Privacy Notice for Employees

  • Facebook
  • Twitter
  • Linkedin
  • Email

We at Genpact and our affiliated companies worldwide (“Genpact”) are a global professional services firm focused on delivering digital transformation for our clients.  As your employer, Genpact will need to process your personal data, and in doing so, we will need to share it with companies in our corporate group in accordance with the provisions set out below. We respect you and are committed to honouring and protecting your privacy, we treat personal data in accordance with data protection laws and the purpose of this notice is to make you aware of what personal data we collect, how we use it and how we protect it. If you have any questions or concerns about this privacy policy or your personal data, please contact us at HR.GDPR@Genpact.com and DPO.Genpact@Genpact.com

Personal data we collect
We, at Genpact, collect and maintain certain personal data and sensitive personal data (by which we mean either special category personal data or data relating to criminal convictions and offences) about you as a result of your employment with Genpact and as part of the administration of general employee records.

The personal data collected may include but is not limited to:

  • Identification Information including name, age, date of birth, email address, home address, contact details, government-issued identification numbers, photographs, demographic information, citizenship, nationality, marital status, etc.
  • Educational and Professional Details including higher/further education, certifications, previous employment history etc.,
  • Background check reports including educational and employment checks etc. in accordance with applicable law.
  • Compensation and Benefits Information including details of salary and benefits, name, family member’s or dependents for benefits enrolment, bank account details, salary reviews, records relating to holiday and other leave, working time records etc.
  • Child Care Benefits - We provide certain benefits such as payment of child’s tuition to working parents. In order to provide these benefits, we require information related to your child such as name, date of birth, birth certificate, educational institution, tuition fee and bills.
  • Information about your performance at work, including references obtained from your previous place of work, performance evaluations, as well as opinions expressed by your colleagues, individuals who you manage, supervisors, and clients of Genpact;
  • Travel and Expenses Information including passport, visa details, corporate card transactions, expense details, supporting bills, etc.
  • Learning and Development Information including training, certifications, attendance and assessment records etc.
  • Information collected as part of Surveillance and Monitoring such as video surveillance data, physical access logs, activity, system and transactional logs from applications, systems and communication channels etc.

The sensitive personal data collected may include:

  • Information relating to your Health: such as physical examination results, accident and injury reports, disability status etc.
  • Information related to racial, ethnic origin or religious beliefs collected as a result of diversity surveys.
  • Data relating to criminal convictions and offences collected from background checks or CCTV monitoring.

This information will be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you:

  • Directly from you (When you contact us through HR via on-boarding online application (s), telephone, email and in person)
  • From third parties (through recruitment agencies and background verification agencies), which may also include public sources such as professional networking platforms.

Purposes of processing your personal data and the legal basis for processing
We, at Genpact, must keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative uses only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using your personal data to enable us to comply with your employment contract, to comply with any legal requirements, pursue our legitimate business interests and protect or defend our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our legal obligations or fulfil our contractual obligations with you and we will tell you about the implications of that decision. Some of the key processing activities shall include:

  • Pay your salary and register you for benefits - The information requested is necessary for the performance of our obligations under your employment contract.  If you do not provide the information requested, we will be unable to pay your salary, provide or register you for benefits or to facilitate claims for benefits. 
  • Child Care Benefits – In the event you avail child care benefits, we need to process the personal data of your child, as mentioned in the above section, for the performance of our obligations under your employment contract. If you do not provide the information requested, we will be unable to provide or register you for benefits or to enable payment of claims for benefits.
  • Pay taxes – We are legally obliged to pay certain taxes on your earnings and we will use the information provided by you to meet our legal obligations.
  • Background Verification – We engage third party vendors to carry out background verification checks including identity verification, educational verification and employment verification and criminal verification to pursue the legitimate business interest of the company and to comply with applicable legal requirements and where permissible under local law.
  • Note your expression of wish for death benefits – By completing and returning your expression of wish you consent to us storing your expression of wish and referring to it in the event of your death in service.  If you do not provide the information requested, we will not have an indication of your wishes in the event of your death in service.
  • Staff administration – We keep employment records in line with industry practice including information relating to employment history, CV, references, absences (for example, annual leave and sickness or injury), accidents and equal opportunities monitoring. We keep a copy of your employment contract and any correspondence with you in the event of your termination of employment. It is in our legitimate business interests and/or necessary for the performance of our obligations under employment law to process these records.
  • Performance and compensation – We process personal data as part of performance review processes and in relation to compensation, reward and benefits. We also keep employee learning and development records. It is in our legitimate business interest to process these records.
  • Travel and Expense – From time to time, we may process personal data and engage travel and immigration vendors to facilitate corporate travel, location transfers, validate corporate card expenses and relevant supporting activities in line with our Travel, Mobility and Expense policies. It is in our legitimate business interest to process these records.
  • Discipline, grievance and dismissal – From time to time, we may need to process personal data in connection with disciplinary, grievance and dismissal processes. It is our legitimate business interest to process these records.
  • Monitoring and Surveillance - We monitor and record computer use and in certain cases, corporate telephone use and also carry out CCTV monitoring of key areas, as detailed in our Interception and Surveillance policy. We also keep records of your hours of work by way of our access control system, as mentioned in our Interception and Surveillance policy. It is our legitimate business interest to process such records, for the safety and security of the company and its staff and in some cases we will be legally required to do so.
  • Audit Compliance – We may process personal data as part of our audit processes and engage third party auditors, from time to time. We have ensured that only personal data absolutely necessary is processed during such audits in order to comply with applicable laws and to satisfy our legitimate business interests.
  • New employment opportunities - If you have expressed an interest in working for us in the future (e.g., under a temporary contract) we may retain your employment records and related documents containing your personal data for future employment related opportunities, in pursuit of our legitimate business interests.
  • Disclosure of business contacts, CV and background screening information to clients – where required by clients as data controllers.
  • Prevention of fraud – We may process your personal data for the purpose of fraud prevention in pursuit of the legitimate business interests of the company.
  • Verifying compliance with Genpact policies – We may process your personal data for the purpose of assessing and ensuring employee compliance with the various internal Genpact policies in pursuit of the legitimate business interests of the company.
  • Reporting potential crimes – We may process your personal data for the purpose of detecting and reporting potential crimes where permissible or required under national law.
  • Documents produced by employees – We may store documents and records that are produced by you and your colleagues which contain your personal data, for example your name, details of your role and your CV, and these may be shared with clients in the course of carrying out your duties and the business of the company, in pursuit of our legitimate business interests.
  • Health and safety and occupational health - Where necessary, we may process sensitive personal data relating to your health in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, health insurance or life insurance benefits. Genpact, will process such information only based on your explicit consent or as otherwise legally permitted, for example, where it is necessary for carrying out obligations or exercising rights under employment law, to protect your vital interests, for the establishment or defence of legal claims, to facilitate medical diagnosis/ assistance/ treatment and/or for the assessment of your working capacity.
  • Equal opportunity or treatment - We may process sensitive personal data relating to your racial or ethnic origin, religious beliefs in each case, for the purposes of monitoring the existence or absence of equality of opportunity or treatment between groups of individuals. Such processing will only be carried out based on your explicit consent and you have the right to withdraw that consent at any time.

Monitoring
We have implemented industry standard security measures to assist us to keep our systems and premises secure. These security measures are primarily focused on ensuring we can detect, block and respond to malicious software (malware) and intrusion attempts, and also to ensure we keep our business data and your personal data secure and confidential.  The security measures implemented include: 

  • System security – We have security measures in place that involve automated scanning of incoming and outgoing emails, workstations, applications and our networks owned/ managed by Genpact for potential threats. Threats, such as phishing emails, data leakage, presence of malware, noncompliance to Genpact policies, or other unusual activity will be escalated to our Information Security and IT Teams for review and response.
  • Logs and Audit Trails – We have enabled logging and audit trail capabilities on all Genpact owned/ managed systems accessed by you. We have implemented automated tools to record and monitor information about your usage of login credentials, access to applications and websites and other activities carried out by you while using Genpact owned/ managed systems. The automated tools have been configured to protect confidential information (including personal data) and to ensure Genpact owned/ managed systems are protected against malware and other threats, as mentioned in the paragraph above. These tools will also alert our Information Security and IT teams of such threats and of any potential non-compliances to Genpact policies. Given most of Web Traffic over Genpact systems is encrypted, the automated tools that monitor for malware and data leakage may also decrypt this traffic to ensure the continued effectiveness of these controls. Additionally, activities of users who have privileged access to Genpact owned/ managed systems might be subject to a higher level of monitoring by automated tools, given higher potential business impact in case of compromise / misuse of such credentials.
    From time to time we may also share the audit logs containing information about the activities performed by users on Genpact owned/ managed systems to third parties who provide information security related services to Genpact in order to investigate any system issues or data breaches.
  • CCTV – We operate CCTV to help keep our premises secure.  Images of you may be captured as part of the CCTV operation, however, we only view images where an incident has occurred.

This processing is necessary for the purposes of the legitimate interests pursued by us to keep our business data and your personal data secure and confidential and in some cases to protect or defend our legal rights. 

In the future, if we intend to process your personal data for a purpose other than that mentioned above, we will provide you with all relevant information and obtain your consent where it is necessary to do so. 

