Privacy notice: Effective 12 December 2021

Coforge Business Process Solutions Pvt. Ltd.

Privacy Notice


Coforge Business Process Solutions Pvt. Ltd. (“Coforge BPS”, “we” or “us”) respects the need for privacy of Personal Information. We care about protecting the personal information of our customers and visitors who use our websites, products or services.

This privacy notice aims to inform you about how we collect, use, disclose and store information about you when you use any of our products, services or applications (collectively the “Services”) in any manner. This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

This Privacy Notice for California Residents (“Notice”) supplements the information contained in Coforge BPS Privacy policy. This policy shall exclusively and solely apply to all visitors, users, and others who reside in the State of California (“consumers”, “you”, “users”). This Notice is published in compliance to the provisions of the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA shall and will construed to be as being that of CCPA defined terms.

What information do we collect?

The information we might collect and process about you includes:
  1. Your basic identification and contact details. This may include your name, company, address, telephone number, email address and other information that you provide us.
  2. Information about your computer, such as your IP address, operating system and browser type.
  3. Information about your customer relationship with us. This may include information about your previous purchases of our products and services, your billing information, information about events you have attended, and feedback you have given us.
  4. Details of your visits to our website, the pages you view and resources you access or download.
  5. Details of the actions you take within emails we have sent you, for example, which content you click through to read on our website
  6. Information that you choose to provide by filling in a form on our website, including subscribing to newsletters and alerts.
  7. If you contact us with an enquiry, or for information, we may keep a record of that correspondence.
  8. We may ask you to complete surveys that we use for research and analysis, although you do not have to compulsorily respond to them.
  9. We may collect personal information when we meet you face to face or when you contact us either on the telephone or in writing.
When this information relates to or identifies you, it is treated as ‘personal data’.

Call recording: For quality monitoring and efficiency improvements of some of the services provided to you, we may keep a record of your telephone conversations with us.

How do we use the information?

We may use or disclose the personal information we collect for one or more of the following business purposes:
  1. To fulfill or meet the reason for which the information is provided.
  2. To provide you with information, products or services that you request from us.
  3. To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
  4. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  5. To improve our website and present its contents to you.
  6. For testing, research, analysis and product development.
  7. As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  8. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  9. As described to you when collecting your personal information or as otherwise set forth in the CCPA/GDPR.
  10. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Who will the information be shared with?

  1. The personal data we collect from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, we engage third parties to respond to any queries raised by you or to establish business communications, including marketing communications, to prospective customers.
  2. We share your personal data with service providers, which, depending on your relationship with us, may include but is not limited to payroll processors, cloud service providers, and administration support providers. Personal data shared with these service providers is for business purposes only.
  3. We have offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes.
  4. Where required or permitted by law, information may be provided to others, such as, but not limited to regulators and enforceable government directives.
  5. From time to time, we will consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar transaction. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to third parties involved in the transaction. In these instances, we will continue to ensure your personal data is protected and we will provide any impacted data subjects notice before any personal data is transferred or subject to a different privacy policy.

International and group company transfers of personal data

We are part of an international group of companies and transfer personal data concerning you to countries across the globe. Safeguards are put in place under applicable data protection laws to ensure the safe transfer of data between regions. You can find a list of the locations within our corporate group here. We transfer personal data between our group companies and data centers for the purposes described above. Your personal data will be stored in databases located in regions across the globe including India. The databases are controlled by our administrative staff located outside of the European Union including in India and can be accessed electronically.

Specific transfer mechanisms outside of the European Union under the GDPR

Where we transfer personal data outside the EU and between our group companies, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission, or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards. To the extent Protection of Personal Information Act (“POPIA”) applies, where we transfer personal data outside of the country in which Coforge BPS is established, we only transfer personal data to countries that provide an adequate level of protection and/or we ensure that we have appropriate safeguards in place to cover these transfers, as permitted under the applicable data protection legislation. If you would like more information on any of the data transfer mechanisms we rely on, please contact us at

Data storage and retention

We shall retain your personal data pursuant to the business purposes and in line with our retention policies. We will only keep your personal data for as long as is reasonably necessary taking into consideration the purposes outlined above or to comply with legal, accounting or reporting requirements under applicable law(s). To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Personal data received from prospective customers shall be retained for the duration of the prospective customer’s business relationship with us and in accordance with the retention criteria set out under applicable law(s).


We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

ISO/IEC 27001:2013

Coforge BPS Information Security Management System (ISMS) is ISO/IEC 27001:2013 certified. The audit established the overall operational effectiveness of sample of control areas comprising Coforge BPS.


Coforge BPS has been audited and received a SOC 2 report addressing the security, confidentiality and availability of Coforge BPS services. We implement industry standard security measures to keep your personal data secure and confidential, including but not limited to:
  1. Restriction of access to your personal data to our employees strictly on a need-to-know basis, such as responding to an inquiry or request.
  2. Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with applicable rules, laws, legislation and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and/or destruction. It is important that you also make every effort to protect your password and computer from unauthorized access. Be sure to sign off when you are finished using a shared computer.
  3. Disciplinary action against our employees who misuse personal data, which is a violation of our policies.

Cookies and Other Tracking Technologies

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies. Depending on which of our Websites you are visiting, we may also use third party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts, as well as to understand your browsing of the Website (for example, which page you visit or how long you stay on each page). More specifically, we use cookies and other tracking technologies for the following purposes:
  1. Assisting you in navigation;
  2. Assisting in registration to our events, login, and your ability to provide feedback;
  3. Analyzing your use of our products, services or applications;
  4. Assisting with our promotional and marketing efforts (including behavioral advertising).

