We at Virtusa Corporation, including its subsidiaries and affiliates (collectively referred to as “Virtusa” or “our”,  “we” or “us”), are strongly committed to respecting our Supplier  privacy (collectively referred as “you” or “your”) which also includes individual contractors. When engaging with you, we may process personal data for various purposes to manage our business relationship. We recognize the need to protect any personal data we process, as well as the need for transparency in regard to the data processing and its purposes. We are “data controller” under applicable data protection laws and this supplier privacy notice (the “Privacy Notice”) describes how we handle data in relation to our suppliers.

Collection of personal data

We may collect, use and maintain the below categories of personal data. The personal data we collect or otherwise receive varies by country and your relationship with us and may include but is not limited to information related to the following categories:

  • Identification information such as Family or Spouse name, place of birth, mobile number, Government identity.
  • Financial information including bank account details
  • Educational and professional Details
  • Background screening reports
  • Compensation and Benefit Information
  • Information about your performance at work

Special categories of personal data collected may include:

  • Data relating to criminal convictions and offences

 

Purposes of processing your personal data and the legal basis for processing

When engaging with our suppliers, we may process personal data for various purposes to manage our business relationship with you. In this respect, Virtusa may use your personal data, to organize our sourcing activities, issue purchase orders, process payments, perform accounting, manage our contract with you or review the services or products you supply with Virtusa. 

  • General Administration of business relationship
    Virtusa may process your personal data to administer business relation with your employer. The processing is necessary for Virtusa to carry out obligations set out in the agreement entered into with your employer or in preparation thereof. The personal data may include but is not limited to Name, contact information, government identifiers. The processing is necessary to fulfil legitimate interests in establishing a business relationship with your employer.

  • Conducting sanction checks
    Virtusa may process your personal data in connection with conducting sanction checks towards established sanctions list. Virtusa is obligated to conduct sanction screenings in accordance with applicable mandatory legislation. The personal data we collect may include but is not limited to name, government identifiers, contact information and criminal data. The processing is necessary to fulfil legal obligations to not conduct business with companies or individuals subject to sanctions. The sensitive data such as criminal data is only processed to fulfil our legal obligations.

  • Establish, exercise and defend legal claims
    Virtusa may process personal data including but not limited to Name, Government identifiers, contact information, criminal data for establishing, exercising and defending legal claims such as in connection with a dispute or legal process.

Security

Virtusa has implemented technical, physical, contractual, and organizational safeguards designed to protect the security of personal data from loss, damage, or unauthorized use, disclosure, alteration, or access, having regard to the nature of the data, and the risks to which they are exposed by virtue of human action or the physical or natural environment.

Transfer and Disclosure of personal data

We are part of an international group of companies and, as such, we may transfer and disclose personal data concerning you to countries outside of your country of residence. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

We transfer personal data between our affiliated entities and delivery centers, as well as to third party service providers, for the purposes explained above. Please click here to see a list of our companies within our corporate group. We require our affiliates and service providers to maintain the confidentiality of your personal data and keep your personal data secure.  We also require that they only use your personal data for the limited purposes for which it is provided, and that it is retained as per the local regulatory requirements.  In some circumstances, we may permit our affiliates or service providers to retain aggregated, anonymized or statistical information that does not identify you.  We do not authorize our affiliates or service providers to disclose your personal data to unauthorized parties or to use your personal data for their direct marketing purposes.

We may disclose your personal data to give effect to transactions with you, to enforce our agreements with you (including our website terms of use), to protect our rights, systems, property and personnel, and for such other purposes as are required or permitted by law. From time to time, we may consider corporate transactions such as mergers, acquisitions, reorganization, asset sales or similar. In such instances, we may transfer, disclose, or allow access to information to enable assessment and undertaking of transactions.

Your personal data is stored in databases, and on the servers of the cloud-based database management services that Virtusa engages, located within and outside of your country of residence.

We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, to carry out background checks (background verification agencies) to facilitate your travel and expense (travel and immigration vendors) and to facilitate audits (third-party auditors).

 

Retention of personal data

We will only keep your personal data for as long as is reasonably necessary to fulfill the purposes for which it was collected, taking into consideration our need to respond to your queries or resolve problems, any other purpose outlined above, or to comply with legal requirements under applicable law(s). This means that we may retain your personal data for a reasonable period after, for example, the end of the contract with the client you represent, or after your query has been addressed. After this period, your personal data will be deidentified and/ or deleted as applicable from Virtusa systems.

We remind you that you have a right to request to have your personal data deleted at any time. You may always choose to opt-out by writing to us at dpooffice@virtusa.com.

 

Your rights in connection with personal data

Subject to the requirements under applicable privacy laws, you have a right to:

  • Request access to your personal data and request details of the processing activities conducted by Virtusa.
  • Right to rectification: Request that your personal data be rectified if it is inaccurate or incomplete.
  • Request erasure of your personal data in certain circumstances.
  • Right to restrict processing: Request restriction of the processing of your personal data by Virtusa in certain circumstances.
  • Right to Object: Object to the processing of your personal data in certain circumstances.
  • Data portability: Receive your personal data in a structured, commonly used and machine-readable format in certain circumstances.
  • Withdraw any consent you may have provided to us at any time by contacting us. In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with certain products or services or such withdrawal be subject to legal or contractual restrictions. We will inform you of the implications of your withdrawal of consent.
  • If you are a California resident, you have the right under the California Consumer Privacy Act of 2018 (“CCPA”)
    • to opt-out of the sale of your personal data. We do not sell any personal data to third parties.
    • We will not discriminate against you in any way or under any circumstances for exercising your rights to your sensitive data.

To exercise the rights outlined above in respect of your personal data, you may  contact our Data Protection Officer via email at dpooffice@virtusa.com

If you provide personal data about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use, and disclose his or her information as described in this privacy notice.

Changes to this Privacy Notice

This Supplier Privacy Notice is effective from April 2025. It addresses the requirements of the EU GDPR, UK GDPR, CCPA, Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA), applicable provincial privacy laws in Canada and other privacy regulations. We may modify this Supplier Privacy Notice from time to time and will update it upon any changes in global privacy regulations applicable to us. When changes are made to this Supplier Privacy Notice, they will become immediately effective when posted on our website unless otherwise noted.  By submitting your personal data to us, by using our website, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Supplier Privacy Notice, you consent to our collecting, using, and disclosing your personal data as set out in the revised Supplier Privacy Notice. We would however recommend that you look back at this notice from time to time to check for any updates.

 

Our Contact details

Virtusa is the controller of data for the purposes of data privacy under applicable data privacy laws. If you have any concerns as to how your data is processed, you can contact our Data Protection Officer at dpooffice@virtusa.com.