Enterprise Online Privacy Statement

Subject to certain exceptions, this Privacy Statement applies to all DXC Sites and Services. A privacy policy or statement specific to a particular DXC service, program or subsidiary may supersede or supplement this Privacy Statement. The Privacy Statement also governs the offline collection and processing of Personal Data concerning DXC and its customers, business partners, job applicants, employees, and former employees (collectively, Data Subjects). Where a contract with a customer defines different requirements, those take precedence.

Operating within the DXC Integrity organization, DXC has established a comprehensive set of integrated ethics and compliance as well as privacy and data protection programs and initiatives. Outlined below, these promote and support responsible collection, use, storage, and transfer of Personal Data.

Governance

• DXC Integrity is chartered by Board resolution. The DXC Integrity Charter assigns functional leadership and oversight of programs to the Vice President, Chief Ethics and Compliance Officer. Key programs are: Ethics & Compliance and Global Data Protection (GDP).
• DXC Integrity’s mission is to promote a culture of performance with integrity that encourages ethical conduct, reinforces our corporate values, and drives compliance with the Code of Conduct, internal policies, and the law.
• The GDP Program manages privacy and data protection matters. The GDP Program is led by DXC’s Group Data Protection Officer based in the European Union (EU).
• The GDP Program is responsible and accountable for advising DXC's businesses on best practices in privacy compliance. We have designed policies, compliance processes, technology, physical controls, and security that govern the collection, use, storage, and transfer of Personal Data to promote compliance with statutory and regulatory requirements. We coordinate the application of multiple disciplines—ethics and compliance, legal practice, human resource management, information security, physical security, and others—to achieve our data protection and privacy management objectives.

Compliance Policies, Standards, and Processes

• DXC has adopted a Global Privacy and Data Protection Policy which reflects the Generally Accepted Privacy Principles (GAPP) applicable to the collection, use, storage, and processing of Personal Data.
• Additionally, comprehensive compliance standards and procedures promote consistent privacy and data protection across all DXC legal entities and businesses.
• The GDP team carries out a privacy assessment as needed on new and changed services, systems, and processes; the objective is to identify and resolve potential issues before they become significant.

Employee Communications and Training

• Mandatory privacy and data protection training is included within the required annual Code of Conduct training and Security Awareness training.
• Privacy and data protection are incorporated into the new hire onboarding process. Periodic awareness messaging is broadly distributed using a variety of channels. 

Risk Assessment, Monitoring and Auditing

• DXC conducts periodic risk assessments to identify, assess, prioritize, and mitigate privacy and data protection risks.
• DXC monitors and audits its privacy policies and procedures to mitigate privacy risks.

Incident Handling

• DXC has established robust privacy incident handling procedures and operates a 24/7 incident response center, which will go into effect in the event of a suspected or confirmed privacy breach. These measures supplement regulatory and contractual notification requirements.

Cross-Disciplinary Partnerships

• The GDP Program relies on collaborative partnerships with key business units and other corporate functions such as Cyber Security, Information Technology, Legal and Human Resources, to meet privacy compliance goals.

Flexible Service Delivery Model

• DXC’s global service delivery model is designed to be comprehensive and flexible to meet the privacy requirements of sensitive, regulated, and classified data environments.

Formal Dispute Resolution Mechanism

• We provide a single point of contact to privacy@dxc.com for our employees and customers for privacy-related matters, regardless of geography, business or service.

 

This section defines various terms that are frequently used in this Privacy Statement.

Business Unit

A DXC legal entity or organization, including:

• Corporate support organizations
• Subsidiaries
• Related corporations, partnerships or professional associations, affiliates, divisions or groups and their subsidiary operations and operating units.

Cookie

A string of information that a website saves on a visitor’s computer for tracking purposes. The visitor’s internet browser provides this information to the website operator each time the visitor returns to the site.

Customer Data

Personal Data that belongs to a DXC customer, which may include information about the organization, their employees, customers, business partners, or suppliers.

Data Processing

The collection, use, storage, or transfer of Personal Data by DXC. It is necessary for DXC to process Personal Data to manage its relationship with its customers, employees, business partners and other third parties (Data Subjects); processing is done in compliance with applicable laws.

Data Subject

An individual, whether identified or identifiable, whose Personal Data is subject to Data Processing by DXC. Data Subjects include DXC's customers, business partners, job applicants, current and former employees, contractors, and temporary workers.

DXC Sites and Services

All DXC-owned websites, domains, and services and those of our wholly owned subsidiaries.

Personal Data

Any information relating to an identified or identifiable living human being that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.

