Employee Privacy PolicyEffective as on 01.06.2024

OBJECTIVE

This Employee Privacy Policy describes how HBG^TM Knowledge Services Private Limited (collectively “HBG^TM”, “we”, “us”, or “our”) collects, uses, and shares Personal Information about you before, during, and after your working relationship with us.

SCOPE

It applies to all permanent and temporary employees, workers, contractors, freelancers and any other individuals who are working for us but are not directly employed (“staff member” or “you”) in reference to their personal data collected, processed, or stored by HBG^TM, including but not limited to employee records, HR data, performance evaluations, and any other information relating to an individual’s employment with the Company. This policy shall also apply retroactively to all personal data collected and presently maintained by HBG^TM of individuals covered above before the effective date of this policy.

WHO IS COLLECTING YOUR PERSONAL DATA (WHO IS THE DATA CONTROLLER)?

HBG^TM that is party to your employment contract or contract for services or otherwise employs you will be the data controller of your personal data.

WHAT IS PERSONAL INFORMATION?

For the purpose of this Employee Privacy Policy, HBG^TM collect, maintain, and use different type of Personal information in the context of our employment relationship or potential employment relationship with you. The following provides examples of the type of information that we collect and how we use the information.

1. Unique IdentifiersName, Signatures, address, telephone, email, IP address- to address and identify the employee, complete forms and process applications, employee notifications, payroll and benefit purposes, etc.
2. Demographic Information Age, Sex, Nationality, Race/Ethnicity, Marital Status, Dependent Information,
3. Employee Address and Commute Details Employee residential addresses or other location information- to organize transportation services to facilitate their commute to and from the workplace. We gather this data to optimize transportation logistics and ensure the efficient and secure transportation of our employees.
4. Government ID number Social Security number, Aadhar card no., Pan card no., UAN allocated by PFO, or any other government identity or address proofs. - to address and identify the employee, complete forms and process applications, employee notifications, payroll and benefit purposes, etc.
5. Financial Description Bank Account number, credit card statement, credit rating or any other financial information required for Payroll purposes and employee travel and expense reimbursements.
6. Health/Medical Insurance Information Insurance Policy number, health insurance information- proof of medical insurance
7. Geolocation Data Geolocation data- to allow the use of multi-factor identification
8. Employment Information Professional or employment-related information- Annual training requirements, performance evaluation, letters of recognition and awards, disciplinary documentation, Work permits, Visas, Immigration data.
9. Education Information Personally identifiable education information that is not publicly available (e.g. grades, marksheets, degree, certificates, professional licences etc.)- complete forms and process applications.
10. Health/fitness Records Personal Information relating to your health/fitness status.
11. Background Check Records Your Background Check records may include all or any information relating to your past or present civil or criminal conduct.
12. Biometric Data Finger Print Scans, Voice Recordings, Video Recordings and Photos.
13. IT Logs All Logs maintained by IT department in connection to usage of Company provided IT devices like User Activity Logs, system access, email logs, cookies, location data, device identifiers, network activity, security events, etc.
14. Allied Contacts Allied Contacts include information of Emergency Contacts, Dependent Data and Professional References.

HOW WE COLLECT YOUR INFORMATION?

We collect personal information about you through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider where background checks are permitted. In addition, we may sometimes collect, additional information from third parties including former employers, personal and professional references, or other background check agencies, etc.

We will also collect additional Personal Information in the course of job-related activities throughout the period of you working for us. This may include monitoring communications and use of company IT equipment and systems, or from other staff members or supervisors.

HOW WE USE YOUR PERSONAL INFORMATION

We may collect and process your personal data in the Systems for various purposes such as:

• Recruitment, training, development, promotion, career, and succession planning
• Appropriate vetting for recruitment and team allocation including, where relevant and appropriate, credit checks, right to work verification, identity fraud checks, relevant employment history, relevant regulatory status and professional qualifications
• Providing and administering remuneration, salary, benefits, and incentive schemes and providing relevant information to payroll
• Allocating and managing duties and responsibilities and the business activities to which they relate
• Identifying and communicating effectively with other employees and management
• Managing and operating conduct, performance, capability, absence, and grievance related reviews, allegations, complaints, investigations, and processes and other informal and formal HR processes and making related management decisions
• Consultations or negotiations with representatives of the workforce
• Conducting surveys for benchmarking and identifying improved ways of working employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results)
• For planning, managing and carrying out restructuring or redundancies or other change programs including appropriate consultation, selection, alternative employment searches and related management decisions
• Operating email, IT, Internet, intranet, social media, HR related and other company policies and procedures. The company carries out monitoring of HBG^TM’s IT systems to protect and maintain the systems, to ensure compliance with HBG^TM policies and to locate information through searches where needed for a legitimate business purpose
• Complying with applicable laws and regulation (for example maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulation to which HBG^TM is subject in the conduct of its business)
• For emergency support in case of medical issues or accidents
• For workplace surveillance and monitoring.
• To support HR administration and management and maintaining and processing general records necessary to manage the employment or worker relationship and operate the contract of employment or engagement
• To centralize HR administration and management processing operations in an efficient manner for the benefit of our employees and to change access permissions
• To effectively optimize transportation routes and schedules, facilitating efficient travel and to minimize commute times.

CONSENT MECHANISM

Employees’ consent will be obtained for the collection and processing of their personal data, and they will be informed of the purposes for which their data will be used. Consent will be freely given, specific, informed, and unambiguous.

HOW WE MONITOR THE USE OF COMPANY IT EQUIPMENT AND SYSTEMS?

