Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Global Privacy Policy

1. Purpose

Cisco is committed to protecting the privacy of Personal Data of its Workers, Customers, business partners, and other individuals. Cisco has, therefore, implemented a global privacy program to establish and maintain high standards for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data. This Global Privacy Policy is the foundation of that program and describes the approach taken by Cisco when processing Personal Data worldwide.

2. Scope

All Cisco employees, contractors, vendors, consultants, temporary agency workers, and other agents of Cisco, its subsidiaries and affiliates (“Cisco Workers”) must comply with this Policy, including all personnel affiliated with third parties who may have access to any Cisco network or resource, including cloud-based services, hosted inside or outside of Cisco.

This Global Privacy Policy applies globally to Personal Data that Cisco processes, whether by electronic or manual means (i.e., in hard copy, paper, or analog form). This Policy applies to any Personal Data Processing that is done for or by Cisco.

With respect to People Data and Business Personal Data specifically, this Global Privacy Policy is supplemented by the Cisco Global People Data Protection Policy, European People Data Protection Policy, and the Cisco Business Personal Data Privacy Policy. These internal policy documents describe in more detail how this Global Privacy Policy applies to People Data and Business Personal Data, respectively, and provide guidance to Cisco Workers on the proper handling of Personal Data.

3. Policy Statements

3.1 Adequate Safeguards for Processing of Personal Data

In conjunction with the Global People Data Protection Policy and Business Personal Data Privacy Policy, this Global Privacy Policy is also intended to provide adequate safeguards for the processing of Personal Data entrusted to Cisco and transferred from countries requiring such protections. This is to help enable Cisco to transfer Personal Data wherever it is needed globally to support its internal business processes or promote services and product functionality and improvement. To do this, the Global People Data Protection Policy, European People Data Protection Policy, and the Business Personal Data Privacy Policy each describe certain additional obligations and legal rights in circumstances where European Data Protection Law, American, Asia-Pacific Economic Cooperation (APEC), and other countries or regions’ Personal Data Protection and Privacy Laws or requirements differ and are applicable.

3.2 Compliance with Applicable Law

Cisco shall comply with applicable Personal Data Protection and Privacy Laws and requirements worldwide.

Where applicable Personal Data Protection and Privacy Laws require a higher standard of protection for Personal Data than presented in this Global Privacy Policy, the requirements of applicable personal data protection law shall prevail. Where applicable Personal Data Protection and Privacy Laws establish a lower standard of protection for Personal Data than presented in this Global Privacy Policy, the requirements of this Global Privacy Policy shall prevail.

Where Cisco Workers have reason to believe that applicable law prevents Cisco from fulfilling its obligations under this Global Privacy Policy, they shall promptly inform the Chief Privacy Office and Cisco Legal via the Privacy Request Form. Where there is a conflict between applicable law and this Global Privacy Policy, the Chief Privacy Officer and Cisco Legal shall make a responsible decision regarding what action to take to resolve such a conflict and shall consult with the relevant regulatory authority in cases of doubt.

3.3 Privacy Principles

The following high-level principles establish Cisco practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.

  • Fairness

  • Cisco shall process Personal Data in a fair, lawful, legitimate, and transparent manner.

  • Purpose Limitation

  • Cisco shall only collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing shall be compatible with such purpose(s), unless Cisco has obtained the individual’s consent, or the processing is otherwise permitted by law.

  • Proportionality

  • Cisco shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.

  • Data Integrity

  • Cisco shall keep Personal Data accurate, complete, and up to date as is reasonably necessary for the purpose(s) for which it is processed.

  • Data Retention and Disposal

  • Cisco shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s), or other permitted purpose(s), for which the Personal Data was obtained. Thereafter, it shall either be destroyed, deleted, anonymized, or removed from our systems.

  • Data Security

  • Cisco shall implement appropriate and reasonable physical, technical, and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or access. Cisco shall instruct and contractually require third parties processing Personal Data on behalf of Cisco, if any, to: (a) process it only for purposes consistent with Cisco’s purpose(s) for processing; and (b) implement appropriate physical, technical, and organizational measures to safeguard the Personal Data.

  • Individual Rights

  • Cisco shall process Personal Data in a manner that respects individuals’ rights under applicable Personal Data Protection and Privacy Laws.

  • Accountability

  • Cisco shall implement appropriate governance, policies, processes, controls, and other measures necessary to enable it to demonstrate that its processing of Personal Data is in accordance with this Global Privacy Policy and applicable Personal Data Protection and Privacy Laws.

3.4 Updates to this Policy

Cisco may periodically review and revise its personal data protection and privacy practices, policies, and procedures including this Global Privacy Policy. If any significant changes are made, Cisco shall:

  • Take reasonable steps to inform all Cisco entities, Cisco Workers, Customers, business partners, and other data subjects affected by the revisions; and
  • Post appropriate notices referring to the changes on the relevant websites—both internal and external, as appropriate.

4. Policy Compliance

Cisco is committed to ensuring that this Global Privacy Policy is observed by all Cisco Workers. Cisco Workers must comply with this Global Policy.

4.1 Compliance Effective Date

This policy is effective upon approval.

4.2 Compliance Measurement

Compliance with this Global Privacy Policy is verified by various means, including reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner(s). Cisco will monitor its compliance with this Policy on an ongoing basis. Cisco will periodically verify that this Global Privacy Policy continues to conform to the applicable Personal Data Protection and Privacy Laws and is being complied with.

4.3 Compliance Exceptions

Any exception to this Global Privacy Policy requires the written approval of the Chief Privacy Officer and Cisco Legal.

Any records of exceptions should be archived according to the Cisco Records Management Process.

4.4 Noncompliance

Compliance with Cisco policies is required. Deviations or non-compliance with this Policy, including attempts to circumvent the stated policy/process by bypassing or knowingly manipulating the process, system, or data may result in disciplinary actions, including termination, civil action and lawsuits, and referral for criminal prosecution as allowed by local laws.

In some countries, violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies against Cisco and culpable persons in their individual capacity.

5. Related Policies and Processes

6. Supporting Documents

7. Definitions

The following terms appear in this document.

APEC The Asia-Pacific Economic Cooperation (APEC) is a regional economic forum established to leverage the growing interdependence of the Asia-Pacific.
Business Personal Data Personal Data processed by Cisco in a business context that is not People Data.
Cisco Candidate

A person who is of interest for a job opportunity at Cisco but may not have applied for a specific job.

Note: For the purposes of this Global Policy, ‘People Data’ does not include information that might be obtained during any monitoring or surveillance of Cisco Workers or Candidates, for example, the lawful video surveillance of Cisco’s premises.

Cisco Cisco Systems, Inc. and its subsidiaries, worldwide.
Cisco Worker

This includes employees and contingent workers

Note: Any reference to 'Cisco Worker or Candidate' in this Policy is only for the purpose of the operation of this Policy and is not intended to and does not in any way indicate or give rise to an employment relationship between the 'Cisco Worker or Candidate' as referenced, and Cisco.

Customers Individuals who are current, former, or prospective customers of Cisco or who represent organizations that are customers.
European Data Protection Law EU General Data Protection Regulation (EU) 2016/679, the Electronic Communications Directive 2002/58/EC, and all laws and regulations giving binding legal effect to them in an EEA country, together with any successor or replacement legislation and regulation.
People Data

Information relating to an identified or identifiable Cisco Worker or Candidate insofar as that information has been obtained by Cisco in the context of the Cisco Worker's or Candidate’s actual or potential working relationship with Cisco. A Cisco Worker or Candidate is ‘identifiable’ if he/she can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Cisco People data includes each of the following:

  • Cisco Worker or Candidate Company Identification Data—Data generated and/or collected solely for the purpose of identifying a Cisco Worker in the performance of his/her duties for Cisco.
  • Cisco Worker or Candidate Contextual Data— Data generated and/or collected which identifies or describes the performance, compensation or other similar information which provides additional information about the worker, their background and family.
  • Cisco Worker or Candidate Personal Identification Data - Data generated and/or collected which identifies or describes non-Cisco identifiers related to the workers’ or candidates’ bank, governmental or other accounts.
Personal Data Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Personal Data Processing Any operation or set of operations performed on Personal Data, at any time in its lifecycle, including creating, collecting, recording, organizing, storing, adapting, altering, retrieving, accessing, reviewing, consulting, using, disclosing in any way (for example, by transmission, dissemination, or otherwise making the data available), analyzing, aligning or combining data, or blocking, erasing or destroying data. Processing is not limited to automatic means or type of media. In short, Cisco “processes” Personal Data any time we or our Third-Party Processors use, touch, or handle Personal Data in any way.
Personal Data Protection and Privacy Laws All applicable legislation and regulatory requirements relating to personal data protection and privacy including without limitation all regional, national, and local personal data protection privacy laws and related regulations, as amended, repealed, consolidated, or replaced from time to time.

Sorry, no results matched your search criteria(s). Please try again.

The Global Privacy Policy was revised and effective as of June 25, 2021.