The policy is reviewed on an annual basis
The policy is reviewed on an annual basis
Previous versions of Privacy Notice
For California privacy rights, please go here
Luxoft Holding, Inc. Commerce House, Wickhams Cay 1, P.O. Box 3140, Road Town, Tortola, VG1110, BVI (“Luxoft”, “we”, “us”, “our/s”) is, as a rule, the controller of your personal data submitted through this website or directly or indirectly collected in other ways described in this privacy notice (“Privacy Notice”).
Luxoft has affiliated companies (the list of Luxoft group companies is here, collectively “Luxoft Group”). Depending on your relationship with Luxoft or companies of Luxoft Group, other entities of the Luxoft Group can also be the data controller as applicable.
Our website is not designed or directed at children. We do not intentionally collect, maintain, or distribute information about anyone under the age of 13. If we become aware that we have inadvertently received personal data from a user under the age of 13, we will delete the information from our records.
This Privacy Notice describes our policies and practices regarding collection and use, as well as sharing of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
Data Protection Officer
The Luxoft Group has appointed internal data protection officer(s) for you to contact if you have any questions or concerns about our personal data policies or practices. The email of the Luxoft Group Global Data Protection Office is DPO@luxoft.com.
How we collect and use (process) your personal data
We process the following categories of personal data:
You can find more details on which data is collected for which purposes in part 4 of this Notice.
2. Personal data we get from third parties
We receive personal data from third parties, e.g. if you publish your CV in the internet on career portals or professional networks, if someone recommends you for potential employment with Luxoft Group or if your employer signs you up for training or certification with an entity of the Luxoft Group.
3. What happens if you don’t give us your personal data
It is required for Luxoft to process some personal data in order for us to communicate with you, supply you with our services, and to authenticate you. You can provide only the minimal amount of information (name and contact information) to your profile if you wish, and you can edit your profile at any time.
Please note, that if you do not give us your personal data, we most likely will not be able to communicate with you and provide you with our services described below.
4. Purposes of personal data use, legal bases
Depending on the relationships we have or want to establish with you, we use your personal data for the following purposes based on the legal grounds set forth hereunder.
4.1. Communications, based on Luxoft legitimate interest (art. 6 para. 1 f GDPR) or based on your consent (art. 6 para. 1 a GDPR):
4.2. Your website visits, marketing and public relations, based on your consent (art. 6 para. 1 a GDPR):
4.3. Trainings and events,
based on our contract with you (art. 6 para. 1 b GDPR):
or based on Luxoft legitimate interest (art. 6 para. 1 f GDPR):
4.4. Recruitment, internship, referral, relocation,
based on your consent (art. 6 para. 1 a GDPR):
or based on Luxoft legitimate interest (art. 6 para. 1 f GDPR):
or based on our contract with you (art. 6 para. 1 b GDPR):
4.5. Business relations, based on Luxoft legitimate interest (art. 6 para. 1 f GDPR):
4.6. Corporate and investor relations, based on Luxoft compliance obligations (art. 6 para. 1 c GDPR):
4.7. Security, based on Luxoft legitimate interest (art. 6 para. 1 f GDPR):
4.8. Merger & acquisition, integration process, based on Luxoft legitimate interest (art. 6 para. 1 f GDPR):
5. Recipients of personal data
To the extent permitted by applicable data protection laws, your personal data be transferred between various locations of Luxoft Group insofar as reasonably necessary for the purposes set out in this Privacy Notice and within the scope of legitimate interest of Luxoft Group. Within the Luxoft Group only employees and departments with a “need to know” have access to your personal data and only to the extent necessary to fulfil the processing purpose.
We transfer your personal data to the following categories of recipients, who are usually processors, outside the Luxoft Group:
Where we use third party service providers who are data processors, these third parties are subject to contractual obligations (e.g. a data processing agreement). They will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
6. International transfer of personal data
Due to the international nature of our business, we will – insofar as reasonably necessary for the purposes set out in this Privacy Notice and within the scope of applicable laws – transfer your personal data to other entities within the Luxoft Group and to the group of third party recipients listed above who can be located outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). The Third Countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can result in disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.
Insofar our transfer of your personal data to recipients in Third Countries is not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding (i) standard contractual clauses of the European Commission or by means of (ii) binding corporate rules of Luxoft Group (which all entities of the Luxoft Group have adopted) or those of our business partners and we supplement these transfer mechanisms with further contractual, technical and organisational measures as necessary. Copies of the relevant transfer mechanisms are available through our data protection officer.
You have the following rights in relation to your personal data:
Right to object: You have a general right to object, on grounds relating to your particular situation, if we process your personal data on the basis of our legitimate interest. This means that the reasons you give for your objection must not result from the processing situation as such, but must be justified in your person individually. We will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Withdrawal of consent: You can withdraw consent at any time by contacting us at DPO@luxoft.com. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right of appeal: In the event of a (alleged) breach of applicable data protection laws, you can lodge a complaint with a supervisory authority in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
Automated individual decision-making: We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
If you wish to execute any of these rights, please contact our data protection officer at DPO@luxoft.com at any time. Under the GDPR, we are bound to comply with your request without undue delay and in any event within one month of receipt of the request. This period can be extended by a further two months if necessary, considering the complexity and number of requests. We will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request.
8. Privacy rights for California residents
For rights and choices specific to California consumers, please refer to our Privacy Notice for California Residents. Please note that we will take reasonable steps to verify your identity and the authenticity of your request. Once verified, we will maintain your request in the event our practices change.
9. Special note to employment applicants
If you intend to provide us with personal data for a prior supervisor, reference, or other third party and notwithstanding our own responsibility under applicable data protection laws, it is your responsibility to obtain such third party’s consent to provide this information to us. You are responsible for the information that you provide or make available and you must ensure that it is legal, truthful, accurate, and in no way misleading. You must ensure that the information you provide does not contain any material that is infringing on any rights of any third party, or otherwise legally actionable by such third party.
As a rule, we will only store your personal data on our servers, and on the servers of the cloud-based database management services the Luxoft Group engages for as long as is necessary to achieve the purposes set out in this Privacy Notice. Personal data that we are processing based on your consent will be kept until the consent is revoked, unless otherwise prescribed by applicable legal requirements and presuming that it is necessary for the purpose of processing. We delete or anonymise your personal data after the processing purpose is fulfilled or if your revoke your consent, unless applicable legal requirements require or enable us to further store your personal data.
Further retainment of information and documents (including electronic documents) containing personal data can be required:
With regard to the use and retention period of cookies, please see the cookie section below.
To help protect the privacy of data and personally identifiable information you transmit through use of this website, we maintain physical, technical and administrative safeguards.
We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
If any personal data leak occurs we will do everything to eliminate it and to assess a level of risk connected with the leak according to our Personal data breach policy. If it turns out the leak may lead to physical, material or non-material damage for you (e.g. discrimination, identity theft, fraud or financial loss) we will contact you without undue delay unless the law provides otherwise.
As privacy laws, interpretations of state bodies, recommendations of privacy authorities may change from time to time, this Privacy Notice is therefore subject to regular revision. Any changes to our Privacy Notice will be posted on this page so that you are always aware of our policies. Additionally, we will update the “last updated” date below.
Our website contains cookies and other technologies (e.g. pixels, scripts) (together “Cookies”). Cookies are used to make our website user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.
We use the following categories of Cookies on our website:
We use first and third party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on our website by third parties and send information about your device to other companies that recognise that Cookie. We use session Cookies or persistent Cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. To the extent the Cookie providers are located in Third Countries, e.g. the USA, such Third Country may not have the level of data protection that you enjoy under the GDPR. This can result in disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.
A list of Cookies used by our website can be found here.
The placement and subsequent processing of Necessary Cookies is based on our legitimate interest (to provide you strictly necessary technical functions of our website or to provide you with an expressly requested tele media service). The placement and subsequent processing of other Cookies is based on your consent as required under applicable laws. You can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie Settings on our website.
Most browsers allow you to refuse to accept cookies; for example:
Depending on the version of a browser that you use the way of blocking may vary. If it turns out that the description placed above does not match to your browser, please try to check the relevant instructions online.
Blocking all Cookies will have a negative impact upon the usability of many websites. If you block Cookies, you will not be able to use all the features on this website.
You can delete Cookies already stored on your computer; for example:
Deleting Cookies will have a negative impact on the usability of this website.
No data transmissions over the Internet can be guaranteed to be 100 percent secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to Luxoft Group is done at your own risk. However, Luxoft Group uses website security measures consistent with current best practices to protect its website, email and mailing lists. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
We realize there can be incidents of misuse or unauthorized program incursions, as almost every website, service and user encounters. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, Luxoft Group will notify the relevant authorities of these incidents of misuse or unauthorized program incursions of the Luxoft Group website.
15. Questions, concerns, complaints
If you have any questions regarding your personal data, want to execute your rights or you have concerns or complaints, please contact us by sending an email to our Global Data Protection Officer at DPO@luxoft.com. We encourage you to always contact us if you believe that your data protection rights have been impaired by an actual or assumed act of data processing. We will carefully examine your concern and advise on and honour your respective rights.