Sensitive Personal Data

Type of Personal Data that requires more protection because it is sensitive and subject to certain limitations under privacy laws. These may include government identifiers, precise geolocation, racial or ethnic origin, political beliefs, religious beliefs, genetic or biometric data, mental health, or sexual health, sexual orientation, and trade union membership. 

Cross-Context Behavioral Advertising

The targeting of advertising to a consumer based on Personal Data obtained from the consumer's activity across websites, applications, or services other than the website, application, or service with which the consumer is currently interacting.

Global Privacy Control (GPC)

A browser-based signal that communicates a Data Subject's preference to opt out of the sale or sharing of their Personal Data and the use of their data for targeted advertising. When enabled, GPC automatically transmits this preference to each website the Data Subject visits.

Pixel Tag

A small, transparent image file embedded in a web page or email that collects information about whether the page or email has been viewed, the viewer's IP address, device type, and the time of interaction. Pixel tags are also known as web beacons, clear GIFs, or tracking pixels.

Standard Contractual Clauses (SCCs)

Pre-approved contractual terms adopted by the European Commission that provide appropriate safeguards for the transfer of Personal Data from the European Economic Area to countries that have not received an adequacy decision. References to SCCs in this Privacy Statement include, where applicable, the UK International Data Transfer Agreement (IDTA), which serves a similar function for transfers from the United Kingdom.

Technical and Organizational Measures (TOMs)

The administrative, technical, and physical safeguards implemented to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage. TOMs may include measures such as encryption, access controls, staff training, and incident response procedures.

DXC may collect and process Personal Data in connection with a variety of interactions that you may have with DXC as a Data Subject. These include access to DXC Sites or Services; ordering channels; hiring and employment administration processes; communications with DXC representatives; or the purchase of goods or services.

DXC is committed to processing Sensitive Personal Data only where we have a lawful basis to do so, such as where processing is necessary for employment administration, to comply with legal obligations, or on instruction of our customers in accordance with applicable customer contracts.

The Personal Data We Collect

To the extent required and permitted by law, DXC may collect and use the following information:

• Your name and other contact information
• Communication preferences and details
• Login and authentication information
• Online profile information
• Online activity
• Purchasing information
• Information about the device(s) you use
• Information about the service(s) you use
• Support information
• Cookies
• Social media information
• Date of birth
• Copy of identification document
• Payment information
• Subscription preferences
• Financial and credit history
• Location information
• IP address and online identifiers
• Professional or employment-related information
• Education information
• Audio and electronic recordings of calls, chats, or other interactions
• Inferences drawn from other Personal Data
• Assessment and screening results

Personal Data Voluntarily Provided

DXC collects Personal Data about you in connection with our services, with the goal of improving our service to you and providing you with the best possible experience. When using our webstore or website, you may be prompted to make an account which may hold personal data such as name, mailing address, email address, or credit card information. When contacting DXC, you may be required to submit contact information. When communicating with DXC, all communications will be transmitted and stored by us. To be clear, you may be providing Personal Data when: i) communicating with DXC via phone calls, chats, emails, web forms, social media, and other methods of communication; ii) subscribing to DXC’s marketing materials; or iii) applying for a job.

Personal Data Collected from Other Sources

DXC may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our services to you, and prevent or detect fraud. These sources fall into the following categories: (a) publicly available sources, such as government databases, public registers, and open internet sources; (b) commercial data providers, such as marketing list providers, credit reporting agencies, and identity verification services; (c) social media platforms, where your profile or activity is publicly visible; (d) DXC alliance partners, resellers, and co-branded service providers; and (e) referrals from other users, customers, or your employer. DXC will only collect Personal Data from such sources where permitted by applicable law.

We will only collect, use, and share your Personal Data where we are satisfied that we have an appropriate legal right to do so. We may have the legal right to do so because:

(1)   you have consented to us using Personal Data.

(2)   our use of your Personal Data is in our legitimate interest as a commercial organization.

(3)   our use of your Personal Data is necessary to perform a contract or take steps to enter a contract with you.

(4)   and/or our use of your Personal Data is necessary to comply with a relevant legal or regulatory obligation.

Fulfilling your Transaction Request

We will use your Personal Data to fulfill requests you make for DXC’s products or services, marketing materials, or anything else requiring action from DXC. To fulfill your request, we may share information with others, including DXC group companies and business partners involved in fulfillment. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes; any such contact will comply with applicable laws and regulations.

Personalizing your Experience on our Web Sites

We may use information we collect about you to provide you with a personalized experience on our websites by providing you with content that may interest you or make navigating our websites easier. We use the data we collect during your time on our websites to improve your future experience. The data collected while browsing our websites will be analyzed and used to generate statistics that help us improve our website, products, and services to you.

Providing Support

We may use your Personal Data to support DXC products or services that you have purchased. This includes technical support, which can involve incidental access to data you have provided to us or is located on your system. This Customer Data may contain information about you, your organization’s employees, customers, partners, or suppliers. This Privacy Statement does not apply to our access to or handling of your Customer Data on systems not owned or controlled by DXC. The handling and processing of your Customer Data is covered by the terms of use between you and DXC and its group companies.

Marketing

The information you provide to DXC, as well as the information we lawfully collect about you, may be used by DXC for marketing purposes. You may opt in/opt out to allow DXC to use your information. At any time, you may choose not to receive marketing materials from us. Each marketing email we send you will include instructions on how to unsubscribe.  Alternatively, you may unsubscribe from marketing communications by visiting the DXC Preference Center, or by contacting DXC directly at privacy@dxc.com.

Some of our offerings may be co-branded, as they are sponsored by both DXC and third parties, such as DXC Alliance Partners. If you sign up for these offerings, be aware that your information may be collected by or shared with those third parties. You should familiarize yourself with their privacy policies to gain an understanding of the way they will handle information about you.

Recruitment

For information about how DXC collects and uses Personal Data in connection with job applications, please refer to the Prospective Applicants Privacy Notice of this Privacy Statement.

Recording of Calls, Chats and Other Interactions

Certain online transactions may involve calls initiated by you or by DXC. They may also involve online chats. DXC may record such interactions for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.

Mobile Applications and Use of Information in Social Media

DXC makes available mobile applications for download from various marketplaces. DXC also employs social media tools on its websites, including forums, wikis, blogs, and other social media platforms. These tools promote collaboration among those who have registered to use them.

When downloading and using these applications or registering to use these social media tools, you may be asked to provide certain Personal Data. These applications and tools may also include supplemental privacy statements with specific information about collection and handling practices. We encourage you to read those supplemental statements to understand how the tools and applications may process your data.

Any other content you post, such as pictures, information, opinions, or any other type of Personal Data that you make available to other participants on these social platforms or applications, is not subject to this Privacy Statement. Rather, such content is subject to the terms of use of those applications or platforms, and any additional guidelines and privacy information provided in relation to their use, as well as the process by which you can remove your content from such tools. You should be aware that the content you post on any such social computing platforms may be made available to others inside and outside DXC.

Automated Decision-Making and AI-Assisted Processing

We will not take any action that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you. Where AI-assisted tools are used to support decisions that affect you, human oversight is maintained.  

Protecting DXC’s Rights and Property

We may also use or share your information to protect the rights or property of DXC, our business partners, suppliers, customers, or others when we have reasonable grounds to believe that such rights or property have been or could be affected. In addition, we reserve the right to disclose your Personal Data as required by law and when we believe that disclosure is necessary to protect our rights, or the rights of others, or to comply with judicial proceedings, court order, law enforcement, or legal process.

DXC will not sell, rent, or lease your Personal Data to others. DXC does not share Personal Data for cross-context behavioral advertising purposes. As a global organization with business processes, management structures and technical systems that cross borders, DXC may share information about you within DXC and transfer it to countries in the world where we do business, subject to the uses identified above and in accordance with this Privacy Statement. DXC may disclose Personal Data, including contact information, identifiers, online activity data, and commercial information, to the categories of recipients described in this section, including DXC group companies, service providers and contractors, alliance partners, and as required by law. This Privacy Statement and our internal policies and practices are designed to provide a globally consistent level of protection for Personal Data.

Service Providers and Alliance Partners

DXC retains service providers, suppliers, and other alliance partners located in various countries to manage or support our business operations; provide professional services; deliver customer services and solutions; and otherwise, process information on our behalf. It is DXC's practice to require such service providers, suppliers, and alliance partners to handle Personal Data and other confidential information in a manner consistent with this Privacy Statement.

Corporate Reorganization

Circumstances may arise where, for strategic or other business reasons, DXC may decide to sell, buy, merge, or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of Personal Data to prospective or actual purchasers, or the receipt of such information from sellers. It is DXC’s practice to seek appropriate protection for information in these types of transactions.

Mandatory Disclosures

DXC will only disclose Personal Data to the extent required and permitted by law, for example, if we are under a duty to disclose your Personal Data to comply with a legal obligation, establish, exercise, or defend our legal rights.

Registration is not required to gain access to DXC websites. However, if you choose to receive certain services, specific material, or information, certain DXC websites require your subscription. In this regard, DXC may

collect Personal Data from you including your name, phone number, email address, or other information you choose to provide at various times; for example, when you complete an online form or request or participate in an online community.

You can make or change your choices about subscriptions or general communications at the data collection point. You can do so within your preference settings or by using other methods which are listed in this Privacy Statement. You may opt out at any time using the links at the bottom of any email or via the DXC Preference Center.

Please note that it is not possible to opt out of communications primarily aimed at administering business relationships; this includes contracts, support, or other administrative and transactional notices where the primary purpose of the communications is not promotional in nature.

When Personal Data is transferred outside a country’s borders, we are committed to ensuring safeguards are in place to protect the data.

Compliance with International Standards

DXC’s privacy policies and standards take account of privacy and data protection regulations and frameworks around the world, and amendments to them.

EU/UK Personal Data Transfers

DXC uses lawful data transfer mechanisms for Personal Data originating in an EU member state or the UK. These include the EU Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA).

DXC has an Intragroup Data Processing and Transfer Agreement (IGDTA) on the transfer and processing of Personal Data within the DXC group worldwide; this incorporates the EU SCCs and UK IDTA. The IGDTA promotes adequate protection of Personal Data, including that originating in the EU or UK, which is transferred cross-border and processed by other DXC group companies located outside the EU and UK.

Before DXC implemented the IGDTA, DXC implemented properly executed data transfer agreements, including the EU SCCs and UK IDTA, to legitimize our customer Personal Data transfers globally; these include those that are necessary to conduct customer and company business between the USA and EU/UK nations. These agreements continue in full force and effect today.

Information security is a high priority for DXC. To protect Personal Data and other confidential information, and to maintain its accuracy and integrity, we have implemented appropriate administrative, technical, and physical safeguards. These are designed to prevent unauthorized access, use or disclosure of Personal Data. We hold third parties with whom we share Personal Data to the same high information security standards.

We apply the same rigor to maintaining the accuracy of Personal Data. We will retain Personal Data only for as long as legally required or permitted and in accordance with DXC Records and Data Management Policy. Retention periods are determined based on the nature of the data, the purposes for which it is processed, applicable legal and regulatory requirements, and legitimate business needs

For more information, please refer to DXC’s overview of Technical and Organizational Measures (TOMs). As indicated by the TOMs, DXC maintains a Privacy Information Management System (PIMS) that achieved an ISO/IEC 27701 certifications for strategic global and regional delivery centers.

As required by applicable laws, DXC provides you with reasonable access to Personal Data that you provided to us; we also give you a reasonable ability to review and correct your data or ask for anonymization or deletion. Depending on your jurisdiction, you may have additional rights under applicable privacy and data protection laws, such as the right to opt out of certain processing activities or to request data portability. To protect your privacy and security, we will take reasonable steps to verify your identity before granting access to your data. We may, for example, require a password and user ID to log into an application and/or other unique personal identifiers. To submit your request, please email DXC Global Data Protection (GDP) Program at privacy@dxc.com and provide your legal name, relationship with DXC Technology, and country/state of residency.

DXC is committed to resolving any privacy complaints pertaining to DXC's collection and use of your Personal Data. Please send any privacy-related complaints or requests to privacy@dxc.com.

You may also reach out to your relevant national privacy authority and ask for their assistance. DXC is also committed to coordinating and collaborating with regulatory authorities, such as EU and UK data protection authorities.

DXC Sites and Services are not directed at children, and we do not knowingly collect Personal Data from children for our own purposes. If we become aware that we have inadvertently collected Personal Data from a child without appropriate authorization, we will take steps to delete that data. Where DXC processes data on behalf of its customers that may include children’s Personal Data, such processing is governed by the applicable customer contract.

Rationale and Controls

By collecting Cookies or making use of an internet browser's storage capabilities, DXC is better able to identify visitors to our websites and their website access preferences. DXC may use information derived from Cookies or local storage to direct you, as a site visitor, to information similar to that which you have visited previously; in this way, we are better able to personalize your visit to our sites and can lead you to information that is likely to be of particular interest to you, based on your prior browsing history. We offer visitors to our websites the opportunity to control Cookie collection and placement. If you do not wish to have Cookies placed on your device, you may configure your browser to refuse Cookies before accessing our websites. Please note that disabling Cookies may affect the functionality of certain website features. To communicate your preference to opt out of the sale or sharing of personal information and the use of certain cookies for targeted advertising, you may enable a Global Privacy Control (GPC) or similar universal opt‑out signal supported by your browser.

