Contact us

LTIMindtree Privacy Policy

Introduction

Your privacy is important to us. LTIMindtree Limited and its group companies (“‘LTIMindtree”,’) is committed to respecting your privacy throughout your relationship with LTIMindtree. This LTIMindtree General Data Privacy Statement (“General Privacy Statement”) defines the requirements to ensure compliance with the applicable data privacy laws and regulations applicable to LTIMindtree’s collection, use, and transmission of Personal Data (the meaning of which is set out below) for information collected by us about you.

Protecting the privacy rights of data subjects and safeguarding their Personal Data is now being treated as a basic right of an individual and a legal requirement in many parts of world. LTIMindtree, being a global organization, respects the privacy of data subjects and is committed to complying with the applicable data privacy laws and legislations (including but not limited to EU General Data Protection Regulation 2016/679 (the “GDPR”), the GDPR as saved into UK law (the “UK GDPR”) (references in this General Privacy Statement to GDPR also include UK GDPR) California Consumer Privacy Act, California Privacy Rights Act, The Privacy Act 1988 (Australia) including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK), Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and Personal Data Protection Act 2012 (Singapore), the Federal Law on Protection of Personal data held by Private Parties and its Regulations (Mexico) (the “LFPDPPP, in its Spanish acronym), the Swiss Federal Act on Data Protection 1992 and as of September 1, 2023, the Swiss Federal Act on Data Protection 2020, the Federal Decree-Law No. 45/2021 on the Protection of Personal Data (UAE), the Protection of Personal Information Act 4 of 2013 (South Africa), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and any substantially similar provincial law, Personal Data (Privacy) Ordinance Cap. 486 (Hong Kong), the Personal Information Protection Law (“PIPL”) (China), the Privacy Act 1988 (Cth) (Australia)  and other applicable privacy laws to the extent that they apply to LTIMindtree’s data processing and business operations) (the “Data Privacy Laws”).

Policy Statement

This General Privacy Statement is generally designed to explain and set out LTIMindtree’s procedures and policies when processing Personal Data and Personal Information (the meaning of which are set out below) by the organization.

The General Privacy Statement comprises of details about:

  • Which Personal Data we Collect
  • How we collect and Use Personal Data
  • Purpose and lawful basis of Processing
  • How we Share and Disclose Personal Data
  • What Rights do you have?
  • How do we keep Personal Data secure
  • How to get in touch with us regarding Data Privacy?

for each category of data subject according to the relatioship shared with LTIMindtree.

Please refer to the Global Data Privacy Policy found here on www.LTIMindtree.com for definitions and terms that have not been defined in this General Privacy Statement. Please also refer to the relevant jurisdiction specific Data Privacy Laws for all other terms.

Scope

Applicability: The scope of this General Privacy Statement applies to LTIMindtree, its affiliates, business partners, employees, and Third Parties providing services to LTIMindtree (together “LTIMindtree”, “We” or “Us”). It covers Processing (including but not limited to collection, storage, usage, transmission and destruction) of Personal Data of LTIMindtree’s current and previous employees, prospective candidates, current, prospective and previous customers, current and previous partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by LTIMindtree during the course of its business activities.

Role: LTIMindtree acts as a Data Controller with respect to any Personal Data it holds about you. LTIMindtree is responsible for ensuring that it uses your Personal Data in compliance with the Data Privacy Laws. The relevant entities that may act as the Data Controller are listed in Section 6 of this General Privacy Statement.

Privacy Notice based on your relationship with us:


Website visitors

Read the website privacy policy for details.

Job Applicants/Candidates

Read the privacy notice for candidate/job applicants for details.

Employees (current and former)

Read the privacy notice for employees for details.

Subcontractors

Read the privacy notice for subcontractors for details

Visitors to LTIMindtree Office

Read the privacy notice for visitors to LTIMindtree offices for details.

California Privacy Statement

Read the privacy notice for California Residents for details.

Global Privacy Policy


For country-specific or Regional language privacy policies and notices, please click here



Legal basis of Processing

We Process your Personal Data, Personal Information based on the following legal bases pursuant to applicable Data Protection Laws:


Performance of Contract

We process your Personal Data and Personal Information, where necessary in order to take steps at your request prior to entering into a contract or for the performance of a contract with you. For instance, We may process your Personal Data for employment purposes (such as processing your salary, administering benefits) or providing services to our customers which are necessary to execute the contract. If you do not provide Personal Data for processing under this legal basis, We may not be able to perform as per the respective applicable contract.

HR Necessity

We may process your Personal Data where necessary for human resources management implemented in accordance with the labour rules and LTIMindtree’s internal regulations for employees formulated according to the law or collective contracts signed according to the law.

Consent

Where permitted under applicable local laws, We may (but usually do not) process your Personal Data, Personal Information or Sensitive Personal Data based on your prior freely given consent for one or more specific purposes. In such cases, you have the right to withdraw your consent at any time by contacting the contact details below provided in this General Privacy Statement (Section 9). In certain limited circumstances, even after withdrawal of your consent, we may be entitled to continue processing your Personal Data on the grounds of other legal bases and as notified to you. However, in certain jurisdictions, applicable local law may require that consent be obtained and in such circumstances, your consent will be the lawful basis for which we process your Personal Data.

Legitimate Interests

We may process your Personal Data and Personal Information where it is necessary for the purposes of our Legitimate Business Interests as a company, including for management purposes, which are outlined above, to prevent and respond to actual or potential fraud or illegal activities, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is under 18 years old. When “legitimate interests” are not a legal basis for processing under the applicable local law, we will rely on your consent.

Legal Obligations

We may process your Personal Data and Personal Information where it is necessary in order to comply with applicable legal and/or regulatory obligations, establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Other “Public Interest” Grounds

We may process your Personal Data, Personal Information (or where relevant, your Sensitive Personal Data) on other public interest grounds where it is subject to regulatory requirements where Processing is necessary by Us for the performance of a task mandated by governmental authorities, regulatory authorities or any other law enforcing authorities in the public interest.



For details about your respective categories of data, please refer to the applicable notices available in Section 3 above.

Personal Data of Individuals below 18 years

We process Personal Data or Sensitive Personal Data of any individuals below the age of 18 years only for travel, immigration purposes or when you are visiting our premises. If we are required to process Personal Data or Sensitive Personal Data of such individuals, then We shall do so by taking explicit consent from their legal guardians and from the minor if they have capacity to give consent, based on their age and maturity. If it comes to your knowledge that We have unintentionally collected or received Personal Data or Sensitive Personal Data about an individual below the age of 18 years directly from them, then please immediately notify Us in the contact details provided in this General Privacy Statement (Section 9 below) and We will accordingly delete such information.

Note: We do not collect, use nor process Personal data of Individuals below 18 years on our website. If you are below the age of 18 years, then We do not want you to provide any of your Personal Data in our website.

Data Transfers and Disclosure of Personal Data

We are a part of the Larsen and Toubro Group (www.larsentoubro.com) which is an international group of companies and, as such, transfer Personal Data/ Personal Information to various countries where we and our parent company and affiliates operate.

We may transfer Personal Data/ Personal Information/between our group companies and data centres for the purposes described in this General Privacy Statement. We may also transfer Personal Data/ Personal Information to our Third Party suppliers, customers or business partners in different geographic locations. These data transfers are necessary to provide our products and services. Please click here to view the list of entities and branches of Larsen and Toubro.

Where we transfer your Personal Data/ Personal Information/ Sensitive Personal Information outside of your jurisdiction, we will ensure that it is protected and transferred in a manner consistent with applicable Data Privacy Laws.

For transfers to our group companies, third parties, suppliers outside of the EEA, we use standard contractual clauses or an appropriate tool of transfer. You may reach out to us on if you would like more details about the tool/method used.

For more details about data transfer for your respective categories of data, please refer to the applicable notices available in Section 3 above.

