1. Scope and applicability
This Candidate Privacy Notice applies to all individuals who have taken affirmative steps to express interest in, apply, or have been engaged by the recruitment team for employment with Genpact. In case of any specific local privacy requirements, this Candidate Privacy Notice shall be read in conjunction with the location-specific rules included at the end of this notice, as applicable.
The Candidate Privacy Notice describes how Genpact collects and processes your personal data in relation to the recruitment process and all other processing activities that are required to assess your suitability for a specific position within Genpact.
Your personal data shall only be collected and processed in accordance with and up to the extent permitted by the applicable law, as described below.
2. Personal data we collect
Genpact may collect certain personal data directly from you, and we may obtain personal data about you from other available sources to the extent relevant and permitted by applicable law. The categories of personal data that are typically collected and processed in the recruitment context are:
- Name, address, personal and/or business telephone number, personal and/or business email address, and other contact details.
- Competencies, skills (including assessment of cognitive abilities and language speaking abilities s carried out during the recruitment process), languages spoken, professional experience and education details (e.g. your CV or resume which may include previous employment, educational details and qualifications, third-party certifications etc.), and third party references.
- Citizenship and nationality to enable us to check your suitability for a specific role and working location.
- Preferences related to the job opening, e.g. preferred country of employment, areas of interest as well as your preferred ways to be contacted by Genpact.
- Your online user identity, e.g. usernames and other such information used in connection with authenticating you to our online recruitment management system.
- Technical information: When you access our services online, our web servers automatically create records of your visit.
- Information collected during interviews: As part of our interview process we may maintain audio/ video records of the interview (in case of telephone interviews or video enabled interviews) as well as comments noted by our interviewers. We will always inform you prior to carrying out any recordings.
- Information collected from online assessments: as part of the recruitment process we may ask you to take certain tests which are necessary for assessing your suitability for a certain position. . In such cases, we may also collect snapshots and/or audio/video recordings of you to ensure that integrity of the tests is maintained. No biometric data will be collected of you.
- Other information, such as information found from public sources as well as information related to reference checks, depending on the position you are applying for, and where necessary for the recruitment activities.
Additionally, once you have been shortlisted, we may collect additional information such as a copy of your Government ID, expectation of compensation and remuneration details, information relating to your family members (for benefits administration), passport, visa and work permit information (in case of expatriate), background check reports including educational, employment and criminal checks, social media checks only when and up to the extent permitted under applicable laws. Also, in certain cases, we may collect your bank account details, details of the expense incurred and relevant bills to reimburse any expenses incurred by you during the interview processes.
The special categories of personal data collected may include:
- Information relating to your health: In certain instances, we may receive information related to health such as disability status in order to make any necessary accommodations during our interview process. Genpact shall process such information only based on your explicit consent.
- Data relating to criminal convictions and offences
collected from background checks, as permitted under applicable laws.
- Information related to racial, ethnic origin or religious beliefs collected as a result of diversity surveys, as required or permitted under applicable laws.
This information will be collected by us in a number of ways through multiple channels during the recruitment process and over time during our relationship with you:
- Directly from you (when you apply online or via email or in person);
- Through referrals from your friends, family of professional connects who work at/ with Genpact;
- From third parties (through recruitment agencies and background verification agencies), which may also include public sources such as professional networking platforms.
3. Purposes of and legal bases for processing your personal data
We are required to collect and process your personal data for the purposes of Genpact’s recruitment or resourcing activities. The legal basis for processing the personal data is the conclusion of a contract with you or our legitimate business interest. When you apply for a role with Genpact you do so voluntarily and can at any time withdraw your application.
The legal basis for processing special categories of personal data is as defined under the applicable law such as your explicit consent or where the processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law, insofar as applicable. Such special categories of personal data be collected, processed, transferred, and stored only as per the applicable laws of the respective jurisdictions.
The information we hold and process will be used only in order to assess your suitability for a specific position within Genpact and/or to contact with any potential job opportunities. In case Genpact intends to process your personal data for new or different purposes, not included herein, we will provide adequate notice to you and, where necessary, obtain your consent. If you do not provide these data or provide your consent to process the data (where required by applicable law), we may be unable to continue with the recruitment process.
Your personal data shall be utilized in the following ways:
- Communicating with you, in context of recruitment activities in accordance with the legitimate business interests of the company:
- To obtain additional information about your suitability for the role.
- To inform you of available vacancies.
- To provide you with information relating to your application and to fulfil your requests.
- Managing recruitment and resourcing activities, including activities related to organizational planning. In the course of recruitment activities, we may use your information, in accordance with our legitimate business interests:
- To set up and conduct interviews and assessments, including to record such interviews where applicable (e.g. in case of carrying out interviews without the real-time presence of recruiters, through digital platforms allowing candidates the flexibility to choose when to have the interview).
- To evaluate, select and recruit applicants. We may use AI in certain stages of the recruitment process to assist with the initial selection of suitable candidates, increase objectivity and fairness within the recruitment process or support recruiters to manage more efficiently the candidate the selection process (e.g. by highlighting CVs that match a job description). We confirm that AI will not take any automatic decisions regarding your application. Human recruiters and hiring managers will ultimately take a decision regarding your application.
- To contact third-party references provided by you to evaluate your previous performances.
- In the event your profile is shortlisted, we may collect additional personal data (as mentioned in the previous section), to carry out background checks (in accordance with local law), facilitate travel for face to face interviews and to send an employment offer letter.
- Carrying out online aptitude tests and language assessments. For certain positions, candidates must have certain soft skills and/or language abilities, in addition to the relevant subject-matter expertise. Consequently, we have a legitimate interest to test your cognitive abilities and/or language abilities, so that we can assess your suitability for a certain position within Genpact and ultimately increase the quality of hires, reduce the bias in the recruitment process and improve your overall recruitment experience. Tests have been calibrated and benchmarked by a team of experts, against a significant number of data points, to ensure accuracy and fairness. We will provide you with detailed information on each type of assessment in the email invitation that we send you before you take the test.
- Proctoring of assessments to prevent fraud: When taking online assessments without any supervision (such as online cognitive assessment tests, online language abilities test) we have a legitimate interest to take snapshots and/or video recordings of you during the test, in order to prevent and identify any fraud and ultimately maintain the integrity of the test. An AI algorithm will be used to identify potential fraud within the taken snapshots/video recordings and will highlight them to the responsible recruiter, who shall review them manually in order to reach a decision. The proctoring activity is implemented in the least intrusive manner possible, does not involve processing of any sensitive personal data (such as biometric data) and all technical and organizational measures have been implemented to ensure minimization, security and confidentiality of the processed personal data. We will inform you in detail of any proctoring carried out before any assessment that you may take.
- Monitoring and development of our recruitment process – We may use your personal data to develop and improve our recruitment processes, websites and other related services. This is in accordance with our legitimate business interests to improve the services we provide. Where feasible, we shall use only aggregated anonymous information in the context of such development activities.
- Auditing Compliance – We may process personal data as part of our audit processes and engage third-party auditors, from time to time in accordance with the legitimate business interests of the company and/or where necessary in defence or exercise of our legal rights.
- Preventing fraud – We may process your personal data for the purpose of fraud prevention in pursuit of the legitimate interests of the company.
- New employment opportunities – If you have expressed an interest in working for us in the future we may retain relevant documents collected during the recruitment process containing your personal data for future employment related opportunities.
- Fulfilment of Contractual requirements and business purposes - If you accepted an offer for employment within Genpact, prior to your onboarding, we may be required to process and share your data with clients, to which you would be aligned to perform services, as part of the background checks and process requirements, depending on the specific services that you are required to perform and our contractual requirements in the client service agreement. Any such disclosure will be carried out strictly in order to fulfil our contractual requirements with the client and for legitimate business purposes and will not affect nor restrict any of your data protection rights. The client is a separate and independent controller for the personal data that it processes in order to facilitate your access to its systems and performance of the services.
In the future, if we intend to process your personal data for a purpose other than that mentioned above, we will provide you with any other relevant information and obtain your consent where it is necessary to do so.
We have implemented industry standard security measures to keep your personal data secure and confidential, including and not limited to:
- Limiting access to your personal data strictly on a need to know basis, such as to respond to your inquiry or request.
- Implementing physical, electronic, administrative, technical and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and destruction. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when you are done using a shared computer.
- Imposing disciplinary action on anyone who misuses personal data, as it is a violation of Genpact’s Code of Conduct.
5. Who we may share your personal data with (the recipients or categories of recipients of the personal data)
- We may use carefully-selected third parties to carry out certain activities to help us to run our business (such as cloud service providers and IT support vendors), to facilitate assessments (language assessment agencies, online test providers etc.), to carry out background checks as permitted by applicable laws (background verification agencies), to facilitate your travel and reimbursement of expenses (travel and immigration vendors), to facilitate on-boarding at the time of joining Genpact and to facilitate audits (third-party auditors). For information on the third-party vendors partnered with Genpact, please visit https://website-files.genpact.com/downloadable-content/genpact-list-of-associated-partners-and-suppliers.pdf.
- We have offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Your information could be shared with our internal staff for screening and interview purposes. To the extent required by applicable law, we will obtain your informed consent.
- Where required for your role, your CV and business contact details may be shared with clients, as permitted under applicable laws.
- Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies.
- From time to time, we may consider corporate transactions such as a merger, acquisition, reorganisation, asset sale, or similar. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, personal data may be transferred to a third-party involved in the transaction.
6. International and group company transfers of personal data
We are part of an international group of companies and, as such, we may transfer personal data concerning you to countries where Genpact has an establishment. Any transfers of personal data outside of the country of origin will be carried out in accordance with the applicable law and while ensuring that the same level of protection and confidentiality is maintained.
We transfer personal data between our group companies and data centers for the purposes described above. We may also transfer personal data to our third-party vendors as described above. Your personal data may be stored in databases across various geographies, including the EU, India, or the United States. The databases are controlled by our administrative staff and can be accessed electronically by authorized personnel.
Where personal data is transferred to third-party vendors, Genpact shall ensure that adequate contractual provisions are in place to ensure that your personal data is adequately protected.
Where we transfer personal data outside of the country in which Genpact is established, we either transfer personal data to countries that provide an adequate level of protection (e.g., as determined by the European Commission or the applicable data protection legislation) or we have appropriate safeguards in place. Appropriate safeguards for these transfers are in the form of standard contractual/data protection clauses, such as the clauses adopted by the European Commission or otherwise as permitted under the applicable data protection law. For example, please visit https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF to know more about standard contractual/data protection clauses.
Where we transfer personal data between our group companies we have covered these transfers by entering into intragroup agreements. Our intragroup agreements are based on the standard contractual clauses adopted by the European Commission or, to the extent that other laws apply, as permitted under applicable data protection laws.
If you would like more information on the any of the data transfer mechanisms on which we rely, please contact our Data Protection Officer using the information provided in the contact section below.
7. Period for which the personal data will be stored
Your personal data will be retained for as long as necessary to achieve the purpose for which the information was collected, namely to enable us to contact you in the future about potential employment opportunities at Genpact, if any, in line with our Data Retention policies and any legal or regulatory requirements. You may choose to opt out at any time by writing to us at [email protected]
and [email protected]. Once you opt out Genpact will stop processing your personal data and delete it from our systems and hard copy documents.
For candidates who have accepted employment positions, we shall retain the personal data in line with our Employee Candidate Notice, which will be provided to you during the onboarding process.
Existence of Automated Profiling and Decision Making
We may use automated profiling in limited circumstances as explained above. These tools are only used as an aid for recruiters and Genpact will not take any decision based solely on automated processing, including profiling.
You may in some circumstances have the right to obtain human intervention where automated profiling has taken place and a right to express your views.
8. Your rights
In accordance with applicable law, you may have certain data protection rights. You may find specific details on the rights that are applicable to you in the ‘Jurisdiction-specific requirements’ section below. Please see the end of the page for the jurisdiction below corresponding to your location. In case your jurisdiction is not listed below, for more information on your data protection rights, please contact us at [email protected].
EEA and UK
To exercise the rights outlined above in respect of your personal data you may submit a data subject request on our portal – https://app-eu.onetrust.com/app/#/webform/6f529743-657b-472f-9f18-b4a49d9cd6a2. In case you face any issues in accessing our portal, you may also write to us at [email protected].
Genpact is the controller of data for the purposes of the applicable law.
If you have any concerns as to how your data is processed you can contact our Data Protection Officer by writing to [email protected].