Last Updated On: December 7, 2023
Introduction
Digital Risk is committed to protecting your privacy. This Privacy Notice explains the use and protection of personal information collected by Digital Risk. It applies to any personal information you provide to Digital Risk and, subject to local law, any personal information we collect from other sources. Digital Risk protects your personal information in accordance with applicable laws and our data privacy policies. In addition, Digital Risk maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure, or access thereto.
Throughout this privacy notice, "(Digital Risk)" refers to Digital Risk LLC, including its affiliates and subsidiaries (also referred to as "we", "us", or "our").
We may collect personal information such as your personal details and contact details. Digital Risk may also collect "sensitive" personal information about you when you voluntarily provide this information or where such information is required for us to respond to your request for products or services or permitted to be collected by law or professional standards. Sensitive Personal Information (SPI) includes personal information regarding a person's physical or mental health, genetic data, biometric data. Individuals should use their discretion when providing sensitive information to Digital Risk. When you provide information that enables us to respond to your request for products or services, we will, wherever permissible by relevant laws, collect, use, and disclose this information to third parties including clients both prospective and existing ensuring strict confidentiality and adhering to appropriate security standards for the purposes described in this Notice. This includes collecting information when you:
Visit Digital Risk Websites
In some instances, Digital Risk automatically collects personal information pertaining to you when you visit our websites and through e-mails that we may exchange with you. We may use automated technologies including the use of web server logs to collect IP addresses, "cookies" and web beacons.
The collection of this information will allow us to improve the effectiveness of Digital Risk websites and our marketing activities.
Digital Risk also collects information provided by you from our contact us form (e.g.,) and our careers portal (e.g.,) on our website.
By using Digital Risk websites, associated microsites, and mobile applications, you agree to the processing of your information as explained in this Notice.
Digital Risk websites may contain links to other sites which are outside our control and are not covered by this Notice. We encourage you to review the privacy statement/notice of each website you visit provided on Digital Risk Websites and satisfy the need for providing personal information of any kind.
Engage with Digital Risk through social media
You can engage with us through social media websites or through features on Digital Risk websites that integrate with social media sites. When you engage with us through social media sites, you may allow us to have access to certain information from your social media profile based upon your privacy preference settings on such platform.
Access our Websites through Mobile Devices
If you access our websites on your mobile device, we may also collect your personal information, device information, contact information, network information and other details.
When you provide us with your mobile phone number, you consent to the use of your mobile phone number for the purposes identified in this Notice. If you choose to refrain from receiving any text notifications from us on your mobile, we will not be using your mobile number for such purposes unless required to meet legal requirements or for legitimate business purposes.
We do not collect more information from you than is required for us to fulfil our stated purposes and will not retain your information for longer than is necessary.
Purposes of collection and use of collected Data
The personal information we collect for the purpose of and that may be used to:
• Provide information and services as requested by you
• Assess queries, requirements, and process requests for products and services
• Perform client communication, service, billing, and administration
• Conduct data analysis
• Execute monitoring
• Share it with affiliated entities/subsidiaries/branch offices for legitimate business purposes
• Share it with statutory authorities, government institutions or other bodies for compliance with legal requirements
• Market products and services based on legitimate business interest under the applicable law or
• Conduct processing necessary to fulfill other contractual obligations for the individual
• To conduct background verifications for employee onboarding
• Job Application processing
• Address Data Subject Rights Requests
With your consent, we may also use your personal information for additional purposes. Instances where sensitive personal information is collected will warrant explicit consent. Unless it is necessary for our legitimate business purposes, should you choose not to provide any personal information during certain activity, you will be able to continue with such activity wherever possible.
We do not seek to collect personal information of children under the age defined in respective and applicable jurisdiction(s). If ever such children data is collected for the purpose of the services or products requested by you, we will secure explicit consent from the parent or legal guardian for the legitimate process.
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Please note that we may process your Personal Data without your knowledge or consent, where it is required or permitted by law.
Except for certain information that is required by law or by Digital Risk policies (including management of an employment relationship with Digital Risk), your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
Lawful Grounds for Processing of Personal Information
To perform a Contract:
• To fulfil and meet the business requirements and contractual obligations for which you have provided the Personal Data (including during the performance of your employment relationship with us).
• To provide information, services, or support.
• To plan, perform, and manage our relationship with and to carry out any related administration.
To carry out our Legitimate Interests:
• To identify you for the purpose of ensuring compliance with the terms of our agreements.
• To communicate related to the Services, including using email, SMS, and social media platforms.
• For fraud detection and information security purposes.
• To market products and services based on legitimate business interest under the applicable law.
• To help maintain the safety, security, and integrity of our Sites, Services, databases, technology assets, and business.
• To improve our Services and to tailor and personalize our Sites.
• For accuracy and to verify information with third parties as needed.
• To enforce this Notice, and our policies, terms of use, agreements and other provisions related to the Services.
• To carry out research, including market research, statistical research on site traffic, sales, and other commercial information to assist us in improving the Services.
With your Consent:
• We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws
• To the extent you are asked to click on/check "I accept", "I agree" or similar buttons/checkboxes/functionalities in relation to a privacy statement, doing so will be considered as providing your consent to process your personal data, only in the countries where such consent is required by mandatory law. In all other countries, such action will be considered as a mere acknowledgement and the legal basis of the processing of your personal data will not be your consent but any other applicable legal basis.
To fulfill a Legal Obligation:
• To identify you for compliance purposes.
• To detect, investigate and prevent activity we think may be potentially illegal, unlawful, or harmful.
• To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
Disclosure to Third Parties
Digital Risk does not share personal information about you with non-affiliated companies except:
(a) to provide products or services you’ve requested;
(b) when we have your permission; or
(c) under the following circumstances:
We provide the information to trusted entities who work on behalf of or with Digital Risk under strict confidentiality agreements. These entities may use your personal information to help Digital Risk communicate with you about offers from Digital Risk and for other legitimate business purposes. However, these companies do not have any independent right to further share or disseminate this information.
We may share your information in the following circumstances:
Service Providers Processing Data on Our Behalf
• We may use contractors and service providers to process your information on our behalf for the purposes described in this Privacy Statement.
• We contractually enforce that contractors and service providers keep information secure and confidential. We do not allow them to share or use your information without our prior authorization. Where you have an independent relationship with these service providers their privacy statements will apply.
• We share information with our clients both prospective and existing under strict confidentiality agreements and ensure adherence to appropriate security standards and safeguards.
Law Enforcement
In certain instances, and under applicable law, it may be necessary for us to disclose your information to government officials or other third parties in response to the following:
• A subpoena, warrant or other process issued by a court of competent jurisdiction.
• A legal process having the same consequence as a court-issued request for information, in that if we were to refuse to provide such information, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honor such legal process.
• Where such disclosure is necessary for us to enforce our legal rights pursuant to the laws of the jurisdiction from which such information was gathered, or where we reasonably consider that this is necessary for it to protect our legal rights or to allow a third party to do so.
• A request for information with the purpose of identifying and/or preventing financial fraud.
• Where such disclosure is necessary to prevent or lessen a serious and imminent threat of bodily harm to an individual.
Data Transfer
Digital Risk LLC may transfer certain personal information across geographical borders to Digital Risk LLC entities or service providers in other countries working on our behalf in accordance with applicable law. Digital Risk LLC may transfer your personal information to any other body corporate or a person in any country that ensures the “same level of data protection” as applicable data protection laws and regulations.
When you provide us with your information or use our websites, we may collect, transfer, store, and process your information. These transfers are governed by European Union (EU) standard contractual clauses or equivalent data transfer agreements to protect the security and confidentiality of personal information.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Digital Risk will ensure through formally executed contracts that the service providers are committed to “same level of data protection” as applicable data protection laws and regulations.
Digital Risk has implemented reasonable physical, technical, and administrative security measures to protect personal information from loss, misuse, alteration, or destruction.
Our service providers and agents are bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose. Digital Risk will ensure through formally executed contracts that the service providers are committed to "same level of data protection" as required under applicable data protection laws and regulations.
Preferences
Digital Risk takes reasonable steps to keep your personal information accurate and complete. You can access or update your personal information in the following ways.
Profile
If you have created a profile or account on one of our websites, you can update your contact information after you log into your account.
Mobile Devices
If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them, you can manage your preferences either through your device or the application settings. If you no longer wish to have any information collected by the mobile application, you may uninstall the application by using the uninstall process available on your mobile device.
Information from Children
We do not seek to collect personal information of children under the age defined in respective and applicable jurisdiction(s). If ever such children data is collected for the purpose of the services or products requested by you, we will secure explicit consent from the parent or legal guardian for the legitimate process.
Cookies
A "cookie” is a small piece of text that a website places in the cookie file of your browser and that al lows the site to remember who you are. Cookies cannot be used to run programs or deliver viruses to your computer. Digital Risk LLC only uses cookies in accordance with applicable laws. Cookies by themselves do not provide email address or otherwise ident if an individual browsing through the website. Digital Risk LLC uses cookies to compile aggregate statistics to help us determine areas of preference of a visitor.
If an individual subsequently registers with Digital Risk LLC website, the information may be linked to a cookie to enhance and personalize the online experience (e.g., by welcoming an individual when he or she returns to the website). The choice of deciding whether to accept or refuse cookies will be the responsibility of the individual. The browser can be set to reject cookies or notify the presence of cookies.
For more information about managing cookies and about how to opt-out from cookies visit our Cookie Policy
Note: Digital Risk website may not function at desired efficiency levels, or you may not experience some of the website features fully if the cookie is disabled or refused.
Email
Contact us at the e-mail listed in the "Contact Us" section at the bottom of this Notice. Please include your current contact information, the information you are interested in accessing and your requested changes. We will provide you with access to the personal information requested, subject to reasonable limitations provided by law, unless it infringes on the privacy of other individuals.
If we do not provide you with access, we will provide you with the reason for refusal and inform you of any exceptions relied upon.
Data Protection
Digital Risk has implemented reasonable physical, technical, and administrative security measures to protect personal information from loss, misuse, alteration, or destruction.
Our service providers and agents are bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose. Digital Risk will ensure through formally executed contracts that the service providers are committed to "same level of data protection" as required under applicable data protection laws and regulations.
Data Retention
We retain your personal information for as long as necessary to provide the services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.
Exercise your Rights
We respect your right to be informed, access, correct, request deletion or request restriction, portability, objection, and rights in relation to automated decision making and profiling, in our usage of your personal information as required by applicable law. We also take steps to ensure that the personal information we collect is accurate and up to date and deleted when data is no longer required. Your rights are subject to defined conditions and the feasibility of exercising such rights and subject to Geo Locations applicability.
• You have the right to know what personal information we maintain about you subject to availability.
• We will provide you with a copy of your personal information in a structured, commonly used and machine-readable format on request subject to availability.
• If your personal information is incorrect or incomplete, you have the right to ask us to update it.
• You have the right to object to our processing of your personal information only if the data is processed.
• You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our services.
• You have the right to access your personal information which may vary from visitor to visitor.
• You have a right to object to processing your personal information where it is so conducted by automated means and involves any kind of decision-making subject to discovery that your data was used for automated means.
• You also have the right to lodge a complaint with the relevant authority if you consider that the processing of your personal data infringes applicable law.
We respond to requests in accordance with applicable data protection laws. We may refuse requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, may compromise an ongoing investigation, or are impractical. It is our policy to never discriminate against you for exercising any of these rights.
To exercise your rights under this section, you can fill out the Information Requests form here.
Revision to the Privacy Notice
This Privacy Notice may be updated annually or as required from time to time as per the applicable laws, changes in regulations, precedents, or any communication from Supervisory or regulatory authorities. If any changes to the Privacy Notice have a material impact on your rights, we will notify you appropriately. Such changes to the privacy notice will apply from the effective date specified in the notice or the website. We encourage you to annually review the notice for the latest information on our privacy practices.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Specific notice for California residents
If you are a resident of California State, references to the CCPA and CPRA will be applicable to you. This notice in its entirety complies with the CCPA and CPRA notices requirement.
Digital Risk may collect your personal information as is necessary when you visit our website or social media sites to obtain information about our products or services for personal and professional use. The collected information about yourself will be used, disclosed, and retained by Digital Risk as detailed in this privacy notice.
Digital Risk as a service provider complies with the provisions of the CCPA and CPRA and obligations arising out of it based on the contractual guidance provided by Covered Business clients.
Please note - We do not sell your personal information that is collected on this website for direct marketing purposes or for any commercial purpose.
For more information related to your rights please visit CCPA Notice
However, if you have any questions or concerns about our compliance with CCPA and CPRA, please contact us as mentioned below.
For residents (data subjects) of the European Economic Area (EEA) and United Kingdom (UK), when we collect and use personal data (information) about you, we may be subject to the
• European Union General Data Protection Regulation (‘EU GDPR’);
• United Kingdom General Data Protection Regulation (UK GDPR) and
• United Kingdom Data Protection Act 2018 (UK DPA 2018) when acting as a ‘data controller’ for such personal data.
Below you will find the rights applicable to you as a resident within the EEA and UK, including your rights to your data as it may be processed by Mphasis.
• Right to access your personal information. This enables you to receive a copy of the personal data we hold about you
• Right to correction of the personal data that we hold about you. This enables you to ask us to have any incomplete or inaccurate information we hold about you corrected.
• Right to erasure of your personal data. This enables you to ask us, in certain situations, to delete or remove personal data where there is no good reason for us to continue to process it.
• The right to object to the processing of your data, where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your situation which makes you want to object to processing on this ground.
• The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data.
• Request the transfer of your data to another party.
• Rights in relation to automated decision making and profiling.
If you have any questions or complaints about this Notice, our privacy and information handling practices, you can contact our Data Protection Officer through the following details: -
Name of the Data Protection Officer: Richa Gupta
Email ID: privacy@mphasis.com