Privacy Statement

Processing of Personal Information in EU/EEA Regions

For the purposes of processing your Personal Information within the EU/ EEA Regions, we will follow the Data Privacy Principles and regulations of the General Data Protection Regulation (commonly known as ‘GDPR’). Please note that the following provisions will apply to you if you are a Data Subject (resident or citizen) within the EU/EEA region, in addition to Infosys Global Privacy Statement.

Cross Border Transfer of Data

In general, Infosys Limited, domiciled in Bangalore, is the data controller processing your personal information. We may transfer your personal data outside the EU/EEA region to third parties including countries where the data protection legislation may differ from that of the EU/ EEA region.

As per the obligation called out under the GDPR, when we process your Personal Information in countries deemed adequate by the European Commission, we will rely on the European Commission’s decision to protect your Personal Information.

For transfers to Infosys group companies and service providers outside the EEA, where Adequacy decision is not available, we use standard contractual clauses or rely on a service provider’s (EU data protection authority approved) corporate rules that are in place to protect your Personal Information. Additionally, we shall take all the necessary steps to ensure confidentiality and security of the transferred data.

Your Data Subject Rights in EU/EEA

As a Data Subject located in EU/EEA, you are entitled to the following rights:

If you are a EU/EEA resident and you wish to exercise your data subject rights as called out above, please refer to section on exercising ‘Your Rights’ in the Infosys Global Privacy Statement.