Privacy Notice

Home / Privacy Notice

Last Modified: October 2024

1. SCOPE OF THIS PRIVACY NOTICE

Tejas Networks Limited (“Tejas“, “we“, “us” or “our“) are committed to protecting the personal data of our Team Members (“Team Members“). Team Members include employees, consultants, advisors, trainees, applicants, agency workers, interns and contractors who are engaged by Tejas and its affiliates. 

This Privacy Notice (“Notice“) describes how we process your personal data. Personal data means any information that can be used to directly or indirectly identify a natural person or that is likely to make a person identifiable (“personal data“). By way of example, a person can be identified by reference to an identifier such as a name, an identification number, location data or by reference to individual physical, physiological, economic, or cultural identity characteristics. 

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data. It does not matter whether the data processing is automated or not. Processing may include, for example, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data. 

2. WHO IS THE CONTROLLER AND TO WHOM CAN I REACH OUT?

We are the controller of the processing of personal data described in this privacy notice. This means that Tejas determines the purposes and means of the processing of your personal data. You can contact the following address for all data protection inquiries: 

Tejas Networks Limited
Plot No. 25, JP Software Park
Electronics City, Phase 1
Hosur Road
Bangalore (India):- 560 100
Phone:-  + 91 80 4179 4600/700/800
E-Mail:- dpo@tejasnetworks.com

3. WHAT
DATA DO WE COLLECT?
 

  • Tejas collects and processes personal data about you when you voluntarily submit information directly to us, when you communicate with us in respect of your employment or when you fill in certain forms at the start of your employment. Such information typically includes your name, address, gender, marital status, emergency contacts, job references, education details, position, remuneration details, and previous employment history, and, as necessary, religious affiliations, trade union membership, and health-related information. When we collect such information from you, we will inform you if the information is mandatory or optional. If you do not provide any information which is marked as mandatory, we may be unable to perform some of our obligations to you. Particularly, we may not be able to make you an offer of employment.
  • When necessary, we may also collect personal data about you from other parties, such as, for example, information collected through publicly accessible and available sources, including the Internet, if such information (i) is available without signing-up to a service or (ii) can be found on professional social media platforms (e.g., LinkedIn), as well as in the context of background checks.
  • Tejas may also create and maintain internal records which may contain personal data about you, such as performance and development records, disciplinary, capability and conduct records, absence and attendance records. 

The table in Annex 1 sets out more information about the categories of personal data we collect about you. 

4. PURPOSES AND LEGAL BASES

The purposes and legal bases for processing your personal data may vary from case to case. In principle, we process your personal data for several purposes, including, but not limited to: 

The purposes and legal bases for processing your personal data may vary from case to case. In principle, we process your personal data for several purposes, including, but not limited to: 

  • The processing of your personal data is necessary for hiring decisions or, after hiring, for carrying out or terminating the employment contract. For example, we process your personal data if you apply for a job, to contact you and maintain an internal employee directory, or to pay your salary. 
  • We may process your personal data based on our legitimate interests, such as for our own business interests, for example, to defend against and exercise legal claims, to the extent our legitimate interests are not overridden by your interests or fundamental rights and freedoms. 
  • We may process your personal data to comply with legal obligations. For example, we are required to retain certain information due to statutory law. 
  • We may process special categories of information, e.g., health data, if this is, for example, necessary to exercise legal claims or to comply with legal obligations derived from employment law, society security and social protection law. 
  • In certain limited circumstances, we may process certain personal data based on your consent. In general, we only request your voluntary consent when you have a legal or economic advantage or if we and you pursue the same interests. If we need your consent, we will notify you of the personal data we intend to use and how we will use it. You do not have to give your consent. Where you have granted us your consent to collect, use or disclose your personal data in a certain way, you have the right to withdraw your consent at any time with effect for the future. Please note that neither the refusal nor the withdrawal of your consent will have negative consequences for your employment relationship with us. 

Detailed information about how, and on which legal basis we process your personal data can be found in Annex 1. 

5. MONITORING of Our IT systems 

We may monitor the use of Tejas IT systems from time to time to detect misuse of the systems which may damage our business or endanger our systems, identify activities that constitute an infringement of our IT and security related policies or to detect a crime. We will not use the monitoring data for any other purposes as set out herein. For example, we use spam filters, virus protection and firewalls. You should be aware that monitoring may take place of incoming and outgoing emails, internet access and other forms of electronic communications in accordance with our policies and limited to what is legally permitted. 

In this context, we will in particular process the following types of personal data: date and time of internet activities, transmitted data volume, IP addresses, communication metadata, and user IDs. Pursuant to our Acceptable Use Policy, limited use of our IT systems for private purposes is permitted. However, in order to protect Tejas’ interest, we reserve the right to monitor and/or access our devices as outlined in that policy and in compliance with applicable law. Personal correspondence and files should therefore be stored in folders clearly identified as “Personal” and will be subject to review in accordance with applicable law. We generally do not advise employees to store any personal data on the company IT assets, however if stored, we shall not be held liable for any loss, damage and/or breach of such data.   

6. HOW LONG WE STORE YOUR INFORMATION 

We only process your personal data for as long as is necessary to fulfil the purposes for which it was collected. This also applies to the fulfilment of our legitimate interests or statutory retention and documentation obligations that we must observe. Subject to appliable laws and statutes, once the purposes have been fulfilled, your personal data will generally be deleted.

Upon request, we will delete the data collected and stored for the use of our website, unless we are legally required to keep this data or we need this data to protect, enforce or assert our rights. We will delete the data ourselves within a certain cycle and in accordance with any contractual obligations that we may be subject to, unless there is a special interest in continued storage in individual cases, e.g., in the event of cyber-attacks.

When determining the retention period required in individual cases, we take into account the scope, nature and sensitivity of the data, the potential risk of damage through unauthorized use or disclosure, the purposes for which we process your personal data and the applicable legal provisions.

Insofar as statutory retention and documentation obligations or the protection of our legitimate interests, which outweigh your conflicting interests, require longer storage, for example in the event of legal disputes, your personal data will be stored and processed for a longer period of time.

Detailed information about the retention periods can be found in Annex 1.

7. WHO WE SHARE YOUR
PERSONAL DATA WITH


We may share your
personal data with the following recipients:

  • Affiliates.  As we are a globally acting company that relies on centralized resources and global decision-making, we may in particular share and jointly process your personal data in connection with:
    • The provision of centralized human resources management;
    • Group business planning, budgeting, reporting, and strategy;
    • Group-level legal and regulatory compliance and managing associated risks, providing legal advice, and in connection with potential or actual litigation;
    • Auditing compliance with policies, procedures, applicable laws, and regulations;
    • Providing and administering whistleblowing schemes;
    • Internal accounting;
    • Reporting, assessing, and responding to claims for risk management;
    • The provision of centralized IT infrastructure such as information regarding security and monitoring of users’ traffic;
    • Customer support; and
    • Payroll processing.

      The
      legal bases for such processing of your personal data are:

      • The performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; and
      • our legitimate interests in the points described above.

    • Service providers and advisors: Thirdparty vendors and other service providers that perform services for us or on our behalf, which may include providing mailing or email, tax and accounting, payments and payroll processing and travel booking services. Such information may be disclosed in connection with:
      • The provision of human resources management;
      • The provision of IT infrastructure;
      • Centralized processing of salary and benefits payments;
      • Obtaining professional services such as legal and accountancy services on behalf of the entire group.The legal bases for such processing of your personal data are: 
      • the performance of the employment contract or prior to entering into the employment contract; and 
      • our legitimate interests, namely our interest in managing our resources and pursuing our business as set out in Annex 1 and, in this context, obtaining professional services.our legitimate interests, namely our interest in managing our resources and pursuing our business as set out in Annex 1 and, in this context, obtaining professional services.

    • Purchasers and third parties in connection with a business transaction: personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. Such personal data may be disclosed for due diligence purposes to allow a potential buyer or investor to assess our business. The legal basis for such processing of your personal data is the legitimate interest to conduct such a business transaction.

    • Law enforcement, regulators, and other parties for legal reasons. Third parties as required by law or if we reasonably believe that such action is necessary to:
      • Comply with the law and the reasonable requests of law enforcement;
      • Comply with legal process;
      • Receive legal advice;
      • Respond to requests from public or government authorities, including public or government authorities outside your country of residence;
      • Detect and investigate illegal activities and breaches of agreements; and
      • Exercise or protect the rights, property, or personal safety of you, Tejas, our Team Members, or third parties.
        The legal bases for such processing of your
        personal data are:

      • the fulfilment of legal obligations; and
      • the legitimate interest in preventing adverse consequences for refusal to comply with governmentally binding disclosures; detecting and investigating illegal activities and breaches of agreements; and exercising or protecting the rights, property, or personal safety of you, Tejas, our Team Members or third parties.
    • Third parties you request or consent we disclose certain personal data to, such as banks, third party payroll service providers and insurance providers  as may be required for the employment purpose, if you apply for a mortgage or another (potential) employer if you seek a reference from us. The legal basis for such processing of your personal data is your consent.
    • Third parties where the disclosure is necessary as part of your job role, such as by providing your work contact details to customers or service providers to facilitate communication with you. The legal basis for such processing of your personal data is the performance of the employment contract or prior to entering into the employment contract. 

