Web Site Privacy Statement
Last Revised: December 31, 2019
ExlService Holdings, Inc. and its subsidiaries (“Company”, “we” or “us”) have a long-standing commitment to safeguard the privacy of information entrusted to us. The privacy principles and procedures set forth below are intended to tell you how we collect, use, and distribute personal information via our primary public web site www.exlservice.com (the “Web site”). This statement also applies generally to all web sites operated by Company (collectively, the “Web sites”) or when you interact with us via social media. When you visit a Web site operated by a Company entity, that entity will be the “controller” of your personal information for the purposes of EU data protection laws, including the General Data Protection Regulation (2016/679) (the “Data Protection Laws”), where those laws apply.
This statement does not cover information collected from sources other than Company’s Web sites.
We collect, use, and distribute information from you and any devices you use to interact with us via the Web site in different ways. If you use this Web site, personal information about you may be collected and processed by Company, its employees and affiliates, service providers, and certain third parties.
Information You Give Us
We collect information that you provide when you communicate with us via the Web site. When you interact with us on social media, we collect your social media handle and basic account information. For example, if you contact us through our “Contact Us” page we will collect your name, contact details, and place of work and then use this information to respond to you. We generally limit access to personal information about you (except as otherwise disclosed in this Privacy Statement) to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. If you access the restricted access portions of our Web sites, you may be required to provide additional information (see below).
If you use restricted access or password protected portions of the Web sites, we collect certain additional information from you (“Registration Information”). Registration Information includes your name, title, street address, city, state, country, postal code, telephone number, and e-mail address, and any other information useful to our products and services. We will use this information in order to comply with our contractual obligations to you, communicate with you, maintain our internal records, comply with any legal or regulatory obligations we are subject to under applicable laws, and to enforce and protect our rights. In addition, in the restricted access or password protected portions of Company’s Web sites, information (including Registration Information) you provide may be shared with other customers with access to restricted access or password protected portions of Company’s Web sites. We provide this information to enable our customers to directly contact each other.
For the purposes of the EU Data Protection Laws, our legal basis for processing personal information that you provide to us via our Web sites is that it is necessary for our legitimate interests in conducting and developing our business, and meeting and anticipating the requirements of our current and prospective customers.
Information That Is Automatically Collected
Company automatically collects or processes personal information such as your Internet domain, IP address, browser type, type of operating system you use, the domain name of your Internet service provider, and pages visited on the Web site, as part of the operation of this site or during the course of your activities on or use of this Web site.
Information That We Collect Using Cookies
International Transfers of Your Information
In nearly all cases, the above described data may be collected or processed by, and transferred to, Company’s facilities in the United States and in other jurisdictions where Company does business such as India, South Africa, Australia, the Philippines, Colombia, and Europe; the data may then be subject to the legal systems of those countries. This may be done through the site’s Internet Service Provider (ISP) or through the use of such tools as Google Analytics. This information is gathered to improve the quality of our services and our ability to market those products and services to specific individuals and organizations that could benefit from them.
We will ensure that all transfers of your information take place in accordance with the Data Protection Laws, where applicable. You may contact us to find out more about the relevant safeguards in place for cross-border transfers (see “Contact Information” below).
Sharing With Affiliates, Parties and Suppliers of Services
We share data, including information about you, with our affiliates, partners, subsidiaries and companies or individuals who provide services to or on behalf of Company throughout the world, such as service providers assisting us in carrying out a transaction or providing a service for you (e.g., packaging, sending and delivering purchases and information to you, clearing transactions, or performing statistical analyses of our services, performing promotional services and training services). To the extent that these entities have access to your information, they will have agreed with Company to follow or already have privacy practices no less protective than our practices described in this document.
How Personal Information Is Shared With Third-Parties
Company may disclose information to third parties in connection with merger and acquisition discussions, when required by regulatory authorities, law enforcement agencies, courts and other tribunals, subpoena, search warrant, or other legal process, or in response to activities that are unlawful or a violation of Company’s rules for use of the Web site, or to protect and defend the rights or property of Company.
Notwithstanding anything to the contrary in this Privacy Statement or elsewhere on our Web site, Company reserves the right to share any information you submit in connection with the sale, assignment, or other transfer of the business of this Web site and/or Company.
Occasionally, Company may also use the information that Company collects to notify you about important changes to the Web site, new services and offers Company thinks you might find valuable. Individuals and organizations who do not wish to receive those mailings or materials (whether e-mail or paper mail) or who believe they are receiving those mailings by mistake can contact Company (as described below under Contact Information) and request removal from the mailing list.
Special Information For California Residents
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access and control Personal Information. The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.
Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed
Please see the Notice of California Consumer Data Collection and Sharing Practices, below.
Right to Access Information
You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request.
Right to Request Deletion of Information
You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Opt Out of Sale of Personal Information to Third Parties
You have the right to opt out of any sale of your personal information by Company to third parties. To exercise this right, please visit our “Do Not Sell My Personal Information” webpage. Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal information only for that function.
Your California Privacy Rights
Residents of the State of California also have the right to request information regarding third parties to whom the company has disclosed certain categories of Personal Information during the preceding year for the third parties’ direct marketing purposes.