Who we may share your personal data with (the recipients or categories of recipients of the personal data)

  • We may use carefully selected third parties to carry out certain activities to help us to run our business (such as payroll processing, cloud service providers, IT support vendors, information security support vendors), to provide you with certain benefits (such as pension or health insurance schemes), to facilitate your corporate travel and expenses (corporate card vendors, travel and immigration vendors), to carry out background verification (background verification agencies) and to facilitate audits (third party auditors).  For information on the third party vendors partnered with Genpact, please visit http://www.genpact.com/about-us/gdpr.
  • We have offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Your information may be shared with our internal staff for management and administrative purposes as outlined above. Please visit http://www.genpact.com/about-us/regions to see a list of the locations within our corporate group.
  • Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies. 
  • Where required for your role, your business contact details may be shared with our clients, contractors and suppliers.
  • We may also share your CV’s and background verification status to customers, upon request, to comply with our contractual obligations.
  • From time to time, we may consider corporate transactions such as a merger, acquisition, reorganisation, asset sale, or similar.  In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to a third parties involved in the transaction.

Security
We have implemented industry standard security measures to keep your personal data secure and confidential, including and not limited to:

  • Limiting access to your personal data, to those Genpact employees strictly on a need to know basis, such as to respond to your inquiry or request.
  • Implemented physical, electronic, administrative, technical and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and destruction. It is important for you to protect against unauthorized access to your password and to your computer.
  • Genpact employees who misuse personal data are subject to strict disciplinary action, as it is a violation of the Integrity Policy of Genpact.  

International and group company transfers of personal data
We are part of an international group of companies and, as such, transfer personal data concerning you to countries outside the European Union (EU).  Please visit http://www.genpact.com/about-us/regions to see a list of the locations within our corporate group.

We transfer personal data between our group companies and data centres for the purposes described above. We may also transfer personal data to our third party suppliers outside of the EU as described above. Your personal data may be stored in databases located outside of the EU including in India. The database is controlled by our administrative staff located outside of the EU including in India and can be accessed electronically.

Where we transfer personal data outside of EU, we either transfer personal data to countries that provide an adequate level of protection (as determined by the European Commission) or we have appropriate safeguards in place.  Appropriate safeguards to cover these transfers are in the form of standard contractual/data protection clauses adopted by the European Commission.  Please visit http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF to know more about standard contractual/data protection clauses.

Where we transfer personal data between our group companies we have covered these transfers by entering into standard contractual clauses adopted by the European Commission. If you would like more information on the any of the data transfer mechanisms on which we rely please contact our Data Protection Officer, details available in the contact section below.

Period for which the personal data will be stored
We store personal data in line with legal, regulatory, financial and best-practice business requirements. Your personal data will be collected, stored and processed by us while you are an employee.  In the event that you stop being our employee, we will securely delete/destroy your employment records and related documents containing your personal data as soon as practicable and in line with our Data Retention policies, and any legal or regulatory requirements.

If you have expressed an interest in working for us in the future (e.g. under a temporary or permanent contract) we will retain relevant records and documents containing your personal data, for future employment related opportunities, for example for references, for an appropriate period of time. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our Data Protection Officer, details available in the contact section below.

Existence of Automated Profiling and Decision Making
We use automated profiling, in limited circumstances as explained below:

  • We utilise a Genpact managed tool that analyses parameters such as inputs by managers, number of years spent in a role, last salary increase, performance ratings, performance bonus, trainings attended. The tool helps us predict potential attrition risk of certain employees. The insights of the profiling are utilised by our HR team pursuant to our legitimate business interest in order to help us with our employee retention strategies or to make any adjustments that may foster motivation towards your job/ role.

We do not carry out any processing activities that involve automated decisions.

Your rights
You have a right to:

  • Request access to your personal data and request details of the processing activities conducted by Genpact.
  • Request that your personal data is rectified if it is inaccurate or incomplete
  • Request erasure of your personal data in certain circumstances. 
  • Request restriction of the processing of your personal data by Genpact in certain circumstances.
  • Object to the processing of your personal data in certain circumstances.
  • Receive your personal data in a structured, commonly used and machine-readable format in certain circumstances.
  • Lodge a complaint with the relevant supervisory authority.
  • Object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  • Withdraw any consent you have provided to us at any time by contacting us. 

To exercise the rights outlined above in respect of your personal data you may submit a data subject request on our portal - https://app-eu.onetrust.com/app/#/webform/6f529743-657b-472f-9f18-b4a49d9cd6a2. In case you face any issues in accessing our portal, you may also write to us at DPO.Genpact@Genpact.com.

Changes to our privacy policy
This privacy policy was last updated in MAY 2018 and we will notify you of changes we may make to this privacy policy where required, however we would recommend that you look back at this notice from time to time to check for any updates. 

Contact
Genpact is the controller of data for the purposes of GDPR.
If you have any concerns as to how your data is processed, you can contact our Data Protection Officer by writing to DPO.Genpact@genpact.com.