Security of Personal Data/ Personal Information/ Sensitive Personal Data

In order to comply with our data security obligations under applicable Data Privacy Laws, We have adopted the following physical, technical and organizational security measures to ensure the security of your Personal Data/ Personal Information and Sensitive Personal Data and PHI, taking into account the applicable industry standards, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights and freedoms:

  • That includes the prevention of their alteration, damage, loss, unauthorized processing or access, having regard to the nature of the data and the risks to which they are exposed by virtue of hu-man action or the physical or natural environment.
  • We shall comply with the security safeguards as per our contractual and statutory requirements in consultation with its internal I.T department.
  •  The Office of Data Privacy and Chief Information Security Officer shall assess the security measures implemented to safeguard Personal Data, Personal Information and Sensitive Personal Data on a regular basis and update the same, where required.
  • All employees and contractors shall be imparted with mandatory Privacy training (e.g., Training on Embedding Privacy in Software Development etc.). Further confidentiality agreements and Non-Disclosure Agreements shall be signed by all employees and contractors on or before their joining date with LTIMindtree.
  • We have implemented the following safeguards to ensure the Personal dData We collects, stores, processes and sharesdisclose is secure:
  • Physical Security Controls
    • Facility Perimeter, HD access reader, Data Centre, Video surveillance
  • IT Infrastructure Controls
    • Encryption, DLP, Data masking, controlled Portable ports, Access Control, Unauthorized software check, Data destruction, System Hygiene measures, Monitoring, User Access Management, Patch Management, Vulnerability Management.

We have implemented an incident and breach management procedure to ensure that exceptions in data privacy compliance are promptly reported to the Office of the Data Privacy and to the appointed Data Protection Officer.

Rights of Data Subjects

Pursuant to the GDPR, you have the following rights regarding your Personal Data provided for:


The right to obtain access to your Personal Data

According to Article 15 of the GDPR, you can request a copy of your Personal Data. In particular, you can request information on the purposes of the Processing, the categories of data, the categories of recipients to whom your data has been or will be transferred, the data retention period, the existence of a right of rectification, erasure, limitation of Processing or object, of rectification, erasure, restriction of Processing or object, the existence of a right to lodge a complaint, the source of your data if they have not been collected directly by us, as well as the existence of automated decision-making, including profiling and, if applicable, significant information on its details.

Please note that according to the GDPR there are circumstances in which We are entitled to refuse requests for access or to receive copies of your Personal Data as in particular cases where such disclosure would adversely affect the rights and freedoms of others.

Right to Rectification of Incorrect Data

The right to obtain rectification of your Personal Data if they are inaccurate or incomplete (Art. 16 GDPR).

Right to Erasure

The right to obtain erasure (‘right to be forgotten”) pursuant to Art. 17 GDPR of your Personal Data: According to the GDPR where one of the following grounds applies, please note that under other circumstances We are legally entitled to retain it:

  • if they are no longer necessary in relation to the purposes for which they were collected or otherwise Processed;
  • if their processing was based on consent and you have withdrawn your consent, and there is no other legal ground for Processing;
  • if the Processing is made for marketing purposes;
  • if you object to the processing on grounds of your particular situation, and there are no overriding legitimate grounds for the Processing;
  • if your data were Processed unlawfully; or
  • your data have been erased for compliance with a legal obligation.

Right to Restriction of Processing

The right to obtain restriction of the Processing of your Personal Data according to the conditions set out by the GDPR (Art. 18 GDPR).

Right to Data Portability

The right to receive your Personal Data provided to Us as a Data Controller in a structured, commonly used and machine-readable format and to transmit that Personal Data to another controller (‘data portability’)

Right to Object

The right to object to the Processing of your Personal Data on grounds relating your particular situation, at any time. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Art. 21. GDPR).

Right to Withdraw Consent

If the Processing of your Personal Data is based on consent, you can withdraw your consent at any time (Art. 7 (3) GDPR). Your right to withdraw consent can be exercised by contacting Us as set out in Section 9 below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.  In certain circumstances it is lawful for Us to continue Processing your Personal Data without your consent if We have another legal basis (other than consent) for doing so and as notified to you prior to the change of legal basis.



  • According to Article 20 of the GDPR , please note that this right only applies to Personal Data which you have actually provided to us, and when the Processing is based on your consent or on a contract as a legal basis.
  • The right to lodge a complaint with the competent data protection supervisory authority, if you think that any of your data protection rights have been infringed by us. We can, via the contact details provided in this General Privacy Statement, tell you which data protection supervisory authority is competent for the complaint regarding the Processing of your Personal Data.
  • Under article 48 of the French Data Protection Act, data subjects also have the right to set down instructions for the management of their personal data post mortem.
  • If you need our assistance to exercise the above rights, please contact Us as set out in Section 9 below.
  • If the Processing of your Personal Data is based on consent, you can withdraw your consent at any time (Art. 7 (3) GDPR). Your right to withdraw consent can be exercised by contacting Us as set out in Section 9 below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In certain circumstances it is lawful for Us to continue Processing your Personal Data without your consent if We have another legal basis (other than consent) for doing so and as notified to you prior to the change of legal basis.
  • Right to have onsite access of your Personal Data (for Mexico only).
  • Right to raise a request to cancel processing of your Personal Data (for Mexico only).
  • Right to limit the use and disclosure of your Personal Data (for Mexico only).

Following are the data subject rights applicable to the respective jurisdictions:


Data Subject RightsEurope including UK and SwitzerlandUSCanadaMexicoAustraliaSingaporeIndiaUAEChinaHong-KongSouth Africa
Right to Information / AccessYesYesYesYesYesYesYesYesYesYesYes
Right to withdraw consent (opt-out)YesYesYesYesYesYesYesYesYesYesYes
Right to Object processingYesYesYesYesYesYesYes
Right to Restrict processingYesYesYesYesYesYes
Right to Erasure (to be Forgotten)YesYesYesYesYesYesYes
Right to RectificationYesYesYesYesYesYesYesYesYesYesYes
Right of Data PortabilityYesYesYesYesYesYes
Right not to be subject to automated decision making /
profiling
YesYesYes
Right to Complain to the Supervisory authorityYesYesYesYesYesYesYesYesYesYesYes
Right not to be subject to discrimination for the exercise of rightsYesCalifornia ResidentsYesYes
Opt-out of sale of dataYesCalifornia ResidentsYes
Right to raise a request to cancel processing of your Personal DataYes
Limit the use and disclosure of your Personal Data.Yes
Right to have onsite access of your Personal DataYes


To  receive more details about the applicable procedure and requirements, you may raise a request by contacting dataprotectionoffice@ltimindtree.com

To exercise the rights outlined above or if you belong to any other jurisdiction that is not listed above in respect of your Personal Data, you may write to dataprotectionoffice@ltimindtree.com with the following information:

  • Full Name:
  • Email id:
  • Data Subject Right you want to exercise:
  • Relationship with LTIMindtree (job applicant, student, customer, contractor, employee of LTIMindtree, website
    visitor, Visitor to LTIMindtree, former employee of LTIMindtree, on behalf LTIMindtree’s Data subject, on behalf
    of a Data subject below the age of 16)
  • Country of Residence:
  • Request Details:

As part of processing your request, we require you to provide certain Personal Data about you in order to verify your identity. Additionally, in accordance with your rights, you may designate an authorized agent to make a request on your behalf, if permitted by applicable laws. In order to comply with your request, we will require the Personal Data referenced above to be used for identity verification purposes, as well as the name, email address, and telephone number of your authorized agent.

LTIMindtree kindly asks you to scrupulously assess your legitimate right(s) and interest(s) before raising any official request under our platform.

