Privacy policy - PIA+ for Amplifi PRO

WNS Global Services and all affiliated entities and subsidiaries—including WNS Procurement and The Smart Cube (collectively referred to as “WNS”, “we”, “us”, or “our”)—own and operate the SaaS-based product PIA+ for Amplifi PRO (“PIA+”). This advanced Procurement Intelligence Assistant transforms how procurement professionals make informed decisions and is accessible via integrations with third-party platforms such as Microsoft Teams. Whether managing direct or indirect procurement, Amplifi PRO empowers teams with insights and tools to drive smarter, insights-led decisions and optimize procurement outcomes.

We are committed to respecting your data privacy rights and safeguarding any personal information collected through PIA+. This Privacy Policy (“Policy”) outlines how personal data is collected, used, and protected. It applies exclusively to PIA+. Please note that WNS has separate privacy policies for other products and services, accessible at: https://www.wns.com/privacy-policy and https://www.wnsprocurement.com/privacy-policy.

By using PIA+, you agree to the terms of this Policy and consent to the use of your personal information as outlined. If you do not agree, you may choose not to provide personal information or withdraw your consent.

If you are using PIA+ on behalf of another individual or entity, you must have the authority to bind them to this Policy. If not, please refrain from using the platform.

This Privacy Policy is an electronic record governed by the data protection laws of relevant jurisdictions.

1. Definitions

• “User(s)”, “you”, “your”: Individuals accessing PIA+.
• “Customer”: Entity, organizer, or individual using PIA+.
• “Controller” and “Processor”: As defined by the EU GDPR 2016/679.
• “Personal Data”: Information related to an identifiable person.

2. What personal data do we collect?

We collect personal data as follows:

• User Account: When registering on Amplifi PRO, we collect your first name, last name, and corporate email address to authenticate and manage authorized user accounts.
• User Content: We advise against sharing personal data via prompts or feedback on PIA+. If shared, such information may be collected.
• User Content History: We record your interactions with PIA+, mainly non-personal data, with limited personal data such as first name, last name, and email.

3. Processing of Personal Data on behalf of the customer

When the Company receives information from its customer, it acts as a Processor and processes data according to the instructions provided by the Data Controller.

This section pertains to the Personal Data of Users collected by the Customer, which may be facilitated by us.

The Company as a Data Processor: The Customer determines the purpose and means of processing such Personal Data. We process this data solely on behalf of, and as instructed by, the Customer for the purpose of delivering our Services to them.

Customer Privacy Notice: If you are a PIA+ User and your Personal Data has been shared with us by the Customer, the Customer’s privacy notice will apply. This implies that any inquiries, requests, objections, or complaints related to the collection and/or processing of Personal Data within the context of your PIA+ usage should be directed to and addressed by the Customer.

Personal Data: We may process Personal Data, including, your first name, last name and email to facilitate the creation of User accounts and communicate with you in case of customer support, to process transactions, for sending newsletters, updates and promotional materials, for seeking your opinion and feedback and personalize and/or tailor any communications that we may send you. The Company remains the data processor, while the Customer is responsible for providing adequate privacy notices.

Customer Responsibility: The Customer represents that it has obtained all necessary consents and/or relies on other appropriate legal bases for processing the Personal Data of end-Users. The Customer confirms that end-Users have been informed about the transfer of their Personal Data to the Company as a processor and other third parties involved in the provision of Services.

We will process the Personal Data for the duration of our service provision to the Customer and as long as the Customer maintains active accounts for these Users.

4. How do we use personal data?

We use Personal Data to:

• Respond to PIA+ queries, including routing to a human consultant if needed.
• Develop business intelligence and data analytics for our services.
• Enhance PIA+ experience and service offerings.
• Communicate updates, newsletters, and support responses.
Keep internal records and comply with legal obligations.

5. Use of Artificial Intelligence (AI) in PIA+

WNS Procurement / Amplifi PRO utilises the capabilities of artificial intelligence (AI) in PIA+, including the integration of generative AI features through Microsoft Azure Open AI services. We ensure that the Personal Data of Customers is not employed to train AI models developed either by us or third parties, such as Microsoft, nor is it used to enhance PIA+.

6. Children’s privacy

We understand the importance of taking extra precautions to protect the privacy and safety of children using our Website. The services are not intended for users under the age of 16. We do not knowingly collect any personal data from children under 16 or market to or solicit information from anyone under the age of 16. If we become aware that a person submitting personal data is under 16, we will delete all the information as soon as possible unless it is with

the consent and involvement of a parent or guardian. If you believe we might have any information from or about a child under 16, please contact us at privacy@wns.com.

7. Accuracy of information

The User undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personal Data shared with us whether of its own or any third party. In the event the User is sharing any Personal Data on behalf of a third person, the User represents and warrants that he has the necessary authority to share such Personal Data with the Company, obtained a written consent from such third party and the Company shall not be responsible for verifying the same. The User understands and acknowledges that such Personal Data shall be subject to the terms and conditions of this Privacy Notice.

8. Disclosures

We do not sell or rent your Personal Data to third parties for their direct marketing purposes. We have implemented appropriate physical, electronic, procedural, and managerial safeguards to protect your information against loss, unauthorized access, misuse, or modification. However, we may disclose your Personal Data in the following circumstances or with the following parties:

• WNS or its subsidiaries
• Third parties with whom we have a contractual relationship such as Business partners; Service providers; Authorized third-party agents; or Auditors
• Government authorities, regulatory bodies, where applicable

We also rely on third-party suppliers and partners with whom we may share your personal data for the purposes indicated in this Notice. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law. We may also need to share your personal data with regulators or to otherwise comply with the law. We do not process client or employee personal data for secondary purposes.

Merger or acquisition: In the event of an acquisition by another entity, a merger with another company, or a transfer of part of our business (including PIA+) to a third party, your Personal Data may be transferred. Any such third party or resultant entity will have the right to continue using your Personal Data in accordance with the purposes outlined herein.

9. Data retention

We will not retain personal data for a period longer than necessary to fulfil the purposes outlined in this privacy notice unless a longer retention period is required by law or for directly related legitimate business purposes. Personal data that is no longer required to be retained as per legal and business requirements will be disposed in a secure manner.

10. How secure is your personal data?

We have implemented appropriate physical, electronic, procedural, and managerial measures to safeguard your information against loss, unauthorized access, misuse, or modification. We require any third parties processing your information to implement the same levels of protection with respect to your data. We strive to use commercially acceptable means for protecting your 

information. We are committed to maintaining information security and protecting customer data from potential breaches. Although we provide appropriate firewalls and protections, we cannot guarantee the security of personal data transmitted as these systems are not hack-proof. Data theft due to unauthorized hacking, virus attacks, or technical issues is possible, and we will take necessary measures to mitigate such events.

Your personal data may be stored on third-party cloud infrastructure such as Amazon AWS and Microsoft Azure. Please review the AWS Security and Azure Security pages for more information on Amazon’s AWS and Microsoft Azure’s security practices, respectively. We also maintain annually audited security measures aligned with SOC 2 Type 2 and ISO 27001 standards. You agree to notify the Company immediately via email at privacy@wns.com of any unauthorized use of your account or any other breach of security.

11. International data transfers

As a global business, we may transfer your personal data to servers, entities and partners located outside EEA or other trusted third parties based in other countries so that they may process personal data on our behalf. By using our Website or PIA+ or otherwise providing us with your personal data, you agree to us doing so in accordance with the terms of this Privacy Notice and applicable data protection laws and regulations. To ensure that your personal data does receive an adequate level of protection when transferred outside EEA, we have executed Intercompany Transfer Agreements containing standard contractual clauses in accordance with the EU and data protection laws.

12. State-Specific privacy rights (United States)

This section applies to residents of California, Colorado, Connecticut, Utah, and Virginia and addresses their specific privacy rights under applicable state legislation. California, Colorado, Connecticut, Utah and Virginia privacy rights

13. Rights for EU and UK residents

Residents of the European Union (“EU”) and United Kingdom (“UK”) should note that this Privacy Notice has been updated to comply with the requirements of the EU General Data Protection Regulation (the “GDPR”), the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing (“UK Privacy Laws”). According to the provisions of the GDPR and UK Privacy Laws, we are considered Controllers of the Personal information collected through your use/access of PIA+ and Processors of the Personal information collected and processed on behalf of the Customer.

Legal Basis (for EU residents and UK residents): We will process your Personal Data only on a lawful basis. This includes processing based on consent, contract, or our legitimate interests, provided those interests are not overridden by your privacy rights and interests.

Transfer of your personal information across borders (for EU Residents): The Personal Data we collect from EU and UK residents is stored on servers located in the EU region. Personal Data may be processed outside the EU and UK. We collect and transfer Personal Data outside the EU and UK in accordance with the provisions of the GDPR and UK Privacy Laws. For questions, please contact privacy@wns.com. 

Your Rights (For EU and UK Residents):

You have the right to request us:

• to inform you about the Personal Data we hold concerning you,
• to withdraw consent at any time where we rely on consent to process your Personal Data,
• to rectify or modify any such Personal Data,
• to erase/delete your Personal Data,
• to restrict our processing of such Personal Data,
• to object to our use of your Personal Data,
• to lodge a complaint with a data protection authority. UK residents have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. Please contact us first to address your concerns before approaching the ICO. We may need to request specific information to help confirm your identity or reach out for further information regarding your request. To exercise any of these rights, please contact privacy@wns.com.

14. South Africa - PAIA compliance

For South African residents, we comply with the Promotion of Access to Information Act (PAIA).
Forms:
Form 2 - Request for Access to Record
Form 3 - Outcome of Request and of Fees Payable

15. Third-party links

PIA+ may link to other websites, platforms, or applications. We do not control them, and you access them at your own risk. We are not responsible for the protection and privacy of any information you provide there, as they are not governed by this Privacy Notice. Always review the privacy notice of these external sites.

16. Changes to the notice

We reserve the right to update or change this notice at any time, and we will provide you with the updated notice when we make any substantial updates at the earliest either through email or by providing a prominent notice of change on PIA+. You should check the notice periodically. Your continued use of the PIA+ after we post any modifications to the notice on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified notice.

17. Contact Us

In case you have any questions, comments or concerns about this notice/policy or wish to exercise any of the above-mentioned rights, you can contact privacy@wns.com.

Yogesh Ginde

Data Protection Officer privacy@wns.com