DXC is committed to the lawful treatment and confidential handling of sensitive information, including personal data, and has adopted a set of global information management policies including privacy and data protection, security, system access, information classification, and other relevant policies governing the collection, use, disclosure, transfer, retention, and deletion of information. DXC confirms that it will process personal data which it has access to in connection with its performance under any service agreement: (1) only on behalf of and for the benefit of the contractor; (2) in accordance with the service agreement and contractor’s prior written instructions, if any; and (3) as otherwise required by all applicable data protection laws and regulations, including the EU Regulation 2016/670 – General Data Protection Regulation (‘GDPR’). DXC confirms that it will not process any personal data for any other purpose absent specific written instructions from the contractor.
DXC has implemented a comprehensive suite of technical and organizational controls that enables DXC to comply with any requirements of any applicable data protection law regarding the collection, storage, use, transfer, security, or processing of personal data. This may include the requirement for DXC to enter into a written agreement, such as data processing or data transfer agreements, to provide an adequate level of privacy protection.
DXC agrees that it will not disclose personal data to law enforcement unless required to do so by law. Where possible DXC will attempt to redirect the law enforcement agency directly to the contractor or promptly notify the contractor and provide a copy of the access request, unless legally prohibited from doing so. For a general overview of DXC’s privacy policies, principles and practices, please refer to DXC’s Enterprise Online Privacy Statement that is available at DXC’s public website: www.dxc.technology/privacy
DXC may process [data about your use of our website and services]. The usage data may include [your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use]. The source of the usage data is [our analytics tracking system]. This usage data may be processed [for the purposes of analysing the use of the website and services]. The legal basis for this processing is [consent] The hosting facilities for this website are situated in [specify countries].[ The European Commission has made an "adequacy decision" with respect to [the data protection laws of each of these countries].][ Transfers to [each of these countries] will be protected by appropriate safeguards, namely [the use of standard data protection clauses adopted or approved by the European Commission, a copy of which you can obtain from [source]] OR [[specify appropriate safeguards and means to obtain a copy]].]
DXC has an intragroup agreement on the transfer and processing of personal data within the DXC group worldwide which has the EU Standard Contractual Clauses incorporated. This agreement allows DXC to ensure that personal data, including data originating from the EU, which is transferred cross-border and processed by other DXC group companies, including those located outside the EU, is adequately protected in accordance with applicable data protection law.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- External user accounts are valid for 30 days
- External users can opt to extend for a further 30 days (within a 5 day window before expiration date)
- Expired external user accounts and content is deleted 10 days after their account expiration
DXC has implemented technology, management processes and policies aimed to maintain data accuracy. To protect your privacy and security when submitting a Data Subject Requests as per Article 13(2) of the GDPR, we will take reasonable steps to verify your identity, such as requiring a password and user ID, passport number and/or other unique personal identifiers before granting access to your data. To submit your Data Subject Request, please contact the DXC Global Privacy and Data Protection Office at [email protected].