Enterprise Online Privacy Statement
PRIVACY AND DATA PROTECTION AT DXC
This policy has been updated on November 16, 2020 to reflect DXC’s continued commitment for international data transfers after DXC suspended its participation in the EU-U.S. Privacy Shield Framework.
At DXC our commitment to privacy goes beyond the minimum legal and regulatory requirements. We strive for best-in-class data protection and privacy management, which requires a sound data privacy governance structure and an effective data privacy compliance and best practices program to ensure DXC meets ever-changing and increasingly complex regulatory standards and all contractually agreed privacy obligations.
DXC's Global Privacy and Data Protection Office has strategic and operational responsibility for this program, which is adequately resourced and appropriately organized to ensure the policies and compliance processes, lchqlj.com and physical controls and security we rely upon to govern the collection, use, storage and transfer of personal data all over the world meets statutory and regulatory requirements. Therefore, DXC's approach is to coordinate the contribution of several corporate disciplines - including ethics and compliance, legal, human resources, and information and physical security - to achieve our "best in class" data protection and privacy management objectives.
Strong board and executive management commitment to DXC's compliance with privacy law through appropriate organizations and programs.
DXC’s Ethics and Compliance
- The Ethics and Compliance organization’s charter and responsibilities are evidenced by Board resolution, which assigns day-to-day management responsibility for DXC’s ethics and compliance program to DXC’s Vice President, Ethics and Compliance.
- The Ethics and Compliance Mission: Promote throughout the global DXC lchqlj.com community a culture of performance with integrity that encourages ethical conduct and values, and drives compliance with the Code of Business Conduct, internal policies, and the law.
DXC's Global Privacy and Data Protection Office (PDPO).
- Led by DXC’s Group Data Protection Officer based in the European Union (EU), DXC's global PDPO is a well-resourced and qualified strategic compliance function that operates under the ity of DXC's Ethics and Compliance organization.
- The PDPO is responsible and accountable to advise DXC's businesses on best practices in privacy compliance, and to develop policies, procedures, training, risk assessment and monitoring programs that enable DXC to provide adequate levels of personal data protection for its clients, employees and other relevant individuals in all geographies and jurisdictions the world over.
Compliance Policies, Standards, and Processes.
- A strong, globally applicable Privacy and Data Protection Policy which reflects the Generally Accepted Privacy Principles ("GAPP") applicable to the collection, use, storage, and processing of personal data.
- Comprehensive and cohesive compliance standards, processes, and procedures, which ensure consistent privacy and data protection across all of DXC's legal entities and businesses.
Employee Training and Awareness
- DXC takes a holistic approach to ensure privacy-aware employees throughout the employment lifecycle including new-hire instructions, annual awareness briefings, targeted training for high-risk populations, and periodic awareness messaging.
Strong Risk Management Programs
- In light of the inherent exposures to DXC's operational and strategic goals, DXC is committed to ensuring that risk management is a core competency, and an integral part of DXC's business operations that supports and informs reliable, quality decision making.
- Subject to the Chief Risk Officer’s management and direction, the resources in both the Ethics and Compliance organization and its Privacy and Data Protection Office are integral parts of DXC's overall risk assessment program and posture, which includes internal and external audit and monitoring functions.
- With regular privacy risk assessments, the PDPO monitors emerging exposures and remediates weaknesses in an effort to constantly mature DXC's compliance capabilities.
A consistent Privacy Impact Assessment program is carried out on new and changed services, systems, and processes, aiming to disclose potential issues before they become a problem.
Formal data breach handling procedures and a robust 24/7 operated incident response center supplement regulatory and contractual notification requirements, enabling constant vigilance and readiness in case of a crisis.
Strong, Collaborative Cross-Disciplinary Partnerships
- Inclusive of key internal stakeholders, including strong collaborative ties to DXC’s information and physical security, legal, human resources, and key business unit personnel without whom strict compliance with privacy laws is not possible.
Flexible Service Delivery Model
- A strong and robust global service delivery model that is flexible enough to meet the privacy requirements of the highly sensitive, regulated, and classified data environments.
Formal Dispute Resolution Mechanism
- A one-stop point of contact for our employees and clients for any privacy related matters regardless of the geography, business, or service. If you have specific concerns or requests, please feel free to send an email to firstname.lastname@example.org .
Personal information is any information that personally identifies an individual or from which an individual could be identified. This may include a name, address, telephone number, email address and other private personal attributes.
DXC collects, uses, stores and transfers (collectively “processes”) personal information to manage its relationship with its customers, employees, business partners and other third parties (“covered individuals”) and better serve covered individuals by personalizing their experience and interaction with DXC. Such processing is done in compliance with applicable laws, including appropriate notice and consent, along with required filings with data protection ities, where required.
DXC may collect and process personal information through a variety of means, including, as examples, access to DXC sites or services, or other ordering channels, employment processes, during conversations or correspondence with DXC representatives, through purchase of goods or services or in the course of an online application.
Fulfilling your Transaction Request
If we receive any requests related to, for example, a product or service, a callback, or specific marketing materials, we will use your personal information to fulfill your request. In this context, we may share information with others, for instance, DXC's group companies and business partners, involved in fulfillment. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes subject to applicable laws and regulations.
Personalizing your Experience on our Web Sites
We may use information we collect about you to provide you with a personalized experience on our Web sites, such as providing you with content in which you may be interested and making navigation on our sites easier.
The information you provide to DXC, as well as the information we have lawfully collected about you indirectly, may be used by DXC for marketing purposes. We will offer you the opportunity to opt-in to DXC using your information in this way. You may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, by visiting the DXC Preference Center, or by contacting DXC directly at email@example.com.
Some of our offerings may be co-branded, that is sponsored by both DXC and third parties, such as DXC Alliance Partners. If you sign up for these offerings, be aware that your information may also be collected by and shared with those third parties. We encourage you to familiarize yourself with their privacy policies to gain an understanding of the manner in which they will handle information about you. If you would like to review, rectify or request deletion of any Personal Information we have about you, you can submit a request by emailing DXC’s privacy office at firstname.lastname@example.org.
In connection with a job application or inquiry, whether advertised on a DXC Web site or otherwise, you may provide us with information about yourself, such as a resume. We may use this information throughout DXC and its group companies in order to address your inquiry or consider you for employment purposes.
Monitoring or Recording of Calls, Chats and Other Interactions
Certain online transactions may involve you calling us or us calling you. They may also involve online chats. Please be aware that it is DXC's general practice to monitor and in some cases record such interactions for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.
Mobile Applications and Use of Information in the Social Computing Environment
DXC makes available mobile applications for download from various mobile application marketplaces. DXC also provides social computing tools on some of its websites to enable collaboration among members who have registered to use them. These include forums, wikis, blogs and other social media platforms.
When downloading and using these applications or registering to use these social computing tools, you may be asked to provide certain personal information. These applications and tools may also include supplemental privacy statements with specific information about collection and handling practices. We encourage you to read those supplemental statements to understand how the tools and applications may process your data.
Protect the Rights and Property
We may also use or share your information to protect the rights or property of DXC, our business partners, suppliers, clients, or others when we have reasonable grounds to believe that such rights or property have been or could be affected. In addition, we reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights, or the rights of others, or to comply with a judicial proceeding, court order, law enforcement or legal process.
DXC will not sell, rent or lease your personal information to others.
As a global organization with business processes, management structures and technical systems that cross borders, DXC may share information about you within DXC and transfer it to countries in the world where we do business in connection with the uses identified above and in accordance with this Privacy Statement. Our Privacy Statement and our internal policies and practices are designed to provide a globally consistent level of protection for personal information all over the world. Even in countries whose laws provide for less protection for your information, DXC will still handle and protect your information in the manner described in this Privacy Statement.
DXC retains service providers, suppliers, and other alliance partners located in various countries to manage or support its business operations, provide professional services, deliver customer services and solutions, and otherwise process information on DXC behalf. It is DXC's practice to require such service providers, suppliers and alliance partners to handle personal data and other confidential information in a manner consistent with DXC's policies.
Circumstances may arise where, whether for strategic or other business reasons, DXC decides to sell, buy, merge or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is DXC’s practice to seek appropriate protection for information in these types of transactions.
Please be aware that in certain circumstances, personal information may be subject to disclosure to government agencies pursuant to judicial proceeding, court order, law enforcement or legal process. We may also share your information to protect the rights or property of DXC, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.
Registration is not required to gain access to DXC websites. However, if you choose to receive certain services, specific material and information your subscription is required on certain DXC websites.
In this regard, DXC may collect personal information from you including your name, phone number, email address, or other information you choose to provide at various times, for example, when you complete an online form or request or participate in an online community.
You can make or change your choices about receiving either subscription or general communications at the data collection point, within your account preference settings or by using other methods, which are listed in this Privacy Statement. You may opt-out at any time using the links at the bottom of any email or via the DXC Preference Center.
Please note, this option does not apply to communications primarily for the purpose of administering business relationships, including contracts, support, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
DXC recognizes and respects the varying national laws and obligations and their impact on cross-border data transfers. When transferring personal information outside of the country of collection for the purposes identified above, DXC will do so in compliance with applicable law.
In the development of DXC’s privacy policies and standards, we respect and take into account the major privacy and data protection principles and frameworks around the world and any amendments applied thereto from time-to-time, including as examples the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, the APEC Privacy Framework, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act.
EU Personal Data Transfers
For personal data originating from a European Union (EU) member state, DXC uses a variety of lawful data transfer mechanisms for this purpose, including EU Standard Contractual Clauses (SCCs).
DXC has an intragroup agreement on the transfer and processing of personal data within the DXC group worldwide which has the EU Standard Contractual Clauses incorporated. This agreement allows DXC to ensure that personal data, including data originating from the EU, which is transferred cross-border and processed by other DXC group companies, including those located outside the EU, is adequately protected in accordance with applicable data protection law.
The decision of the European Court of Justice (ECJ) invalidating the Privacy Shield framework ─ in place to streamline and legitimize data transfers between the US and EU member nations ─ led DXC to suspend its participation in this framework.
Although DXC had been certified for compliance with the Privacy Shield framework, we have used and maintain properly executed data transfer agreements, including the EU Standard Contractual Clauses (SCCs), to legitimize all of our customer personal data transfers globally, including those that were necessary to conduct customer and company business between the US and EU nations. These agreements continue in full force and effect today.
DXC is committed to the lawful treatment and confidential handling of sensitive information, including personal information about California residents, and has adopted a set of global information management policies including privacy and data protection, security, system access, information classification, and other relevant policies governing the collection, use, disclosure, transfer, retention, and deletion of information.
DXC as a “Service Provider” (as defined in the CCPA) confirms that it will process personal information which it retains, uses, or discloses in connection with its performance under any contract: (1) only on behalf of and for the benefit of the “Business” (as defined in the CCPA) from which it has received or on whose behalf it gathered the personal information; (2) only in accordance with the contract and Business’s prior written instructions, if any; unless (3) as otherwise required by the CCPA. DXC confirms that it will not process personal information for any purpose other than for the specific purpose of performing the services specified in the contract.
Security is a high priority for DXC and to protect the personal data and other confidential information and maintain its accuracy and integrity we have implemented appropriate administrative, technical and physical safeguards to prevent unized access, use or disclosure. We require the same high standard of information security and information management of any third parties we share your data with.
We will retain personal information only for as long as legally required or permitted and in accordance with DXC records and information management policies. We respect your right to privacy and upon your request DXC will no longer use your personal information unless required to provide you services or as necessary to comply with DXC’s legal obligations, resolve complaints and disputes, and enforce our agreements.
DXC has implemented lchqlj.com, management processes and policies aimed to maintain data accuracy. According to applicable laws, DXC provides individuals with reasonable access to personal information that they provided to DXC and the reasonable ability to review and correct the data or ask for anonymization, blockage, or deletion, as applicable. To protect your privacy and security when submitting an access request, we will take reasonable steps to verify your identity, such as requiring a password and user ID, passport number and/or other unique personal identifiers before granting access to your data. To submit your access request, please contact the DXC Global Privacy and Data Protection Office at email@example.com.
DXC is committed to resolve any complaints you may have in relation to your privacy and DXC's collection and use of your personal information. Please send any privacy related complaints or requests, including request for access to information to firstname.lastname@example.org.
Where applicable, individuals may also reach out their national privacy ities and ask for their support. DXC is committed to coordinate and collaborate with foreign regulators, such as EU and UK privacy ities.
This site is intended for adult use only. DXC does not knowingly collect information from children as defined by local law, and does not target its websites, social computer tools or mobile applications to children under these ages. We encourage parents and guardians to take an active role in their children’s online and mobile activities and interests and ask that minors should not submit any personal information.
Please note that the web site is constantly being updated and this list will change over time. If you have any additional questions about the use of a particular cookie please do not hesitate to email email@example.com.
We may also provide social media features that enable you to share information with your social networks and to interact with DXC and its group companies on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
We will post a notice at the top of this page notifying users when this Privacy Statement is updated or modified in a material way. If we are going to use your personal information in a manner different from that stated at the time of collection, we will notify you, and you will have, subject to legal and/or contractual provisions, a choice as to whether or not we can use your personal information in such a way.
We value your opinion, if you have any comments or question about this Privacy Statement, DXC's handling of your personal information, or a possible breach of your privacy you can send an email to the DXC Global Privacy and Data Protection Office at firstname.lastname@example.org.
Individuals living inside the EU, UK and Switzerland seeking further information, guidance and advice may also contact their local privacy ities.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.