In Short: We process your personal information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Sites for a variety of business purposes described below. We process your personal information for these following purposes in reliance on our legitimate business interests ("Business Purposes"), in order to perform a contract with you ("Contractual"), with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below. We use the information we collect or receive to:

• Fulfil and manage your orders.
• Request Feedback. We may use your information to request feedback and to contact you about your use of our services.
• To send you marketing and promotional communications. We and/or our third party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You may opt-out of our marketing emails at any time by writing to us.
• For other Business Purposes. We may use your information for other Business Purposes, such as Data Analysis, identifying usage trends, determining the effectiveness of our services and to evaluate and improve our business and your experience. To manage, administer and fulfill the obligations under contracts, and regulations- Where Birlasoft is in a contractual relationship with you (other than an employment relationship), your employer or your company, or is taking steps to enter into such a contractual relationship, we may need to process your personal data, usually limited to name, business contact details and job title in order to enter into and/or fulfill the obligations arising from the same contract, such as providing you or your employer or company with the services you have requested or make use of the services that you or your employer or company are offering to us. We will also process such personal data for ancillary tasks related to our daily business activities, such as accounting, auditing, reporting (to regulators and authorities) and to comply with applicable regulations. from administering a service, you have requested from us. We will only use your personal data for the purposes for which we collected it Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
• Birlasoft Websites, its associated products or services and hosted contents, are not intended for the use by children.
• As such we do not knowingly solicit or collect personal information online from children without prior verifiable parental consent. If we understand that a child has submitted personal information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose.

In Short: We will only share information with your consent, to comply with laws, to protect your rights, or to fulfil business obligations or contractual obligations.

We may process internally or share your data with third parties including third party service providers based on the following legal basis:

• Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
• Legitimate Interests: We may process your data when it is reasonable necessary to achieve our legitimate business interests.
• Performance of a contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
• Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activity, or as evidence in litigation in which we are involved

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • ”Third parties” includes third-party service providers (including contractors, consultants and agents) and other entities within our group. The following activities may be carried out by third-party service providers: hosting and other internet services, data storage and analytics, marketing research and campaign management, event organizers and caterers. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law. We may also need to share your personal data with regulators or to otherwise comply with the law.
  • Transferring your personal data outside of your country of residence We may transfer the personal data we collect about you to one of more countries outside of your country of residence or outside of the country in which you access this website, including India, in order to perform one of the activities listed above in which case we have put in place the appropriate measures to ensure that your personal data will be secure according to the laws of the country in which you reside. If you require further information about these protective measures, you can request it by emailing us at privacy@birlasoft.com

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access this from within a secure environment. Please note that we are privacy compliant, ISO 27001:2022 and ISO 27701:2019 certified and have also implemented the NIST CSF.

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for e.g. because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

In Short: In some regions, such as the European Economic Area (EEA) and India, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA and India), you have certain rights under applicable Data Protection laws. These may include the right:

•  to request access and obtain a copy of your personal information
• to request rectification or erasure
• to restrict the processing of your personal information
• If applicable, to data portability
• Right to withdraw your consent
• Right to Nominate

In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the data subject request form and contact details as provided below. We will consider and act upon any request in accordance with applicable Data protections laws.

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

If you are resident in the EEA and you believe we are unlawful processing your personal information, you also have the right to complain to your local Data protection supervisory authority. You may find their contact details here https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Non-EEA like India resident for other data protection laws, where applicable, can contact the nominated data protection supervisory body in that jurisdiction

Cookies and Similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove and reject cookies. If you choose to remove or reject cookies, this could affect certain features of our Site. To opt out of interest based advertising by advertisers on our sites, http://www.aboutads.info/choices/.

In Short: We may use Cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our cookie policy.

Most web browsers and some mobile operating systems and mobile applications include a DO-Not-Track feature (DNT) or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted, that we must follow in the future, we will inform you about that practice in the revised version of this privacy policy.

We do not use automated decision-making.

The policy is subject to modification from time to time. If we make any substantial changes to this policy, we will post those changes at the top of this page or notify you by other means such as email etc.

If you have questions or concerns about our privacy practices, or this Policy, you may contact our Data Protection Officer (DPO) Sanjeev Singh by email at privacy[at]birlasoft[dot]com