Last updated on September 28, 2023

Infosys Limited, its subsidiaries and branch operations hereinafter referred as ‘Infosys’, ‘we’, ‘us’ or ‘our’ is committed to respect your privacy and choices. The privacy statement (hereinafter “Privacy Statement” or “Statement”) highlights our privacy practices regarding Personal Information that we collect and process in compliance to applicable data privacy regulations.

Objective:

Through this privacy statement we intend to provide a synopsis of our privacy practices regarding Personal Information that we collect and process about you through various sources. Although the primary focus of this statement is on the data collected and processed through our websites, that link to this Privacy Statement, which include www.infosys.com, www.infosysbpm.com, www.infosysequinox.com, and their sub-domains such as blogs.infosys.com, abm.infosys.com, etc. (Collectively referred to as “Infosys Websites”), our adherence to the below mentioned principles remain across the organization towards personal data processing. Depending on the purposes of processing and your relationship with us as a data subject, we may provide additional customized privacy statements, more information on which can be found below.

The scope of this Statement covers the categories of personal data collected, how we use or process such data, who are the recipients of such data, and your associated rights under applicable laws including how to exercise the same. The applicability of the Privacy Statement is global, however certain additional information may be relevant to you depending on the country where you reside. Such additional terms, based on these particular countries or regions, are called out in region-specific statements below.

Wherever we may have provided the translation of our Statement in local languages, as per applicability, in case of a conflict between the local language and the English version, the English version shall prevail.

1. Personal Information that we process and use

1.1 Personal Information that we process

We may collect the following categories of Personal Information:

  • Information collected as part of your visit and usage of our websites, such as Internet Protocol (IP) address, demographics, your computers’ operating system, device information, telemetry data and browser type and information collected via cookies or similar tracking technologies. As a website visitor who merely browses our websites (including the hosted content), without submitting any additional data, this is the most relevant paragraph for applicable data processing.
  • Personal and Contact details, such as, Name, title, e-mail address, phone numbers, address, designation, Company/Organization, Industry, Location (in terms of City/Country), LinkedIn profiles/URLs (or similar professional data set).
  • Login credentials, such as Username and Passwords, when you register for any of our applicable services.
  • Audio-Visual information such as photographs or images captured, video recordings (if enabled), when attending any of our events, webinars etc.
  • Queries, comments, or feedback as submitted by you, including any correspondence you have made with us.
  • Preferences relating to marketing communications, interest areas, subscription details, dietary preferences/allergies (in relations to events we may organize).
  • Additionally, we may collect certain data points based on the categories of data subject and their relationship with us, as are detailed out in additional Privacy Statements for relevant categories of data subjects at the end of this Statement.

1.2 Sources of Personal Information

We may collect the aforementioned Personal Information through various sources, such as mentioned below:

  • Submitted by yourself, through our Website forms, applications on our portals, or by contacting/emailing our official contacts.
  • Shared to Infosys employees, such as our sales or marketing representatives.
  • Shared with or by Infosys’ affiliates.
  • Shared by the employers of the visitors and contractors, where applicable.
  • Sourced from public websites and social media, including your publicly accessible profiles.
  • Shared by our suppliers, vendors and service providers.
  • Sourced via Cookies and similar tracking technologies as deployed on our website (details are available in the Cookie Policy).

1.3. Use of your Personal Information

We may use your Personal Information for the following purposes:

  • to provide better usability, troubleshooting and site maintenance
  • to understand which parts of the website are visited and how frequently
  • to create your login credentials, where applicable
  • to identify you once you register on our website
  • to facilitate communication with you, including contacting you and responding to your queries or requests
  • to offer curated content tailored to your preferences
  • To enable marketing and sales related communications and related purposes
  • to provide access to podcasts available on our website(s)
  • to know your interest of participation in ideathons or other competitions
  • as a participant of any competitions and/or award ceremonies organized by us, to publish your name and corresponding details to make them available to larger audience on the Internet (including details of awards won); for the jury members and other associated delegates and speakers, to publish their name, title, photograph, and bio in a similar manner
  • to invite you for events, seminars and equivalent ceremonies organized by us and related purposes such as running marketing or promotional campaigns, including such promotions or publications on social media
  • to publish testimonials and case studies
  • to generate and maintain leads as part of our Customer Relationship Management database
  • to perform data analytics for providing a better user experience, enhance website performance and achieve business objectives
  • to enhance and optimize our business operations, applications, systems, and processes, including operation and management of our communication assets and systems, ensuring and strengthening information security, maintenance of audit trail and associated records,
  • to protect your data and Infosys assets from information security threats and to secure against any unauthorized access, disclosure, alteration, or destruction
  • to comply with applicable laws and other legal requirements, such as regulatory filings, record-keeping and reporting obligations, cooperating with government authorized inspections or requests, protecting our legal rights, and seeking remedies, including defending against any claims or engaging in legal proceedings, responding to subpoenas or court orders and managing documentation for related purposes
  • to enhance your website experience and other associated purposes by deploying cookies or similar technologies. These may serve different purposes. For example, some of the cookies may be necessary for the operation of the website, while others are used to ensure its seamless performance. They may also enhance the functionalities provided on our website, help us understand how our online services are used, or to determine the interests of our website visitors. Additionally, our advertising partners collaborate with us to provide and assist in the use of such technologies on Infosys and other sites. For more information, refer to the cookie policies of our respective domains as called out below.
    • For Infosys.com and associated sub-domains, please refer to this cookie policy.
    • For Infosysbpm.com and associated sub-domains, please refer to this cookie policy.
    • For Infosysequinox.com and associated sub-domains, please refer to this cookie policy.

