Privacy statement

Collection and use of personal data

1. Personal data collected automatically
   
   
   • Our website collects certain information automatically and stores it as logs. The information collected by us is as follows:
   • Internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, device type used to access the website, browser type, operating system, and other information about the usage of Virtusa’s website, including a history of the pages you view. This is typically done to recognize your device, the pages of our website that you visit, the time and date of your visit, the time spent on those pages and other statistics to enable us in providing better user experience to you in your future visits to our website.
   • Virtusa’s website also uses cookies and web beacons. Virtusa has enabled personalized advertisements based on your interests, using information made available when you interact with our website. Personalized or targeted ads are displayed based on your activities on Virtusa and third-party websites, which include but is not limited to, visiting the website and interacting with content provided on the website. Cookies are used to enable us to learn what actions you perform on the website. These ads are displayed on external websites unaffiliated to Virtusa. To know more about our use of cookies, please see our  Cookies Privacy Policy.
      
2. Personal data collected from you
   
   
   • We directly collect personal data from you in following ways:
   • By entering information in the “Contact Us” section, we collect your name, email address, country of residence, phone number, job title, company you represent and details of the inquiry to enable us to respond to a general/business inquiry made by you on behalf of your company.
   • You provide us information during registrations. To send you our newsletters, other news alerts that you may have subscribed to and webinars, we ask for your name, phone number, designation, email address and company you represent. Please note that we may also be collecting any information that you may have mentioned in any communication/email that you send to us after registering with us.
   • You provide us your email address when subscribing to and using the Email Preference Center. The preference center keeps track of your communication preferences (over email) and areas of interest (such as receiving newsletters and/or webinar mailers) that you may have either opted into or opted out of.
   • By entering information through registration with Virtusa Careers or participating in Hackathons or other campus related events, we obtain your name and email address to contact you as an Employment candidate and consider you for job opportunities within Virtusa. 
   • By participating in Virtusa events, we may collect personal information such as your name, contact details, job title, and company name. We also gather specific data related to the training, such as registration details, attendance, feedback, and any special requirements you may have (e.g., accessibility needs). For online events, we may additionally collect technical information such as your IP address and device data for debugging purposes.

Children’s information

Our website is not designed or directed at children. We will not intentionally collect, maintain, or distribute information about anyone under the age of 16. 

If you are a parent or guardian of a child who has provided personal data without your knowledge and consent, you may request us to remove the minor’s information by emailing us  at dpooffice@virtusa.com. 

Legal bases for collecting and using information

We collect, use, and disclose the received information only to pursue our legitimate business interests in keeping you updated on our services and products, respond to your queries, establish communication with prospective clients (whom you represent) and to enhance user experience by analyzing your use of our website. We may also use information as a part of our audit processes, to enforce our agreements with you (including our website terms of use), to protect our rights, systems, property and personnel, and for such other purposes as are required or permitted by law. 

You also have the option to subscribe/opt-in to receive newsletters, new alerts and marketing content. You can opt-out of such options using our blog or click the “unsubscribe” link at the bottom of an email newsletter. You may also opt-out by contacting us directly using the contact information in the “Our contact details” section below.  We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request.  Please note that if you opt-out from receiving marketing-related emails, we may still need to send you non-marketing communications about your use of our website, or other matters.

Security

Virtusa has implemented technical, physical, contractual, and organizational safeguards with a view to protecting the security of personal data from loss, damage, or unauthorized use, disclosure, alteration, or access, having regard to the nature of the data, and the risks to which they are exposed by virtue of human action or the physical or natural environment.

Key security measures include and are not limited to the below:

• Adopting technology and processes to limit access to your personal data to Virtusa employees on a need-to-know basis, such as to respond to your inquiry or request.
• Adhering to industry best practices and standards including ISO 27001, HI-TRUST, CIS benchmarks, NIST, and client-specific security requirements. Mandatory information security and privacy training as part of on-boarding and on an annual basis.
• Periodic validations by independent bodies and clients to verify Virtusa’s compliance with international standards and assess our information security and contractual security postures, respectively.
• Virtusa’s infrastructure undergoes regular penetration testing by independent third-party service providers.
• Virtusa employees are expected to adhere to Virtusa’s Code of Conduct, Information Security and Privacy policies, and any misuse of information is subject to strict disciplinary actions.

Transfers and disclosure of personal data

We are part of an international group of companies and, as such, transfer and disclose personal data concerning you to countries outside your country of residence. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. 

We transfer personal data between our affiliated entities and delivery centers, as well as to third party service providers, for the purposes explained above.  Please click here to see a list of our companies within our corporate group.  We require our affiliates and service providers maintain the confidentiality of your personal data and keep your personal data secure.  We also require that they only use your personal data for the limited purposes for which it is provided, and that it is retained as per the local regulatory requirements.  In some circumstances, we may permit our affiliates or service providers to retain aggregated, anonymized or statistical information that does not identify you.  We do not authorize our affiliates or service providers to disclose your personal data to unauthorized parties or to use your personal data for their direct marketing purposes.

We may disclose your personal data to give effect to transactions with you, to enforce our agreements with you (including our website terms of use), to protect our rights, systems, property and personnel, and for such other purposes as are required or permitted by law. From time to time we may consider corporate transactions such as mergers, acquisitions, reorganization, asset sale or similar. In such instances, we may transfer, disclose, or allow access to information to enable assessment and undertaking of transactions.

Your personal data is stored in databases, and on the servers of the cloud-based database management services that Virtusa engages, located within and outside your country of residence.

Virtusa does not provide any personal data to advertisers that display the personalized ads. Advertisers may provide us information about you (such as the sites where you have been shown ads) that we may use to provide you more relevant and useful advertising. Advertisers use technology to serve the ads that appear on our sites directly to your browser. They may use cookies to measure the effectiveness of their ads and to personalize ad content.

We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.

Retention of personal data 

We will only keep your personal data for as long as is reasonably necessary to fulfill the purposes for which it was collected, taking into consideration our need to respond to your queries or resolve problems, any other purpose outlined above, or to comply with legal requirements under applicable law(s). This means that we may retain your personal data for a reasonable period after, for example, the end of the contract with the client you represent, or after your query has been addressed. After this period, your personal data will be deidentified and/ or deleted as applicable from Virtusa systems.

We remind you that you have a right to request to have your personal data deleted at any time. You may always choose to opt-out by writing to us at dpooffice@virtusa.com.

Your rights in connection with Personal Data 

Subject to the requirements under applicable privacy laws, you have a right to:

• Request access to your personal data and request details of the processing activities conducted by Virtusa.
• Right to rectification: Request that your personal data be rectified if it is inaccurate or incomplete.
• Request erasure of your personal data in certain circumstances.
• Right to restrict processing: Request restriction of the processing of your personal data by Virtusa in certain circumstances.
• Right to Object: Object to the processing of your personal data in certain circumstances.
• Data portability: Receive your personal data in a structured, commonly used and machine-readable format in certain circumstances.
• Automated decision-making: Object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
• Withdraw any consent you may have provided to us at any time by contacting us. In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with certain products or services or such withdrawal be subject to legal or contractual restrictions. We will inform you of the implications of your withdrawal of consent.
• Right to Nominate: Nominate any other individual, who shall, in the event of death or incapacity of the individual exercise this right on his or her behalf under the Digital Personal Data Protection Act, 2023 (DPDP Act 2023)
• If you are a California resident, you have the right under the California Consumer Privacy Act of 2018 (“CCPA”) 
  • to opt-out of the sale of your personal data.  We do not sell any personal data to third parties.  
  • We will not discriminate against you in any way or under any circumstance for exercising your rights to your sensitive data 

To exercise the rights outlined above in respect of your personal data, you may also contact our Data Protection Officer via email at dpooffice@virtusa.com.

If you provide personal data about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Website Privacy Policy.

External website links

This site contains links that may lead you to other sites. Be careful when accessing these links, as Virtusa is not responsible for the privacy practices or the content of such other websites. This Website Privacy Policy does not extend to any websites or products or services provided by third parties.

Social media widgets

Our websites include social media widgets such as Facebook "like" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate on the website and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.

Changes to our Website Privacy Policy

This Website Privacy Policy was last updated in January 2025. It addresses the requirements of the EU GDPR, UK GDPR, CCPA, Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA), applicable provincial privacy laws in Canada and other privacy regulations. We may modify this Website Privacy Policy from time to time and will update it upon any changes in global privacy regulations applicable to us. When changes are made to this Website Privacy Policy, they will become immediately effective when posted on our website unless otherwise noted.  We may also communicate the changes through our services or by other means.  By submitting your personal data to us, by using our website, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Website Privacy Policy, you consent to our collecting, using, and disclosing your personal data as set out in the revised Website Privacy Policy. We would however recommend that you to look back at this policy from time to time to check for any updates.

Our contact details

Virtusa is the controller of data for the purposes of data privacy under applicable data privacy laws. If you have any concerns as to how your data is processed, you can contact our Data Protection officer at dpooffice@virtusa.com.