parties with whom Genpact shares personal information; and
  5. specific pieces of personal information collected about you.
  • If the business has “sold” (as that term is defined in section 1798.140(t) of the CCPA) or disclosed your personal information for a business purpose, you have the right to request an itemized list of the categories of personal information:
  1. collected about you
  2. sold about you (this includes categories of third parties to whom information was sold and what categories of personal information for each third party); and
  3. disclosed about you for a business purpose.
  • The right to opt out of the sale of your personal information to a third party at any time.
  • The right to request deletion of personal information that has been collected about you, subject to certain exceptions.
  • The right to request that your personal information be transferred to a third party.
  • The right to non-discrimination against you for exercising any of the rights listed above.

Genpact does not sell personal information as defined in section 1798.140(t) of the CCPA. Genpact also does not sell the personal information of children under age 16 without affirmative authorization.

To exercise your rights with respect to your personal information, you may submit a Verifiable Consumer Request on Genpact’s request portal here. You may also submit a request by calling 1(888) 914-9661 and entering in the following ID: 112797.

For issues accessing Genpact’s portal, please contact DPO.Genpact@Genpact.com.

Genpact will respond to a Verifiable Consumer Request within 45 days. Should we require more time, Genpact will notify you of the extension period and the reason for the extension in writing. To the extent possible, we will provide you with your personal information in a format that you can share with other businesses.

You may find further information specific to residents of California by visiting our CCPA page.

Residents of Europe:

  • The right to request access to your personal data and request details of the processing activities conducted by Genpact.
  • The right to erasure of your personal data under certain circumstances.
  • The right to request that your personal data is rectified if it is inaccurate or incomplete.
  • The right to request restriction of the processing of your personal data in certain circumstances.
  • The right to object to the processing, including the sale or commercial use, of your personal data in certain circumstances.
  • The right to receive your personal data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.
  • The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  • The right to withdraw your consent provided at any time by contacting us.

In accordance with the GDPR, we will respond to your request within one month upon receipt of your request. Where we are unable to progress your response, we will contact you. In certain circumstances, Genpact may extend the timeline of our response to 3 months in accordance with applicable law.

To exercise your rights with respect to your personal data, you can submit a data subject request on Genpact’s request portal here. For issues accessing Genpact’s portal, contact DPO.Genpact@Genpact.com.

You may find further information specific to residents of Europe by visiting our GDPR page.

Residents of Poland:
Should you have any questions or would like to exercise any of the rights, please contact the Genpact Data Protection Officer for Poland, and for Genpact PL sp. z o.o., Genpact Poland sp. z o.o.

Andreea Tipa EU Data Protection Officer
DPO.Genpact@Genpact.com.

Residents of Australia:
Genpact recognizes that individuals must have the option to not identify themselves, or to use a pseudonym when liaising with Genpact. We seek to provide this option to the extent possible.  However, due to the nature of Genpact’s business operations, it is impracticable in most cases for Genpact to deal with individuals who have not identified themselves or who use a pseudonym.

As a resident of Australia, you have the following rights:

  • The right to have your personal information de-identified and/or destroyed.
  • The right to require that any personal information held by Genpact is accurate, up-to-date, and complete. If the information is inaccurate, incomplete and/or out-of-date, you have the right to request that it is corrected.
  • The right to know when and how your personal information is collected, used and disclosed.
  • The right to “opt out” of your personal information being used for direct marketing purposes.
  • The right to request Data Holders and accredited bodies to share information relating to yourself, with consent, in a standardized machine-readable format.

If you would like to exercise any of the above rights, please contact DPO@Genpact.com.

Residents of the Philippines:

  • The right to be informed that your personal data will be, has been, or is being collected and processed. 
  • The right to access to your personal data.
  • The right to object to processing of your personal data if the personal data processing involved is based on consent or on legitimate interest.
  • The right to erasure or blocking of your personal data under certain circumstances.
  • The right to damages under certain circumstances
  • The right to file a complaint with the National Privacy Commission (NPC) if your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated.
  • The right to rectify your personal data under certain circumstances.
  • The right to data portability.

Should you have any questions or would like to exercise any of the rights listed above, please contact the Genpact Data Protection Officer for the Philippines at DPO.PH@genpact.com

Residents of Mexico: 

  • The rights of access, rectification, cancellation and opposition under certain circumstances.
  • The right to revoke or request to limit, at any time, the consent you have granted and that is necessary for the processing of your personal data.

If you would like to exercise any of the above rights, you must submit your request in writing to: 

Person in charge of Personal Data
EDM, S. DE R.L. OF C.V.
Ave. Hermanos Escobar 7651
Col. Partido Escobedo, C.P. 32330
Ciudad Juarez, Chihuahua, Mexico.

or via email to the address: DPO.Genpact@Genpact.com.

Any changes or modifications to this Privacy Notice will be available at www.genpact.com.

9. Contact us and information regarding complaints.
Contact us:  
Please contact us with any concerns you may have. You can contact us by writing to us at DPO.Genpact@Genpact.com

Complaints: 
Some data protection laws, such as the European GDPR, give you the right to lodge a complaint with a supervisory authority, in particular in the Member State where you work, normally live, or where any alleged infringement of data protection laws has occurred. 

For other data protection laws, where applicable, you can contact the nominated data protection supervisory body in that jurisdiction. 

10. Changes to our privacy notice
This privacy notice was last updated in December 2019 and Genpact will notify you of changes we may make to this privacy notice where required. However, we would recommend that you look back at this notice from time to time to check for any updates.