As a globally integrated company, Concentrix’s business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the Concentrix group of companies, but also the world-wide processing, sharing and use of multiple types of information including information about an individual whose identity is apparent (either directly and indirectly), or can be reasonably be ascertained from the information available or likely to be available (Personal Information).
This Policy letter sets forth the general principles which underlie Concentrix’s specific practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing Personal Information.
This Policy applies to all Concentrix personnel, operating units, and wholly owned subsidiaries worldwide and (as transferred and agreed) with suppliers/business partners who must act consistently with the principles contained in the policy. Country and industry-specific laws and regulations shall take precedence over this policy, to the extent applicable. The application of these principles is more particularly described in the applicable Concentrix Corporate Instructions (and any accompanying implementation Guidelines) relating to processing Personal Information. Please read this policy along with the company guidelines for use and processing of Personal Information to understand how Concentrix plans to achieve the set principles.
Concentrix remains committed to protecting the privacy and confidentiality of Personal Information of its Employees (including prospects and contractors), Clients, Client Customers, Business Partners and other identifiable individuals that it may receive, use, access, process, transfer or store as part of its business. Uniform practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing such information assists Concentrix to process Personal Information fairly and appropriately.
Concentrix may collect personal information from various persons as part of the services it may render to them, or in the course of its business. Based on the information being collected and nature of services or requirement, Concentrix will apply suitable mechanisms to ensure that Concentrix has a lawful basis for receiving, accessing, using, processing, transferring, storing and/or disposing such personal information.
4. General Privacy Principles
These general principles apply to the processing of Personal Information world-wide by Concentrix.
Concentrix understands its accountability and responsibility for any Personal Information that it may receive, use, process, store as part of its business. Accordingly, it will:
I. have appropriate corporate instructions, guidelines and other measures to be able to demonstrate that Personal Information is used/ stored / processed / retained / disposed / transferred in compliance with applicable law and other applicable guidelines;
II. designate an individual or individuals who are accountable for the organization’s compliance with the Privacy principles; and
III. ensure the availability of required policies, procedures and contacts for management of personal information; these being reviewed at a minimum annually or as and when there is a change warranted.
B. Fairness and Purpose:
Concentrix will collect adequate, relevant and necessary Personal Information, and will process such information fairly and lawfully for the purpose it is collected. The purpose of collection will be specified not later than at the time of data collection, or on each occasion of change of purpose.
Concentrix will keep Personal Information as accurate, complete and up-to- date as is necessary for the purpose for which it is processed; and provide appropriate channels for the same.
D. Disclosure and Data Sharing:
Concentrix will make Personal Information available inside or outside Concentrix under appropriate circumstances for business purpose only or as authorized by law. This may require Concentrix to transfer personal information to countries other than Concentrix operation’s country of business (including transfer to other entities or third parties).
Concentrix will implement privacy principles for the use / processing/ transfer / storing/ disposal of personal information as may be prescribed under applicable laws.
E. Cross-Border Data Flows:
When conducting business, working on Company projects, or implementing new processes or systems, an operation may require the transfer of personal information to other entities or third parties that are located outside of the Concentrix operation’s country of business. While permissible data transfer mechanisms are defined by applicable law or regulation, examples include:
i. a data transfer agreement with the party who will access or obtain the personal information; or
ii. notice to and/or approval from a country’s local data protection authority; or
iii. notice to and/or consent from the individual whose data is to be transferred.
Concentrix will implement reasonable technical and organizational measures to safeguard Personal Information and instruct third parties processing Personal Information on behalf of Concentrix to process and manage it in a manner which is consistent with Concentrix standards (for Concentrix owned information) or Concentrix Client standards (for Client information), as may be applicable.
Upon request, Concentrix will, within a reasonable time, manner, and in a readily intelligible form provide individuals appropriate access to Personal Information retained by Concentrix. Concentrix has the right to deny the request; however, the reasons of denial will be provided. Concentrix will erase, rectify, complete, or amend the data pursuant to a justified request.
H. Retention and Disposal:
Concentrix will retain Personal information in a form that permits identification for no longer than as necessary for the fulfillment of the stated purpose, and should be disposed thereafter.
Concentrix will be transparent, and make readily available to individuals, specific information related to management of Personal Information.
Concentrix will follow appropriate policies and practices agreed with its clients for the safe handling of Personal Information that it processes on behalf of its clients.
5. Enforcement and Redressal
Concentrix will provide appropriate robust mechanisms for assuring compliance with the Principles, and address grievance and / or provide recourse for individuals who are affected by non-compliance with the Principles.
6. Contacting Concentrix’s Data Privacy Office