Privacy Statement


Last updated on 29th August, 2023

EdgeVerve Systems Limited, its parent (Infosys Limited), affiliates, subsidiaries and branch operations hereinafter referred as ‘EdgeVerve’,‘we’, ‘us’ or ‘our’ is committed to respect your privacy and choices. The privacy statement (hereinafter “Privacy Statement” or “Statement”) highlights our privacy practices regarding Personal Information that we collect and process in compliance to applicable data privacy regulations.

Objective:

Through this privacy statement we intend to provide a synopsis of our privacy practices regarding Personal Information that we collect and process about you through various sources. Although the primary focus of this statement is on the data collected and processed through our websites, that link to this Privacy Statement, which include www.edgeverve.com, Finacle Digital Banking Platform – Industry’s Top Rated Solution (edgeverve.com), and their subdomains (Collectively referred to as “ EdgeVerve Websites”), our adherence to the below mentioned principles remain across the organization towards personal data processing. Depending on the purposes of processing and your relationship with us as a data subject, we may provide additional customized privacy statements, more information on which can be found below.

The scope of this Statement covers the categories of personal data collected, how we use or process such data, who are the recipients of such data, and your associated rights under applicable laws including how to exercise the same. The applicability of the Privacy Statement is global, however certain additional information may be relevant to you depending on the country where you reside. Such additional terms, based on these particular countries or regions, are called out in region-specific statements below.

Wherever we may have provided the translation of our Statement in local languages, as per applicability, in case of a conflict between the local language and the English version, the English version shall prevail.

1. Personal Information that we process and use

1.1 Personal Information that we process

We may collect the following categories of Personal Information:

1.2 Sources of Personal Information

We may collect the aforementioned Personal Information through various sources, such as mentioned below:

1.3. Use of your Personal Information

We may use your Personal Information for the following purposes:

1.4. Legal basis of the processing

The applicable privacy and data protection laws provide for certain justifiable grounds for collection and processing of personal data, commonly referred to as legal basis of processing. We primarily rely on the following legal bases:

1.4.1 We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract, e.g., when you would engage with us for receiving our services and offerings, or when managing the data of our employees for ensuring the performance of their employment contract.

1.4.2 We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights), e.g., when we need to understand your usage of our website and interaction with the same, for generating your secure login credentials, or to optimize our processes.

1.4.3 We process your Personal Information with your consent. Where we process Personal Data based on consent, your consent is revocable at any time, e.g., when registering and inviting you for events organized by us, or for sharing our marketing related communications with you.

1.4.4 We may process your personal Information to comply with any Legal obligations on us, including to applicable laws and protecting our legal rights, seeking remedies, and defending against claims.

2. Consequences of not providing Personal Information

If you choose not to provide your Personal Information that is mandatory to process your request, we may not be able to fulfill the relevant purpose of processing, including provision of any services to you, if applicable.

3. Data recipients, transfer, and disclosure of Personal Information:

3.1 EdgeVerve does not share your Personal Information with third parties for their direct marketing purposes.

We share your Personal Information within

3.2 Facilitating International Data Transfers:

We may transfer Personal Information to countries outside of your country of residence, either to Infosys group of companies including EdgeVerve or third parties, including to countries which have different data protection standards from those which apply in your country or region of residence. The locations of Infosys group companies are set out here. Infosys service providers are located globally; however, the primary locations are in USA, Canada, Australia, Singapore, Hong Kong, India, and UK.

Where we may transfer the data outside your country or region of residence, we shall take reasonable and appropriate steps in line with applicable laws while executing such transfer. For additional details on international transfer of data outside of your country or region, based on your residence, please refer to our region-specific Privacy Statements called out below.

Please contact us as set out below if you would like to obtain a copy of the methods used when executing such international transfer as per applicable laws. When required, EdgeVerve may disclose Personal Information to external law enforcement bodies or regulatory authorities, in order to comply with legal obligations.

4. Your Rights:

4.1 Subject to the laws of your country, you may have certain rights as a data subject (including but not limited to right to information, access, rectification, erasure, object, restriction of processing, right to complain), relating to your Personal Information that we process. Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal.

Your rights as a data subject may differ based on your applicable jurisdiction. Please refer to region-specific data privacy statements for more information on the same.

4.2 Exercising your rights: For exercising your rights, we may need to request certain information from you for ascertaining your identity and confirming that you are entitled to exercise the same. You can exercise your rights by contacting us at privacy@edgeverve.com

4.3 Preference Center: You can choose to update your EdgeVerve Marketing communications preferences from our Email Preference Centre

5. Data security

At EdgeVerve, there exists a perfect balance between Governance, Process and Technology, the combination of which has established EdgeVerves’ commitment to its customers and stakeholders. EdgeVerve adopts reasonable and appropriate security controls, practices and procedures including administrative, physical security, and technical controls in order to safeguard your Personal Information.

6. Data retention

Personal Information will not be retained for a period more than necessary to fulfill the purposes outlined in this privacy statement unless a longer retention period is required by law or for directly related legitimate business purposes. Personal Data that is no longer required to be retained as per legal and business requirements will be disposed in a secure manner.

7. Contact your Local Data Protection Authority

If you are unhappy with how we safeguard your personal data, depending on the laws of the countries where you reside, you have the right to bring a complaint to your local data protection authority.

8. Linked websites

Our privacy practices regarding Personal Information that we collect and store about you through our portals such as Recruitment and Global Alumni will be as per the privacy policy of those portals.

EdgeVerve provides links to third-party websites and services. However, EdgeVerve is not responsible for the privacy statements, practices, or the contents of such third-party websites.

9. Children’s Privacy

EdgeVerve Websites, its associated products or services and hosted contents, are not intended for the use by children.

As such we do not knowingly solicit or collect personally identifiable information online from children without prior verifiable parental consent. If EdgeVerve learns that a child has submitted personally identifiable information online without parental consent, it will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children, please email us at privacy@edgeverve.com.

10. How to contact us

If you have any questions regarding our privacy practices or this privacy statement, or to request this privacy statement in another format, please contact us at:

Contact person: Srinivas P

Contact address: Data Privacy Office, Infosys Limited, Electronics City, Hosur Road, Bangalore 560 100, India

Phone: +91 80 2852 0261

Email: privacy@edgeverve.com.

11. Updates to this privacy statement

EdgeVerve may change the data privacy practices and update this privacy statement as and when the need arises, and the same will be made available on the website. However, our commitment to protect the privacy of website users will continue to remain.

Privacy Statements for Other Categories of
Data Subjects

Candidates and Interns

*Detailed privacy notice will be provided when one applies for a job or internship in Infosys through careers page available on Infosys website.

Categories of Personal Information (including sensitive personal information) that we process:

Candidate name, Contact details, Resume, Date of Birth, Educational qualification including skill details, Employment related information, details pertaining to background checks, passport details (only if shortlisted). Few other details collected such as web address, willingness to travel, etc. (optional), Financial details and national identification details (only in selected countries, where required by law)

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

Legal Basis of Processing:

We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract or based on your consent, as per applicable laws.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, business partners, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external), and Infosys’ Clients (where applicable) based on contractual obligation.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

* Detailed privacy notice for our employees will be provided at the time of onboarding. For our alumni, a detailed privacy notice is available on our Alumni Portal.

Categories of Personal Information (including sensitive personal information) that we process:

Contact Details, Family Particulars, Educational Qualifications, Personal Details, Work experience details, National identification information, Official Identifications details, Salary, Compensation, taxation, benefits, claims and other financial information, Performance and development records, Digital Access and IT related information, Travel-related records, Health and safety records, Background checks and screening details, Leave and Attendance records, Information we obtain from monitoring the use of our official systems and networks (as permitted by applicable laws).

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

Legal Basis of Processing:

The above data elements are collected under one or more of the following lawful basis of processing –

Data Recipients/Accessible to:

Your Personal Data will be accessible to certain authorized Infosys employees in internal functions such as Human Resources, Finance, Project Delivery Units, etc.; and to our authorized service providers or agents who may require access to the same for processing in relation to the above stated purpose(s); Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable); Auditors (internal/external); Infosys’ Clients (where applicable) based on contractual obligation; Any other parties expressly or impliedly authorized by you for receiving such disclosures.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

Categories of Personal Information (including sensitive personal information) that we process:

Name, User ID, Password, DP ID, Folio/Client ID, PAN, Demat accounts, Residential status, Legal Status, Email Id, Address, Date of birth, Estimated Income, etc.

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information

We use your Personal Information for the following purposes:

For purpose of administering tax deduction on source for dividends paid out by Infosys to its shareholders

Legal Basis of Processing:

We process your Personal Information to comply with legal obligations arising under applicable laws and regulations.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, business partners, tax consultants and authorities, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external).

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

*Visitors privacy notices are also displayed at the visitors’ entrance in Infosys offices.

Categories of Personal Information (including sensitive personal information) that we process:

Visitor Name, Contact Details, Organization, Assets Information (if any), Date and purpose of visit, Photograph, and images/footage captured on CCTV or other video and related security/monitoring systems.

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information:

We use your Personal Information for the following purposes:

To allow access to Infosys premises.

Legal Basis of processing:

We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or based on your consent, wherever applicable.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external), Infosys’ Clients (where applicable) based on contractual obligation.

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.

Categories of Personal Information (including sensitive personal information) that we process:

Vendor name and contact details, address, tax related details, Contact details of Vendor POC

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.

Use of your Personal Information

We use your Personal Information for the following purposes:

Legal Basis of Processing:

We process your Personal Information when it is necessary for the performance of a contract to which you are the party or based on your consent, as per applicable laws.

Data Recipients/Accessible to:

Your data may be accessible to authorized Internal recipients within Infosys Ltd., its subsidiaries or affiliates, our authorized service providers including cloud service providers who provide services to Infosys, tax consultants and authorities, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external).

For reference to our additional privacy practices regarding data security, retention, transfers (if any), and helping you exercise your rights, as applicable, please refer to our Global Privacy Statement.