Genpact and our affiliated companies worldwide (“Genpact”) are a global professional services firm focused on delivering digital transformation for our clients. This privacy notice describes our approach to privacy, why we collect your personal data, what data we are collecting, how we process it, and how you can manage and delete your personal data.
In this privacy notice, we also provide information about higher or different standards that apply in particular locations.
Genpact is a controller or its equivalent under privacy laws where it decides how and why personal data is used. Where we act as a processor or its equivalent in our capacity of providing services to a client, we will only use personal data in accordance with specific written instructions from our client. In those cases, the client is the data controller or its equivalent for that personal data and will be responsible to data subjects for the way in which their personal data is processed. Where applicable and in accordance with privacy laws, we shall assist the relevant data controller in complying with your privacy rights.
If you have any questions or concerns about this privacy notice or your personal data, please contact us at [email protected].
1. What personal data we collect and how we collect it.
2. Purpose and lawful basis for processing personal data.
4. How we share your personal data.
5. International and group company transfers of personal data.
6. Data storage and retention.
7. Existence of automated profiling.
8. Data Subject rights:
- Residents of California and Virginia
- Residents of Europe
- Residents of Poland
- Residents of Australia
- Residents of the Philippines
- Residents of Mexico
- Residents of Brazil
- Residents of South Africa
9. Contact us and information regarding complaints.
10. Changes to our privacy notice
1. What personal data we collect and how we collect it
Genpact collects the following personal data in one or more of the following ways.
- Your name or other unique identifier: Genpact uses this information in order to contact you in response to your request to do so or to receive marketing communications.
- On the ‘Contact Us’ page: Genpact uses the contact information you submit to enable us to respond to a general or business inquiry made by you, or on behalf of the company that you represent.
- When you use our Subscription Center: Genpact uses the information you provide, such as your name and email address, to provide subscription services. The subscription center also keeps track of your communication preferences and areas of interest (such as receiving newsletters, thought leadership content and/or marketing materials), that you have either opted in to, or opted out of.
- Our career portal: Genpact collects education and employment information when you submit an application for a role at Genpact via our career portal.
- Email communications: If you receive our marketing communications, we will track when you receive, open, click a link in, or share an e-mail you receive from Genpact. Please refer to our Customer Privacy Notice for further details. To unsubscribe from Genpact marketing communications, please click here.
- Information from other sources: Depending on your relationship with Genpact, Genpact may receive information about you from other sources, including but not limited to data vendors, insurance providers, auditors, travel service providers, consulting firms, background check service providers, and social media to ensure the accuracy and completeness of your personal data.
2. Purpose and lawful basis for processing personal data
Genpact uses the personal information it has collected from you in the following ways:
- Consent: Where we require your consent, you will find opt-in mechanisms and you will have the ability to withdraw consent at all times.
- Contract: Where we need to perform a contract that we are about to enter into or have entered into with you. For example, when we perform services for you.
- Legal or regulatory obligation: This includes maintaining records, performing compliance screening (such as anti-money laundering, financial or credit checks, fraud and crime prevention and detection analysis, and screening for compliance with trade sanctions and embargo laws). This also includes automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.
- Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests. Our legitimate interest will include, for example, market research purposes, marketing purposes and appropriate controls to ensure our website, processes and procedures are running effectively, for the prevention and detention of against fraud and for Information Technology (IT) security purposes. You can contact us for further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities.
If processing personal data is subject to any other data protection laws, then the lawful basis for processing personal data may be different to that set out above. In those circumstances, the processing will be based on the applicable national or state laws.
Genpact shall only process the received information to pursue our legitimate business interests. This includes screening resumes of prospective candidates, establishing communication with prospective customers (whom you represent) and personnel with general/business inquiries, and to enhance our user experience. Please visit our Customer Privacy Notice and our Candidate Privacy Notice for further details.
You also have the option to subscribe/opt-in to receive newsletters, thought leadership content and/or marketing materials. You can always opt out by using our Subscription Center or writing to [email protected]. Genpact shall adhere to your preferences
Genpact implements industry standard security measures to keep your personal data secure and confidential, including but not limited to:
Restriction of access to your personal data to Genpact employees strictly on a need-to-know basis, such as responding to an inquiry or request.
Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with applicable rules, laws, legislation and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and/or destruction. It is important that you also make every effort to protect your password and computer from unauthorized access. Be sure to sign off when you are finished using a shared computer.
Disciplinary action against Genpact employees who misuse personal data, which is a violation of Genpact policies.
4. How we share your personal data
The personal data Genpact collects from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, Genpact engages third parties to respond to any queries raised by you or to establish business communications, including marketing communications, to prospective customers. For information on the third-party vendors partnered with Genpact, please click here.
Genpact shares your personal data with service providers, which, depending on your relationship with Genpact, may include but is not limited to payroll processors, cloud service providers, and administration support providers. Personal data shared with these service providers is for business purposes only.
Genpact has offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Please click here to see a list of the locations within our corporate group.
Where required or permitted by law, information may be provided to others, such as, but not limited to regulators and enforceable government directives.
5. International and group company transfers of personal data
We are part of an international group of companies and transfer personal data concerning you to countries across the globe. Safeguards are put in place under applicable data protection laws to ensure the safe transfer of data between regions. You can find a list of the locations within our corporate group here. We transfer personal data between our group companies and data centers for the purposes described above.
Your personal data will be stored in databases located in regions across the globe including India. The databases are controlled by our administrative staff located outside of the European Union including in India and can be accessed electronically.
Specific transfer mechanisms outside of the European Union under the GDPR: Where we transfer personal data outside the EU and between our group companies, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission, or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards. To find out more about standard contractual clauses, click here.
To the extent Protection of Personal Information Act (“POPIA”) applies, where we transfer personal data outside of the country in which Genpact is established, we only transfer personal data to countries that provide an adequate level of protection and/or we ensure that we have appropriate safeguards in place to cover these transfers, as permitted under the applicable data protection legislation.
If you would like more information on any of the data transfer mechanisms we rely on, please contact us at [email protected].
6. Data storage and retention
Genpact shall retain your personal data pursuant to the business purposes and in line with our retention policies. We will only keep your personal data for as long as is reasonably necessary taking into consideration the purposes outlined above or to comply with legal, accounting or reporting requirements under applicable law(s).
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Personal data received from prospective candidates shall be retained in accordance with the retention criteria set out in our Candidate Privacy Notice.
Personal data received from prospective customers shall be retained for the duration of the prospective customer’s business relationship with Genpact and in accordance with the retention criteria set out in our Customer Privacy Notice.
For more information on where and how long your personal data is stored, please contact us at [email protected].
7. Existence of automated profiling
Genpact uses automated profiling in limited circumstances relating to email campaigns. As part of our email campaigns, we track when you receive, open, click a link in, or share an e-mail you receive from Genpact using a Genpact managed automated solution. The automated solution profiles the information tracked to evaluate your interest in Genpact’s service offerings and/or promotions. This enables us to identify and target potential customers and/or business partners and aims to provide you with relevant and timely content based on your indicated interests.
8. Data Subject Rights
You may have certain rights in relation to your personal data pursuant to data protection laws in your jurisdiction. To exercise such rights, please contact [email protected]. The rights for certain jurisdictions are explained in further detail below.
Residents of California and Virginia:
Please note that Genpact does not sell or share personal information as defined in sections 1798.140(t) and 1798.140(ah)(1) of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act. Genpact also does not sell the personal information of children under age 16.
Depending on your state of residency, you may have the ability to exercise all or some of the following rights, subject to any exemptions or exceptions in applicable law:
- The right to access what personal information has been collected about you by making a proper Verifiable Consumer Request (VCR). Through a VCR, you may request:
- The categories of personal information collected about you in the preceding 12 months;
- The categories of sources from which personal information is collected;
- The business or commercial purpose for collecting personal information;
- The categories of third parties with whom Genpact shares personal information; and
- Specific pieces of personal information collected about you.
- The right to request deletion of personal information that has been collected about you, subject to certain exceptions.
- The right to request that your personal information be transferred to a third party.
- The right to correct inaccurate personal information, taking into account the nature of the personal data and the purposes of the processing of the personal data.
- The right, if applicable, to restrict sensitive personal information processing.
- The right to non-discrimination against you for exercising any of the rights listed above.
You may exercise your rights with respect to your personal information by submitting a Verifiable Consumer Request on Genpact’s request portal here. You may also submit a request by calling 1(888) 914-9661 and entering in the following ID: 112797. You may designate an authorized agent to make a request on your behalf if necessary. We will use reasonable methods to verify your identity when receiving a request. If collecting new information is necessary to verify your identity, it will only be used for identity purposes; and will be deleted as soon as practical after processing the request and to comply with recordkeeping obligations. To the extent possible, we will provide you with your personal information in a format that you can share with other businesses.
For issues accessing Genpact’s portal, please contact [email protected].
Genpact will respond to a Verifiable Consumer Request within 45 days. Should we require more time, Genpact will notify you of the extension period and the reason for the extension in writing. In some situations and subject to certain exemptions, we may decline a request to exercise the rights above, particularly if we are unable to validate your identity. Depending on your state of residency, you may have the ability to appeal a decision we have made in connection with your VCR.
Residents of Europe:
The right to request access to your personal data and request details of the processing activities conducted by Genpact.
The right to erasure of your personal data under certain circumstances.
The right to request that your personal data is rectified if it is inaccurate or incomplete.
The right to request restriction of the processing of your personal data in certain circumstances.
The right to object to the processing, including the sale or commercial use, of your personal data in certain circumstances.
The right to receive your personal data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.
The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
The right to withdraw your consent provided at any time by contacting us.
In accordance with the GDPR, we will respond to your request within one month upon receipt of your request. Where we are unable to progress your response, we will contact you. In certain circumstances, Genpact may extend the timeline of our response to 3 months in accordance with applicable law.
To exercise your rights with respect to your personal data, you can submit a data subject request on Genpact’s request portal here. For issues accessing Genpact’s portal, contact [email protected].
You may find further information specific to residents of Europe by visiting our GDPR page.
Residents of Poland:
Should you have any questions or would like to exercise any of the rights, please contact the Genpact Data Protection Officer for Poland, and for Genpact PL sp. z o.o., Genpact Poland sp. z o.o.
Andreea Tipa EU Data Protection Officer
Residents of Australia:
Genpact recognizes that individuals must have the option to not identify themselves, or to use a pseudonym when liaising with Genpact. We seek to provide this option to the extent possible. However, due to the nature of Genpact’s business operations, it is impracticable in most cases for Genpact to deal with individuals who have not identified themselves or who use a pseudonym.As a resident of Australia, you have the following rights:
- The right to have your personal information de-identified and/or destroyed.
- The right to require that any personal information held by Genpact is accurate, up-to-date, and complete. If the information is inaccurate, incomplete and/or out-of-date, you have the right to request that it is corrected.
- The right to know when and how your personal information is collected, used and disclosed.
- The right to “opt out” of your personal information being used for direct marketing purposes.
- The right to request Data Holders and accredited bodies to share information relating to yourself, with consent, in a standardized machine-readable format.
If you would like to exercise any of the above rights, please contact [email protected].
Residents of the Philippines:
The right to be informed that your personal data will be, has been, or is being collected and processed.
The right to access to your personal data.
The right to object to processing of your personal data if the personal data processing involved is based on consent or on legitimate interest.
The right to erasure or blocking of your personal data under certain circumstances.
The right to damages under certain circumstances
The right to file a complaint with the National Privacy Commission (NPC) if your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated.
The right to rectify your personal data under certain circumstances.
The right to data portability.
Should you have any questions or would like to exercise any of the rights listed above, please contact the Genpact Data Protection Officer for the Philippines at [email protected].
Residents of Mexico:
The rights of access, rectification, cancellation and opposition under certain circumstances.
The right to revoke or request to limit, at any time, the consent you have granted and that is necessary for the processing of your personal data.
If you would like to exercise any of the above rights, you must submit your request in writing to:
- Person in charge of Personal Data
EDM, S. DE R.L. OF C.V.
Ave. Hermanos Escobar 7651, Col. Partido Escobedo, C.P. 32330, Ciudad Juarez, Chihuahua, Mexico
Any changes or modifications to this Privacy Notice will be available at www.genpact.com.
Residents of Brazil:
Residents of Brazil have the following rights:
- The right to access to your data, as well as to correct incomplete, inaccurate or out-of-date data;
- The right to anonymize block or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD;
- The right to have your data deleted;
- The right to have information about public and private entities with which the controller has shared your data;
- The right to data portability;
- The right to have information about the possibility of denying consent and the consequences;
- The right to revoke consent.
If you would like to exercise any of the above rights, you must submit your request in writing to [email protected].
Residents of South Africa:
- Request access to your personal data and request details of the processing activities conducted by Genpact and third parties, within a reasonable time and at a prescribed fee, if any.
- Request that your personal data is rectified if it is inaccurate or incomplete, irrelevant, excessive, out of date, misleading or obtained unlawfully.
- Request the destruction or de-identification of your personal data where Genpact is no longer authorised to retain the information.
- Request restriction of the processing of your personal data by Genpact in certain circumstances.
- Object to the processing of your personal data in certain circumstances.
- Receive your personal data in a structured, commonly used and machine-readable format in certain circumstances.
- Lodge a complaint with the Information Regulator.
- Object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
- Withdraw any consent you have provided to us at any time by contacting us.
Should you have any questions or would like to exercise any of the rights listed above, please contact [email protected].
9. Contact us and information regarding complaints
Please contact us with any concerns you may have. You can contact us by writing to us at [email protected].
10. Changes to our privacy notice
This privacy notice was last updated in December 2022 and Genpact will notify you of changes we may make to this privacy notice where required. However, we would recommend that you look back at this notice from time to time to check for any updates.