Privacy Notice and Declaration of Consent
The policy is reviewed on an annual basis
The policy is reviewed on an annual basis
Previous versions of Privacy Notice
For California privacy rights, please go here
The Luxoft Holding, Inc, an international custom software development company, is a controller of the personal data submitted through this website (hosting provider: AWS; website is located in Ireland) and directly or indirectly collected in other ways
Our website is not designed or directed at children. In accordance with the Children’s Online Privacy Protection Act of 1998 (“COPPA”), we will not intentionally collect, maintain, or distribute information about anyone under the age of 13. If we become aware that we have inadvertently received personal information from a user under the age of 13, we will delete the information from our records.
Luxoft Holding, Inc and all its affiliated companies (the list of Luxoft group companies is here), hereinafter referred to as Luxoft Group, is committed to respecting your privacy. We will treat any personal data supplied by you as confidential and will only process such information as permitted by applicable legislation.
This Privacy Notice describes the Luxoft’s policies and practices regarding collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. In relation to consent-based data processing (as further described below), we will notify you of any changes and request your further consent.
Data Protection Officer
The Luxoft Group is headquartered in Zug, Switzerland. The Luxoft Group has appointed an internal data protection officer for you to contact if you have any questions or concerns about our personal data policies or practices. The email of Luxoft Group data protection officer is DPO@luxoft.com.
How we collect and use (process) your personal information
1. Personal information you give us:
We may collect, store and use the following kinds of personal data:
You can find more details on which data is collected for which purposes in part 4 of this Notice.
2. Personal information we get from third parties
From time to time, the Luxoft Group receives personal information about individuals from third parties around the world. This may happen if you publish your CV in the Internet on some job boards, if someone recommended you for potential employment or if your employer signs you up for training or certification in Luxoft.
3. What happens if you don’t give us your data
You can enjoy this website without giving us your personal data or providing your consent. You can even enter only the minimal amount of information (name and contact information) to your profile if you wish, and you can edit your profile at any time. Some personal information is necessary so that Luxoft can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else. You may manage your Luxoft subscriptions and you may withdraw your consent to marketing communication at any time.
Please note, that if you do not give us your data, we most likely will not be able to communicate with you and provide you with our services described below.
4. Purposes of personal data use
Personal data submitted to us through this website and personal data we collected from you or third parties or from public sources will be used for the purposes specified in this Notice.
Depending on the relationships we have or wish to have with you, we may use your personal data for the following purposes based on the legal grounds set forth hereunder:
4.1. Communications, based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
4.2. Marketing and public relations, based on your consent, art. 6 para. 1 a GDPR:
4.3. Trainings and events,
based on our contract with you, art. 6 para. 1 b GDPR:
or based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
4.4. Recruitment, internship, referral, relocation,
based on your consent, art. 6 para. 1 a GDPR:
or based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
or based on our contract with you, art. 6 para. 1 b GDPR:
Please provide me with your consent to the transfer of your personal data such as your full name, contact details, location, publicly available professional information about you, reference, notice period at current employer, salary expectations, your CV and specializations to an international group of companies Luxoft Group for the purposes of processing of this personal data in recruitment process for a position in the Luxoft Group or its client.
The controller of the filing system, in which your personal data is stored and processed — is Luxoft Holding, Inc. You may contact the Data Protection Officer of controller at DPO@luxoft.com. The controller will treat your personal data as confidential and will only process such information in compliance with the Privacy Notice and applicable legislation. The Luxoft internal departments in the countries of Luxoft global presence will have access to this recruitment database and will process your personal data on “need to know” basis for the purposes of managing the recruitment process for a position in the Luxoft Group or client.
Your personal data may be transferred outside of your own jurisdiction or outside EEA (European Economic Area) to other Luxoft Group locations insofar as reasonably necessary for the purposes set out above. The transfer is governed by corporate Standard contractual clauses adopted by all companies of Luxoft Group. Your personal data will be kept for unlimited period of time (or until the consent is revoked), unless otherwise prescribed by applicable legal requirements and presuming that it is necessary for the purpose of processing.
You have the right of access and correct the collected data, to restrict and object to the data processing, the right to lodge a complaint with a supervisory authority. If you do not wish us to use the information any longer which has been provided to us, please e-mail us at DPO@luxoft.com with the subject heading "Don't use my data" with your name inserted inside.
Please note, that we will use your personal data, which you provided, to identify you and to award you a referral bonus if applicable.
4.5. Business relations, based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
4.6. Corporate and investor relations, based on Luxoft compliance obligations, art. 6 para. 1 c GDPR:
4.7. Security, based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
4.8. Merger & acquisition, integration process, based on Luxoft legitimate interest, art. 6 para. 1 f GDPR:
You may withdraw your consent at any time with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party's direct marketing.
Personal data that we are processing based on your consent will be kept during unlimited period of time (or until the consent is revoked), unless otherwise prescribed or permitted by applicable law. If have revoked your consent, we will store only minimum data about you (full name, contact details, our references and notes) to the extent justified based on another legal ground, such as legitimate interest.
5. Disclosing and transfer of personal data
The Luxoft Group is an international group of companies. Information we collect from you will be processed in EEA and outside EEA depending on the purpose of processing. The Luxoft Group endeavors to apply suitable safeguards to protect the privacy and security of your personal data during the transfer and to use it only consistent with your relationship with the Luxoft Group and the practices described in this Privacy Notice. The Luxoft Group also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
To the extent permitted by applicable data protection laws, your personal data may be transferred between various locations of Luxoft Group insofar as reasonably necessary for the purposes set out in this Privacy Notice and within the scope of legitimate interest of Luxoft Group. In any case they are processed under the terms of Standard contractual clauses and Binding corporate rules adopted by all companies of Luxoft Group.
