Privacy Policy


1. Introduction

 As a globally integrated company, Xpression’s business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the Xpression group of companies, but also the world-wide processing, sharing and use of multiple types of information including information about an individual whose identity is apparent (either directly and indirectly), or can be reasonably be ascertained from the information available or likely to be available (Personal Information).

This Policy letter sets forth the general principles which underlie Xpression’s specific practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing Personal Information.

2. Applicability

This Policy applies to all Xpression personnel, operating units, and wholly owned subsidiaries worldwide and (as transferred and agreed) with suppliers/business partners who must act consistently with the principles contained in the policy. Country and industry-specific laws and regulations shall take precedence over this policy, to the extent applicable. The application of these principles is more particularly described in the applicable Xpression Corporate Instructions (and any accompanying implementation Guidelines) relating to processing Personal Information. Please read this policy along with the company guidelines for use and processing of Personal Information to understand how Xpression plans to achieve the set principles.

3. Privacy Policy Statement

Xpression remains committed to protecting the privacy and confidentiality of Personal Information of its Employees (including prospects and contractors), Clients, Client Customers, Business Partners and other identifiable individuals that it may receive, use, access, process, transfer or store as part of its business. Uniform practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing such information assists Xpression to process Personal Information fairly and appropriately.

Xpression may collect personal information from various persons as part of the services it may render to them, or in the course of its business. Based on the information being collected and nature of services or requirement, Xpression will apply suitable mechanisms to ensure that Xpression has a lawful basis for receiving, accessing, using, processing, transferring, storing and/or disposing such personal information.

4. General Privacy Principles

These general principles apply to the processing of Personal Information world-wide by Xpression.

A. Accountability:

Xpression understands its accountability and responsibility for any Personal Information that it may receive, use, process, store as part of its business.  Accordingly, it will:

I. have appropriate corporate instructions, guidelines and other measures to be able to demonstrate that Personal Information is used/ stored / processed / retained / disposed / transferred in compliance with applicable law and other applicable guidelines;

II. designate an individual or individuals who are accountable for the organization’s compliance with the Privacy principles; and

III. ensure the availability of required policies, procedures and contacts for management of personal information; these being reviewed at a minimum annually or as and when there is a change warranted.

B. Consent, Fairness and Purpose:

Xpression will only collect adequate, relevant and necessary Personal Information, and will process such Personal Information fairly and lawfully for the purposes for which the Personal Information was collected.

When collecting Personal information, the purposes, legal basis, and where required by applicable law, the consent of the individual, will be specified and / or obtained upon or before its initial collection and / or disclosure as well as before any previously collected Personal Information is Processed for a new or different purpose.

Individuals can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Upon receipt, Xpression will inform individuals of the implications of withdrawal.

C. Accuracy:

Xpression will keep Personal Information as accurate, complete and up-to- date as is necessary for the purpose for which it is processed; and provide appropriate channels for the same.

D. Disclosure and Data Sharing:

Xpression will make Personal Information available inside or outside Xpression under appropriate circumstances for business purpose only or as authorized by law. This may require Xpression to transfer personal information to countries other than Xpression operation’s country of business (including transfer to other entities or third parties).

Xpression will implement privacy principles for the use / processing/ transfer / storing/ disposal of personal information as may be prescribed under applicable laws.

E. Cross-Border Data Flows:

When conducting business, working on Company projects, or implementing new processes or systems, an operation may require the transfer of personal information to other entities or third parties that are located outside of the Xpression operation’s country of business. While permissible data transfer mechanisms are defined by applicable law or regulation, examples include:

i. a data transfer agreement with the party who will access or obtain the personal information; or

ii. notice to and/or approval from a country’s local data protection authority; or

iii. notice to and/or consent from the individual whose data is to be transferred.

F. Security:

Xpression will implement reasonable technical and organizational measures to safeguard Personal Information and instruct third parties processing Personal Information on behalf of Xpression to process and manage it in a manner which is consistent with Xpression standards (for Xpression owned information) or Xpression Client standards (for Client information), as may be applicable.

G. Access:

Upon request, Xpression will, within a reasonable time, manner, and in a readily intelligible form provide individuals appropriate access to Personal Information retained by Xpression. Xpression has the right to deny the request; however, the reasons of denial will be provided. Xpression will erase, rectify, complete, or amend the data pursuant to a justified request.

H. Retention and Disposal:

Xpression will retain Personal information in a form that permits identification for no longer than as necessary for the fulfillment of the stated purpose, and should be disposed thereafter.

I. Transparency:

Xpression will be transparent, and make readily available to individuals, specific information related to management of Personal Information.

J. Custodianship:

Xpression will follow appropriate policies and practices agreed with its clients for the safe handling of Personal Information that it processes on behalf of its clients.

5. Enforcement and Redressal

Xpression will provide appropriate robust mechanisms for assuring compliance with the Principles, and address grievance and / or provide recourse for individuals who are affected by non-compliance with the Principles.

6. Contacting Xpression’s Data Privacy Office

If you have any questions, requests or grievances pertaining to this Privacy Policy or other privacy matters you may contact Xpression’s Data Privacy Office