This policy has been updated on June 9, 2022 to reflect DXC’s continued efforts in striving to provide best-in-class privacy and data protection. The section ‘Information Security, Accuracy and Retention’ has been updated to make available to you an overview of the technical and organizational measures (“TOMs”) implemented by DXC. Moreover, as indicated by the TOMs, DXC now maintains a formal Privacy Information Management System (PIMS) that achieved formal certification as defined in ISO/IES 27701 for its global and regional delivery centers.

At DXC our commitment to privacy goes beyond the minimum legal and regulatory requirements. We strive for best-in-class data protection and privacy management, which requires a sound data privacy governance structure and an effective data privacy compliance and best practices program to ensure DXC meets ever-changing and increasingly complex regulatory standards and all contractually agreed privacy obligations.

DXC's Global Privacy and Data Protection Office has strategic and operational responsibility for this program, which is adequately resourced and appropriately organized to ensure the policies and compliance processes, technology and physical controls and security we rely upon to govern the collection, use, storage and transfer of personal data all over the world meets statutory and regulatory requirements. Therefore, DXC's approach is to coordinate the contribution of several corporate disciplines - including ethics and compliance, legal, human resources, and information and physical security - to achieve our "best in class" data protection and privacy management objectives.