Version 1.0 - January 26, 2017
NIIT (“we” “us”) respects individual privacy, and values the confidence of its customers, their stakeholders, employees, business partners and others who may use our services. Not only do we strive to collect, use and dispose personal information in a manner consistent with the laws of the countries in which we do business, but we also aim to uphold the highest ethical standards in our business practices. This Policy (the "Policy") sets forth the privacy principles that NIIT follows with respect to transfers of personal information between the member states of the European Union, including participating countries in the European Economic Area (collectively, "the EU") and United States.
PRIVACY SHIELD PRINCIPLES
The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. Given those differences and to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the European Union while ensuring that EU data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries, the Department of Commerce has issued the Privacy Shield Principles, including the Supplemental Principles (collectively "the Principles") under its statutory authority to foster, promote, and develop international commerce (15 U.S.C. § 1512).
The Policy applies to all personal information received by NIIT in the United States from the EU in any format including electronic, paper or verbal.
For purposes of this Policy, the following definitions shall apply:
"NIIT" means NIIT USA Inc, its successors, subsidiaries, divisions and groups in the United States.
"Personal information" means any information or set of information that identifies or could be used by or on behalf of NIIT to identify an individual. Personal information does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, NIIT will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
NIIT uses personal information, such as Name, Email ID, Contact Number, and other relevant information for training administration, and to associate learning progress records to an individual.
Personal information that is transferred to NIIT in the US from the EU falls under one of the following two situations:
- An EU Company that is an NIIT customer provides personal information to NIIT for processing
NIIT provides customized learning and hosting services to EU companies. In this capacity, NIIT does not own or control any of the personal information it processes on behalf of NIIT's customer. All such information is owned and controlled by NIIT's customer.
NIIT receives information transferred from the EU to the US merely as a processor on behalf of its customer through a secured medium. SFTP, IPsec, etc. NIIT will not disclose or share this information with anyone other than NIIT's customer and our service providers unless required to do so by law.
- NIIT collects personal information on behalf of EU Company
NIIT collects personal information of individuals in the EU states on behalf of its customers. NIIT will not disclose or share this information with anyone other than NIIT's customer and our service providers unless required to do so by law.
NIIT's internal assessment team will monitor the adherence on a regular basis.
NIIT complies to the following privacy principles, modeled after the EU-U.S. PRIVACY SHIELD FRAMEWORK.
- NOTICE: Where NIIT receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
NIIT is not responsible for the content of the information it collects, which may include personally identifying information, nor is NIIT responsible for the way its customers treat personally identifying information included in reports.
- CHOICE: Where NIIT collects personal information directly from individuals in the EU, NIIT will offer individuals the opportunity to choose (opt-out) whether their personal information is:
(a) to be disclosed to a non-agent third party, or
(b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
(c) For sensitive personal information, NIIT will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. NIIT will provide individuals with reasonable mechanisms to exercise their choices.
Individuals may limit the use and disclosure of their personal data by submitting a written request to Privacy@niit.com
- ACOUNTABILITY FOR ONWARD TRANSFERS: NIIT may share personal data with the customer for whom we are collecting or maintaining the information. NIIT does engage “third-party” who are subject matter experts or training providers / administrators to deliver trainings. These engagements involve disclosure of limited personal information (i.e. Name, Contact and Academic Profile).
NIIT will comply with the Notice and Choice principles, where applicable, before transferring personal information to “third-party. NIIT will enter into contracts with third party recipients of personal information consistent with Privacy Shield requirements to require that data use is consistent with the purposes for which the information was originally collected or subsequently authorized by the individual and that adequate controls are provided to protect data.
NIIT uses it group companies, located in India, EU to deliver training administration services, which involves access to Personal data, such as Name, Email ID, Contact number to communicate and identify training participants.
We will ensure, via written contract, that our agents (Group companies) will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is set forth in this policy. Where NIIT has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, NIIT will take reasonable steps to prevent or stop the use or disclosure. NIIT’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, NIIT remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless NIIT proves that it is not responsible for the event giving rise to the damage.
NIIT may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
- SECURITY: NIIT will employ reasonable safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. The controls will be consistent with risk involved in storing, processing and transferring and the nature of data involved.
- DATA INTEGRITY AND PURPOSE LIMITATION: NIIT will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. NIIT will take reasonable steps to ensure that personal information is relevant to and reliable for its intended use, accurate, complete, and current. Personal information will be retained only as long as necessary for processing.
- ACCESS: You have the right to obtain our confirmation of whether we maintain personal information relating to you. Upon request, NIIT will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to Privacy@niit.com. If requested to remove data, we will respond within a reasonable timeframe.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
- RECOURSE, ENFORCEMENT AND LIABILITY: NIIT has deployed internal processes to monitor NIIT's compliance with the Principles, and provide recourse to individuals who may be adversely impacted.
NIIT will conduct an annual self-assessment to ensure that this Statement is published and disseminated within NIIT and on its website and that it conforms to the Principles.
Individuals may raise any concerns or complaints regarding their personal data directly with NIIT by contacting the Chief Privacy Officer, (Contact information provided in the contact section).
All cases of individual concert or complaint related to data privacy, will be investigated and attempts to resolve all issues to the satisfaction of the individual raising the concern will be done. If the matter cannot be settled at that stage, NIIT agrees to cooperate with third-party dispute resolution bodies, based either in the US or the EU, to investigate and resolve complaints (See dispute resolution section below). NIIT will comply with the directions of the dispute resolution authorities.
In addition, NIIT has deployed internal processes to monitor NIIT's compliance with the Principles and to address all questions or complaints. NIIT will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles each year it participates in the program.
NIIT also is subject to the investigatory and enforcement authority of the Federal Trade Commission, which is one of the agencies responsible for enforcing Privacy Shield commitments.
- MODIFICATION AND AMENDMENT: NIIT may modify or amend this Statement from time to time by posting a revised Statement on the web at www.niit.com. If NIIT amends this Statement, the new statement will apply to personal data previously collected only insofar as the rights of the individuals affected are not reduced. So long as NIIT adheres to the Privacy shield principles, NIIT will not amend this Statement in a manner inconsistent with the Principles.
In compliance with the Privacy Shield Principles, NIIT commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Private Shield policy should first contact NIIT at:
Chief Privacy Officer,
NIIT (USA), Inc.
1050 Crown Pointe Parkway
Atlanta GA 30338, USA.
NIIT has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/, for more information and to file a complaint. The services of Council of Better Business Bureaus are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Inquiries, complaints, Questions or comments regarding this Policy should be submitted to NIIT by post or e-mail as follows:
Chief Privacy Officer,
NIIT (USA), Inc.
1050 Crown Pointe Parkway
Atlanta GA 30338
Email ID: Privacy@niit.com
Version 1.0 - January 26, 2017