Notice for United States Consumers and Employees

Effective: January 1, 2020, updated September 2023

This notice describes the rights of United States Consumers and/or Employees under applicable state and federal data protection legislation in the United States.  CGI is required by such applicable laws to provide information on certain topics:

  • Selling/sharing of Personal Data (CGI does not sell/share your Personal Data)
  • Consumer Rights
  • Purpose of Processing Personal Data
  • Categories of Personal Data collected and sources of that information
  • Categories of Personal Data we share for business purposes
  • Exercising your Rights
  • Categories of Third Parties with Whom Personal Data is Shared

 

CGI’s standard privacy practices are described in our Privacy Policy, and such practices apply throughout CGI, subject to limitations imposed by local laws

We Do Not Sell or Share Your Personal Data

Consumers: CGI does not sell, rent, release, disclose, disseminate, transfer, or otherwise communicate your Personal Data.
Employees: As part of CGI operations, we may collect your Personal Data and disclose them to:

  • CGI Legal Entities since you can benefit from our full range of solutions and services as part of our global delivery model;
  • third parties engaged by CGI and providing goods to CGI or performing services on our behalf (e.g. suppliers, subcontractors and freelancers);
  • certain regulated professionals (e.g. banks, lawyers, notaries and auditors),

CGI will disclose your Personal Data if the disclosure is reasonably necessary to protect CGI’s rights and pursue available remedies, enforce CGI’s terms and conditions, investigate fraud, or protect CGI’s operations or users.
CGI may also disclose your Personal Data to administrative, judicial, or governmental authorities, state agencies or public bodies, strictly in accordance with Applicable Data Protection Legislation and Local Legislation, and after careful review, the legality of any order to disclose data. CGI will challenge the order if there are grounds under the law of the country of destination to do so.

Consumer Rights

Consumer rights may vary by state.  Each right below is defined and is applicable under the respective states’ legislation.

2.1       Right to Confirm Access or Request Personal Data

You (or your authorized agent) have the right to confirm CGI’s access of and/or request a copy of your Personal Data. You can request that we disclose the purpose for pieces of Personal Data Collected, the Categories of sources from which that information is Collected, and the categories of Third Parties with whom we shared it over the past 12 months.

2.2     Right to Rectify or Correct Personal Data

You may have the right to rectify or correct inaccuracies in your personal data, considering the nature of the personal data and the purposes of the processing your personal data.

2.3 Right to Delete Personal Data

You can request that CGI deletes your Personal Data. You can request that we delete all Personal Information or only specific Personal Data, and we will process your request unless an exception applies under applicable law. Possible exceptions may include but are not limited to: where the Personal Data is necessary to complete a transaction or fulfill the terms of a contract for which it was Collected, where the information is being used to detect, prevent, or investigate a security incident, to comply with laws, or to identify and repair bugs, or where the information is necessary to enable another individual’s rights according to applicable law.

2.3 Right to Opt out of Targeted Advertising, Sales, and Profiling

CGI does not sell or share your information, so we do not offer an opt-out.
To opt out of the processing of the personal data for the purposes of (i) targeted advertising,  (ii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

2.4 Right to Notification

CGI cannot Collect new categories of Personal Data for a previously communicated purpose or use previously collected Personal Data for a new or materially different purpose without first notifying you. CGI Employees or Candidates should refer to applicable notices at time of collection.

2.5 Right to Limit Use and Disclosure of Sensitive Personal Data

Where applicable, Consumers and Employees may direct a business to limit the use or collection of their sensitive Personal Data, except where CGI is required by law to collect and retain this information. Such requests can be made via telephone 888-277-0686 , via webform or email sent to privacy.uscsg@cgi.com.com for any United States resident.

2.6 Nondiscrimination for Exercising your Rights/ No retaliation

Privacy laws prohibit businesses from retaliating or discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.

Categories of Personal Data Collected

The CGI Website Privacy Policy describes the information we Collect and its sources.

Personal Data Category

Source(s) of Collected Information

Identifiers
(e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, SSN, Driver’s License, state or federal ID, or other similar identifiers)

 

 

Information you provide directly.

Information you provide through your interactions with our Services or website (as described in our Privacy Policy).

