We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Job policy notice

Hi everyone, I know this may be odd request or question 


So basically am looking at a job but for me to continue, they want me to sign a digital policy document,  I have read it and I think it looks fine but can I be a pain and get someone else to read over it too?  Just to make sure nothing suspicious 

Super apologies in advance 

WHAT IS THE PURPOSE OF THIS DOCUMENT 
Tata Consultancy Services Limited (“TCS” or “we”) is committed to protecting the privacy and security of 
your personal data. 
This privacy notice describes how we collect and use personal data about you during and after the 
candidate recruitment with us in accordance with the General Data Protection Regulation (GDPR) and 
applicable privacy legislation. 
This privacy notice describes how we collect and process personal data about you to assess your 
suitability for employment with us. Employment opportunities exist as employment or term 
contracts either directly between TCS and you or between TCS and your representative agency.
TCS is a “data controller”. This means that we are responsible for deciding how we hold and use personal 
data about you. We are required under data protection legislation to notify you of the information contained 
in this privacy notice. 
This Privacy Notice applies to all candidates seeking employment / work placements / contracting / project 
based assignments with TCS, regardless of contract type. 
It is important that you read this notice, together with any other privacy notice we may provide on specific 
occasions when we are collecting or processing personal data about you, so that you are aware of how and 
why we are using such information. 
DATA PROTECTION PRINCIPLES 
We will comply with applicable data protection laws. This means that the personal data we hold about you 
must be: 
1. Used lawfully, fairly and in a transparent way. 
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is 
incompatible with those purposes. 
3. Relevant to the purposes we have told you about and limited only to those purposes. 
4. Accurate and kept up to date. 
5. Kept only as long as necessary for the purposes we have told you about
6. Kept securely. 
THE KIND OF INFORMATION WE HOLD ABOUT YOU 
Personal data means any information about an individual from which that person can be identified. It does 
not include data where the identity has been removed (aka anonymous data). 
There are “special categories” of sensitive personal data, which we may also collect, store and use. These 
require a higher level of protection 
In the context of our candidate recruitment, we may Process the below-mentioned categories of your data 
through digital and paper-based systems. We collect your data in a number of ways: 
• Unsolicited CVs sent directly to our HR/Recruitment seeking employment opportunities 
• CVs sent to our HR/Recruitment in response to specific job advertisement(s) 
• CVs sent to our HR/Recruitment by sourcing vendor companies / recruitment agencies 
• CVs sent to our HR/Recruitment by existing TCS employees e.g. employee referral 
• CVs received by our HR/Recruitment/Project teams through non TCS employees 
• Job sites 
• TCS website 
• Social Media 
• Placement coordinators from education institutions 
Further, we may collect personal data from you, through your activities prior to, in the course of, and after 
your assessment for a suitable position or from third parties (including references), and may include the 
following: 
• Personal information: such as name and contact information (home address, personal phone 
number/s, email address and emergency contact information), date of birth, government 
identification numbers, citizenship, residency, passport details, driving license, vehicle license plate 
number, visa information, marital status, dependents, gender, visual images, competencies, and 
other data collection permitted or required by local law 
• Compensation information: such as base salary and statutory or contractual benefits, annual 
salary, pay scale and range, type of employee, incentive information, equity and other
compensation program participation and salary history 

Background information: such as, previous residence(s), educational qualifications, industry 
certifications, training and employment background, medical and other background information 
commonly used for security screenings where applicable to your role. 
We may also collect, store and use the following “special categories” of sensitive personal data:
• Information about your race or ethnicity, religious beliefs and sexual orientation. 
• Trade union membership, if applicable. 
• Information about your health, including any medical condition, health and sickness records.
• Biometric data. 
• Information about criminal convictions and offences, County Court Judgments or history of unlawful 
or objectionable behaviour (not the criminal record itself), 
HOW IS YOUR PERSONAL DATA COLLECTED 
We collect personal data about you through websites (internet and intranet), forms and templates, emails, 
other interactions, either directly from you and from third party sources, e.g. recruiters, employment agency, 
job sites, training providers, back ground check companies (if applicable), etc. 
HOW WE WILL USE INFORMATION ABOUT YOU 
We will only use your personal data when the law allows us to. Most commonly, we will use your personal 
data in the following circumstances: 
1. Where we need it to assess your suitability for a role within TCS 
2. Where we need to comply with a legal obligation. 
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and 
fundamental rights do not override those interests. 
We may also use your personal data in the following situations, which are likely to be rare: 
1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest or for official purposes. 

Situations in which we will use your personal data 
 We need all the categories of information in the list above primarily to allow us to perform an assessment 
of your suitability for a role within TCS and to enable us to comply with legal obligations. In some cases, 
we may use your personal data to pursue legitimate interests of our own or those of third parties, provided 
your interests and fundamental rights do not override those interests. The situations in which we will process 
your personal data are listed below: 
• Making a decision about your recruitment or appointment, e.g. determining the terms on which 
you work for us, checking whether you are legally entitled to work in the country of 
employment. 
• Paying you and, if you are an employee, deducting tax and social security contributions, liaising 
with your pension provider and other benefits providers, making decisions about salary reviews 
and compensation. 
• Administering the contract we may enter with you 
• Business management and planning, including accounting and auditing. 
• Assessing qualifications for a particular job or task, including decisions about promotions. 
• Education, training and development requirements. 
• Complying with health and safety obligations. 
• To prevent fraud. 
• To ensure network and information security, including preventing unauthorized access to our 
computer and electronic communications systems and preventing malicious software 
distribution. 
• To conduct data analytics studies to review and better understand employee retention and 
attrition rates. 
• Equal opportunities monitoring. 
If you fail to provide personal data 
If you fail to provide certain information when requested, we may not be able to perform the assessment 
and therefore may not be able to continue with the assessment process or we may be prevented from 
complying with our legal obligations, such as to ensure the health and safety of our visitors, employees and 
contractors.

Change of purpose 
We will only use your personal data for the purposes for which we collected it, unless we reasonably 
consider that we need to use it for another reason and that reason is compatible with the original purpose. 
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the 
legal basis which allows us to do so. 
Please note that we may process your personal data without your knowledge or consent, in compliance 
with the above rules, where this is required or permitted by law. 
HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA 
”Special categories” of particularly sensitive personal data require higher levels of protection. We need to 
have further justification for collecting, storing and using this type of personal data. We may process special 
categories of personal data in the following circumstances: 
1. In limited circumstances, with your explicit written consent. 
2. Where we need to carry out our legal obligations or exercise rights in relation to your engagement with 
us. We have in place an appropriate policy document and safeguards which we are required by law to 
maintain when processing such data. 
3. Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our 
occupational pension scheme. We have in place an appropriate policy document and safeguards which we 
are required by law to maintain when processing such data. 
Less commonly, we may process this type of information where it is needed in relation to legal claims or 
where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving 
your consent, or where you have already made the information public. 
Our obligations as a Data Controller
We will use your particularly sensitive personal data in the following ways: 
• We will use information about your physical or mental health, or disability status, to ensure your 
health and safety in the workplace and to assess your fitness to work, to assess what appropriate 
workplace adjustments we may need to make. 
• We will use information about your race or national or ethnic origin, religious, philosophical or moral 
beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring 
and reporting


• We will use trade union membership information (if applicable) to pay trade union premiums, 
register the status of a protected employee and to comply with employment law obligations, if and 
to the extent necessary. 
• To maintain access to sensitive areas of operations or sensitive systems, such as premises and 
storage facilities, which are subject to access control using biometric data (such as a finger print). 
• To determine and validate access to premises using CCTV. 
Do we need your consent? 
We do not need your consent if we use special categories of your personal data in accordance with our 
written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In 
limited circumstances, we may approach you for your written consent to allow us to process certain 
particularly sensitive data. If we do so, we will provide you with full details of the information that we would 
like and the reason we need it, so that you can carefully consider whether you wish to consent. You should 
be aware that it is not a condition of your contract with us that you agree to any request for consent from 
us. 
BACKGROUND INFORMATION 
We may only use information relating to criminal convictions where the law allows us to do so. This will 
usually be where such processing is necessary to carry out our obligations and provided we do so in line 
with our data protection policy or applicable local policies. 
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to 
legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not 
capable of giving your consent, or where you have already made the information public. 
We envisage that we will hold information about criminal convictions. 
We will only collect information about criminal convictions if it is appropriate given the nature of your role 
and where we are legally able to do so. Where appropriate, we will collect information about criminal 
convictions as part of the recruitment and onboarding process or we may be notified of such information 
directly by you. 
We are allowed to use your personal data in this way to carry out our obligations with relevant stakeholders. 
We have in place an appropriate policy and safeguards which we are required by law to maintain when 
processing such data. 

«1

Comments

  • LightKnow
    LightKnow Posts: 272 Forumite
    Fourth Anniversary 100 Posts Name Dropper

    DATA SHARING 
    We may have to share your data with third parties, including third-party service providers, TCS clients and 
    other entities in the group. We require third parties to respect the security of your data and to treat it in 
    accordance with the law. We may transfer your personal data outside the EU/EEA. If we do, you can expect 
    a similar degree of protection in respect of your personal data. 
    Why might you share my personal data with third parties?
    We will share your personal data with third parties where required by law, where it is necessary to administer 
    the recruitment process or where we have another legitimate interest in doing so. 
    Which third-party service providers process my personal data? 
    ”Third parties” includes third-party service providers (including contractors and designated agents) and 
    other entities within our group (including clients of TCS where individuals engaged by TCS are expected or 
    required to work with or for that client). The following activities are carried out by third-party service 
    providers: Security screening, education and identification verification and suitability for the role. 
    How secure is my information with third-party service providers and other entities in our group?
    All our third-party service providers and other entities in the group are required to take appropriate security 
    measures to protect your personal data in line with our policies. We do not allow our third-party service 
    providers to use your personal data for their own purposes. We only permit them to process your personal 
    data for specified purposes. 
    When might you share my personal data with other entities in the group? 
    We will share your personal data with other entities in our group, with regards to workforce allocation, role 
    assignment and the recruitment process 
    What about other third parties?
    We may share your personal data with other third parties. We may also need to share your personal data 
    with a regulator or to otherwise comply with the law. 
    Transferring information outside the EU/EEA
    We may transfer the personal data we collect about you to countries outside the EU/EEA in order to conduct 
    the assessment of your application and suitability: for example UK, India, Australia, USA and other TCS

    entities in LATAM or APAC. Currently, India, Australia, the USA and other countries in LATAM and APAC 
    where TCS has presence are not deemed by the European Commission to be ‘adequate’ data transfer 
    countries. This means that the countries to which we transfer your data are not currently recognised as 
    providing an adequate level of protection for your personal data. As such, to ensure that your personal data 
    does receive an adequate level of protection when transferred to these countries, we have put in place data 
    transfer agreements based on EU Model Clauses. These model clauses are an agreement between TCS 
    and any third party outside of the EU/EEA or any TCS facility outside the EU/EEA to which we transfer your 
    personal data which require those third parties to treat your personal data in a way that is consistent with 
    EU/EEA laws on data protection. This includes implementing adequate physical and organizational security 
    measures to protect your personal data. TCS will not transfer your data outside of the EU/EEA without 
    having the EU Model Clauses in place to protect it. 
    DATA SECURITY 
    We have put in place measures to protect the security of your information. 
    Third parties will only process your personal data on our instructions and where they have agreed to treat 
    the information confidentially and to keep it secure. 
    We have put in place appropriate technical, organizational and security measures to prevent your personal 
    data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In 
    addition, we limit access to your personal data to those employees, agents, contractors and other third 
    parties who have a business need to know. They will only process your personal data on our instructions 
    and they are subject to a duty of confidentiality. 
    We have put in place procedures to deal with any suspected data security breach and will notify you and 
    any applicable regulator of a suspected breach where we are legally required to do so. 
    DATA RETENTION 
     How long will you use my information for? 
    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, 
    including for the purposes of satisfying any legal, accounting, or reporting requirements to determine the 
    appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the 
    personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the 
    purposes for which we process your personal data and whether we can achieve those purposes through 
    other means, and the applicable legal requirements. 

    If your application is successful, we will retain all the data collected during the recruitment phase for the 
    duration of your employment. In some cases we will retain elements of the personal data for an additional 
    period no longer than seven years after the end of your engagement with TCS 
    If your application is unsuccessful, we will erase all the personal data collected during the recruitment 
    phase after a period of six months after you have been unsuccessful in your application for a role with 
    TCS. 
    DATA SUBJECT RIGHTS 
    Your duty to inform us of changes
    It is important that the personal data we hold about you is accurate and current. Please keep us informed 
    if your personal data changes during your relationship with us. 
    Your rights in connection with personal data 
    Under certain circumstances, by law you have the right to: 
     
    • Request access to your personal data (commonly known as a “data subject access request”). 
    This enables you to receive a copy of the personal data we hold about you and to check that we 
    are lawfully processing it. 
    • Request correction of the personal data that we hold about you. This enables you to have any 
    incomplete or inaccurate information we hold about you corrected. 
    • Request erasure of your personal data. This enables you to ask us to delete or remove personal 
    data where there is no good reason for us continuing to process it. You also have the right to ask 
    us to delete or remove your personal data where you have exercised your right to object to 
    processing (see below). 
    • Object to processing of your personal data where we are relying on a legitimate interest (or 
    those of a third party) and there is something about your particular situation which makes you want 
    to object to processing on this ground. You also have the right to object where we are processing
    your personal data for direct marketing purposes. 
    • Request the restriction of processing of your personal data. This enables you to ask us to 
    suspend the processing of personal data about you, for example if you want us to establish its 
    accuracy or the reason for processing it. 
    • Request the transfer of your personal data to another party. 
  • 74jax
    74jax Posts: 7,930 Forumite
    First Post Name Dropper Second Anniversary
    There's no way I'm reading that 😂.

    Maybe which part do you want to query? That might be easier? 
    Forty and fabulous, well that's what my cards say....
  • LightKnow
    LightKnow Posts: 272 Forumite
    Fourth Anniversary 100 Posts Name Dropper
    sorry I know it long, It was hard to pick parts but I tried to take part out it. 

    TCS is a “data controller”. This means that we are responsible for deciding how we hold and use personal 

    Further, we may collect personal data from you, through your activities prior to, in the course of, and after 
    your assessment for a suitable position or from third parties (including references), and may include the 
    following: 
    • Personal information: such as name and contact information (home address, personal phone 
    number/s, email address and emergency contact information), date of birth, government 
    identification numbers, citizenship, residency, passport details, driving license, vehicle license plate 
    number, visa information, marital status, dependents, gender, visual images, competencies, and 
    other data collection permitted or required by local law 
    • Compensation information: such as base salary and statutory or contractual benefits, annual 
    salary, pay scale and range, type of employee, incentive information, equity and other
    compensation program participation and salary history 

    Background information: such as, previous residence(s), educational qualifications, industry 
    certifications, training and employment background, medical and other background information 
    commonly used for security screenings where applicable to your role. 
    We may also collect, store and use the following “special categories” of sensitive personal data:
    • Information about your race or ethnicity, religious beliefs and sexual orientation. 
    • Trade union membership, if applicable. 
    • Information about your health, including any medical condition, health and sickness records.
    • Biometric data. 
    • Information about criminal convictions and offences, County Court Judgments or history of unlawful 
    or objectionable behaviour (not the criminal record itself), 

    of your suitability for a role within TCS and to enable us to comply with legal obligations. In some cases, 
    we may use your personal data to pursue legitimate interests of our own or those of third parties, provided 
    your interests and fundamental rights do not override those interests. The situations in which we will process 

    Change of purpose 
    We will only use your personal data for the purposes for which we collected it, unless we reasonably 
    consider that we need to use it for another reason and that reason is compatible with the original purpose. 
    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the 
    legal basis which allows us to do so. 
    Please note that we may process your personal data without your knowledge or consent, in compliance 
    with the above rules, where this is required or permitted by law. 
    HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA 
    ”Special categories” of particularly sensitive personal data require higher levels of protection. We need to 
    have further justification for collecting, storing and using this type of personal data. We may process special 
    categories of personal data in the following circumstances: 
    1. In limited circumstances, with your explicit written consent. 
    2. Where we need to carry out our legal obligations or exercise rights in relation to your engagement with 
    us. We have in place an appropriate policy document and safeguards which we are required by law to 
    maintain when processing such data. 
    3. Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our 
    occupational pension scheme. We have in place an appropriate policy document and safeguards which we 
    are required by law to maintain when processing such data. 
    Less commonly, we may process this type of information where it is needed in relation to legal claims or 
    where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving 
    your consent, or where you have already made the information public. 
    Our obligations as a Data Controller
    We will use your particularly sensitive personal data in the following ways: 
    • We will use information about your physical or mental health, or disability status, to ensure your 
    health and safety in the workplace and to assess your fitness to work, to assess what appropriate 
    workplace adjustments we may need to make. 
    • We will use information about your race or national or ethnic origin, religious, philosophical or moral 
    beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring 
    and reporting
  • Jillanddy
    Jillanddy Posts: 717 Forumite
    500 Posts Name Dropper
    I also lost the will to live on the shorter version. Nobody is going to help here. If you are that bothered, I think you need a lawyer. 
  • I didn't need to get past the first line - Tata's grammar is appalling and that would be enough for me to bin them...

    LightKnow said:
    ...
    Tata Consultancy Services Limited (“TCS” or “we”) is committed to protecting the privacy and security of 
    your personal data. 


    "... we is.. "?  Are they singular or plural?  Do they even know?  Honestly - if they can't be bothered to sell themselves...
  • LightKnow
    LightKnow Posts: 272 Forumite
    Fourth Anniversary 100 Posts Name Dropper
    Thanks, I understand it is far to long, There this one part am not understanding? Is this kinda generic for companies ?

    Transferring information outside the EU/EEA
    We may transfer the personal data we collect about you to countries outside the EU/EEA in order to conduct 
    the assessment of your application and suitability: for example UK, India, Australia, USA and other TCS

    entities in LATAM or APAC. Currently, India, Australia, the USA and other countries in LATAM and APAC 
    where TCS has presence are not deemed by the European Commission to be ‘adequate’ data transfer 
    countries. This means that the countries to which we transfer your data are not currently recognised as 
    providing an adequate level of protection for your personal data. As such, to ensure that your personal data 
    does receive an adequate level of protection when transferred to these countries, we have put in place data 
    transfer agreements based on EU Model Clauses. These model clauses are an agreement between TCS 
    and any third party outside of the EU/EEA or any TCS facility outside the EU/EEA to which we transfer your 
    personal data which require those third parties to treat your personal data in a way that is consistent with 
    EU/EEA laws on data protection. This includes implementing adequate physical and organizational security 
    measures to protect your personal data. TCS will not transfer your data outside of the EU/EEA without 
    having the EU Model Clauses in place to protect it. 
  • I do not know but I presume that what that means is that the personal data protection regulations in LATAM (Latin-America?) and APAC (Asian-Pacific?) countries that might get hold of your data through Tata are woefully inadequate compared to those in the UK/EU.

    So Tata have "signed a piece of paper" with other TCS entities in those countries which purports to protect your personal data.  Whether that piece of paper will be effective in protecting your data or what recourse you have if your data is actually compromised in some way, who knows?
  • LightKnow
    LightKnow Posts: 272 Forumite
    Fourth Anniversary 100 Posts Name Dropper
    I do not know but I presume that what that means is that the personal data protection regulations in LATAM (Latin-America?) and APAC (Asian-Pacific?) countries that might get hold of your data through Tata are woefully inadequate compared to those in the UK/EU.

    So Tata have "signed a piece of paper" with other TCS entities in those countries which purports to protect your personal data.  Whether that piece of paper will be effective in protecting your data or what recourse you have if your data is actually compromised in some way, who knows?
    Thanks for reply. It helps having someone else's perspective 
  • eamon
    eamon Posts: 2,319 Forumite
    First Post First Anniversary Photogenic
    Its a general data protection (aka cover our backsides) policy document. I can't be bothered to read through it but if you must then look for something that says "data will be anonymised before being released to 3rd parties". 
Meet your Ambassadors

Categories

  • All Categories
  • 345.7K Banking & Borrowing
  • 251K Reduce Debt & Boost Income
  • 450.9K Spending & Discounts
  • 237.7K Work, Benefits & Business
  • 612.4K Mortgages, Homes & Bills
  • 174.3K Life & Family
  • 250.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.