PURPOSE
WAYZO TECHNOLOGIES PRIVATE LIMITED (“Jellybean”, “we”, “us”, “our”) is committed to protecting the privacy and security of your personal information. This Personal Data Protection Policy (“Policy”) describes how we collect and use personal information about you during and after your engagement/relationship with us.
Jellybean is a controller of the data it processes, where we decide the purposes and means of processing your personal data. We process personal data in accordance with applicable data protection laws and regulations.
SCOPE & APPLICABILITY
The Policy applies to employees, workers, contractors, and any third party which is processing personal data on behalf of us. It applies to the processing of personal data collected from our customers (end users), employees, business partners and any other third parties. We may update the Policy at any time. Please read the Policy together with any other privacy notice, we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
DEFINITIONS
1. Controller shall mean the party responsible for determining the purposes and means of processing the personal data;
2. Data Subject means a natural person whose personal data is processed by a controller or processor;
3. Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
4. Personal Data shall have the meaning given to it under the GDPR and shall include any information relating to an identified or identifiable natural person;
5. Processor shall mean the party who processes Personal Data on behalf of Controller;
6. Processing includes any operation performed on Personal Data, whether or not by automated means, including collection, use, recording, etc.
7. Supervisory Authority shall have the meaning assigned to it under the GDPR;
WHAT PERSONAL DATA WE HOLD?
8. Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are also certain special categories of Personal Data, which require a higher level of protection.
9. We will process the following categories of Personal Data about you:
Personal contact details including name, address, phone number and personal email address, Location of employment or workplace,
Compensation history,
Bank account details, payroll records and tax status information,
Marital status and dependents’ information,
Emergency contact information/next of kin,
Salary, leave, pension and benefits information,
Employment records,
Performance information,
Information about your use of our information and communication systems, and
Photographs.
1. We may also collect, store, and use the following special categories of Personal Data: Information about criminal convictions/offenses,
Health information including any medical condition,
Genetic information and biometric data.
HOW DO WE COLLECT YOUR PERSONAL DATA?
You may provide us with Personal Data in the course of your employment with us. We also collect Personal Data about you through our application and recruitment processes, either directly from you or sometimes from third parties. The third parties from who we may have collected your Personal Data include:
Recruitment or human resource service providers,
Health professionals,
Insurers and insurance brokers,
Nominated referees, and
Law enforcement agencies.
HOW DO WE USE YOUR PERSONAL DATA?
1. We will only use your Personal Data where we are allowed to do so under applicable law. 2. We will use your Personal Data in the following circumstances:
Where we need to perform the contract formalized with you,
Where we need to comply with a legal obligation,
Where it is necessary for our legitimate interests (or those of a third party) and your rights and freedoms do not override such legitimate interests,
Where we need to protect your interests (or another individual’s interests), and
Where it is needed in the public interest.
We will use special categories of Personal Data for:
Performing our contract with you, and
Complying with legal obligations.
If you refuse to provide Personal Data, we may not be able to fulfill the contract we have entered into with you or we may be prevented from complying with our legal obligations.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
HOW WE USE A SPECIAL CATEGORY OF PERSONAL DATA?
The special category of Personal Data requires a high level of protection. We will use special category of Personal Data for following purposes:
Leave management (sickness absence),
Employment or other legal obligations,
Workplace assistance and adjustments in relation to disability,
Benefits administration, and
Equal opportunity.
AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses Personal Data to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstance:
If required by applicable law, where we have notified you of the decision and given you notice to request consideration,
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights,
In limited circumstances, with your explicit consent and where appropriate measures are in place to safeguard your rights.
We ourselves are responsible for the Processing and as such we guarantee that the conditions which the GDPR imposes on such decision-making have been fulfilled. You will not be subject to decisions that will have a significant impact on you solely based on automated decision making, unless we have a lawful basis for doing so and we have notified you about the same.
If we make an automated decision solely on the grounds listed above in this section, you will have the right to request human intervention with regards to that automated decision and to contest such decision in accordance with the Policy.
DATA TRANSFERS
1. We may have to transfer your Personal Data including sharing it with third parties. We require third parties and data recipients to agree to standard obligations for protection of your Personal Data in accordance with applicable laws and regulations. We also require third parties to respect the security of your data and provide a similar degree of protection to it as do we.
2. We will share your Personal Data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Following activities are carried out by third-party service providers:
Information Technology (IT) support services
Payroll management
Security
Background checks
Mobility services
Talent management
Recruitment
Insurance
Immigration, visa and permits.
Transferring Personal Data outside the European Union (EU)
We may transfer your Personal Data to countries outside the EU in order to process your Personal Data on one of the grounds listed in the Policy. It is possible that the European Commission (EC) has deemed such a
country adequate for data protection. However, not all countries have not been deemed adequate by the EC. To ensure that your rights are
enforceable pursuant to such data transfer(s), we have put in place data processing agreements along with standard contractual clauses published on 4 June 2021 pursuant to EC’s decision on transfer of Personal Data to third countries. This ensures that your Personal Data is treated in a way that is consistent with GDPR.
HOW DO WE PROTECT YOUR PERSONAL DATA?
1. We have implemented appropriate information security measures to secure your Personal Data. Third parties will only process your Personal Data on our documented instructions and where they have agreed to treat the data confidentiality and to keep it secure.
2. We have put in place security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered or deleted. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know.
3. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. We have implemented measures to deal with any suspected Personal Data Breach and will notify you and any applicable regulator of such a breach incident, where we are legally required to do so.
HOW LONG DO WE RETAIN YOUR DATA?
1. We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. We may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
2. Once you are no longer an employee, worker or contractor of Jellybean, we will retain and securely destroy your Personal Data in accordance with this policy along with our Data Retention and Disposal Policy. However, if your Personal Data is subject to legal hold because of our ongoing legal obligations in connection with investigations, third party demands, or possible litigation, we may preserve your data for so long as it is subject to such legal hold.
WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?
1. Request access to your Personal Data: This enables you to receive a copy of the personal data we hold about you and to check that we are Processing it in a lawful and fair manner.
2. Request correction of the personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected.
3. Request erasure of your personal data: This enables you to ask to delete or remove personal data where there is no lawful ground for us to continue Processing it. You also have a right to ask us to delete/remove your personal data where you have exercised your right to object to Processing (refer 13.4 below).
4. Object to Processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) and you have grounds to object to such Processing. You also have a right to object where we are Processing your data for direct marketing purposes.
5. Request the restriction of Processing: This enables you to ask us to suspend the Processing of personal data about you e.g., if you want us to establish its accuracy or the reason for Processing it.
6. Request to transfer: Enables you to request the transfer of your personal data to another party.
7. Right to withdraw consent: In circumstances where you may have provided your consent to the Processing of your personal data for a specific purpose, you have the right to withdraw consent for Processing at any time. To withdraw your consent, please write to us at dpo@solus.ai.com
8. Right to complain you have a right to make a complaint at any time with a relevant Supervisory Authority.
9. For exercising these rights, you will not have to pay a fee. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
UPDATE AND REVIEW
Jellybean reserves the right to update this Policy at any time, and we will provide you with a new policy when we make any substantial updates. We may also notify you in other ways from time to time about the Processing of your Personal Data.
