Scope

Mphasis is committed to protect Privacy rights of individuals whose personal information is provided to us. We make use of the right mix of best in class Security, Privacy and Data Protection Policies and Procedures to safeguard all personal information we collect, process, transfer or store rightly as received under lawful contracts.

Mphasis' Privacy principles support the highest Privacy standards in international trade and commerce and human resource management. We ensure all our employees comply with our Privacy and Security policies.

Personal information means any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with Mphasis and is capable of identifying such person.

Personal information may be obtained under lawful contracts from the Clients or from other credible sources as deem fit.

This Privacy Policy governs all data protection policies, standards, procedures and guidelines for conducting business effectively and efficiently.

This scope applies to providers of personal information and subjects whose private information is submitted to Mphasis Ltd or any of its subsidiaries.

General Privacy Principles

Mphasis will adhere to the following Privacy principles:

Notice and Choice

  • Personal information including sensitive personal data may be received, processed, transferred or stored by Mphasis under lawful contracts entered into with its providers.
  • The types of sensitive personal information received by Mphasis may include the following but not limited to: 
- 
Password(s) 


- 
Biometric information 


- 
The racial or ethnic origin of the data subject 


- 
Political opinions 


- 
Religious beliefs or other beliefs of a similar nature 


- 
Physical, physiological and mental health condition 


- 
Sexual orientation 


- 
Medical records and history 


- 
Financial information such as bank account or credit card or debit card or 


- 
Other payment instrument details
  • Any of the information received under above clauses by Mphasis for processing or storing under a lawful contract or otherwise provided that, any information that is freely available or accessible in public domain or furnished under the Right To Information (RTI) Act, 2005 of India or any other law for the time being in force, shall not be regarded as sensitive personal data.
  • Mphasis will provide notice and choice to the provider / individual(s) regarding the type of personal information collected and used.
  • Mphasis will not collect personal data from any provider or natural person unless consented to and/or is required and permitted to do so under lawful contract.
  • Mphasis will not sell, rent or lease personal information received from any provider or natural person unless permitted through a lawful contract.
  • Only personal data (i.e. Data relating to living individuals) is covered by this policy.

Consent, collection limitation and usage limitation

  • Collection of personal information will be limited to the business requirement.
  • Mphasis will make all the rightful efforts to ensure it uses the received personal information only for the consented purposes under a lawful contract.
  • Employee data collected at the time of joining and during the course of employment would be dealt with and be subject to Data Retention Policy of the Company and subject to disclosure as required by laws in force.

Access and Correction

At any time, the provider can request regarding their own personal information maintained at Mphasis for various purposes. Mphasis will respond to such requests as soon as possible after confirming the authenticity of the requestor and the request.

Data Security

Mphasis has established its policies, standards and procedures in line with ISO 27001 Information Security Management System and the India Information Technology Act 2008 to ensure the completeness, accuracy and security of the sensitive personal information.

Disclosure to third party(s)

  • Personal information will be shared with third parties only under a lawful contractual and/or service agreement in line with the data provider's consent.
  • Personal information transfer to a third party will be performed only after ensuring the third party has implemented all the required Security and Privacy controls which are equal to or greater than that at Mphasis.

Oversight and grievances

The Grievances officer can be contacted at: privacy@mphasis.com