Binding Corporate Rules: Our Commitment to Privacy for International Data Transfers
At Infosys, we understand that protecting your personal data is of utmost importance. As part of our unwavering commitment to privacy, we have adopted Binding Corporate Rules (“BCR”) for Controllers (“BCR-C”) and for Processors (“BCR-P”) to ensure that your personal data is protected by appropriate safeguards, no matter where it is processed within our organization.
What Are Binding Corporate Rules?
Binding Corporate Rules set out the policies and procedures that Infosys has put in place to comply with applicable legislation relating to the processing of personal data and to provide adequate protection for the transfers and processing of personal data by Infosys as a controller or processor outside the EEA and Switzerland in compliance with the GDPR.
Infosys has two sets of Binding Corporate Rules, BCR-C and BCR-P, which were approved by the Hesse Data Protection Authority (Germany) and the European Data Protection Board.
- BCR-C: Applicable to all personal data transferred by Infosys entities acting as a controller to other controllers or to processors within the Infosys Group established outside the EEA/Switzerland.
- BCR-P: Applicable to all personal data transferred by Infosys entities acting as processor on behalf of a controller that is not a member of the Infosys Group to Infosys entities acting as sub-processors outside the EEA/Switzerland.
Our Commitment to Privacy
- At Infosys, transparency is a cornerstone of our privacy policy. We provide clear and concise information about how we collect, use, and protect your personal data. Therefore, the essential parts of our BCR-C and BCR-P are publicly available to inform you as a data subject (see below), allowing you to understand our privacy measures and procedures.
- We employ security measures to protect your personal data from unauthorized access, alteration, or loss by implementing robust security protocols, including encryption, access controls, and regular compliance audits to maintain the integrity of your personal data.
- We take responsibility for the personal data we process and have subjected ourselves to strict rules for data processing activities. Our employees are regularly trained in data protection principles and handling personal data under the Binding Corporate Rules. We have appointed Srinivas P, our Group Data Protection Officer (DPO) to oversee compliance and address any privacy concerns you may have.
At Infosys, your privacy is our priority. Our Binding Corporate Rules reflect our dedication to protecting your personal data and maintaining your trust. Thank you for placing your confidence in us.
For more information about our privacy practices and Binding Corporate Rules, please contact our Data Privacy Office at privacy@infosys.com.
You can download of BCR-C and BCR-P for informing you as a data subject here:
