Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Global Personal Data Protection & Privacy Policy

1. Purpose

Cisco is committed to protecting the privacy of Personal Data of its Workers, Customers, business partners, and other individuals. Cisco has, therefore, implemented a global data protection and privacy program to establish and maintain high standards for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data. This Global Personal Data Protection & Privacy Policy is the foundation of that program and describes the approach taken by Cisco when processing Personal Data worldwide.

2. Scope

All employees, contractors, consultants, temporary, and other Workers at Cisco and its subsidiaries must comply with this policy, including all personnel affiliated with third parties who may have access to any Cisco network or resource, including cloud-based services, hosted inside or outside of Cisco.

This Global Personal Data Protection & Privacy Policy applies globally to Cisco’s processing of Personal Data, whether by electronic or manual means (i.e., in hard copy, paper, or analog form).

With respect to HR Personal Data and Business Personal Data specifically, this Global Personal Data Protection & Privacy Policy is supplemented by Cisco’s Global HR Data Protection Policy and Cisco’s Business Personal Data Protection & Privacy Policy. These internal policy documents describe in more detail how this Global Personal Data Protection & Privacy Policy applies to HR Personal Data and Business Personal Data, respectively, and provide guidance to Cisco Workers on the proper handling of Personal Data.

This Policy applies to any Personal Data Processing that is done for or by Cisco.

3. Policy Statement(s)

3.1 Adequate Safeguards for Processing of Personal Data

In conjunction with the Global HR Data Protection Policy and Business Personal Data Protection & Privacy Policy, this Global Personal Data Protection & Privacy Policy is also intended to provide adequate safeguards for the processing of Personal Data entrusted to Cisco and transferred from countries requiring such protections. This is to enable Cisco to transfer Personal Data wherever it is needed around the globe to enable and support its internal business processes or enable services and product functionality and improvement. In order to do this, each of the Global HR Data Protection Policy, EEA HR Data Protection Policy and the Business Personal Data Protection & Privacy Policy describe certain additional obligations and legal rights in circumstances where European Data Protection Law, American, APEC, and other countries or regions’ data protection law or requirements differ and are applicable.

3.2 Compliance with Applicable Law

Cisco shall comply with applicable local data protection laws and requirements worldwide.

Where applicable data protection laws require a higher standard of protection for Personal Data than that set out in this Global Personal Data Protection & Privacy Policy, the requirements of applicable data protection law shall prevail. Where applicable data protection laws establish a lower standard of protection for Personal Data than that set out in this Global Personal Data Protection & Privacy Policy, the requirements of this Global Personal Data Protection & Privacy Policy shall prevail.

Where Cisco Workers have reason to believe that applicable law prevents Cisco from fulfilling its obligations under this Global Personal Data Protection & Privacy Policy, they shall promptly inform the Chief Privacy Office – privacy@cisco.com and/or Cisco Legal – generalcounsel@cisco.com. Where there is a conflict between applicable law and this Global Personal Data Protection & Privacy Policy, the Chief Privacy Officer and Cisco Legal shall make a responsible decision regarding what action to take to resolve such a conflict and shall consult with the relevant regulatory authority in cases of doubt.

3.3 Privacy Principles

The following sets out the high-level principles that underlie Cisco’s practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.

  • Fairness
  • Cisco shall process Personal Data in a lawful, legitimate, and transparent manner.

  • Purpose Limitation
  • Cisco shall only collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing should be compatible with such purpose(s), unless Cisco has obtained the individual’s consent, or the processing is otherwise permitted by law.

  • Proportionality
  • Cisco shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.

  • Data Integrity
  • Cisco shall keep Personal Data accurate, complete, and up-to-date as is reasonably necessary for the purpose(s) for which it is processed.

  • Data Retention
  • Cisco shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s), or other permitted purpose(s), for which the Personal Data was obtained.

  • Data Security
  • Cisco shall implement appropriate and reasonable technical and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or access. Cisco shall instruct and contractually require third parties processing Personal Data on behalf of Cisco, if any, to: (a) process it only for purposes consistent with Cisco’s purpose(s) for processing; and (b) implement appropriate technical and organizational measures to safeguard the Personal Data.

  • Individual Rights
  • Cisco shall process Personal Data in a manner that respects individuals’ rights under applicable data protection laws.

  • Accountability
  • Cisco shall implement appropriate governance, policies, processes, controls, and other measures necessary to enable it to demonstrate that its processing of Personal Data is in accordance with this Global Personal Data Protection & Privacy Policy and applicable data protection laws.

3.4 Updates to this Policy

Cisco may from time to time review and revise its data protection practices, policies, and procedures including this Global Personal Data Protection & Privacy Policy. If any significant changes are made, Cisco shall:

  • Take reasonable steps to inform all Cisco entities, Cisco Workers, Customers, Business Partners, and other data subjects affected by the revisions; and
  • Post appropriate notices referring to the changes on the relevant websites – both internal and external, as appropriate.

4. Policy Compliance

Cisco is committed to ensuring that this Global Personal Data Protection & Privacy Policy is observed by all Cisco Workers. Cisco Workers must comply with this Global Policy. Policy compliance requirements are as follows:

4.1 Compliance Effective Date

This Policy is effective upon approval.

4.2 Compliance Measurement

Compliance with this Global Personal Data Protection & Privacy Policy is verified by various means, including reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner(s). Cisco will monitor its compliance with this Policy on an ongoing basis. Cisco will periodically verify that this Global Personal Data Protection & Privacy Policy continues to conform to the applicable data protection laws and is being complied with.

4.3 Compliance Exceptions

Any exceptions to this Global Personal Data Protection & Privacy Policy requires the written approval of the Chief Privacy Officer and Cisco Legal.

Any records of exceptions should be archived according to the Cisco Records Management Process and not on an individual’s laptop.

4.4 Non-Compliance

Compliance with Cisco policies is required. Deviations or non-compliance with this Policy, including attempts to circumvent the stated policy/process by bypassing or knowingly manipulating the process, system, or data may result in disciplinary actions, including termination, as allowed by local laws.

In some countries, violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies.

5. Related Policies and Processes

Cisco Online Privacy Statement

Cisco Records Management Policy

Cisco's Code of Business Conduct

6. Supporting Documents

Cisco Global HR Data Protection Policy

Cisco Business Personal Data Protection & Privacy Policy

7. Definitions

The following terms and definitions are used in this document:

APEC The Asia Pacific Economic Cooperation (APEC) is a regional economic forum established to leverage the growing interdependence of the Asia-Pacific.
Business Personal Data Personal Data processed by Cisco in a business context that is not HR Data.
Cisco Cisco Systems, Inc. and its subsidiaries, worldwide.
Cisco Worker A person who provides personal services to Cisco in exchange for payment, including employees and contractors, consultants, and interns.
Customers Individuals who are current, former, or prospective customers of Cisco or who represent organizations that are customers.
EEA European Economic Area – includes EU member states and three European Free Trade Association states (Iceland, Liechtenstein, and Norway).
European Data Protection Law

EU General Data Protection Regulation (EU) 2016/679, the Electronic Communications Directive 2002/58/EC, and all laws and regulations giving binding legal effect to them in an EEA country, together with any successor or replacement legislation and regulation.

HR Personal Data Personal Data processed by Cisco in an employment context.
Personal Data Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural living person.
Personal Data Processing Any operation or set of operations performed on Personal Data, at any time in its lifecycle, including creating, collecting, recording, organizing, storing, adapting, altering, retrieving, accessing, reviewing, consulting, using, disclosing in any way (for example, by transmission, dissemination, or otherwise making the data available), analyzing, aligning or combining data, or blocking, erasing or destroying data. Processing is not limited to automatic means or type of media. In short, Cisco “processes” Personal Data any time we or our Third-Party Processors use, touch or handle Personal Data in any way.

Sorry, no results matched your search criteria(s). Please try again.

The Global Personal Data Protection & Privacy Policy was revised and effective as of May 1, 2020.