How to Submit a Request
You may submit a request to exercise your rights through any one of three means:
- By visiting the Privacy Page in Your Account Portal, where you can request and download specific pieces of information we have collected. By logging in to your account to submit the request, you will be able to automatically verify your identity, which will result in faster processing of your request.
- By filling out a Consumer Data Request Form available here.
- By calling us at the applicable office or, if available, the designated 800 number.
Notice of California Consumer Data Collection and Sharing Practices.
- Personal Identifiers:
- We collect first name, last name, company name, email address, telephone number, location/country, and contact address when you contact us via the Web site. If you use restricted access or password protected portions of the Web sites, you also will be asked to create a username, and we will assign one or more unique identifiers to your profile. We will also collect registration information such as your name, title, postal address, telephone number, e-mail address.
- We collect your social media handle and basic account information when you interact with our services through social media. We use this information to respond to your requests or complaints.
- We do not collect your payment information.
- We do not collect your social security number, driver’s license number, or passport number.
- We do not collect any medical information or health information about you.
- We collect your IP address automatically when you use our Services.
- We collect information about the type of device being used and your Internet service provider automatically when you use our Services.
- Protected Classifications: We collect information related to your age and gender when you visit the website in order to assess the performance of the website and learn about our visitors. We also collect age information in order to comply with laws that restrict collection and disclosure of personal information belonging to minors. We do not collect information regarding race, religion, ethnic origin, or sexual orientation.
- Commercial Information: When you submit inquiries about our goods or services, we create records of goods or services considered, as well as purchasing or consuming histories or tendencies.
- Biometric Information: We do not collect information about your physiological, biological, or behavioral characteristics.
- Internet or Other Electronic Network Activity Information: When you navigate to and use the Web site, we collect information such as your Internet domain, the domain of your Internet service provider, the date and time that you access the site, the Internet address of the web site from which you linked directly to the Web site, and the pages you visit on Company’s Web sites. We do not collect information regarding the navigational habits of identified users without obtaining the users’ consent.
- Geolocation Data: As described above, we collect your IP address automatically when you visit the Web site. We may be able to determine your general location based on the IP address. We do not collect your precise location (e.g., your GPS coordinates).
- Audio, electronic, visual, thermal, olfactory, or similar information: If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. We do not collect your image or any thermal, olfactory, or similar information.
- Professional or employment-related information: We collect your place of work when you contact us via the Web site. If you use restricted access or password protected portions of the Web sites, your job title is among the registration information that we collect.
- Education information: We may collect any information about the institutions you have attended or the level of education you have attained.
- Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We do not analyze personal information collected via Company’s Web sites to create consumer profiles.
On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We sell the following information:
- Personal Identifiers:
- If you use restricted access or password protected portions of the Web sites, we share certain Registration Information with third parties to enable our customers to directly contact each other.
Company has implemented commercially reasonable technological and operational security processes to protect information from loss, misuse, alteration, or unintentional destruction. While no security measure can guarantee against compromise, Company regularly reviews and updates its security measures in an effort to provide appropriate security for all information held by Company.
Modifications to Statement
Company reserves the right to change, modify, or update this statement at any time. We indicate the date of the current statement below, so you know when it was last updated. Continued use of the Web site after any such revision or modification constitutes your acceptance of the Privacy Statement as so revised or modified, where permitted by law.
Access and Accuracy
Company wants to maintain only accurate information about users of the Web site. You can request access to your personal information by contacting Company in writing at firstname.lastname@example.org. Upon receipt of appropriate identification information, and where required by applicable Data Protection Laws, Company will provide you with access to the information that it maintains about you. If you find factual inaccuracies, please notify Company so that they may be corrected.
In addition to your right to request access to your information, you may have other rights under applicable Data Protection Laws. These may include the right to request that your information is erased, the right to ask us to restrict how we process your information, and the right to withdraw consent to how we process your information. Please contact email@example.com if you would like to make a request.
You may also have the right to complain about the use of your personal information to a supervisory authority with oversight of applicable Data Protection Laws.
Company will not retain your personal information longer than is necessary for the purpose it was collected, and in order to comply with the requirements of any applicable law or regulation.
For example, if your personal information has been provided to us in connection with the ordering of a service, we will retain it for as long as is necessary to provide that service, and for as long any legal action could be brought in relation to it.
Company takes children’s privacy seriously and does not knowingly collect, use or disclose personal data from children and is committed to complying with all applicable laws and requirements, such as the United States Children’s Online Privacy Protection Act (COPPA). Company encourages all parents and guardians to instruct their children in the safe and responsible use of personal information on the Internet. Company’s Sites are intended for users age 16 and older and we do not knowingly collect information from children under 16. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information.
Linked Web Sites
We may provide links to third party sites. Since we do not control these web sites, we encourage you to review the privacy statement posted on these (and all) third party sites. Company is not responsible for the privacy statements or practices of sites and services controlled by other companies or organizations.
Customers should direct comments or questions regarding this statement, who can be contacted at firstname.lastname@example.org.