To the extent permitted by applicable data protection laws, we may disclose your personal data to some of our clients (for business engagement or to confirm the high level of skills of our team members), auditors, agencies, supervisory authorities or to other external service providers on “need to know basis” to perform our contractual obligations. We will clearly indicate for you each data recipient if it is well known at the time of the beginning of the processing.
We may also disclose your personal data:
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects.
You have a right to access and correct (rectify) the record of your personal data maintained by the Luxoft Group if it is inaccurate. You may request that the Luxoft Group erase that data or cease processing it, subject to certain exceptions. You may also request that the Luxoft Group cease using your data for direct marketing purposes. You have a right to lodge a complaint with the data protection authority if you have concerns about how the Luxoft Group processes your personal data. When technically feasible, the Luxoft Group will—at your request—provide your personal data to you or transmit it directly to another controller.
If access cannot be provided within a reasonable time frame, the Luxoft Group will provide you with a date when the information will be provided.
You may also request additional information about: the purpose of the processing; the categories of personal data concerned; who else outside the Luxoft Group might have received the data from Luxoft Group; what the source of the information was; and how long it will be stored.
If you wish to execute any of these rights, please contact our Data protection officer at DPO@luxoft.com. at any time.
WARNING! Please exercise your rights wisely and note that abuse of rights may entail your liability.
7. Privacy rights for California residents
For rights and choices specific to California consumers, please refer to our Privacy Notice for California Residents. Please note that we will take reasonable steps to verify your identity and the authenticity of your request. Once verified, we will maintain your request in the event our practices change.
8. Special note to employment applicants
If you intend to provide us with personal information for a prior supervisor, reference, or other third party, it is your responsibility to obtain such third party’s consent to provide this information to us. You are responsible for the information that you provide or make available and you must ensure that it is legal, truthful, accurate, and in no way misleading. You must ensure that the information you provide does not contain any material that is infringing on any rights of any third party, or otherwise legally actionable by such third party.
Your personal data is stored by the Luxoft Group on its servers, and on the servers of the cloud-based database management services the Luxoft Group engages.
Personal data that we are processing based on your consent will be kept for unlimited period of time (or until the consent is revoked), unless otherwise prescribed by applicable legal requirements and presuming that it is necessary for the purpose of processing.
If you didn’t provide us with your consent onto data processing or revoked the consent, we will store only minimum data about you (full name, contact details, our references and notes) for the statistic and reporting purposes or to the extent justified based on another legal ground, such as our legitimate interest.
Notwithstanding the other provisions of this Section, we will retain information and documents (including electronic documents) containing personal data:
To help protect the privacy of data and personally identifiable information you transmit through use of this website, we maintain physical, technical and administrative safeguards.
We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
If any personal data leak occurs we will do everything to eliminate it and to assess a level of risk connected with the leak according to our Personal data breach policy. If it turns out the leak may lead to physical, material or non-material damage for you (e.g. discrimination, identity theft, fraud or financial loss) we will contact you without undue delay unless the law provides otherwise. All our steps will be taken in full cooperation with competent supervising authority.
We may update this Privacy Notice from time to time by publishing a new version on this website.
This website may include hyperlinks to, and details of third party websites. We have no control over, and we are not responsible for, the privacy policies and practices of third parties.
Cookies and web beacons
Cookies are pieces of data that a website transfers to a user's hard drive for record-keeping purposes. The identifier is then sent back to the server each time the browser requests a page from the server.
Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.
Cookies can be used by web servers to identify users as they navigate different pages on a website and identify users returning to a website.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
The Luxoft Group has a marketing database management program which uses a cookie to analyze visitors’ interaction with various marketing messages like marketing emails or website marketing-based landing page. This cookie collects personal information including a user’s name, pages visited, how the website is accessed, a user’s purchases from the website, etc. This information is necessary to understand if our marketing campaigns are effective. You can configure your browser to disable these cookies.
A persistent auto-login cookie is also stored when you select the "remember me" option when logging in. The auto-login cookie is removed if you log out.
Most browsers allow you to refuse to accept cookies; for example:
Depending on the version of a browser that you use the way of blocking may vary. If it turns out that the description placed above does not match to your browser, please try to check the relevant instructions online.
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on this website.
You can delete cookies already stored on your computer; for example:
No data transmissions over the Internet can be guaranteed to be 100 percent secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to Luxoft Group is done at your own risk. However, Luxoft Group uses website security measures consistent with current best practices to protect its website, email and mailing lists. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
We realize there can be incidents of misuse or unauthorized program incursions, as almost every website, service and user encounters. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, Luxoft Group will notify the relevant authorities of these incidents of misuse or unauthorized program incursions of the Luxoft Group website.
15. Questions, concerns, complaints
If you have any questions regarding your personal information, want to execute your rights or you have concerns or complaints, please contact us by sending an email to our Global Data Protection Officer at DPO@luxoft.com.
If you wish that we do not use the information you provided to us, please drop us an e-mail to DPO@luxoft.com with "Don't use my data" title and your name inside.
In order to update or correct your personal data please contact Global Data Protection Officer by sending a message to DPO@luxoft.com.
16. Alternative dispute resolution
Regardless of your right to lodge a complaint with the supervisory authority and / or to take actions under applicable laws, you may always contact the Luxoft Data Protection Officer (DPO) if you believe that your data protection rights have been impaired by an actual or assumed act of data processing. The DPO will carefully examine your concern and advise on your respective rights. In doing so, the DPO is obliged to uphold the confidentiality of any further personal data obtained in relation to your request. Upon your request, the DPO will make all reasonable efforts to reach a settlement of the complaint in due consideration of your concerns. Such a settlement may also include a recommendation concerning damages in connection with the infringement of your data protection rights.