All employees, contractors, consultants, temporary, and other Workers at Cisco and its subsidiaries must comply with this policy, including all personnel affiliated with third parties who may have access to any Cisco network or resource, including cloud-based services, hosted inside or outside of Cisco.
This Policy applies to any Personal Data Processing that is done for or by Cisco.
Cisco shall comply with applicable local data protection laws and requirements worldwide.
The following sets out the high-level principles that underlie Cisco’s practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.
Cisco shall process Personal Data in a lawful, legitimate, and transparent manner.
Cisco shall only collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing should be compatible with such purpose(s), unless Cisco has obtained the individual’s consent, or the processing is otherwise permitted by law.
Cisco shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.
Cisco shall keep Personal Data accurate, complete, and up-to-date as is reasonably necessary for the purpose(s) for which it is processed.
Cisco shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s), or other permitted purpose(s), for which the Personal Data was obtained.
Cisco shall implement appropriate and reasonable technical and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or access. Cisco shall instruct and contractually require third parties processing Personal Data on behalf of Cisco, if any, to: (a) process it only for purposes consistent with Cisco’s purpose(s) for processing; and (b) implement appropriate technical and organizational measures to safeguard the Personal Data.
Cisco shall process Personal Data in a manner that respects individuals’ rights under applicable data protection laws.
This Policy is effective upon approval.
Any records of exceptions should be archived according to the Cisco Records Management Process and not on an individual’s laptop.
Compliance with Cisco policies is required. Deviations or non-compliance with this Policy, including attempts to circumvent the stated policy/process by bypassing or knowingly manipulating the process, system, or data may result in disciplinary actions, including termination, as allowed by local laws.
In some countries, violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies.
Cisco Records Management Policy
Cisco Global HR Data Protection Policy
The following terms and definitions are used in this document:
|APEC||The Asia Pacific Economic Cooperation (APEC) is a regional economic forum established to leverage the growing interdependence of the Asia-Pacific.|
|Business Personal Data||Personal Data processed by Cisco in a business context that is not HR Data.|
|Cisco||Cisco Systems, Inc. and its subsidiaries, worldwide.|
|Cisco Worker||A person who provides personal services to Cisco in exchange for payment, including employees and contractors, consultants, and interns.|
|Customers||Individuals who are current, former, or prospective customers of Cisco or who represent organizations that are customers.|
|EEA||European Economic Area – includes EU member states and three European Free Trade Association states (Iceland, Liechtenstein, and Norway).|
|European Data Protection Law||EU General Data Protection Regulation (EU) 2016/679, the Electronic Communications Directive 2002/58/EC, and all laws and regulations giving binding legal effect to them in an EEA country, together with any successor or replacement legislation and regulation.|
|HR Personal Data||Personal Data processed by Cisco in an employment context.|
|Personal Data||Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural living person.|
|Personal Data Processing||Any operation or set of operations performed on Personal Data, at any time in its lifecycle, including creating, collecting, recording, organizing, storing, adapting, altering, retrieving, accessing, reviewing, consulting, using, disclosing in any way (for example, by transmission, dissemination, or otherwise making the data available), analyzing, aligning or combining data, or blocking, erasing or destroying data. Processing is not limited to automatic means or type of media. In short, Cisco “processes” Personal Data any time we or our Third-Party Processors use, touch or handle Personal Data in any way.|
Sorry, no results matched your search criteria(s). Please try again.