Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Global Personal Data Protection & Privacy Policy

1. Purpose

Cisco is committed to protecting the privacy of Personal Data of its Workers, Customers, Business Partners, and other identifiable individuals. Cisco has, therefore, implemented a global data protection and privacy program to establish and maintain high standards for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data. This Global Personal Data Protection & Privacy Policy is the foundation of that data protection and privacy program and describes the approach taken by Cisco when processing Personal Data anywhere in the world.

2. Scope

All employees, contractors, consultants, temporary, and other workers at Cisco and its subsidiaries must comply with this policy, including all personnel affiliated with third parties who may have access to any applicable Cisco resource, including cloud-based services, hosted inside or outside of Cisco.

This Global Personal Data Protection & Privacy Policy applies globally to Cisco's processing of Personal Data, whether by electronic or manual means (i.e., in hard copy, paper, or analog form). All Cisco entities and Cisco Workers shall comply with this Global Personal Data Protection & Privacy Policy.

With respect to HR Personal Data and Business Personal Data specifically, this Global Personal Data Protection & Privacy Policy is supplemented by Cisco's Global HR Data Protection Policy and Cisco’s Business Personal Data Protection & Privacy Policy. These internal policy documents describe in more detail how this Global Personal Data Protection & Privacy Policy applies to HR Personal Data and Business Personal Data, respectively, and provide guidance to Cisco Workers on the proper handling of Personal Data.

This Policy applies to any Personal Data that is created, collected, processed, used, shared, or destroyed for or by Cisco.

3. Policy Statement(s)

3.1 Adequate Safeguards for Processing of Personal Data

In conjunction with the Global HR Data Protection Policy and Business Personal Data Protection & Privacy Policy, this Global Personal Data Protection & Privacy Policy is also intended to provide adequate safeguards for the processing of Personal Data entrusted to Cisco and transferred from countries requiring such protections. This is to enable Cisco to transfer Personal Data wherever it is needed around the globe to enable and support its internal business processes or enable services and product functionality. In order to do this, each of the Global HR Data Protection Policy, EEA HR Data Protection Policy and the Business Personal Data Protection & Privacy Policy describe certain additional obligations and legal rights in circumstances where European Data Protection Law, American, APEC, and other countries or regions’ data protection law or requirements differ and are applicable.

3.2 Compliance with Applicable Law

Cisco shall comply with applicable local data protection laws and requirements worldwide.

Where applicable data protection laws require a higher standard of protection for Personal Data than that set out in this Global Personal Data Protection & Privacy Policy, the requirements of applicable data protection law shall prevail. Where applicable data protection laws establish a lower standard of protection for Personal Data than that set out in this Global Personal Data Protection & Privacy Policy, the requirements of this Global Personal Data Protection & Privacy Policy shall prevail.

Where Cisco Workers have reason to believe that applicable law prevents Cisco from fulfilling its obligations under this Global Personal Data Protection & Privacy Policy, they shall promptly inform the Global Privacy Office – privacy@cisco.com and/or Cisco Legal – generalcounsel@cisco.com. Where there is a conflict between applicable law and this Global Personal Data Protection & Privacy Policy, the Chief Privacy Officer and Cisco Legal shall make a responsible decision regarding what action to take to resolve such a conflict and shall consult with the relevant regulatory authority in cases of doubt.

3.3 Privacy Principles

The following sets out the high-level principles that underlie Cisco’s practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.

  • Fairness

  • Cisco shall process Personal Data lawfully, fairly, and in a transparent manner.

  • Purpose Limitation

  • Cisco shall only collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing should be compatible with such purpose(s), unless Cisco has obtained the individual's consent or the processing is otherwise permitted by law.

  • Proportionality

  • Cisco shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.

  • Data Integrity

  • Cisco shall keep Personal Data accurate, complete, and up-to-date as is reasonably necessary for the purpose(s) for which it is processed.

  • Data Retention

  • Cisco shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s), or other permitted purpose(s), for which the Personal Data was obtained.

  • Data Security

  • Cisco shall implement appropriate and reasonable technical and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or access. Cisco shall instruct and contractually require third parties processing Personal Data on behalf of Cisco, if any, to: (a) process it only for purposes consistent with Cisco's purpose(s) for processing; and (b) implement appropriate technical and organizational measures to safeguard the Personal Data.

  • Individual Rights

  • Cisco shall process Personal Data in a manner that respects individuals’ rights under applicable data protection laws.

  • Accountability

  • Cisco shall implement appropriate policies, processes, controls, and other measures necessary to enable it to demonstrate that its processing of Personal Data is in accordance with this Global Personal Data Protection & Privacy Policy and applicable data protection laws.

3.4 Updates to this Policy

Cisco may from time to time review and revise its data protection practices, policies, and procedures including this Global Personal Data Protection & Privacy Policy. If any significant changes are made, Cisco shall:

  • Take reasonable steps to inform all Cisco entities, Cisco Workers, Business Partners, and other data subjects affected by the amendments; and
  • Post appropriate notices referring to the changes on the relevant websites – both internal and external, as appropriate.

4. Policy Compliance

Cisco is committed to ensuring that this Global Personal Data Protection & Privacy Policy is observed by all Cisco Workers. Cisco Workers must comply with this Global Policy. Policy compliance requirements are as follows:

4.1 Compliance Effective Date

This Policy is effective upon approval.

4.2 Compliance Measurement

Compliance with this Global Personal Data Protection & Privacy Policy is verified by various means, including reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner(s). Cisco will monitor its compliance with this Policy on an ongoing basis. Cisco will periodically verify that this Global Personal Data Protection & Privacy Policy continues to conform to the applicable data protection laws and is being complied with.

4.3 Compliance Exceptions

Any exceptions to this Global Personal Data Protection & Privacy Policy requires the written approval of the Chief Privacy Officer and Cisco Legal.

Any records of exceptions should be archived according to the Cisco Records Management Process and not on an individual’s laptop.

4.4 Non-Compliance

Compliance with Cisco policies is required. Deviations or non-compliance with this Policy, including attempts to circumvent the stated policy/process by bypassing or knowingly manipulating the process, system, or data may result in disciplinary actions, including termination, as allowed by local laws.

In some countries, violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies.

5. Related Policies and Processes

Cisco Online Privacy Statement

Cisco's Code of Business Conduct

6. Supporting Documents

Cisco Global HR Data Protection Policy

Cisco Business Personal Data Protection & Privacy Policy

7. Definitions

The following terms and definitions are used in this document:

Cisco Cisco Systems, Inc. and its subsidiaries, worldwide.
Personal Data Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural living person.
HR Personal Data Personal Data processed by Cisco in an employment context.
Business Personal Data Personal Data processed by Cisco in a business context that is not HR Data.
European Data Protection Law EU Data Protection Directive 95/46/EC and Privacy, the Electronic Communications Directive 2002/58/EC, and all laws and regulations giving binding legal effect to them in an EEA country, together with any successor or replacement legislation and regulation, including the General Data Protection Regulation (2016/679).
Cisco Worker A person who provides personal services to Cisco in exchange for payment, including employees and contractors, consultants, and interns.
EEA European Economic Area
APEC Asia Pacific Economic Cooperation

Sorry, no results matched your search criteria(s). Please try again.