Information provided to us through our relationship with our service providers (as described in our Privacy Policy).

Internet or other electronic network activity
(e.g. browsing history, search history, interactions with our website)
Information you provide directly or through your interactions with our Services or website.
Professional or Employment-Related Information Information you provide to us directly.
Education Information Information you provide to us directly.
Inferences Information you provide to us directly or through your interactions with our Services or website.

California Specific

Information described in subdivision (e) of Section 1798.80
(e.g. signature, telephone number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information)

Information you provide directly.

Information you provide through your interactions with our Services or website (as described in our Privacy Policy).

Information provided to us through our relationship with our Service Providers (as described in our Privacy Policy).

Characteristics of protected classifications under California or Federal law
(e.g., your gender or age)
Information you provide to us directly and inferences we make based on that information.
Information provided to us through our relationship with our service providers (as described in our Privacy Policy).

We use this Personal Data for the purposes outlined in Section 5 of our Privacy Policy.

Categories of Personal Data we share for Business Purposes

While we do not sell your Personal Data, over a 12-month period, we may share the types of Personal Data listed in Section 3 with partners, service providers, and related companies to support our own operational purposes, known as “business purposes” , in providing Services to you, as described in the “Disclosure of personal data” section of our Privacy Policy.

Exercising your Rights

To exercise  your rights as outlined above, please complete this webform or see the options listed below, under Contact Us, and provide the following information:

  • State of Residence
  • Name (Clearly pronounced and/or correctly spelled)
  • Contact information (Phone number or email address)
  • Description of your relationship to CGI
  • What Rights are being requested

Your state privacy laws may include the right to designate an authorized agent to make a request on your behalf. When such an agent is submitting a request on your behalf, the information above as well as the Agent’s name and contact information must be provided.
CGI takes reasonable measures to verify a requestor’s identity in order to fulfill any request involving personal information. Such measures help us both to verify the targets of such requests within our internal systems and to ensure that we do not disclose personal data to (or otherwise process personal information on behalf of) unauthorized individuals. Depending on the context of your request as well as the sensitivity and volume of the personal information that CGI would be disclosing or processing in the fulfillment of your request, we may require you to provide additional proof of your identity, up to and including the presentation of government-issued identity documents. If we require such proof of identity, you may present it digitally (Email, SMS, video call, etc.) or we would be happy to arrange for a brief, in-person ID verification appointment at a CGI office close to you. If you choose to share your identity documents digitally, we strongly recommend that you password protect the files before sharing, and provide us with the associated password via a different communications channel from the original message. (e.g. If the identity documents are sent via email, send the associated password via SMS, cloud storage, voicemail, post, etc. – NOT by email to the same address.) Please note that CGI does not, under any circumstance, retain copies of identity documents provided for such identity verification purposes. Once your identity has been verified, along with the validity of your request, CGI will take the appropriate action in response, free of charge and without discrimination:

  • In case of a request to know or access your information, you will be provided the required personal information as defined in your request per applicable law;
  • In case of a Request to Delete, CGI will delete the personal data collected about you, subject to our right to maintain data for specific purposes as permitted or required under applicable law.

Definitions

Any capitalized term used but not defined herein shall have the meaning as in the  noted in CGI Privacy Policy.

  • Consumer – As defined in each respective state Consumer Privacy Law
  • Rights – As defined in each respective state Privacy Law

Contact Us

For any questions, please contact us at privacy.uscsg@cgi.com (preferred), or call 888-277-0686).

Questions, Complaints and Resources

8.1 Questions
In case of questions related to the interpretation or operation of CGI’s Privacy Policy, please send an email to privacy@cgi.com or contact CGI's Chief Privacy Officer at Paris – Carré Michelet, 10-12 Cours Michelet, 92800 Puteaux, France.

8.2 Independent recourse mechanism
If your question or concern is not addressed by contacting CGI Privacy Office or you believe that you have  evidence of misconduct that could harm CGI, its members, clients or shareholders, you can reach out to CGI’s Ethics Hotline.

8.3 Data Protection Authorities
 Should you require assistance from any competent data protection authority, please reach out to the relevant one by using the useful resources below: