SAFE HARBOR PRIVACY POLICY
 

SAFE HARBOR PRIVACY POLICY

NIIT respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners and others who may use our services. Not only do we strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but we also aim to uphold the highest ethical standards in our business practices. This Safe Harbor Privacy Policy (the "Policy") sets forth the privacy principles that NIIT follows with respect to transfers of personal information between the United States and member states of the European Union.


SAFE HARBOR

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection (OJ L 45, 15.2.2001, p.47). Consistent with its commitment to protect personal privacy, NIIT adheres to the Safe Harbor Principles.


SCOPE

This Safe Harbor Privacy Policy (the "Policy") applies to all personal information received by NIIT in the United States in any format including electronic, paper or verbal.


DEFINITIONS
For purposes of this Policy, the following definitions shall apply:
"NIIT" means NIIT USA Inc, its successors, subsidiaries, divisions and groups in the United States.
"Personal information" means any information or set of information that identifies or could be used by or on behalf of NIIT to identify an individual. Personal information does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, NIIT will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

PRIVACY PRINCIPLES

Personal information that is transferred to NIIT in the US from the EU falls under one of the following two situations:

  • EU Company provides personal information - NIIT provides customized learning and hosting services to EU companies. In this capacity, NIIT does not own or control any of the information it processes on behalf of NIIT's customer. All such information is owned and controlled by NIIT's customer.

    NIIT receives information transferred from the EU to the US merely as a processor on behalf through a secured medium – SFTP, IPSec, etc. NIIT will not disclose or share this information with anyone and strictly comply with its policy statement.
  • NIIT collects personal information on behalf of EU Company – NIIT collects personal information of the individuals in the EU states on behalf of its customers. NIIT will strictly adhere to its policy and procedure policy while collecting the personal data. NIIT internal assessment team will monitor the adherence on a regular basis.


The privacy principles in this Policy are based on the Safe Harbor Principles.

  • NOTICE:  Where NIIT collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which NIIT discloses that information, and the choices and means, if any, NIIT offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to NIIT, or as soon as practicable thereafter, and in any event before NIIT uses the information for a purpose other than that for which it was originally collected.

Where NIIT receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
NIIT is not responsible for the content of the information it collects, which may include personally identifying information, nor is NIIT responsible for the way its customers treat personally identifying information included in reports.

  • CHOICE:  Where NIIT collects personal information directly from individuals in the EEA, NIIT will offer individuals the opportunity to choose (opt-out) whether their personal information is

    (a) to be disclosed to a non-agent third party, or

    (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

    For sensitive personal information, NIIT will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. NIIT will provide individuals with reasonable mechanisms to exercise their choices.
  • ONWARD TRANSFERS TO AGENTS:  NIIT will obtain assurances from its agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the agent, or being subject to another European Commission adequacy finding. Where NIIT has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, NIIT will take reasonable steps to prevent or stop the use or disclosure.

  • SECURITY:  NIIT will employ reasonable safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.  For personal information subject to electronic storage or transmission, NIIT maintains an internal private, secure global network that is protected from computer virus infection and monitored for unauthorized access.  Both electronic and paper based records holding personal information are maintained in access controlled facilities.

  • DATA INTEGRITY:  NIIT will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. NIIT will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

  • ACCESS:  Upon request, NIIT will grant individuals reasonable access to personal information that it holds about them. In addition, NIIT will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

  • ENFORCEMENT:  NIIT will conduct an annual self-assessment to ensure that this Statement is published and disseminated within NIIT and on its website and that it conforms to the Principles. In addition, NIIT has deployed internal processes to monitor NIIT's compliance with the Principles and to address all questions or complaints. NIIT will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles.

Individuals may raise any concerns or complaints regarding their personal data directly with NIIT by contacting the Senior IT Director, NIIT, whose contact information is as follows: 1050 Crown Pointe Parkway, Floor 5, Atlanta, GA – 30338. Phone: 7702906047; Fax: 7705519229.

If an individual raises such a concern or complaint, NIIT will investigate the matter and attempt to resolve all issues to the satisfaction of the individual raising the concern or complaint. If the matter cannot be settled at that stage, NIIT agrees to cooperate with competent EU Data Protection Authorities (DPAs).

  • MODIFICATION AND AMENDMENT: NIIT may modify or amend this Statement from time to time by posting a revised Statement on the web at www.niit.com. If NIIT amends this Statement, the new statement will apply to personal data previously collected only insofar as the rights of the individuals affected are not reduced. So long as NIIT adheres to the Safe Harbor Agreement, NIIT will not amend this Statement in a manner inconsistent with the Principles.

DISPUTE RESOLUTION
Any questions or concerns regarding the use or disclosure of personal information should be directed to the NIIT Office at the address given below. NIIT will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between NIIT and the complainant, NIIT has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles.


CONTACT INFORMATION
Questions or comments regarding this Policy should be submitted to NIIT by mail or e-mail as follows:


NIIT
Senior IT Director
1050 Crown Pointe Pkwy
Floor 5
Atlanta, GA 30338, USA
Phone: 7702906047
Fax: 7705519229
email: s...@n...t.com

RESERVATION OF RIGHTS: NIIT reserves the right to share an individual's information as required by law or to duly authorized information requests of government authorities.