  • California Privacy Rights

In the preceding 12 months, we have collected the following categories of Personal Information: identifiers, financial information, health and medical information, demographic information and information relating to protected characteristics, commercial information, biometric information, internet or other electronic network activity information, geolocation data, audio, electronic, and visual information, professional or employment related information, Sensitive Personal Data, and inferences drawn from other information we collect. The categories of sources from which we collect Personal Information are described in Section 5 of the Global Data Privacy Policy. The business and commercial purposes for collecting Personal Information are described in Sections 6 and 9 of the Global Data Privacy Policy. In the preceding twelve months we have shared identifiers, internet and other electronic network activity information, and inference information with advertising partners and social media platforms for advertising and other commercial purposes. We have disclosed the categories of Personal Information described above for the purposes and to the categories of recipients identified in Section 17 of the Global Data Privacy Policy. We do not knowingly share or sell information about individuals younger than 16 and we do not use Sensitive Personal Data for any purposes that would require us to provide a Notice of the Right to Limit Use of Sensitive Personal Data.

The CCPA provides California residents with the right to request to know more about the categories of Personal Information that the business collects, sells, sharesor discloses concerning California residents and We shall provide such information without charge to the requesting California resident after verifying the request. We are required to provide such information no more than twice in a 12-month period. Under the CCPA, “collects” includes information bought, rented, gathered, obtained received and accessed whether actively, passively or by observing the California resident, provided, however, that We are limited in terms of what We can disclose with respect to certain Sensitive Personal Data.

The CCPA requires that We provide data access and data portability to California residents.
Subject to certain exceptions, the CCPA grants rights to California residents to request the deletion of their Personal Information.
The CCPA permits California residents to request that we correct any inaccurate data.
The CCPA permits California residents to opt out of sharing their Personal Information.
The CCPA prohibits discrimination against California residents that elect to exercise their rights under the CCPA.

Please contact the Data Privacy Officer if you are attempting to fulfill any of the above requests by writing to dataprotectionoffice@ltimindtree.com with the following information:

  • Full Name:
  • Email id:
  • Data Subject Right you want to exercise:
  • Relationship with LTIMindtree (job applicant, student, customer, contractor, employee of LTIMindtree, website
    visitor, Visitor to LTIMindtree, former employee of LTIMindtree, on behalf LTIMindtree’s Data subject, on behalf
    of a Data subject below the age of 16)
  • Country of Residence:
  • Request Details:

California residents who provide Personal Information are entitled to request information about themselves that We disclosed with Third Parties for their own direct marketing purposes (if applicable), including the categories of information and the names and addresses of those businesses. We do not currently share the Personal Information of California residents with Third Parties for their own direct marketing purposes.

For more information, please refer to “LTIMindtree California Privacy Statement.”

  • China Privacy Addendum:

For Information on China specific Data Privacy Policy, please refer to “China Privacy Addendum”.

Contact Information, Complaints and Grievances

If you have any questions, comments, or suggestions, complaints or grievances, of if you want to exercise your privacy rights or wish ro raise or consult Us on any privacy issues, our use of Personal Data or Personal Information , you can contacts our appointed Data Protection Officer (“DPO”).

Complaints related to Personal Data and Personal Information protection and any communications regarding enforcement of your privacy rights should be directed to the Data Protection Officer at the following contact details:

Global Data Privacy Officer for LTIMindtree Limited:

Attention: Jagannath PV (Data Protection Officer)

Phone- +91 22 67766776

Data Privacy Officer for LTIMindtree Limited (Germany Branch) and European Representative:

United Kingdom Representative

Switzerland Representative

Email ID – dataprotectionoffice@ltimindtree.com

United Arab Emirates

Email ID – dataprotectionoffice@ltimindtree.com

South African Representative

Email ID – dataprotectionoffice@ltimindtree.com

We will use reasonable efforts to respond your complaint within a reasonable time, usually within 30 days.

You may also raise a concern or lodge a complaint with the competent Supervisory Authority. The name and contact details of the Data Protection Authorities in the European Union can be found here:

You may reach out to the DPO Office (in the above-mentioned contact details) in the event you want a copy of this privacy notice in the local language of European countries where LTIMindtree has an office.

If you are in Australia, and we are unable to satisfactorily resolve your privacy concerns, you can contact the Office of the Australian Information Commissioner on their website www.oaic.gov.au

Policy Changes and Publication

This General Privacy Statement was last updated on November 14, 2022.

This General Privacy Statement may be revised and updated from time to time. The most recent version of this General Privacy Statement will be available in this web page.