Skip to main content Skip to footer
Privacy Statement

Processing of Personal Information in EU/EEA Regions

For the purposes of processing your Personal Information within the EU/ EEA Regions, we will follow the Data Privacy Principles and regulations of the General Data Protection Regulation (commonly known as 'GDPR’). Please note that the following provisions will apply to you if you are a Data Subject (resident or citizen) within the EU/EEA region, in addition to Infosys Global Privacy Statement.

Cross Border Transfer of Data

In general, Infosys Limited, domiciled in Bangalore, is the data controller processing your personal information. We may transfer your personal data outside the EU/EEA region to third parties including countries where data protection legislation may differ from that of the EU/ EEA region.

As per the obligation called out under the GDPR, when we process your Personal Information in countries deemed adequate by the European Commission, we will rely on the European Commission's decision to protect your Personal Information.

When we transfer your data outside your country or region of residence, we will take reasonable and appropriate steps in accordance with applicable laws to ensure its protection. For intra-group transfers between Infosys group companies, we rely on binding corporate rules to safeguard your Personal Information. Where data is processed by third-party providers or partners acting as data processors, we implement Standard Contractual Clauses and, where appropriate, rely on applicable legal derogations to facilitate such transfers

Please contact us as set out below if you would like to obtain a copy of the methods used when executing such international transfer as per applicable laws. When required, Infosys may disclose Personal Information to external law enforcement bodies or regulatory authorities, to comply with legal obligations. You can access the Infosys Binding Corporate Rules policies on the following webpage https://www.infosys.com/privacy/binding-corporate-rules.html.

Your Data Subject Rights in EU/EEA

As a Data Subject located in EU/EEA, you are entitled to the following rights:

  • Right to be informed when personal data has been obtained from the data subject, where applicable.
  • Right to access the personal information that we collect about you.
  • Right to rectify the inaccurate personal data that we hold about you.
  • Right to request erasure of your personal data, where applicable.
  • Right to object to the processing of your personal data, where applicable.
  • Right to data portability, i.e. to request your personal data to be transferred to a third party, where applicable.
  • Right to be informed before being made a part of automated decision making, where applicable.
  • Right to obtain restriction of processing from the controller, where applicable.

If you are a EU/EEA resident and you wish to exercise your data subject rights as called out above, please refer to section on exercising ‘Your Rights’ in the Infosys Global Privacy Statement.