Below is a detailed list of the cookies we use on our Websites. Our Websites are scanned with our cookie scanning tool regularly to maintain a list as accurate as possible. We classify cookies in the following categories:

  1. Strictly Necessary Cookies
  2. Performance Cookies
  3. Functional Cookies
  4. Targeting Cookies
  5. You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the “cookie settings” button at the bottom of the page or in the applicable Website Cookie Notice. While this Privacy Notice covers all Websites, Services and Events, each cookie notice you will find on one of our Websites applies to that Website only and also does not apply to our Services.

Data Subject Rights

You may have certain rights in relation to your personal data pursuant to data protection laws in your jurisdiction. To exercise such rights, please contact The rights for certain jurisdictions are explained in further detail below.

Residents of California:

  1. The right to know what information the business collects, discloses, and if applicable, sells (as the term is defined in section 1798.140(t) of the California Consumer Privacy Act (CCPA)).
  2. The right to access what personal information has been collected about you by making a proper Verifiable Consumer Request (VCR). Through a VCR, you may request:
    1. the categories of personal information collected about you in the preceding 12 months;
    2. the categories of sources from which personal information is collected; the business or commercial purpose for collecting personal information;
    3. the categories of third parties with whom Coforge BPS shares personal information; and
    4. Specific pieces of personal information collected about you.
  3. If the business has “sold” (as that term is defined in section 1798.140(t) of the CCPA) or disclosed your personal information for a business purpose, you have the right to request an itemized list of the categories of personal information:
    1. collected about you
    2. sold about you (this includes categories of third parties to whom information was sold and what categories of personal information for each third party); and
    3. Disclosed about you for a business purpose.
  4. The right to opt out of the sale of your personal information to a third party at any time.
  5. The right to request deletion of personal information that has been collected about you, subject to certain exceptions.
  6. The right to request that your personal information be transferred to a third party.
  7. The right to non-discrimination against you for exercising any of the rights listed above.
  8. Not to sell personal information- we do not require you to create an account to permit opt out of rights. Personal Information is collected for opt out requests only for review and action. Upon sending in a request for opt-out, a 12 (twelve) month wait period will be put to action for sending out any requests to re-initiate personal information usage.
  9. Acceptance to this policy does not intend to mean that should you use to exercise your rights under CCPA, discrimination by way of:
    1. Denial of any goods and/or services
    2. Providing a differential level or quality of goods or services
    3. Indicate that not exercising any rights under CCPA shall lead to better customer experience or benefits.

However, should the CCPA allow us specifically for extending any kind of financial incentives, those incentives will be made available to you across price, rate of delivery of services, or quality of services.

Our effort is at all times to respond as expeditiously as possible to a verifiable consumer request within 35(thirty-five) days of its receipt. If additional time is required, it will be informed to you with promptness. If the request requires additional scrutiny or is suspected to have been an outcome of an unauthorized request, we shall promptly investigate and inform you through additional contact channels. Our request will include need for additional information or verification to enable us to comply with the request. If we are unable to accede to a request, we shall provide reasons for that.

Coforge BPS does not sell personal information as defined in section 1798.140(t) of the CCPA. Coforge BPS also does not sell the personal information of children under age 16 without affirmative authorization. Our services are intended for users above the 16 and if you are younger than that, our products and/or services are not intended for you.

In compliance with the CCPA, we commit to resolve complaints about your privacy and our collection or use of your Personal Information.

To exercise your rights with respect to your personal information, you may submit a Verifiable Consumer Request on Coforge BPS request portal here

For issues accessing Coforge BPS portal, please contact

We will respond to a Verifiable Consumer Request within 45 days. Should we require more time, we will notify you of the extension period and the reason for the extension in writing. To the extent possible, we will provide you with your personal information in a format that you can share with other businesses.

Residents of Europe:

  1. The right to request access to your personal data and request details of the processing activities conducted by Coforge BPS.
  2. The right to erasure of your personal data under certain circumstances.
  3. The right to request that your personal data is rectified if it is inaccurate or incomplete.
  4. The right to request restriction of the processing of your personal data in certain circumstances.
  5. The right to object to the processing, including the sale or commercial use, of your personal data in certain circumstances.
  6. The right to receive your personal data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.
  7. The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  8. The right to withdraw your consent provided at any time by contacting us.
In accordance with the GDPR, we will respond to your request within one month upon receipt of your request. Where we are unable to progress your response, we will contact you. In certain circumstances, we may extend the timeline of our response to three months in accordance with applicable law. To exercise your rights with respect to your personal data, you can submit a data subject request on Coforge BPS request portal here. For issues accessing Coforge BPS portal, please contact

The Right to Complain

You also have the right to lodge a complaint with the Supervisory Authority

For residents of California:

  1. Website:
  2. Telephone: (916) 210-6276/ (800) 952-5225 Toll Free - CA only TTY/TDD (800) 735-2929 (California Relay Service)
  3. Postal address:Public Inquiry Unit Office of the Attorney General P.O. Box 944255 Sacramento, CA 94244-2550
For residents of Europe:
  1. Website:
  2. Telephone: 0303 123 1113
  3. Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under the applicable law, please do not hesitate to contact us at:
  1. Website:
  2. Email:
  3. Mailing Address: Data Protection Officer

    Coforge Business Process Solutions Private Limited

    Building Number 2, Commerzone, 6th & 7th Floor

    Samrat Ashok Path, Yerwada, Pune, Maharashtra – 411006