Please note that our websites are constantly being updated and the Cookies we use will change over time. If you have any additional questions about the use of a particular Cookie, please do not hesitate to email privacy@dxc.com

Embedded Third-Party Content

Pages on DXC’s websites will occasionally embed content from third-party sites, such as YouTube for videos. Our websites allow content to be shared through social networks, but only at your request. Embedding and sharing content may result in Cookies being placed by those third-party sites. DXC does not control the dissemination of those Cookies. Please visit these third-party sites if you wish to learn more about their use of Cookies and similar tools.

DXC makes use of third-party advertising systems to promote content on our external website. These services will often make use of Cookies and pixel tags to provide targeted DXC advertisements based on your activities and interests.

This section explains how DXC Technology Inc. (“DXC”) collects and uses personal data when you create an account or apply for jobs with DXC group companies through the DXC Careers website. This section supplements and should be read in conjunction with this Enterprise Online Privacy Statement.

Scope of Processing

This section applies when you:

• Create a candidate account on the DXC Careers website; and/or
• Apply for job openings at DXC group companies.

If this is your first time applying at DXC, you will be prompted to create an account using a valid email address and account password. The email address you provide will be used for managing your candidate account and administering any job applications you submit.

Personal Data Collected During Recruitment

Depending on your interactions with DXC and the role applied for, DXC may collect and process the following categories of Personal Data:

• Required information, such as your resume or CV, first and last name, contact details, city, state/province/department, country of residence, and information regarding how you learned of the position.
• Optional information, such as additional details about your previous work experience, education, skills, and any personal or professional website(s).
• Assessment information, where you are invited to complete skills or suitability assessments relevant to the position.
• Background screening, where permitted by law and relevant to the position applied for, may include identity verification, criminal history checks, employment or education verification, creditworthiness, or drug testing. DXC conducts background checks in accordance with applicable jurisdictional requirements.

Purposes for Processing

DXC processes applicants’ Personal Data for the following purposes:

• Reviewing and assessing job applications;
• Managing interviews and recruitment communications;
• Determining suitability for employment and making hiring decisions;
• Conducting pre‑employment screening;
• Contacting candidates regarding current or future opportunities;
• Conducting recruitment analytics and supporting workforce planning.

Recipients and Transfers

Personal Data relating to prospective applicants may be accessed by:

• DXC employees involved in recruitment, hiring, and management decision‑making;
• Service providers who help us with recruiting, skill-match assessments, and background checks.

Personal Data may be transferred within the DXC group and to service providers located in other countries, subject to the safeguards described in this Privacy Statement.

Cookies and Career Site Technologies

DXC may use cookies and similar technologies on the DXC Careers website. Information about the use of cookies, available controls, and the DXC Cookie List is provided in the Cookies and Other Technologies section of this Privacy Statement and at https://dxc.com/us/en/cookie-list.

Account Management, Retention, and Deletion

At any time, you may update or request deletion of your account:

To edit your account: Log into your candidate account > select Settings > select Change Email to update your email address, or Personal Information to update your legal name, address, and phone number.

To delete your account: use this webform to submit a data subject erasure request . Your account and any personal data associated with it will be deleted in accordance with applicable privacy and data protection legislation. DXC will notify you when the deletion request is complete.

Personal Data relating to job applications is retained in accordance with the retention standards described in the Information Security, Accuracy and Retention section of this Privacy Statement. Where an applicant accepts employment with DXC, applicant data will be retained as part of the employment record in accordance with applicable laws.

Applicant Rights and Contact Information

Prospective applicants have the rights described in the Privacy Rights and Dispute Resolution sections of this Privacy Statement.

Requests or inquiries regarding the processing of applicant Personal Data may be submitted to DXC Global Data Protection at privacy@dxc.com.

DXC sites or services may provide links to third-party applications, products, services or websites for your convenience and information. DXC does not control these third-party sites or their privacy practices, which may differ from DXC's practices. We do not endorse or make representations about third-party sites and privacy practices. Any Personal Data you choose to provide to these third parties and that is collected by them is not covered by Privacy Statement. We encourage you to review the privacy policy of any site you visit before allowing the collection and use of your Personal Data.

We may provide social media features that enable you to share information with your social networks and to interact with DXC and its group companies on social media sites. Your use of these features may result in the collection or sharing of information about you. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.

DXC may review and update this Privacy Statement periodically without any prior notice.

We value your opinion, if you have any comments or question about this Privacy Statement, DXC's handling of your Personal Data, or a possible breach of your privacy, email DXC Global Data Protection at privacy@dxc.com. 

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your email. We will aim to ensure that your request is resolved in a timely and appropriate manner.

You may obtain further information and guidance by contacting your local privacy authority.