In the course of conducting our business, we may – under conditions permitted by applicable law- monitor employee activities and our premises and property. We may monitor activity for the protection of employees and third parties, and to protect against theft, vandalism and damage to HBG^TM’s property. These measures do not aim at controlling the working activity of the individual employee. Recorded images are typically destroyed and not shared with third parties unless there is suspicion of a crime or wrongdoing, in which case they may be turned over to the police, or other appropriate government agency or other appropriate third parties.

Additionally, where permitted by law, HBG^TM has the ability to monitor all business communications, including, without limitation, phone, internet browsing, email, instant messaging, and VoIP. For the purposes of your own personal privacy, you need to be aware that such monitoring might reveal sensitive personal information about you if you include such information in a business communication. By carrying out such activities using HBG^TM’s equipment or facilities you acknowledge that sensitive information about you may be revealed to HBG^TM by such monitoring.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH?

We do not sell your Personal Information. In addition to the specific situations discussed elsewhere in this policy, we share your Personal Information in the following situations:

• Affiliates and Business Transfers. We may share information with our affiliates. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
• Legal or Regulatory Requests and Investigations. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws or regulations. We may also need to share your Personal Information with tax authorities, courts, regulators, the police and other governmental authorities where we are required or permitted to do so by law.
• Third-party service providers. Third-party service providers who assist with payroll, benefits, or other administrative functions.
• Authorized representatives. Authorized representatives of the employee, such as legal guardians or emergency contacts.
• Other Disclosures. We may disclose certain information such as name, work contact details (including your workplace ID photo), training and qualification records, certifications, and other information about your work arrangements to other entities, such as professional advisers (including lawyers, auditors, insurers and accountants), professional bodies, and regulatory authorities in the normal course of business as long as such disclosure is reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
• Other Disclosures with Your Consent. We may ask to share your information with other unaffiliated entities who are not described elsewhere in this privacy notice.

HOW WE KEEP YOUR DATA SECURE?

Access to personal information is restricted to employees who require it for legitimate business purposes. All employees with access to personal information are required to undergo training on data protection and confidentiality. We maintain reasonable physical, technical and procedural safeguards that are appropriate to the sensitivity of the Personal Information in question. These safeguards are designed to help protect your Personal Information against loss, unauthorized access or disclosure, modification, or destruction. While we use reasonable efforts to protect your Personal Information, we cannot guarantee the security of your Personal Information. In the event that we are required by law to inform you of any privacy or security event relating to your Personal Information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

We do not sell or rent personal information to third parties for marketing purposes.

DATA RETENTION AND DISPOSAL

Employee data will be retained only for as long as necessary to fulfil the purpose for which it was collected, and in compliance with applicable legal requirements. Data that is no longer needed will be securely disposed of in accordance with the company policies.

DATA SUBJECT RIGHTS

Employees have the right to access, withdraw, nominate, erase, and restrict the processing of their personal data. Requests to exercise these rights should be submitted to the HR department, and HR will respond within 24 hours of receiving such request.

Employees may withdraw consent for processing of their personal information at any time, except where such consent is necessary for the performance of contractual obligations or compliance with legal requirements.

In instances where the company has no overriding obligation to deny an employee's request to access, withdraw, nominate, erase, restrict the processing or withdraw consent for processing of their personal data, such requests will be obliged. However, the employee shall be duly informed of the outcome, even if no action is required, to maintain transparency and clarity.

PROHIBITED ACTIVITIES UNDER THIS POLICY

For maintaining a secure and respectful work environment that values employee privacy and confidentiality, adherence to these prohibitions is essential. Mentioned below are the prohibited activities:

• Refrain from collecting personal data from employees beyond business needs and without explicit consent
• Do not retain employee data longer than is necessary or without a legitimate business need.
• Do not engage in unauthorized monitoring or surveillance of colleagues without prior approval.
• Do not share information of any employee with unauthorized individuals or third parties without explicit consent.
• Do not access or attempt to access employee information without proper authorization.
• Do not ignore or dismiss employee requests regarding their personal information stored by the organization.
• Do not discuss sensitive or personal employee information in open or unsecured environments.
• Do not store employee passwords or other sensitive information in insecure locations.
• Do not sell/share employee sensitive or personal information to any person or entity.
• Do not access or modify employee records without proper documentation and authorization.

Note: This list is not exhaustive; additional prohibited activities may be added to ensure comprehensive protection of employee privacy and security.

HOW TO EXERCISE YOUR RIGHTS?

If you have any questions, comments, or complaints concerning our privacy practices or want to exercise your rights please contact us at:

Email: privacy@hbgknowledge.com

NON- COMPLIANCE OF THE POLICY

In case you come across or become aware of any prohibited circumstances or instances of noncompliance to this policy, then you are under a fiduciary duty to report it to the Privacy Team or Board by writing an email to privacy@hbgknowledge.com. Your identity shall be kept strictly confidential to the extent possible and the Board shall protect you and take essential steps to ensure that no unfair treatment, discrimination, harassment, retaliation or any other unfair employment activity is being adopted against you on account of this disclosure.

If it later comes to our discovery that, you were covering up any such prohibited situations whether with or without a personal benefit, you shall be held accountable and party to such situation and deemed in violation of this policy.

Failure to adhere to this policy is subject to disciplinary actions, up-to and including termination or initiation of appropriate legal action if deemed necessary.

POLICY REVIEW AND UPDATES

This policy will be reviewed regularly and updated as necessary to ensure compliance with changes to the Digital Personal Data Protection Act or other relevant laws and regulations.

By accepting employment with HBG^TM, employees acknowledge and agree to processing of their Personal Data in compliance of this Employee Privacy Policy and understand their rights and responsibilities regarding their personal data.

APPROVAL AND OWNERSHIP

APPROVAL AND OWNERSHIP