LTIMindtree Privacy Statement
Introduction Your privacy is important to us. LTIMindtree Limited and its group companies (“LTIMindtree”) is committed to respecting your privacy throughout your relationship with LTIMindtree. This LTIMindtree General Data Privacy Statement (“General Privacy Statement”) defines the requirements to ensure compliance with the applicable data privacy laws and regulations applicable to LTIMindtree’s collection, use, and transmission of Personal Data (the meaning of which is set out below) for information collected by us about you. Protecting the privacy rights of data subjects and safeguarding their Personal Data is now being treated as a basic right of an individual and a legal requirement in many parts of the world. LTIMindtree, being a global organization, respects the privacy of data subjects and is committed to complying with the applicable data privacy laws and legislations (including but not limited to EU General Data Protection Regulation 2016/679 (the “GDPR”), the GDPR as saved into UK law (the “UK GDPR”) (references in this General Privacy Statement to GDPR also include UK GDPR) California Consumer Privacy Act, California Privacy Rights Act, (together, the CCPA Regulations), The Privacy Act 1988 (Australia) including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK), Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and Personal Data Protection Act 2012 (Singapore), the Federal Law on Protection of Personal data held by Private Parties and its Regulations (Mexico) (the “LFPDPPP, in its Spanish acronym), the Swiss Federal Act on Data Protection 1992 and as of September 1, 2023, the Swiss Federal Act on Data Protection 2020, the Federal Decree-Law No. 45/2021 on the Protection of Personal Data (UAE), the Protection of Personal Information Act 4 of 2013 (South Africa), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and any substantially similar provincial law, Personal Data (Privacy) Ordinance Cap. 486 (Hong Kong), the Personal Information Protection Law (“PIPL”) (China), the Privacy Act 1988 (Cth) (Australia) and other applicable privacy laws to the extent that they apply to LTIMindtree’s data processing and business operations) (the “Data Privacy Laws”). Policy Statement This General Privacy Statement is generally designed to explain and set out LTIMindtree’s procedures and Statements when processing Personal Data and Personal Information (the meaning of which are set out below) by the organization. The General Privacy Statement comprises of details about: for each category of data subject according to the relatioship shared with LTIMindtree. Please refer to the Global Data Privacy Statement found here on www.LTIMindtree.com for definitions and terms that have not been defined in this General Privacy Statement. Please also refer to the relevant jurisdiction specific Data Privacy Laws for all other terms. Scope Applicability: The scope of this General Privacy Statement applies to LTIMindtree, its affiliates, business partners, employees, and Third Parties providing services to LTIMindtree (together “LTIMindtree”, “We” or “Us”). It covers Processing (including but not limited to collection, storage, usage, transmission and destruction) of Personal Data of LTIMindtree’s current and previous employees, prospective candidates, current, prospective and previous customers, current and previous partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by LTIMindtree during the course of its business activities. Role: LTIMindtree acts as a Data Controller with respect to any Personal Data it holds about you. LTIMindtree is responsible for ensuring that it uses your Personal Data in compliance with the Data Privacy Laws. The relevant entities that may act as the Data Controller are listed in “Data Transfers and Disclosure of Personal Data” section of this General Privacy Statement. Privacy Notice based on your relationship with us:
Website Visitors
Read the website privacy statement for details.
Job Applicants/Candidates
Read the privacy notice for candidate/job applicants for details.
Employees (current and former)
Read the privacy notice for employees for details.
Subcontractors
Read the privacy notice for subcontractors for details
Visitors to LTIMindtree Office
Read the privacy notice for visitors to LTIMindtree offices for details.
California Privacy Statement
Read the privacy notice for California Residents for details.
Global Privacy Statement
Read the privacy statement.
For country-specific or regional language privacy statements and notices, please click here.
Legal basis of Processing
We Process your Personal Data, Personal Information based on the following legal bases pursuant to applicable Data Protection Laws:
Performance of Contract
We process your Personal Data and Personal Information, where necessary in order to take steps at your request prior to entering into a contract or for the performance of a contract with you. For instance, We may process your Personal Data for employment purposes (such as processing your salary, administering benefits) or providing services to our customers which are necessary to execute the contract. If you do not provide Personal Data for processing under this legal basis, We may not be able to perform as per the respective applicable contract.
HR Necessity
We may process your Personal Data where necessary for human resources management implemented in accordance with the labour rules and LTIMindtree’s internal regulations for employees formulated according to the law or collective contracts signed according to the law.
Consent
Where permitted under applicable local laws, We may (but usually do not) process your Personal Data, Personal Information or Sensitive Personal Data based on your prior freely given consent for one or more specific purposes. In such cases, you have the right to withdraw your consent at any time by contacting the contact details below provided in this General Privacy Statement (“Contact Information, Complaints and Grievances” section). In certain limited circumstances, even after withdrawal of your consent, we may be entitled to continue processing your Personal Data on the grounds of other legal bases and as notified to you. However, in certain jurisdictions, applicable local law may require that consent be obtained and, in such circumstances, your consent will be the lawful basis for which we process your Personal Data.
Legitimate Interests
We may process your Personal Data and Personal Information where it is necessary for the purposes of our Legitimate Business Interests as a company, including for management purposes, which are outlined above, to prevent and respond to actual or potential fraud or illegal activities, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is under 18 years old. When “legitimate interests” are not a legal basis for processing under the applicable local law, we will rely on your consent.
Legal Obligations
We may process your Personal Data and Personal Information where it is necessary in order to comply with applicable legal and/or regulatory obligations, establish, exercise or defend our legal rights or for the purpose of legal proceedings.
Other “Public Interest” Grounds
We may process your Personal Data, Personal Information (or where relevant, your Sensitive Personal Data) on other public interest grounds where it is subject to regulatory requirements where Processing is necessary by Us for the performance of a task mandated by governmental authorities, regulatory authorities or any other law enforcing authorities in the public interest.
For details about your respective categories of data, please refer to the applicable notices available in Scope above.
Personal Data of Individuals below 18 years
We process Personal Data or Sensitive Personal Data of any individuals below the age of 18 years only for travel, immigration purposes or when you are visiting our premises. If we are required to process Personal Data or Sensitive Personal Data of such individuals, then We shall do so by taking explicit consent from their legal guardians and from the minor if they have capacity to give consent, based on their age and maturity. If it comes to your knowledge that We have unintentionally collected or received Personal Data or Sensitive Personal Data about an individual below the age of 18 years directly from them, then please immediately notify Us in the contact details provided in this General Privacy Statement (”Contact Information, Complaints and Grievances” section below) and We will accordingly delete such information.
Note: We do not collect, use nor process Personal data of Individuals below 18 years on our website. If you are below the age of 18 years, then We do not want you to provide any of your Personal Data in our website.
Data Transfers and Disclosure of Personal Data
We are a part of the Larsen and Toubro Group (www.larsentoubro.com) which is an international group of companies and, as such, transfer Personal Data/ Personal Information to various countries where we and our parent company and affiliates operate.
We may transfer Personal Data/ Personal Information/between our group companies and data centres for the purposes described in this General Privacy Statement. We may also transfer Personal Data/ Personal Information to our Third-Party suppliers, customers or business partners in different geographic locations. These data transfers are necessary to provide our products and services. Please click here to view the list of entities and branches of Larsen and Toubro.
Where we transfer your Personal Data/ Personal Information/ Sensitive Personal Information outside of your jurisdiction, we will ensure that it is protected and transferred in a manner consistent with applicable Data Privacy Laws.
For transfers to our group companies, third parties, suppliers outside of the EEA, we use standard contractual clauses or an appropriate tool of transfer. You may reach out to us on dataprotectionoffice@ltimindtree.com if you would like more details about the tool/method used.
For more details about data transfer for your respective categories of data, please refer to the applicable notices available in Scope above.
Security of Personal Data/ Personal Information/ Sensitive Personal Data
In order to comply with our data security obligations under applicable Data Privacy Laws, We have adopted the following physical, technical and organizational security measures to ensure the security of your Personal Data/ Personal Information and Sensitive Personal Data and PHI, taking into account the applicable industry standards, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights and freedoms:
- That includes the prevention of their alteration, damage, loss, unauthorized processing or access, having regard to the nature of the data and the risks to which they are exposed by virtue of human action or the physical or natural environment.
- We shall comply with the security safeguards as per our contractual and statutory requirements in consultation with its internal I.T department.
- The Office of Data Privacy and Chief Information Security Officer shall assess the security measures implemented to safeguard Personal Data, Personal Information and Sensitive Personal Data on a regular basis and update the same, where required.
- All employees and contractors shall be imparted with mandatory Privacy training (e.g., Training on Embedding Privacy in Software Development etc.). Further confidentiality agreements and Non-Disclosure Agreements shall be signed by all employees and contractors on or before their joining date with LTIMindtree.
- We have implemented the following safeguards to ensure the Personal Data We collects, stores, processes and sharesdisclose is secure:
- Physical Security Controls
- Facility Perimeter, HD access reader, Data Centre, Video surveillance
- IT Infrastructure Controls
- Encryption, DLP, Data masking, controlled Portable ports, Access Control, Unauthorized soft-ware check, Data destruction, System Hygiene measures, Monitoring, User Access Management, Patch Management, Vulnerability Management.
We have implemented an incident and breach management procedure to ensure that exceptions in data privacy compliance are promptly reported to the Office of the Data Privacy and to the appointed Data Protection Officer.
Rights of Data Subjects
Pursuant to the GDPR, you have the following rights regarding your Personal Data provided for:
The right to obtain access to your Personal Data
According to Article 15 of the GDPR, you can request a copy of your Personal Data. In particular, you can request information on the purposes of the Processing, the categories of data, the categories of recipients to whom your data has been or will be transferred, the data retention period, the existence of a right of rectification, erasure, limitation of Processing or object, of rectification, erasure, restriction of Processing or object, the existence of a right to lodge a complaint, the source of your data if they have not been collected directly by us, as well as the existence of automated decision-making, including profiling and, if applicable, significant information on its details.
Please note that according to the GDPR there are circumstances in which We are entitled to refuse requests for access or to receive copies of your Personal Data as in particular cases where such disclosure would adversely affect the rights and freedoms of others.
Right to Rectification of Incorrect Data
The right to obtain rectification of your Personal Data if they are inaccurate or incomplete (Art. 16 GDPR).
Right to Erasure
The right to obtain erasure (‘right to be forgotten”) pursuant to Art. 17 GDPR of your Personal Data: According to the GDPR where one of the following grounds applies, please note that under other circumstances We are legally entitled to retain it:
- If they are no longer necessary in relation to the purposes for which they were collected or otherwise Processed;
- if their processing was based on consent and you have withdrawn your consent, and there is no other legal ground for Processing;
- if the Processing is made for marketing purposes;
- if you object to the processing on grounds of your particular situation, and there are no overriding legitimate grounds for the Processing;
- if your data were Processed unlawfully; or
- Your data have been erased for compliance with a legal obligation.
Right to Restriction of Processing
The right to obtain restriction of the Processing of your Personal Data according to the conditions set out by the GDPR (Art. 18 GDPR).
Right to Data Portability
The right to receive your Personal Data provided to Us as a Data Controller in a structured, commonly used and machine-readable format and to transmit that Personal Data to another controller (‘data portability’)
Right to Object
The right to object to the Processing of your Personal Data on grounds relating your particular situation, at any time. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Art. 21. GDPR).
Right to Withdraw Consent
If the Processing of your Personal Data is based on consent, you can withdraw your consent at any time (Art. 7 (3) GDPR). Your right to withdraw consent can be exercised by contacting Us as set out in “Contact Information, Complaints and Grievances” section below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In certain circumstances it is lawful for Us to continue Processing your Personal Data without your consent if We have another legal basis (other than consent) for doing so and as notified to you prior to the change of legal basis.
- According to Article 20 of the GDPR, please note that this right only applies to Personal Data which you have actually provided to us, and when the Processing is based on your consent or on a contract as a legal basis.
- The right to lodge a complaint with the competent data protection supervisory authority, if you think that any of your data protection rights have been infringed by us. We can, via the contact details provided in this General Privacy Statement, tell you which data protection supervisory authority is competent for the complaint regarding the Processing of your Personal Data.
- Under article 48 of the French Data Protection Act, data subjects also have the right to set down instructions for the management of their personal data postmortem.
- If you need our assistance to exercise the above rights, please contact Us as set out in “Contact Information, Complaints and Grievances” section below.
- If the Processing of your Personal Data is based on consent, you can withdraw your consent at any time (Art. 7 (3) GDPR). Your right to withdraw consent can be exercised by contacting Us as set out in “Contact Information, Complaints and Grievances” section below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In certain circumstances it is lawful for Us to continue Processing your Personal Data without your consent if We have another legal basis (other than consent) for doing so and as notified to you prior to the change of legal basis.
- Right to have onsite access of your Personal Data (for Mexico only).
- Right to raise a request to cancel processing of your Personal Data (for Mexico only).
- Right to limit the use and disclosure of your Personal Data (for Mexico only).
Data subject rights will be fulfilled based on the jurisdiction you belong to. If you belong to any other jurisdiction that is not listed below, you may reach out to us by contacting dataprotectionoffice@ltimindtree.com
Following are the data subject rights applicable to the respective jurisdictions:
Data Subject Rights | Europe including UK and Switzerland | US | Canada | Mexico | Australia | Singapore | India | UAE | China | Hong-Kong | South Africa |
---|---|---|---|---|---|---|---|---|---|---|---|
Right to Information / Access | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Right to withdraw consent (opt-out) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Right to Object processing | Yes | Yes | Yes | Yes | Yes | Yes | |||||
Right to Restrict processing | Yes | Yes | Yes | Yes | Yes | Yes | |||||
Right to Erasure (to be Forgotten) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||||
Right to Rectification | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Right of Data Portability | Yes | Yes | Yes | Yes | |||||||
Right not to be subject to automated decision making / profiling | Yes | Yes | Yes | Yes | |||||||
Right to Complain to the Supervisory authority | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Right not to be subject to discrimination for the exercise of rights | Yes | California Residents | Yes | Yes | |||||||
Opt-out of sale of data | Yes | California Residents | Yes | ||||||||
Right to raise a request to cancel processing of your Personal Data | Yes | ||||||||||
Limit the use and disclosure of your Personal Data | California Residents | Yes | |||||||||
Right to have onsite access of your Personal Data | Yes | ||||||||||
Right to nominate | Yes |
To receive more details about the applicable procedure and requirements, you may raise a request by contacting dataprotectionoffice@ltimindtree.com
To exercise the rights outlined above in respect of your Personal Data/ Sensitive Personal Data or to receive more details, you may raise a request by clicking the link here or by contacting dataprotectionoffice@ltimindtree.com.
As part of processing your request, we require you to provide certain Personal Data about you in order to verify your identity. Additionally, in accordance with your rights, you may designate an authorized agent to make a request on your behalf, if permitted by applicable laws. In order to comply with your request, we will require the Personal Data referenced above to be used for identity verification purposes, as well as the name, email address, and telephone number of your authorized agent.
LTIMindtree kindly asks you to scrupulously assess your legitimate right(s) and interest(s) before raising any official request under our platform.
- California Privacy Rights
In the preceding 12 months or more, we have collected the following categories of Personal Information: identifiers, financial information, health and medical information, demographic information and information relating to protected characteristics, commercial information, biometric information, internet or other electronic network activity information, geolocation data, audio, electronic, and visual information, professional or employment related information, Sensitive Personal Data, and inferences drawn from other information we collect. The categories of sources from which we collect Personal Information are described in “What Personal Data/Personal Information is processed and How we collect your Personal Data/Personal Information” section of the Global Data Privacy Statement. The business and commercial purposes for collecting Personal Information are described in “For which and on which legal basis do we process your Personal Data/Personal Information?” section and “Use of Personal Data/Personal Information in Direct Marketing” section of the Global Data Privacy Statement. In the preceding twelve months or more we have shared identifiers, internet and other electronic network activity information, and inference information with advertising partners and social media platforms for advertising and other commercial purposes. We have disclosed the categories of Personal Information described above for the purposes and to the categories of recipients identified in “Disclosure to Third Parties” section of the Global Data Privacy Statement. We do not knowingly share or sell information about individuals younger than 16 and we do not use Sensitive Personal Data for any purposes that would require us to provide a Notice of the Right to Limit Use of Sensitive Personal Data.
The CCPA Regulations require that We provide data access and data portability to California residents.
Subject to certain exceptions, the CCPA Regulations grant rights to California residents to request the deletion of their Personal Information. California residents may also request correction of inaccurate or incomplete Personal Information.
The CCPA Regulations grant rights to California residents to request the details of Personal Information that is being sold or shared and to opt-out of such sale or sharing. California residents also have the right to direct us to limit use and disclosure of Sensitive Personal Information to the extent necessary to perform the services or provide the goods.
The CCPA Regulations permit California residents to request that we correct any inaccurate data.
The CCPA Regulations permit California residents to opt out of sharing their Personal Information.
The CCPA Regulations prohibit discrimination against California residents that elect to exercise their rights under the CCPA Regulations.
To exercise the rights outlined above in respect of your Personal Data/ Sensitive Personal Data or to receive more details, you may raise a request by clicking the link here or by contacting dataprotectionoffice@ltimindtree.com. You may also contact LTIMindtree US toll-free number +1 833 968 0934.
If you have any questions or encounter any difficulties, please write to dataprotectionoffice@ltimindtree.com
California residents who provide Personal Information are entitled to request information about themselves that We disclosed with Third Parties for their own direct marketing purposes (if applicable), including the categories of information and the names and addresses of those businesses. We do not currently share the Personal Information of California residents with Third Parties for their own direct marketing purposes.
Country Specific Addendums
For information regarding USA, please refer to LTIMindtree California Privacy Statement
For Information regarding China, please refer to China Privacy Addendum.
Contact Information, Complaints and Grievances
If you have any questions, comments, or suggestions, complaints or grievances, of if you want to exercise your privacy rights or wish to raise or consult Us on any privacy issues, our use of Personal Data or Personal Information, you can contacts our appointed Data Protection Officer (“DPO”).
Complaints related to Personal Data and Personal Information protection and any communications regarding enforcement of your privacy rights should be directed to the Data Protection Officer at the following contact details:
Global Data Privacy Officer for LTIMindtree Limited:
- Jagannath PV
- Email:
- Address : Data Privacy Office
- Gate No. 5, L&T Technology Center, Saki Vihar Road, Powai, Mumbai – 400072
Attention: Jagannath PV (Data Protection Officer)
Phone- +91 22 67766776
European Representative:
- Matthias Meister
- Email ID-
United Kingdom Representative
- William Hatton
- Email ID –
Switzerland Representative
Email ID – dataprotectionoffice@ltimindtree.com
United Arab Emirates
Email ID – dataprotectionoffice@ltimindtree.com
South African Representative
Email ID – dataprotectionoffice@ltimindtree.com
We will use reasonable efforts to respond your complaint within a reasonable time, usually within 30 days.
You may also raise a concern or lodge a complaint with the competent Supervisory Authority/Data Protection Authority. The name and contact details of the Data Protection Authorities in the European Union can be found here.
You may reach out to the DPO Office (in the above-mentioned contact details) in the event you want a copy of this privacy notice in the local language of European countries where LTIMindtree has an office.
If you are in Australia, and we are unable to satisfactorily resolve your privacy concerns, you can contact the Office of the Australian Information Commissioner on their website www.oaic.gov.au
Statement Changes and Publication
This General Privacy Statement was last updated on May 03, 2024.
This General Privacy Statement may be revised and updated from time to time. The most recent version of this General Privacy Statement will be available in this web page.