NIIT MTS EU/US Data
Privacy Framework

INTRODUCTION

NIIT MTS (“NIIT MTS”, “we”, “us” and “our”) respects individual privacy, and values the confidence of its customers, their stakeholders, employees, business partners and others who may use our services. Not only do we strive to collect, use, and dispose personal information in a manner consistent with the laws of the countries in which we do business, but we also aim to uphold the highest ethical standards in our business practices. This Policy (the “Policy”) sets forth the privacy principles that NIIT MTS follows with respect to transfers of personal information between the member states of the European Union, including participating countries in the European Economic Area (collectively, “the EU”), the United Kingdom, and Switzerland, and United States.

DATA PRIVACY FRAMEWORK PRINCIPLES

The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. Given those differences and to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the European Union, the United Kingdome and Switzerland, while ensuring those data subjects continue to benefit from effective safeguards and protection as required by European legislation with respect to the processing of their personal data when they have been transferred to non-EU countries, the Department of Commerce has issued the Data Privacy Framework Program.

NIIT MTS complies with the EU-US Data Privacy Framework, (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdome (including Gibraltar) and Switzerland. NIIT MTS has certified that it adheres to the Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/

SCOPE

The Policy applies to all personal information received by NIIT MTS in the United States from the EU, the United Kingdome (including Gibraltar) and Switzerland in any format including electronic, paper or verbal.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“NIIT MTS” means NIIT MTS USA Inc, its successors, subsidiaries, divisions, and groups in the United States.

“Personal information” means any information or set of information that identifies or could be used by or on behalf of NIIT MTS to identify an individual. Personal information does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.

“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, NIIT MTS will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

PRIVACY PRINCIPLES

NIIT MTS uses personal information, such as Name, Email ID, Contact Number, and other relevant information for training administration, and to associate learning progress records to an individual.

Personal information that is transferred to NIIT MTS in the US from the EU falls under one of the following two situations:

• An EU Company that is an NIIT MTS customer provides personal information to NIIT MTS for processing
  NIIT MTS provides customized learning and hosting services to EU companies. In this capacity, NIIT MTS does not own or control any of the personal information it processes on behalf of NIIT MTS’ customer. All such information is owned and controlled by NIIT MTS’ customer.

  NIIT MTS receives information transferred from the EU, the UK and/or Switzerland to the US merely as a processor on behalf of its customer through a secured medium. SFTP, IPsec, etc. NIIT MTS will not disclose or share this information with anyone other than NIIT MTS’ customer and our service providers unless required to do so by law.

NIIT MTS collects personal information of individuals in the EU, the UK, and Switzerland on behalf of its customers. NIIT MTS will not disclose or share this information with anyone other than NIIT MTS’ customer and our service providers unless required to do so by law.

NIIT MTS’ internal assessment team will monitor the adherence on a regular basis.

NIIT MTS complies to the following privacy principles, modeled after the EU-U.S. DATA PRIVACY FRAMEWORK.

• NOTICE: Where NIIT MTS receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
  NIIT MTS is not responsible for the content of the information it collects, which may include personally identifying information, nor is NIIT MTS responsible for the way its customers treat personally identifying information included in reports.
• CHOICE: Where NIIT MTS collects personal information directly from individuals in the EU, NIIT MTS will offer individuals the opportunity to choose (opt-out) whether their personal information is:

1. to be disclosed to a non-agent third party, or
2. to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
3. For sensitive personal information, NIIT MTS will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. NIIT MTS will provide individuals with reasonable mechanisms to exercise their choices.
   Individuals may limit the use and disclosure of their personal data by submitting a written request to Privacy@niitmts.com

• ACOUNTABILITY FOR ONWARD TRANSFERS: NIIT MTS may share personal data with the customer for whom we are collecting or maintaining the information. NIIT MTS does engage “third-party” who are subject matter experts or training providers / administrators to deliver trainings. These engagements involve disclosure of limited personal information (i.e. Name, Contact and Academic Profile).

NIIT MTS will comply with the Notice and Choice principles, where applicable, before transferring personal information to “third-party. NIIT MTS will enter into contracts with third party recipients of personal information consistent with Privacy Shield requirements to require that data use is consistent with the purposes for which the information was originally collected or subsequently authorized by the individual and that adequate controls are provided to protect data.

NIIT MTS uses it group companies, located in India, EU to deliver training administration services, which involves access to Personal data, such as Name, Email ID, Contact number to communicate and identify training participants.

We will ensure, via written contract, that our agents (Group companies) will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is set forth in this policy. Where NIIT MTS has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, NIIT MTS will take reasonable steps to prevent or stop the use or disclosure. NIIT MTS’ accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, NIIT MTS remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless NIIT MTS proves that it is not responsible for the event giving rise to the damage.

NIIT MTS may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

• SECURITY: NIIT MTS will employ reasonable safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. The controls will be consistent with risk involved in storing, processing and transferring and the nature of data involved.
• DATA INTEGRITY AND PURPOSE LIMITATION: NIIT MTS will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. NIIT MTS will take reasonable steps to ensure that personal information is relevant to and reliable for its intended use, accurate, complete, and current. Personal information will be retained only as long as necessary for processing.
• ACCESS: You have the right to obtain our confirmation of whether we maintain personal information relating to you. Upon request, NIIT MTS will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to Privacy@niitmts.com. If requested to remove data, we will respond within a reasonable timeframe.

Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.

• • RECOURSE, ENFORCEMENT AND LIABILITY: NIIT MTS has deployed internal processes to monitor NIIT MTS’s compliance with the Principles, and provide recourse to individuals who may be adversely impacted.

NIIT MTS will conduct an annual self-assessment to ensure that this Statement is published and disseminated within NIIT MTS and on its website and that it conforms to the Principles.

Individuals may raise any concerns or complaints regarding their personal data directly with NIIT MTS by contacting the Chief Privacy Officer, (Contact information provided in the contact section).

All cases of individual concert or complaint related to data privacy, will be investigated and attempts to resolve all issues to the satisfaction of the individual raising the concern will be done. If the matter cannot be settled at that stage, NIIT MTS agrees to cooperate with third-party dispute resolution bodies, based either in the US or the EU, to investigate and resolve complaints (See dispute resolution section below). NIIT MTS will comply with the directions of the dispute resolution authorities.

In addition, NIIT MTS has deployed internal processes to monitor NIIT MTS’s compliance with the Principles and to address all questions or complaints. NIIT MTS will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles each year it participates in the program.

NIIT MTS also is subject to the investigatory and enforcement authority of the Federal Trade Commission, which is one of the agencies responsible for enforcing Data Privacy Framework commitments.

• MODIFICATION AND AMENDMENT: NIIT MTS may modify or amend this Statement from time to time by posting a revised Statement on the web at https://www.niit.com/en/learning-outsourcing/managed-training-services. If NIIT MTS amends this Statement, the new statement will apply to personal data previously collected only insofar as the rights of the individuals affected are not reduced. So long as NIIT MTS adheres to the Privacy shield principles, NIIT MTS will not amend this Statement in a manner inconsistent with the Principles.

DISPUTE RESOLUTION

In compliance with the EU-U.S Data Privacy Framework (EU-U.S DPF), the UK Extension to the EU-U.S DPF, and the Swiss-U.S Data Privacy Framework (Swiss-U.S DPF) Principles, NIIT Learning Systems Limited (NLSL) commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S DPF, the UK extension to the EU-U.S DPF, and the Swiss-U.S Data Privacy Framework Principles. European Union, United Kingdom, and Swiss individuals with inquiries or complaints should first contact NIIT MTS at:

Chief Privacy Officer,
NIIT USA Inc
3 Ravinia Drive NE, Suite 1930
Atlanta, GA 30346
+1 770-450-6777
Email ID: Privacy@niitmts.com

NIIT MTS has further committed to refer unresolved privacy complaints under the Data Privacy Framework program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers, for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

CONTACT INFORMATION

Inquiries, complaints, Questions or comments regarding this Policy should be submitted to NIIT MTS by post or e-mail as follows: