個人情報保護方針

Employees of Singapore TDCX Company

1. Legal Grounds for Processing Personal Data of Employee or Applicant for Employment

When a person (“Data Subject”) applies for employment at or executes an [Employment Contract] with TDCX Holdings Pte. Ltd. and/or TDCX (SG) Pte. Ltd. (singly, the “Company”), TDCX may process the Data Subject’s personal data, including the Data Subject’s Singapore National Registration Identity Card number (as a condition for a Data Subject to accept an offer of employment); personal identification number; and passport number, provided to TDCX by the Data Subject or another party, to enable TDCX to fulfil its legal and contractual obligations in its capacity as possible employer or employer or in order to take steps at the request of the Data Subject prior to entering into an employment contract.

Personal data may also be processed for the legitimate interests of TDCX or by TDCX affiliates or third party advisors, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data.

2. Purposes of Processing

TDCX’s purposes of processing personal data are as follows:

Human resources and personnel management. This purpose includes human resource management activities carried out as part of recruitment or the performance of an employment contract, and includes on onboarding, termination of employment, scheduling and recording time, evaluative purposes, compensation and benefits, and training.

Compliance with Singapore Personal Data Protection Act 2012. This purpose refers to the processing of personal data as necessary to fulfill a legal obligation to which TDCX is subject. Its purpose is to ensure compliance with the law by TDCX including but not limited to the prevention of crime and the disclosure of personal data to government institutions and supervisory authorities, including tax and labour authorities.

Business process execution and internal management. This purpose addresses activities such as travel and expenses, managing TDCX assets, IT services, information security, internal audits and investigations, legal or business consulting, and preparing for or engaging in dispute resolution.

3. Personal Data that TDCX may collect

For a job applicant, personal data that TDCX may collect includes, without limitation, the Data Subject's:

1. name or alias, gender, date of birth, nationality, and country and city of birth;
2. mailing address, telephone numbers, email address and other contact information;
3. resume, educational qualifications, professional qualifications and certifications and employment references;
4. employment and training history;
5. work-related health issues and disabilities; and
6. photographs.

For an employee, personal data that TDCX may collect in the context of employment includes, without limitation:

1. name or alias, gender, Singapore National Registration Identity Card /Foreign Identification Number or passport number, date of birth, nationality, and country and city of birth;
2. mailing address, telephone numbers, email address and other contact information;
3. employment and training history;
4. salary information and bank account details;
5. contact information of next-of-kin, spouse and other family members;
6. work-related health issues and disabilities;
7. records on leave of absence from work;
8. photographs and other audio-visual information;
9. performance assessments and disciplinary records; and
10. any additional information provided by the Data Subject as a job applicant (that is, prior to being engaged as an employee).

4. Technical and Organizational Measures

All personnel accessing personal data must comply with the internal policies and processes, and technical and organizational security measures, of TDCX in relation to the processing of personal data to protect their confidentiality.

5. Transfer of Personal Data Outside of Singapore

TDCX does not transfer personal data outside of Singapore. Before doing so, TDCX will obtain your consent for the transfer and will take reasonable steps for the personal data to continues to receive a standard of protection that is at least comparable to that provided under the Singapore Personal Data Protection Act 2012.

6. Cross-Border Data Transfers

The TDCX business processes increasingly extend beyond the borders of one country. This globalization demands not only the availability of communications and information systems across the TDCX Group, but also the worldwide processing and use of information within the TDCX Group. Consequently, the Data Subject’s data may be subject to cross border data transfers, which are governed by the TDCX's Binding Corporate Rules as published on the TDCX website at www.tdcx.com/policies/bcr

7. Retention

The Data Subject’s personal data will be retained for no longer than necessary for the purposes of the processing activities or for seven years, whichever period is shorter.

8. Data Subject’s Rights

The Data Subject is entitled to receive information from TDCX regarding the TDCX's treatment of the Data Subject’s personal data.

The Data Subject may request rectification and/or erasure of his/her personal data or restriction of processing concerning the Data Subject, or to object to processing.

The Data Subject entitled to the right of data portability.

To exercise their rights, the Data Subject may contact any one or more of the following parties:

1. TDCX HR Department at [email protected]
2. Data Protection Officer (DPO) at [email protected]
3. Personal Data Protection Commission at https://www.pdpc.gov.sg

9. Updates to this Privacy Notice

This Privacy Notice may be amended from time to time.

Personal Data

The following section only applies to candidates entering employment with TDCX (MY) Sdn Bhd, Malaysia.

Employee Personal Information Collection Statement for Corporate Benefits Purposes

In this Statement,

 “Personal Information” means personally identifiable data about you including information or data provided by you or other parties or from other sources, historical or existing data and/or data to be collected in the future. Such Personal Information may be subject to applicable data protection, privacy and other similar laws and may include copies and other details of identity documents, proof of address and other contact details, religious, philosophical or political affiliations, information concerning age, marital status, racial or ethnic origin, education, genetic or sexual life, physical or mental health or medical condition/diagnosis, dietary preference, commission or alleged commission of any offense or proceedings for any offense committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.

“Third Party Provider” means any provider chosen by TDCX (MY) Sdn Bhd from time to time to provide medical and other benefits to its employees.

Personal Information you provide will be collected, used and otherwise processed by the Third Party Provider for the following purposes:

client relationship management procedures between the Third Party Provider and TDCX, including any potential conflict checks as may be required;

the delivery of services or products to TDCX and its employees by Third Party Providers;

those purposes specifically provided for in any particular service or product offered by Third Party Providers

conducting marketing and profiling activities of TDCX in connection with insurance, other benefits and related services and products (including all selected third parties for the purpose of improving their services to TDCX);

credit assessments and other background checks of TDCX employees as the Third Party Provider may determine to be necessary or appropriate;

Third Party Providers’ internal record-keeping;

collection of outstanding payments from TDCX;

prevention of crime (including but not limited to fraud, money-laundering, bribery);

meeting any legal or regulatory requirements relating to Third Party Providers’ provision of services and products and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to the Third Party Provider or its affiliates; and

purposes ancillary or relating to any of the above (including but not limited to information relating to the TDCX insurance program for research, benchmarking and statistical analysis).

Third Party Providers may provide or disclose the Personal Information to their affiliates for the purposes stated in paragraph 2 above.

Collection and Disclosure

Personal Information provided to Third Party Providers will generally be kept confidential but you hereby consent and authorize the Third Party Providers to collect, provide or disclose your Personal Information for the purposes stated in paragraph 2 above to:

any person to whom they are compelled or required to do so under law or in response to a competent court or government agency;

relevant parties arranging insurance or providing claims services or benefits administration services or wellness services such as insurance companies, health maintenance organizations, agents and service providers (including but not limited to consultants, service call centers, market research and quality assurance companies);

the Third Party Providers’ affiliates;

government agencies and industry regulators;

the Third Party Providers’ auditors, accountants, lawyers or other financial or professional advisors; and

such sub-contractors or third party service or product providers as the Third Party Provider may determine to be necessary or appropriate, in accordance with paragraph 2 and paragraph 7.

Such person(s) as the Third Party Providers or TDCX may instruct or require.

You further consent to provide, and for your employer, insurer(s), health maintenance organizations, agents and/or third party service or product provider(s) to provide to the Third Party Providers, your Personal Information for the purposes set out in paragraph 2 above.

Failure to provide the Personal Information may result in any of the Third Party Providers being unable to provide you with the services and/or products requested by TDCX to be provided to you (including but not limited to covering costs for claims and bills). Failure to provide the Personal Information may result in any of the Third Party Providers being unable to provide you with the services and/or products requested by TDCX to be provided to you (including but not limited to costs for claims and bills). The cost of any service and/or product that you obtain from such Third Party Providers or from other providers and that will not be covered by the Third Party Provider due to your failure to provide the Personal Information will not be borne by TDCX.

Safeguards

The Third Party Providers confirm that they have implemented the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to prevent the unauthorized or unlawful processing of your Personal Information and the accidental loss or destruction of, or damage to, your Personal Information.

Data Transfer

Where a Third Party Provider considers it necessary or appropriate for the purposes of data storage or processing or providing any service or product on our behalf to you, we may transfer your Personal Information to an affiliate or third party service or product providers within or outside the country in which the Third Party Provider is established, under conditions of confidentiality and similar levels of security safeguards.

Your Rights of Access and Correction

You have the right to request access to and correction of information about you held by a Third Party Provider and you may:

check whether a Third Party Provider holds or uses your Personal Information and request access to such data;

request that the Third Party Provider correct any of your Personal Information that is inaccurate, incomplete or out-of-date;

request that the Third Party Provider specify or explain its policies and procedures in relation to data and types of Personal Information handled by them; and

communicate to the Third Party Provider your objection to the use of your Personal Information for marketing purposes whereupon they will not use your Personal Information for these purposes; and

withdraw, in full or in part, your consent given previously,

in each case subject to any applicable legal restrictions, contractual conditions, reasonable internal policies/procedures, a reasonable time period (in accordance with applicable laws) as well as, in the case of an access request, a reasonable fee (where permitted under applicable laws and as the Third Party Provider may notify you in writing upon receipt of your request).

Written requests for access to Personal Information or correction and/or deletion of Personal Information or for information regarding policies and procedures and types of Personal Information handled by a Third Party Provider may be sent to [email protected] "I have fully read and understood the terms and conditions set out in this Personal Information Collection Statement and consent to collection, use, transfer and processing of my Personal Information by any Third Party Provider selected by TDCX in accordance with the terms of this Personal Information Collection Statement. I understand that I may obtain the names of the Third Party Providers from the TDCX intranet or the local HR team or the Teledirect Privacy Officer under above mentioned email, once I receive a written offer for employment or have entered into employment with TDCX (MY) Sdn Bhd, Malaysia."

Application

TDCX (PH) Inc. (TDPH or we) are committed to protect and respect its employees’ personal data that is within their control.

This Policy is specially for the benefit of citizens of the Philippines in compliance with the Data Privacy Act of the Philippines. It is in addition to other laws under which Philippine citizens may enjoy personal data protection.

TDPH will provide its employees with a Personal Information Collection Statement (PICS) in an appropriate format and manner whenever we collect personal data from them (i.e., manually or through the web page that collects personal data, or in a notice posted at the reception area of TDPH events where participants, applicants, employees, or others’ personal data will be collected through the platform mentioned).

Personally Identifiable Information (PII)

We collect the following personal information from you when you manually or electronically submit to us for employment requirements, business requirements, and/or visit to our centers or websites:

Name

Residential address

Email address

Educational details

Photo, fingerprints, and/or handwriting

Contact numbers

Website cookies

Other data that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data considered as PII

Use

PII will be used under the conditions you agree to as the data owner. TDPH will process and store your PII as long as there is a current or ongoing relationship. When the relationship ends, your PII will be stored for 180 business days. Storing of PII will be under the requirements of the TDPH Data Security and Privacy Policies that enforce protection of PII data at the standards prescribed by the requirements for TYPE D (Highly Confidential) data. We will share your PII only when you have agreed to it in the Personal Information Collection Statement (PICS), or when additional consent is secured from you, and/or in response to a legal request by a state authority or a court of law.

Protection Measures

TDPH will use your PII with due diligence and in a secure manner that will meet the objectives of the purpose that the you authorized or consented to. Appropriate controls are in place for all PII that meets the Data Security and Privacy Handling with TYPE D (Highly Confidential) Data security requirements. In addition to the Data Privacy Act of the Philippines, TDPH will also use the following frameworks to achieve a global standard in protecting your PII data.

International Standard Organization 2700: 2013

Payment Card Industry Data Security Standard (PCI DSS) Ver 3.2

General Data Protection Regulation (GDPR)

National Institute of Standards and Technology (NIST)

Control Objectives for Information and Related Technologies (COBIT) 5/2019

Center for Information Security Version 7

Question?

Do you have a question about your personal data? Please contact the Data Privacy Officer via the contact details below.

You may request deletion or modification of your data held in TDPH systems. However, if you do so, TDPH will no longer be able to carry out the agreed purposes of our relationship.

Data Privacy Officer 

E-mail: [email protected] 

Landline: +6328629556 Ext. 89556 23rd Floor, Cybcerscape Beta Bldg, Ruby and Topaz Rds Ortigas Center, Pasig City Metro Manila

Privacy Notice

This Privacy Notice applies to you if you are located in the EEA and are an employee, worker or consultant of Gascaquen Teledirect S.A (Teledirect). Teledirect is the controller and processor of your Personal Data.

We are committed to protecting the privacy and security of your Personal Data. This Privacy Notice describes how we collect and use Personal Data about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

Please read this Privacy Notice carefully.

Data Protection Officer [Manager]

We have appointed a Data Protection Officer [Manager] to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, please contact the Data Protection Officer on [email protected] or +34 932 710 121. You have the right to make a complaint at any time to the Agencia Española de Protección de Datos (“AEPD”), the Spanish supervisory authority which we have selected to oversee our data protection issues.

Data Protection Principles

Teledirect will comply with the GDPR and other relevant data protection law. The GDPR says that the Personal Data we hold about you must be:

Used lawfully, fairly and in a transparent way.

Collected only for valid purposes that we have explained to you and not used in any way that is incompatible with those purposes.

Relevant to the purposes we have told you about and limited only to those purposes.

Accurate and kept up to date.

Kept only as long as necessary for the purposes we have told you about.

Kept securely.

Definitions

Group means the group of Teledirect (TD) companies referred to in this policy, namely Agorae Pte Ltd (Singapore); Gascaquen Teledirect, SA (Spain); Teledirect Pte Ltd (Singapore); Teledirect Telecommerce Ltd (Philippines) Inc; Teledirect Telecommerce (Thailand) Ltd; Teledirect Telecommerce Sdn Bhd (Malaysia); KK Teledirect Japan; Agorae Information Consulting (Beijing)Co., Ltd; Teledirect Hong Kong Ltd, which together are referred to as “the TD Group” or “group”. References to “our group” means references to companies in the TD Group.

Personal Data means information about you which identifies you directly or indirectly. Examples of your Personal Data are: name, identification number, location data, online identifier, identification traits that are physical, physiological, genetic, mental, economic, cultural or social.

There are also "special categories" of more sensitive Personal Data which require a higher level of protection, such as information about your health or religion.

Processing means operations on Personal Data, including by automation. Examples of processing include: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, destruction.

The Kinds Of Personal Data We Will Hold About You

We will collect, store, and use the following categories of your Personal Data:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;

Date of birth, country of birth and nationality;

Gender;

Marital status and dependents;

Next of kin and emergency contact information;

Bank account details, payroll records and tax status information;

Salary, annual leave, pension and benefits information;

Employment start date;

Employment leaving date and your reason for leaving;

Location of employment or workplace;

Copy of passport; Passport/NIE number

User name and password

Recruitment information (including copies of right to work documentation, references and other information included as part of the application process the information provided through your online assessment and (subject to your consent) the recording of your video interview);

Employment records (including job titles, work history, working hours, holidays, training records and professional memberships);

Remuneration history;

Performance information;

Disciplinary and grievance information;

CCTV footage and other information obtained through electronic means such as swipe card records;

Photographs; and

Results of employment status check

We may also collect, store and use the following "special categories" of more sensitive Personal Data:

Information about your race or ethnicity;

Information about your health, including any medical condition, health and sickness records, including:

details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and

Information about criminal convictions and offences (where relevant to your role and allowed by law).

How Teledirect collects Personal Data about you

We collect Personal Data about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider.

We will collect additional Personal Data in the course of job-related activities throughout the period that you work for us.

When Teledirect will process your Personal Data.

We will only use your Personal Data as permitted by the law, most commonly:

Where we need to perform the employment or services contract we have entered into with you.

(In limited circumstances), where we have your consent.

Where we need to comply with a legal obligation.

Where it is necessary for our legitimate interests as your employer (or the legitimate interests of a third party) and your interests and fundamental rights do not override those interests

We may also use your Personal Data in the following situations, which are likely to be rare:

Where we need to protect your interests (or someone else's interests) such as in a medical emergency in which you are incapacitated or otherwise incapable of giving consent.

Where it is needed in the public interest or for official purposes.

Situations in which we will use your Personal Data:

We need all the categories of Personal Data in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your Personal Data to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The purposes for which we will process your Personal Data are listed below.

Assessing your suitability for employment and making a decision about your recruitment or appointment;

Determining the terms on which you work for us;

Checking you are legally entitled to work in the country in which you are based;

Contacting you

Managing your employment with Teledirect, and administering the contract we enter into with you, for example,

Paying you and, if you are an employee or deemed an employee for tax purposes, deducting tax and any other necessary deductions;

Providing benefits to you through third parties selected by Teledirect

[Where relevant, enrolling you in a pension arrangement;

Liaising with the trustees or managers of a pension arrangement operated by a group company, your pension provider and any other provider of employee benefits;]

Conducting performance reviews, managing performance and determining performance requirements

Making decisions about salary reviews and compensation;

Assessing your qualifications for a particular job or task, including decisions about promotions

Assessing education, training and development requirements;

Monitoring your use of our information and communication systems to ensure compliance with our IT policies;

Ensuring network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution;

Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work

Ascertaining your fitness to work

Managing sickness absence

Gathering evidence for possible grievance or disciplinary hearings

Making decisions about your continued employment or engagement

Making arrangements for the termination of our working relationship;

Preventing fraud;

Carrying out business management and planning, including accounting and auditing;

Conducting data analytics studies to review and better understand employee retention and attrition rates

Complying with applicable law

Complying with Teledirect policies

Undertaking recruitment campaigns, surveys or polls

Surveying Teledirect employees after anonymizing your Personal Data

If you give us your consent, retaining your Personal Data for future employment opportunities in Teledirect if you leave Teledirect.

For the legitimate interests of Teledirect, Teledirect Group, or a third party, provided those interests are not overridden by your interests, fundamental rights and freedoms.

Some of these Purposes will overlap and there may be several grounds which justify Teledirect’s use of your Personal Data.

How We Use Particularly Sensitive Personal Data

"Special categories" of particularly sensitive Personal Data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data. We may process special categories of Personal Data in the following circumstances:

In limited circumstances, with your explicit written consent.

Where we need to carry out our legal obligations or exercise rights in connection with your employment.

Where it is needed in the public interest, such as for equal opportunities monitoring.

Our obligations as an employer

We will use your particularly sensitive Personal Data in the following ways:

We will use information relating to leaves of absence, which may include sickness absence or family-related absences, to comply with employment and other laws;

We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits; and

Do We Need Your Consent?

We do not need your consent if we use special categories of your Personal Data to carry out our legal obligations or exercise specific rights in the field of employment law.

In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data, in case there is a legal legitimacy for such processing. If we do so, we will provide you with full details of the information that we would like to process and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information About Criminal Convictions

We will only seek information about criminal convictions if it is appropriate given the nature of the role to be performed and where we are legally able to do so. Where specifically permitted, we will carry out a criminal background check as part of the recruitment process [and give you the opportunity to comment on any conviction that is revealed. We will only retain a record of whether or not the results of any checks were satisfactory.]

We will use information about criminal convictions and offenses in order to comply with applicable laws and regulations. We have in place appropriate safeguards when processing such data.

Change Of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

If You Fail To Provide Personal Data

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.

Automated Decision-Making

Teledirect may use automated decision-making to process your Personal Data for the purposes set out above. Teledirect will only take a decision based solely on automated processing which has a significant impact upon you,

if we notify you of the decision and give you [21] days to request a person to reconsider the decision

where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights

in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights

We will only make an automated decision on the basis of any particularly sensitive Personal Data if we have your explicit written consent and it is justified in the public interest, and we have put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Data Sharing

Why might you share my Personal Data with third parties?

We will share your Personal Data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my Personal Data?

"Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group.

The following third-party service providers process Personal Data about you for the following purposes:

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

When might you share my Personal Data with other entities in the group?

We may share your Personal Data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise, for system maintenance support and hosting of data.

When sharing your Personal Data with other entities in our group, we will apply the provisions of the Binding Corporate Rules (BCR) approved by the entities of our group, which are legally binding for all of them.

The objective of the BCRs is to provide adequate protection for the transfers and processing of Personal Data by TD staff and entities in the TD Group, its companies, subsidiaries, affiliates and any other entity under its ownership or control.

The BCRs explain how this commitment is implemented by the TD Group throughout its operations. They specifically set out TD’s approach to transfers of Personal Data between entities in the TD Group and apply to TD’s operations worldwide.

The BCRs are communicated to all TD employees and are published on the external TD website accessible at www.tdcx.com/policies/bcr.

What about other third parties?

We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymized data with the other parties before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction.

We may also need to share your Personal Data with a regulator or to otherwise comply with the law. This may include government authorities, disclosures to stock exchange regulators and disclosures to shareholders such as directors' remuneration reporting requirements.

Transferring information outside the EEA

Teledirect may transfer your Personal Data out of your country of residence (including the European Economic Area) and/or disclose your Personal Data for the purposes explained above under conditions of confidentiality and similar levels of security safeguards as in the country of your residence to the following persons:

Teledirect recruitment, administration and operations teams.

Teledirect clients for them to assess your suitability for their projects and to administer access to their systems and email, where necessary.

Teledirect’s agents, contractors, third party providers and their sub-contractors that provide administrative, telecommunications, information technology, recruitment, medical and insurance services to Teledirect in any part of the world.

Third party providers to do background checks on you, where background checks are not prohibited by law.

Persons legally entitled to have your Personal Data.

We have put in place the following appropriate measures to ensure that your Personal Data is treated in a way that is consistent with and which respects data protection law under the GDPR:

For international transfers within the organization, we have put in place Binding Corporate Rules. These are internal rules to allow us to transfer data to various branches, outstations and offices within the organization regardless of which country they are based in and ensure that a high standard of data protection will be observed within our group.

For international transfers to third-parties in countries which have not been deemed to provide an adequate level of data protection, we will put in place data protection clauses in the contracts between us and those third parties. This will ensure that those third parties observe the same high standards of data protection as we do.

If you require further information about these protective measures, you can request it from our [Data Protection Officer].

Data Retention

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless you have withdrawn the consent on which the processing is based, and the use of the data is not based on another legal basis. We will retain your Personal Data during your employment with Teledirect and for a period of 10 years, after which it will be securely destroyed. Unless it is needed to prove the commission of acts against individuals, property, or facilities, CCTV footage is retained for a maximum of one month, after which it is deleted.

Employee Personal Use Of Company Equipment Or Devices

Email and other computer files are provided by Teledirect as a working tool and must be used for working purposes only.

Use of computer facilities for personal reasons is strictly prohibited (personal use may be permitted subject to approval).

All computer passwords and codes must be available to Teledirect at all times.

No employee may add unauthorized or pirated software or files to any machine owned by Teledirect.

To avoid viruses, employees may not use computer files or software brought from home or other sources on the business computer. Likewise, the installation by employees of computer programs, or private or non-company mail accounts is strictly forbidden.

Software or other business information on the computer should not be copied and taken from the business premises without permission.

The copying, reproduction, distribution and use for specific purposes of Teledirect’s database, as well as any other computer and document support, is expressly prohibited.

Teledirect reserves the right to enter, search, and monitor the computer files or email of any employee, without advance notice, for business purposes such as investigating theft, disclosure of confidential business information, personal abuse or illicit use of the system or monitoring fulfilment of job responsibilities. In any event, this search will be carried out in working hours and in the presence of the work council, if any, and respecting the guarantees established in the applicable labor legislation.

The breach of these rules by employees will determine the use by the Company of the additional means it considers appropriate to restrict the misuse, as well as the application of the disciplinary regime that may apply.

Your Rights In Relation To Your Personal Data

By law, you have the right to:

Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you, know how your data is processed and to check that Teledirect is lawfully processing it;

Request correction of the Personal Data that Teledirect holds about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

Request erasure of your Personal Data. This enables you to ask Teledirect to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);

Under certain circumstances, object to processing of your Personal Data where Teledirect is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. [You also have the right to object where we are processing your Personal Data for direct marketing purposes, for which you must have given your prior consent];

Under certain circumstances, request Teledirect to restrict processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it; and

Request the transfer of your Personal Data to another party.

In case you consider that your rights have not been properly addressed, you could file a claim with the supervisory authority, the Agencia Española de Protección de Datos (AEPD) through its website: https://sedeagpd.gob.es/sede-electronica-web/vistas/formNuevaReclamacion/claim.jsf.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

Teledirect may decline to allow you to access, rectify or erase some or all of your Personal Data under any of the following circumstances:

Teledirect has a legal obligation or the right to deny your request.

If your request is clearly unfounded or excessive (which means, for example, more than once in 6 months unless there is a legitimate reason); Teledirect can demonstrate that it is not in a position to identify you. [The Personal Data does not exist or cannot be found.]

If it is necessary and proportionate and the Personal Data was collected, used or disclosed for the purposes of

preventing, detecting, investigating and prosecuting criminal offences and execution of criminal penalties

establishing, exercising or defending a legal claim, prospective legal claim, legal proceedings or prospective legal proceedings

an investigation [if the investigation and associated proceedings and appeals have not been completed.]

If exercising those rights would be likely to cause serious harm to your safety or physical or mental health (for as long that is the case).

If providing information to you could reveal the Personal Data of another individual, Teledirect will provide a summary of the Personal Data if it is possible to do so without revealing the Personal Data of the other individual, unless that individual consents to the disclosure of his/her identity.

You may not rectify or erase the Personal Data that Teledirect relied upon to assess your suitability for employment. Teledirect may take appropriate legal action if you represent false information as your Personal Data.

Right To Withdraw Consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer . Once we have received notice that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Changes To This Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.