The DPA, together with the Information Security Exhibit, the Privacy Data Sheets, the General Disclosures and the Offer Disclosures, governs how Cisco processes customers' personal data. In the tabs at left, you will find all resources and documentation that are linked in the DPA and that are relevant to Cisco's processing of personal data.
Cisco may transfer to and process personal data in locations where Cisco or its subprocessors maintain personal data processing operations to provide Cisco offers, as further detailed in the respective Privacy Data Sheets or Offer Disclosures.
Cisco will conduct such transfers in accordance with the transfer mechanisms set out here. Any further changes to these transfer mechanisms approved with an official decision by the applicable competent authority will be incorporated by reference into the DPA and a copy of the new mechanism will be available on this page.
Impact assessments: We have created Transfer Impact Assessment (TIA) packages to help our customers conduct TIAs in use of Cisco offers.
Where Cisco processes personal data from the United Kingdom on behalf of customers in the United States, Cisco shall perform such processing in accordance with the UK Extension to the EU-U.S. Data Privacy Framework and in accordance with the EU Standard Contractual Clauses, as amended by the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from the EEA on behalf of customers in a country that is not an Approved Jurisdiction, Cisco shall perform such processing in accordance with the EU Standard Contractual Clauses and/or in accordance with Articles 44 to 49 of the General Data Protection Regulation (GDPR).
Where Cisco processes personal data from the United Kingdom in a third country, such processing shall be performed in accordance with the EU Standard Contractual Clauses, as amended by the UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from Switzerland in a third country, such processing shall be performed in accordance with the EU Standard Contractual Clauses, as amended by the Swiss Addendum to the EU Commission Standard Contractual Clauses.
Where Cisco processes personal data from the Kingdom of Saudi Arabia in a third country, such processing shall be performed in accordance with the KSA Standard Contractual Clauses.
Where Cisco processes personal data from Turkey in a third country, such processing shall be performed in accordance with the Turkish Standard Contractual Clauses. Cisco is aware of the requirements laid down by the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad published in the Turkish Official Gazette dated 10 July 2024 (the “Regulation”) and is committed to assist customers as needed to ensure compliance with such requirements. Likewise, customers commit to fulfill all obligations applicable to data controllers under the Regulation, including the obligation to inform the Turkish Data Protection Authority regarding the execution of the Turkish Standard Contractual Clauses with Cisco.
For all other jurisdictions, transfers of personal data outside of such jurisdiction will be consistent with data protection laws.
Where Cisco Processes Personal Data from an APEC Member Economy* or from a Global CBPR and Global PRP Member Economy* on behalf of You, Cisco’s Global CBPR and Global PRP certifications apply to our business processes across our global operations that Process and transfer Personal Data to/from our Affiliates around the world. To view these certifications, please visit https://www.globalcbpr.org/.
*APEC is the Asia Pacific Economic Cooperation, a regional economic forum established in 1989 to leverage the growing interdependence of the Asia-Pacific. APEC Member Economies are: Australia, Brunei Darussalam, Canada, Chile, China, Hong Kong-China, Indonesia, Japan, Republic of Korea, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, Philippines, Russia, Singapore, Chinese Taipei, Thailand, United States, and Vietnam.
*Global CBPR and PRP are the Global Cross Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) systems established under the Global Cross Border Privacy Rules Forum (the “Global CBPR Forum”), a global multilateral initiative to enable trusted cross-border data flows. Global CBPR and PRP Member Economy is any country or economy formally recognized as a participant in the Global CBPR and/or the Global PRP systems, as listed at https://www.globalcbpr.org/about/membership/.
Review Cisco's technical and organizational measures, which are designed to protect the security, integrity, and confidentiality of personal data of our customers. The Information Security Exhibit is incorporated by reference in the DPA.
View Information Security Exhibit (PDF)
You can subscribe to receive email notifications containing detailed information when the Information Security Exhibit is updated. Click the Subscribe link in the upper-right-hand corner of the Information Security Exhibit, and you'll receive an email notification each time the document is updated.
Privacy Data Sheets and Offer Disclosures describe the processing activities for personal data in relation to Cisco offers and are incorporated by reference in the DPA. Use those documents to learn about the personal data processing operations in relation to particular Cisco offers (categories of personal data that are processed, purpose of processing, cross-border transfers, access controls, data portability, retention and deletion periods, data security, incident management, subprocessors, certifications, etc.).
Go to Privacy Data Sheets and Offer Disclosures.
You can subscribe to receive email notifications containing detailed information about any updates to the processing operations of Cisco offers published in the applicable Privacy Data Sheet(s) or Offer Disclosure(s). Click the Subscribe icon in the upper-right-hand corner of a Privacy Data Sheet or Offer Disclosure, and you'll receive an email notification each time that document is updated.
Securing and protecting our customers and their data include following open, global standards. Cisco holds multiple product- and service-specific security certifications, such as from International Organization for Standardization (ISO), SOC, or the EU Cloud Code of Conduct.
Cisco's Global Privacy Policy is the foundation of Cisco's global privacy program to establish and maintain high standards for processing personal data. It describes the approach Cisco takes when processing data.
Cisco's Online Privacy Statement reflects our global principles and standards in relation to handling personal data.
You can find all of Cisco's privacy and security resources and materials at our Trust Center.
Our Trust Portal is a self-service tool that gives you on-demand access to public Cisco security, trust, data protection, and privacy compliance documents. You can use the tool to help to better manage security and compliance due-diligence requirements for your organization.
