Privacy Policy

In Short: We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Sites for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests ("Business Purposes"), in order to perform a contract with you ("Contractual"), with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below. We use the information we collect or receive to:

• Fulfil and manage your orders.
• Request Feedback. We may use your information to request feedback and to contact you about your use of our services.
• To send you marketing and promotional communications. We and/or our third party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You may opt-out of our marketing emails at any time by writing to us.
• For other Business Purposes. We may use your information for other Business Purposes, such as Data Analysis, identifying usage trends, determining the effectiveness of our services and to evaluate and improve our business and your experience.

In Short: We will only share information with your consent, to comply with laws, to protect your rights, or to fulfil business obligations.

We may process or share data based on the following legal basis:

• Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
• Legitimate Interests: We may process your data when it is reasonable necessary to achieve our legitimate business interests.
• Performance of a contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
• Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activity, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access this from within a secure environment. Please note that we are privacy compliant, ISO 27001:2013 certified and have also implemented the NIST CSF (which was assessed by an independent third party vendor and confirmed to be at a higher maturity state).

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for e.g. because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

In Short: In some regions, and based on the various regulations, you may have rights that allow you greater access to and control over your personal information. These may include the right:

• to request access and obtain a copy of your personal information
• to request rectification or erasure
• to restrict the processing of your personal information
• to data portability in accordance with the EU General Data Protection Regulation

As we want to make sure that your personal data is accurate and up to date, you may also ask Birlasoft to correct or remove any information which you think is inaccurate. To make such a request, please use the data subject request form and we will consider and act upon any request in accordance with applicable Data protections laws.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal.

If you are concerned about an alleged breach of privacy law or any other regulation by Birlasoft or wish to raise a complaint on how we have handled your personal data, you can contact us in the mentioned email id given in Contact Us section of privacy policy given below to have the matter investigated. Birlasoft Privacy leader will investigate your complaint and give you information about how it will be handled.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you also have the right to complain to the data protection authority in your country, or refer the matter to a court of competent jurisdiction or as specified in any applicable engagement agreement with Birlasoft.

Cookies and Similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove and reject cookies. If you choose to remove or reject cookies, this could affect certain features of our Site.

In Short: We may use Cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our cookie policy.

Most web browsers and some mobile operating systems and mobile applications include a DO-Not-Track feature (DNT) or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted, that we must follow in the future, we will inform you about that practice in the revised version of this privacy policy.

We do not use automated decision-making.

If you have questions or concerns about our privacy practices, or this Policy, you may contact our Data Protection Officer (DPO) Sanjeev Singh, by email at privacy[at]birlasoft[dot]com