Privacy Notice for Individual Contractors

  • Facebook
  • Twitter
  • Linkedin
  • Email

We at Genpact and our affiliated companies worldwide (“Genpact”) are a global professional services firm focused on delivering digital transformation for our clients. We respect you and are committed to honouring and protecting your privacy, we treat personal data in accordance with data protection laws and the purpose of this notice is to make you are aware of what personal data we collect, how we use it and how we take care of it. If you have any questions or concerns about this privacy policy or your personal data, please contact us at HR.GDPR@Genpact.com, GenIE.GDPR@genpact.com and DPO.Genpact@Genpact.com.

Personal data we collect
We, at Genpact, collect and retain certain personal data and sensitive personal data (by which we mean either special category personal data or data relating to criminal convictions and offences) about you. 
The personal information collected may include but is not limited to:

  • Identification Information including name, age, date of birth, email address, home or business address, contact details, government-issued identification numbers, photographs, demographic information, citizenship, nationality, marital status, etc.
  • Educational and Professional Details including higher/further education, certifications, previous employment history etc.,
  • Background check reports including educational and employment checks etc. in accordance with applicable law.
  • Compensation Information including details of salary, bank account details, tax status, income tax and other levies records relating to holiday and other leave, working time records etc.
  • Information about your performance at work, including references obtained from your previous place of work, as well as opinions expressed by your colleagues, individuals who you manage, supervisors, and clients of Genpact;
  • Travel and Expenses Information including passport, visa details, bank account details, expense details, supporting bills, etc.
  • Learning and Development Information including training, certifications, attendance and assessment records etc.
  • Information collected as part of Surveillance and Monitoring such as video surveillance data, physical access logs, activity logs from systems and communication channels etc.

The sensitive personal data collected may include:

  • Information relating to your Health: such as physical examination results, accident and injury reports, disability status etc.
  • Information related to racial, ethnic origin or religious beliefs - collected as a result of diversity surveys.
  • Data relating to criminal convictions and offences collected from background checks or CCTV monitoring.

This information will be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you:

  • Directly from you (via on-boarding online application (s), telephone, email and in person or in circumstances in which you have been employed by Genpact or expressed an interest in future employment related opportunities.
  • Through referrals from our employees, contractors and business connects.
  • From third parties (through recruitment agencies and background verification agencies), which may also include public sources such as professional networking platforms.

Purposes of processing your personal data and the legal basis for processing
We, at Genpact, must collect and process information about you for normal staff contracting purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the profile screening, enrolment process, whilst you are working for us, at the time when your contract ends and after you have left. This includes using your personal data to enable us to comply with our contract with you, to comply with any legal requirements, pursue our legitimate interests and protect or defend our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our legal or contractual obligations and we will tell you about the implications of that decision. Some of the key processing activities shall include:

  • Administration of pay/compensation - The information requested is necessary for the performance of our obligations under your contract.  If you do not provide the information requested, we will be unable to pay you the agreed compensation.  
  • Pay taxes – We are legally obliged to pay certain taxes on your earnings and we will use the information provided by you to meet our legal obligations.
  • Background Verification – We engage third party vendors to carry out background verification checks including identity verification, educational verification, employment verification and criminal verification to pursue the legitimate business interest of the company and to comply with applicable legal requirements and where permissible under local law.
  • Staff administration – We keep contractor records in line with industry practice, including information relating to work history with Genpact, CV, references, absences and accidents. We keep a copy of your contract and any correspondence with you in the event of termination of your contract. It is our legitimate business interest to process these records.
  • Performance and compensation – We may process personal data as part of performance review processes, respectively to provide compensation or benefits as applicable. We also keep learning and development records. It is our legitimate business interest to process such records.
  • Travel and Expense – From time to time, we may process personal data and engage travel and immigration vendors to facilitate corporate travel, location transfers, validate expenses and relevant bills/ supporting in line with our Travel, Mobility and Expense policies. It is in our legitimate business interest to process these records., in pursuit of our legitimate business interests to maintain accurate financial records. 
  • Discipline, grievance and dismissal – From time to time, we may need to process personal data in connection with disciplinary, grievance and dismissal processes, in pursuit of our legitimate business interests to maintain accurate records and in case of legal proceedings.
  • Monitoring and Surveillance - We monitor and record computer use and in certain cases, corporate telephone use and also carry out CCTV monitoring of key areas, as detailed in our Interception and Surveillance policy. We also keep records of your hours of work by way of our access control system, as mentioned in our Interception and Surveillance policy. It is our legitimate business interest to process such records, for the safety and security of the company and its staff and in some cases we will be legally required to do so.
  • Audit Compliance – We may process personal data as part of our audit processes and engage third party auditors, from time to time, in pursuit of our legitimate business interests to keep accurate records. We have ensured that only personal data absolutely necessary is processed during such audits in order to comply with applicable laws. 
  • New employment opportunities - we may retain relevant documents containing your personal data for future employment related opportunities, in pursuit of our legitimate business interests.
  • Disclosure of business contacts, CV and background screening information to clients – where required by clients as data controllers.
  • Prevention of fraud – We may process your personal data for the purpose of fraud prevention in pursuit of the legitimate business interests of the company.
  • Reporting potential crimes – We may process your personal data for the purpose of detecting and reporting potential crimes where permissible or required under national law.
  • Documents produced by contractors – We may store documents and records that are produced by you and your colleagues which contain your personal data, for example your name, details of your role and your CV, and these may be shared with clients in the course of carrying out your duties and the business of the company, in pursuit of our legitimate business interests.
  • Health and safety and occupational health - Where necessary, we may process sensitive personal data relating to your health in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your assignment and whether any adjustments to your assignment might be appropriate. We may also need this data to administer and manage any compensation or benefits, if applicable. Genpact, will process such information only based on your explicit consent or as otherwise legally permitted, to protect your vital interests, for the establishment or defence of legal claims, to facilitate medical diagnosis/ assistance/ treatment and/or for the assessment of your working capacity.
  • Equal opportunity or treatment - We may process sensitive personal data relating to your racial or ethnic origin, religious beliefs in each case, for the purposes of monitoring the existence or absence of equality of opportunity or treatment between groups of individuals. Such processing will only be carried out based on your explicit consent and you have the right to withdraw that consent at any time.

You may refer to the Data Privacy Policy which is available on the on our Genpact intranet portal, for more information on Genpact policies and practices around handling personal data.

Monitoring
We have industry standard security measures to assist us to keep our systems and premises safe and secure.  The security measures implemented for the processing of personal data either routinely or occasionally (as appropriate), include:  

  • Email security – We have email security measures in place that involve automated scanning of incoming and outgoing emails for potential threats. Threats, such as phishing emails or malware may be escalated to IT for consideration.
  • Activity logs – We have audit trail capabilities as part of our automated systems to track who accesses and amends data.  This means that we have access to information about your usage of login credentials, websites and applications which may be referred to in the event of an issue.
  • CCTV – We operate CCTV to help keep our premises secure.  Images of you may be captured as part of the CCTV operation, however, we only view images where an incident has occurred.

This processing is necessary for the purposes of the legitimate interests pursued by us to keep our business data and your personal data secure and confidential and in some cases to protect or defend our legal rights. 

In the future, if we intend to process your personal data for a purpose other than that mentioned above, we will provide you with relevant information and obtain your consent if necessary.

Who we may share your personal data with (the recipients or categories of recipients of the personal data) 

  • We may use carefully selected third parties to carry out certain activities to help us to run our business (such as payment processing, cloud service providers, IT support vendors), to facilitate your corporate travel and expense (corporate card vendors, travel and immigration vendors), to carry out background verification (background verification agencies) and to facilitate audits (third party auditors). For information on the third party vendors partnered with Genpact, please visit http://www.genpact.com/about-us/gdpr.
  • We have offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Your information may be shared with our internal staff for management and administrative purposes as outlined above. Please visit http://www.genpact.com/about-us/regions to see a list of the locations within our corporate group.
  • Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies.  
  • Where required for your role, your business contact details may be shared with our clients and suppliers.
  • We may also share your CV’s and background verification status to our clients, upon request, to comply with our contractual obligations.
  • From time to time, we may consider corporate transactions such as a merger, acquisition, reorganisation, asset sale, or similar.  In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to a third party involved in the transaction.

Security
We have implemented industry standard security measures to keep your personal data secure and confidential, including and not limited to:

  • Limiting access to any personal data that may be submitted by you, to those Genpact employees strictly on a need to know basis, such as to respond to your inquiry or request.
  • Implemented physical, electronic, administrative, technical and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and destruction. It is important for you to protect against unauthorized access to your password and to your computer. 
  • Genpact employees who misuse personal data are subject to strict disciplinary action, as it is a violation of the Integrity Policy of Genpact.   

International and group company transfers of personal data
We are part of an international group of companies and, as such, transfer personal data concerning you to countries outside the European Union (EU).  Please visit http://www.genpact.com/about-us/regions to see a list of the locations within our corporate group.

We transfer personal data between our group companies and data centres for the purposes described above. We may also transfer personal data to our third party suppliers outside of the EU as described above.

Your personal data may be stored in databases located outside of the EU including in India. The database is controlled by our administrative staff located outside of the EU including in India and can be accessed electronically.

Where we transfer personal data outside of EU, we either transfer personal data to countries that provide an adequate level of protection (as determined by the European Commission) or we have appropriate safeguards in place.  Appropriate safeguards to cover these transfers are in the form of standard contractual/data protection clauses adopted by the European Commission.  Please visit http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF to know more about standard contractual/data protection clauses.  

Where we transfer personal data between our group companies we have covered these transfers by entering into standard contractual clauses adopted by the European Commission. If you would like more information on the any of the data transfer mechanisms on which we rely please contact our Data Protection Officer, details available in the contact section below.

Period for which the personal data will be stored
Your personal data will be collected, stored and processed by us while you are employed with us.  At the end of your contract, we will securely delete/destroy your records and related documents containing your personal data as soon as practicable and in line with our Data Retention policies, and any legal or regulatory requirements.  

If you have expressed an interest in working for us in the future (e.g. under a temporary or permanent contract) we will retain relevant records and documents containing your personal data, for future employment related opportunities, for example for references, for an appropriate period of time.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our Data Protection Officer, details available in the contact section below.

Existence of Automated Profiling and Decision Making
We use automated profiling, in limited circumstances as explained below:

  • While shortlisting individuals for entry level positions, we utilise a Genpact managed web-based tool to facilitate the interview & recruitment process. The tool maintains video records of the interview process to create a Big Five psychology profile of candidate through voice & movement & vocabulary analysis. The Big Five psychology profile provides the analysis under 5 key personality traits such as ‘openness to experience’, ‘conscientiousness’, ‘extraversion’, ‘agreeableness’, and ‘neuroticism’. The insights of the profiling are utilised by the hiring team pursuant to our legitimate business interest in order to help us take informed decisions while shortlisting our candidates.

We do not carry out any processing activities that involve automated decisions.

Your rights
You have a right to:

  • Request access to your personal data and request details of the processing activities conducted by Genpact.
  • Request that your personal data is rectified if it is inaccurate or incomplete
  • Request erasure of your personal data in certain circumstances.  
  • Request restriction of the processing of your personal data by Genpact in certain circumstances.
  • Object to the processing of your personal data in certain circumstances.
  • Receive your personal data in a structured, commonly used and machine-readable format in certain circumstances. 
  • Lodge a complaint with the relevant supervisory authority.
  • Object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  • Withdraw any consent you have provided to us at any time by contacting us.

To exercise the rights outlined above in respect of your personal data you may submit a data subject request on our portal - https://app-eu.onetrust.com/app/#/webform/6f529743-657b-472f-9f18-b4a49d9cd6a2. In case you face any issues in accessing our portal, you may also write to us at DPO.Genpact@Genpact.com.

Changes to our privacy policy
This privacy policy was last updated in MAY 2018 and we will notify you of changes we may make to this privacy policy where required, however we would recommend that you look back at this notice from time to time to check for any updates.

Contact
Genpact is the controller of data for the purposes of GDPR.
If you have any concerns as to how your data is processed, you can contact our Data Protection Officer by writing to DPO.Genpact@genpact.com.