Why We Share Personal Data
Only selected employees of STS – such as your potential future
manager(s), employees of HR and IT (for maintenance purposes only) - and
selected employees of our external service providers who support us
with the admission of recruitment application, may have access to your
Personal Data. Whenever we permit a third party to access Personal Data,
we will make sure the data is used in a manner consistent with this
Notice (and any applicable internal data handling guidelines consistent
with the sensitivity and classification of the data).
Please note, in some circumstances third parties may qualify as
controllers who process your Personal Data for their own purposes.
Please refer to these Controllers’ privacy notice or statement.
Otherwise, all third parties are Processors acting on the instructions
of STS. Wherever we engage a Processor, we require assurances that such
Processors have implemented appropriate safeguards and controls in
relation to the protection of your Personal Data. In addition to the
third parties’ legal obligations, we require that such third parties be
also contractually obligated to safeguard your Personal Data. Ongoing
oversight is maintained on the relevant processing activities being
carried out by the third party.
If required, we may conduct background checks prior to you commencing
employment with us. In order to do so, STS may have a requirement to
share your personal data with the relevant third parties. These checks
will be performed by our Processors who conduct background screening on
How Long Do We Retain your Personal Data?
We will retain your personal data for a period of 3 years after your
last application date. If you are unsuccessful, we shall retain your
personal data for 6 months or for a period of 3 years upon your explicit
consent. After this period, we will securely destroy your personal
Post onboarding and pre-joining formalities your data will not be
kept longer than necessary for the purpose for which it was processed.
For example, we may need to retain your Personal Data to comply with Tax
and other applicable Laws, for audit purposes and to exercise or defend
any legal claims.
Is Your Data Transferred Across International Borders?
STS is part of the HCL group, a truly global organisation so your
Personal data may be transferred for the any of the above stated
purposes to different global locations. These transfers will be
undertaken in compliance with applicable law(s) and regulation(s).
If it is necessary to transfer your Personal Data to countries that
do not offer adequate protections, for example if Personal Data
originating from the EEA / EU will be transferred outside the EU/EEA
then we will ensure that appropriate safeguards as required
by applicable laws are put in place prior to the transfer of the data.
To protect Personal Data when transferred outside the EU/EEA to
countries which have not been deemed by the European Commission to
adequately protect Personal Data, STS will implement appropriate
safeguards in order to adequately safeguard any such transfers in line
with the requirements enshrined in applicable laws, e.g. by
incorporating standard contractual clauses (a copy of which can be
obtained through the contact information included below) into
contract(s) / data transfer agreement(s) established between the parties
transferring the Personal Data.
What are your rights and how can you exercise them?
Depending on your relationship with STS you may have several rights
in relation to your Personal Data. Please refer to the Annexure A for
information on data subject rights. Please note, these rights are
subject to exemption(s) and may not apply in all circumstances. If you
wish to exercise these rights, then STS will provide you with the
requested information or action your request within one month after
receipt of your verified request, subject to any extensions that maybe
required and communicated to you.
You can request more information about your rights at firstname.lastname@example.org.
How Do We Safeguard your Personal Data We Have Collected from You?
We implement and maintain appropriate technical, organizational, and
physical security measures to protect your Personal Data and these
security measures are in line with industry best practices.
These include, but are not limited to:
- Access to data is based on need to know and least privilege
principle to ensure data is only accessible to authorized individuals
for performance of their duties.
- Layered security controls
ranging from perimeter security to end user machine level controls such
as Firewalls, Spam protection, Antivirus and Spyware solutions, security
awareness trainings and incident management etc.
- To further
reduce the risk associated with data processing, we make use of
pseudonymisation / Anonymization techniques where possible.
encryption mechanisms, where appropriate such as email encryption,
encryption of data during transfer, secure VPN access and disk/file
level encryption etc.
- Third parties that process personal data
on our behalf, do so based on written instructions and are under a duty
of confidentiality and are obliged to implement appropriate technical
and organisational measures to ensure the security of data.
What if you do not provide Personal Data?
During the job application and pre-joining formalities it is in yours
and our best interest for you to provide STS with Personal Data, in
particular certain information as mentioned above, such as contact
details, education and professional experience details, and your right
to work in a particular jurisdiction, have to be provided to enable STS
to enter into a contract of employment with you.
Certain information may be necessary to fulfil legal obligation under
employment, Tax and other applicable laws and regulations and to
exercise your statutory rights.
If you do not provide the necessary information, this will impact our
ability to manage the rights and obligations arising as a result
of the hiring and onboarding process effectively.
How Do We Update This Notice?
We may update this Notice from time to time. We will post any updated
version of this Notice on the STS public facing websites and other
relevant portal(s). We may also communicate changes to this Notice to
you by email or by other necessary mean(s), if need be.
Except as otherwise stated in this Notice, any updates to this Notice
will be effective from the date on which they are communicated to the
Our Data Processors
STS uses no Data Processor in relation to managing your personal data
Who can you contact?
Any questions or concerns about the operation of this document should
be addressed to the relevant HR personnel who may have been in contact
If you have any concerns about how your Personal Data has been processed then you can contact us via email@example.com
Notification of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to
the rights and freedoms of natural persons, the controller will
communicate the personal data breach to the data subject without undue
delay after taken notice of such personal data breach.
Notification of a personal data breach to the supervisory authority
In the case of a personal data breach, the controller shall without
undue delay but, where feasible, not later than 72 hours after having
become aware of it, notify the personal data breach to the supervisory
authority competent, unless the personal data breach is unlikely to
result in a risk to the rights and freedoms of natural persons. Where
the notification to the supervisory authority is not made within 72
hours, it shall be accompanied by reasons for the delay.
We want to address any concerns you may have in relation to the
management of your personal data, therefore, please contact us in the
first instance. You have a right to lodge a complaint with a data
protection supervisory authority in particular in the jurisdiction of
your habitual residence, place of work or place of the alleged
Complaints relating to STS’s use of personal data may be sent by
email - with the details of your complaint to firstname.lastname@example.org. We
will look into and respond to any complaints we receive within 30 days.
You also have the right to file a complaint with the National
Authority for Data Protection and Freedom of Information or seek remedy
at court if you are of the view that your rights relating to personal
data have been violated. For further information on your rights and how
to complain to the Authority, please refer to http://naih.hu/panaszuegyintezes-rendje.html.
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1055 Budapest, Falk Miksa utca 9-11. / 1363 Budapest, Pf. 9.
Phone: (+36-1) 391-1400
Fax: (+36-1) 391-1410
In the event of a breach of your rights relating to personal data, or
if you disagree with STS's decision, within 30 days of the receipt of
the decision, - you may initiate a claim against the Data Controller
directly at the ordinary courts having competence to such cases on the
basis of STS’s seat (registered address) or other applicable laws. The
court will have to act in an expedited procedure in such cases.
Data Subject Rights:
Your rights may differ depending on local laws applicable, but
generally (as far as applicable laws provide you with such rights). You
would be entitled to: object to the processing of Personal Data, access
your data and have inaccurate data corrected, obtain a copy of Personal
Data (in some cases in portable format), ask us about any relevant
details of processing, ask for erasure or restriction of processing, and
to lodge complaints with relevant authorities (in particular in the
country where you live, work or where the alleged infringement took
place).These rights can be summarised in broad terms with the EU General
Data Protection Regulation as a baseline:
Right of access
have the right to confirm with us whether your Personal Data is
processed, and if it is, to request access to that Personal Data
including the categories of Personal Data processed, the purpose of the
processing and the recipients or categories of recipients. We can only
provide you with your Personal Data, not Personal Data about another
person. Also, where access would adversely affect another person’s
rights, we’re not required to provide this. Due to legal privilege,
there are some records we are not able to share in connection with a
claim or legal proceeding.
Right to rectification
have the right to rectify inaccurate or incomplete Personal Data
concerning you. We encourage you to review this information regularly to
ensure that it is accurate and up to date.
Right to erasure (right to be forgotten)
may have the right to ask us to erase Personal Data concerning you. The
right to erasure does not apply where your information is processed for
certain specified reasons, including for the exercise or defence of
Right to restriction of processing
certain situations, you have the right to ‘block’ or suppress further
use of your information. When processing is restricted, we can still
store your information, but may not use it further. We keep lists of
people who have asked for further use of their Personal Data to be
‘blocked’ to make sure the restriction is respected in future. This may
affect our ability to provide services to you.
Right to data portability
may have the right to receive Personal Data concerning you, which you
have provided to us, in a structured, commonly used and machine-readable
format and you may have the right to transmit that data to another
Right to object and rights relating to automated decision-making
certain circumstances you may have the right to object, on grounds
relating to your particular situation, at any time to the processing of
your Personal Data, including profiling, by us and we can be required to
no longer process your Personal Data. This may include requesting human
intervention in relation to an automated decision so that you can
express your view and to contest the decision.
You are entitled to
receive your Personal Data free of charge except in the following
circumstances where we may charge a reasonable fee to cover our
administrative costs of providing the Personal Data for:
- manifestly unfounded or excessive/repeated requests, or
- further copies of the same information.
To exercise any of the above-mentioned rights please submit your request through email@example.com
Annexure B – Definitions: