All Cisco employees, contractors, vendors, consultants, temporary agency workers, and other agents of any Cisco Group Company (“Cisco Workers”) must comply with this Policy, including all personnel affiliated with third parties who may have access to any Cisco network or resource, including cloud-based services, hosted inside or outside of Cisco.
Cisco shall comply with applicable Personal Data Protection and Privacy Laws and requirements worldwide.
The following high-level principles establish Cisco practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.
Cisco shall process Personal Data in a fair, lawful, legitimate, and transparent manner.
Cisco shall only create or collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing shall be compatible with such purpose(s), unless Cisco has obtained the individual’s consent, or the processing is otherwise permitted by law.
Cisco shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.
Cisco shall keep Personal Data accurate, complete, and up to date as is reasonably necessary for the purpose(s) for which it is processed.
Cisco shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s), or other permitted purpose(s), for which the Personal Data was obtained. Thereafter, it shall either be destroyed, deleted, anonymized, or removed from our systems.
Cisco shall implement appropriate and reasonable physical, technical, and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or access. Cisco shall instruct and contractually require third parties processing Personal Data on behalf of Cisco, if any, to: (a) process it only for purposes consistent with Cisco’s purpose(s) for processing; and (b) implement appropriate physical, technical, and organizational measures to safeguard the Personal Data.
Cisco shall process Personal Data in a manner that respects individuals’ rights under applicable Personal Data Protection and Privacy Laws.
In circumstances where Cisco processes Personal Data as a Processor on behalf of a Customer as an integral part of Cisco’s provision of its products and services to Customers under the terms of a contractual agreement, Cisco will comply with the Data Security and Accountability Principles set out above. Cisco will also provide reasonable cooperation and, to the extent reasonably possible, assistance to the relevant Customer to facilitate the Customer's compliance with the other Privacy Principles as well as privacy by design and privacy by default.
Cisco will make this Policy available to data subjects by publishing it on a public-facing Cisco website that is accessible to the data subjects, and in the case of the data subjects being Cisco employees, on a Cisco intranet site that is accessible to the employees.
This policy is effective upon approval.
Cisco shall appoint a Data Protection Officer (DPO) and establish and maintain a Data Privacy Program, with executive sponsorship, which is responsible for monitoring and ensuring compliance with applicable privacy and data protection laws and this Policy.
Any records of exceptions should be archived according to the Cisco Records Management Process.
Compliance with Cisco policies is required. Deviations or non-compliance with this Policy, including attempts to circumvent the stated policy/process by bypassing or knowingly manipulating the process, system, or data may result in disciplinary actions, including termination, civil action and lawsuits, and referral for criminal prosecution as allowed by local laws.
In some countries, violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies against Cisco and culpable persons in their individual capacity.
The following terms appear in this document.
|APEC||The Asia-Pacific Economic Cooperation (APEC) is a regional economic forum established to leverage the growing interdependence of the Asia-Pacific.|
|Business Personal Data||Personal Data processed by Cisco in a business context that is not People Data.|
|Cisco Candidate||A person who is of interest for a job opportunity at Cisco but may not have applied for a specific job.|
Cisco Systems, Inc. and its subsidiaries, worldwide.
This includes employees and contingent workers.
Note: Any reference to 'Cisco Worker or Candidate' in this Policy is only for the purpose of the operation of this Policy and is not intended to and does not in any way indicate or give rise to an employment relationship between the 'Cisco Worker or Candidate' as referenced, and Cisco.
|Customers||Individuals who are current, former, or prospective customers of Cisco or who represent organizations that are customers.|
|Data Controller||An entity which alone or jointly determines the purpose for which, and the manner in which, Personal Data is processed.|
|Data Processor||An entity which processes Personal Data on behalf of a Data Controller, under the Data Controller’s instructions.|
|European Data Protection Law||EU General Data Protection Regulation (EU) 2016/679, the Electronic Communications Directive 2002/58/EC, and all laws and regulations giving binding legal effect to them in an EEA country, together with any successor or replacement legislation and regulation.|
Information relating to an identified or identifiable Cisco Worker or Candidate insofar as that information has been obtained by Cisco in the context of the Cisco Worker's or Candidate’s actual or potential working relationship with Cisco. A Cisco Worker or Candidate is ‘identifiable’ if he/she can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Cisco People data includes each of the following:
|Personal Data||Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.|
|Personal Data Processing||Any operation or set of operations performed on Personal Data, at any time in its lifecycle, including creating, collecting, recording, organizing, storing, adapting, altering, retrieving, accessing, reviewing, consulting, using, disclosing in any way (for example, by transmission, dissemination, or otherwise making the data available), analyzing, aligning or combining data, or blocking, erasing or destroying data. Processing is not limited to automatic means or type of media. In short, Cisco “processes” Personal Data any time we or our Third-Party Processors use, touch, or handle Personal Data in any way.|
|Personal Data Protection and Privacy Laws||All applicable legislation and regulatory requirements relating to personal data protection and privacy including without limitation all regional, national, and local personal data protection privacy laws and related regulations, as amended, repealed, consolidated, or replaced from time to time.|
Sorry, no results matched your search criteria(s). Please try again.