1.4. Legal basis of the processing

The applicable privacy and data protection laws provide for certain justifiable grounds for collection and processing of personal data, commonly referred to as legal basis of processing. We primarily rely on the following legal bases:

1.4.1 We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract, e.g., when you would engage with us for receiving our services and offerings, or when managing the data of our employees for ensuring the performance of their employment contract.

1.4.2 We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights), e.g., when we need to understand your usage of our website and interaction with the same, for generating your secure login credentials, or to optimize our processes.

1.4.3 We process your Personal Information with your consent. Where we process Personal Data based on consent, your consent is revocable at any time, e.g., when registering and inviting you for events organized by us, or for sharing our marketing related communications with you.

1.4.4 We may process your personal Information to comply with any Legal obligations on us, including to applicable laws and protecting our legal rights, seeking remedies, and defending against claims.

2. Consequences of not providing Personal Information

If you choose not to provide your Personal Information that is mandatory to process your request, we may not be able to fulfill the relevant purpose of processing, including provision of any services to you, if applicable.

3. Data recipients, transfer, and disclosure of Personal Information:

3.1 Infosys does not share your Personal Information with third parties for their direct marketing purposes.

We share your Personal Information within

  • Infosys or with any of its subsidiaries;
  • Business partners;
  • Service providers;
  • Authorized third-party agents; or
  • Auditors, and/or government authorities, where applicable.

3.2 Facilitating International Data Transfers:

We may transfer Personal Information to countries outside of your country of residence, either to Infosys group of companies or third parties, including to countries which have different data protection standards from those which apply in your country or region of residence. The locations of Infosys group companies are set out here. Our service providers are located globally; however, the primary locations are in USA, Canada, Australia, Singapore, Hong Kong, India, and UK.

Where we may transfer the data outside your country or region of residence, we shall take reasonable and appropriate steps in line with applicable laws while executing such transfer. For additional details on international transfer of data outside of your country or region, based on your residence, please refer to our region-specific Privacy Statements called out below.

Please contact us as set out below if you would like to obtain a copy of the methods used when executing such international transfer as per applicable laws. When required, Infosys may disclose Personal Information to external law enforcement bodies or regulatory authorities, in order to comply with legal obligations.

4. Your Rights:

4.1 Subject to the laws of your country, you may have certain rights as a data subject (including but not limited to right to information, access, rectification, erasure, object, restriction of processing, right to complain), relating to your Personal Information that we process. Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal.

Your rights as a data subject may differ based on your applicable jurisdiction. Please refer to region-specific data privacy statements for more information on the same.

4.2 Exercising your rights: For exercising your rights, we may need to request certain information from you for ascertaining your identity and confirming that you are entitled to exercise the same. You can exercise your rights by contacting us at privacy@infosys.com

4.3 Preference Center: You can choose to update your Infosys Marketing communications preferences from our Contact Preference center.

5. Data security

At Infosys, there exists a perfect balance between Governance, Process and Technology, the combination of which has established Infosys' commitment to its customers and stakeholders. Infosys adopts reasonable and appropriate security controls, practices and procedures including administrative, physical security, and technical controls in order to safeguard your Personal Information.

6. Data retention

Personal Information will not be retained for a period more than necessary to fulfill the purposes outlined in this privacy statement unless a longer retention period is required by law or for directly related legitimate business purposes. Personal Data that is no longer required to be retained as per legal and business requirements will be disposed in a secure manner.

7. Contact your Local Data Protection Authority

If you are unhappy with how we safeguard your personal data, depending on the laws of the countries where you reside, you have the right to bring a complaint to your local data protection authority.

8. Linked websites

Our privacy practices regarding Personal Information that we collect and store about you through our portals such as Recruitment and Global Alumni will be as per the privacy policy of those portals.

Infosys provides links to third-party websites and services. However, Infosys is not responsible for the privacy statements, practices, or the contents of such third-party websites.

9. Children’s Privacy

Infosys Websites, its associated products or services and hosted contents, are not intended for the use by children.

As such we do not knowingly solicit or collect personally identifiable information online from children without prior verifiable parental consent. If Infosys Limited learns that a child has submitted personally identifiable information online without parental consent, it will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children, please email us at privacy@infosys.com.

10. How to contact us

If you have any questions regarding our privacy practices or this privacy statement, or to request this privacy statement in another format, please contact us at:
Contact person: Srinivas P
Contact address: Data Privacy Office, Infosys Limited, Electronics City, Hosur
Road, Bangalore 560 100, India
Phone: +91 80 2852 0261
Email: privacy@infosys.com

11. Updates to this privacy statement

Infosys may change the data privacy practices and update this privacy statement as and when the need arises, and the same will be made available on the website. However, our commitment to protect the privacy of website users will continue to remain.

Privacy Statements for Other Categories of Data Subjects

*Detailed privacy notice will be provided when one applies for a job or internship in Infosys through careers page available on Infosys website.

Categories of Personal Information (including sensitive personal information) that we process:

Candidate name, Contact details, Resume, Date of Birth, Educational qualification including skill details, Employment related information, details pertaining to background checks, passport details (only if shortlisted). Few other details collected such as web address, willingness to travel, etc. (optional), Financial details and national identification details (only in selected countries, where required by law)

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

  • To assess candidate’s suitability towards job requirement as part of the recruitment or internship selection process and other associated processes including background verification by our authorized vendor,
  • To carry out various employer related activities if you are selected to join the organization and to enable us to ensure that we are compliant with any applicable labor and/or other relevant laws.

Legal Basis of Processing:

We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract or based on your consent, as per applicable laws.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, business partners, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external), and Infosys’ Clients (where applicable) based on contractual obligation.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

* Detailed privacy notice for our employees will be provided at the time of onboarding. For our alumni, a detailed privacy notice is available on our Alumni Portal.

Categories of Personal Information (including sensitive personal information) that we process:

Contact Details, Family Particulars, Educational Qualifications, Personal Details, Work experience details, National identification information, Official Identifications details, Salary, Compensation, taxation, benefits, claims and other financial information, Performance and development records, Digital Access and IT related information, Travel-related records, Health and safety records, Background checks and screening details, Leave and Attendance records, Information we obtain from monitoring the use of our official systems and networks (as permitted by applicable laws).

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

  • To assist in the onboarding you as an employee, other associated processes, and to carry out various employment related activities and to enable us to ensure that we are compliant with any applicable labor and/or other relevant laws.
  • As an alumni/ex-employee, to contact you and enable you to take part in our alumni related engagements, be a part of the alumni community, help you with documents and details related to your employment with Infosys, share current job opportunities at Infosys and enable you to apply for them (where applicable).

Legal Basis of Processing:

The above data elements are collected under one or more of the following lawful basis of processing –

  • Performance of a contract
  • Legal Obligation
  • Legitimate business interest
  • Consent

Data Recipients/Accessible to:

Your Personal Data will be accessible to certain authorized Infosys employees in internal functions such as Human Resources, Finance, Project Delivery Units, etc.; and to our authorized service providers or agents who may require access to the same for processing in relation to the above stated purpose(s); Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable); Auditors (internal/external); Infosys’ Clients (where applicable) based on contractual obligation; Any other parties expressly or impliedly authorized by you for receiving such disclosures.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

Categories of Personal Information (including sensitive personal information) that we process:

Name, User ID, Password, DP ID, Folio/Client ID, PAN, Demat accounts, Residential status, Legal Status, Email Id, Address, Date of birth, Estimated Income, etc.

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information

We use your Personal Information for the following purposes:

For purpose of administering tax deduction on source for dividends paid out by Infosys to its shareholders

Legal Basis of Processing:

We process your Personal Information to comply with legal obligations arising under applicable laws and regulations.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, business partners, tax consultants and authorities, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external).

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

*Visitors privacy notices are also displayed at the visitors’ entrance in Infosys offices.

Categories of Personal Information (including sensitive personal information) that we process:

Visitor Name, Contact Details, Organization, Assets Information (if any), Date and purpose of visit, Photograph, and images/footage captured on CCTV or other video and related security/monitoring systems.

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

To allow access to Infosys premises.

Legal Basis of processing:

We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or based on your consent, wherever applicable.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external), Infosys’ Clients (where applicable) based on contractual obligation.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

Categories of Personal Information (including sensitive personal information) that we process:

Vendor name and contact details, address, tax related details, Contact details of Vendor POC

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information

We use your Personal Information for the following purposes:

  • For vendor empanelment
  • Purchase order and Invoice creation.
  • For facilitating communications with you
  • For submitting quotations

Legal Basis of Processing:

We process your Personal Information when it is necessary for the performance of a contract to which you are the party or based on your consent, as per applicable laws.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, tax consultants and authorities, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external).

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.