8. INTERNATIONAL TRANSFER OF AND ACCESS TO YOUR INFORMATION

It is possible that we or one of our service providers may process your data in a so-called third country, i.e., outside the European Economic Area, or access it from such a country (e.g., to carry out maintenance work). If this is the case, we ensure that your data is still subject to an appropriate level of protection by applying one or more security mechanisms, including, but not limited to: 

An adequacy decision exists from the European Commission for the relevant country (e.g., the United Kingdom) or the relevant company (e.g., companies certified under the EU-US Data Privacy Framework). With such a decision, the European Commission determines that a level of data protection that is essentially the same as in the EU can be expected. 

We conclude the standard contractual clauses issued by the European Commission, if necessary, in conjunction with appropriate additional measures. The decision and the sample text of these standard contractual clauses can be found here. 

The transfer takes place within the framework of suitable guarantees, such as binding corporate rules. 

9. WHAT ARE YOUR RIGHTS IN RELATON TO YOUR PERSONAL DATA? 

Below you will find a list of your rights regarding the processing of your personal data: 

  • Right of access: 
    You have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about this personal data, in particular (i) information on the categories of personal data, the purposes of the processing and information on how we determine the retention and storage periods, (ii) information on the recipients or categories of recipients to whom we disclose your personal data, in particular recipients in third countries and (iii) under certain circumstances, a copy of the data that is the subject of the processing.

  • Right to rectification:
    You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

  • Right to erasure:
    You have the right to request that we erase your data without undue delay if (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) your data are processed on the basis of your consent and you withdraw your consent, (iii) you have objected to processing and there are no overriding legitimate grounds for the processing, or you have objected to the processing, (iv) your personal data are being processed unlawfully, or (v) the erasure of your personal data is necessary for compliance with a legal obligation to which we are subject. 

  • Right to restriction of processing:
    You have the right to request the restriction of processing. This means that you can demand that we restrict the purposes of the processing. The right to restriction exists if (i) you have contested the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) we no longer need the personal data for the purposes of the processing, but they are required by us, for example for the establishment, exercise or defense of legal claims or as per applicable law, or (iv) you have objected to processing, you have objected to processing pending the verification whether our legitimate grounds override yours.

  • Right to data portability:
    You have the right to receive personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR, and the processing is carried out by automated means.

  • Right to information:
    You have the right to request information about the recipients of data to whom a correction, deletion or restriction of the processing of your personal data has been communicated.

  • Right to object
    You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data where such processing is for the purposes of our legitimate interests, including profiling based on those interests (e.g., for creditworthiness assessment). Further processing of your personal data will then no longer take place unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. You also have the right to object to processing for direct marketing purposes at any time.

  • Right to lodge a complaint:
    You have the right to lodge a complaint with the competent supervisory authority against the processing of your personal data or any
    other decision by Tejas.


    The supervisory authority responsible for
    :

    1. Italian individuals is Garante per la Protezione dei Dati Personali; Address: Piazza Venezia 11, 00187, Rome; Phone: +39 06.696771, E-Mail: protocollo@gpdp.it;
      PEC:
      protocollo@pec.gpdp.it 
    2. Indian individuals as provided as per applicable laws.

Annex 1 

Personal data we collect, purposes of processing, legal basis and data retention 

Category of personal data How we use it Legal basis for the processing Retention period 

Work contact details and other related information, such as: 

title, first name, last name, Tejas Company email address, telephone number, and photographs. 

Job role information, such as: 

Position held, job description, responsibilities and assignments, and years of service. 

Work-related identifiers, namely internal identification number such as employee ID, user ID, system usernames, and IP address. Passwords 

in hashed form. 

We use this information to: 

  • open and maintain employment records; 
  • communicate with employees for internal business purposes or emergencies; 
  • talent management and performance reviews; 
  • communicate with customers and vendors; and 
  • maintain an internal employee directory. 
  • allocate resources; 
  • plan and strategize group business (including budgeting and profitability analysis); and 
  • manage, forecast and assess human resources.  
  • communicate with Team Members for internal business purposes or emergencies; 
  • maintain a companywide directory; 
  • grant and secure access to internal systems; and 
  • monitor compliance with internal rules and policies. 

The processing of personal data is necessary for: 

  • The performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; 

 

or, where the processing does not fall within what is necessary for the employment contract: 

 

  • our legitimate interests, namely managing our human resources, and customer and vendor relationship management. 
Up to ten years from the end of your engagement with Tejas. 

Personal contact details and other related documents, such as: 

title, first name, last name, personal email, home address and telephone number. 

Nationality, citizenship and right to work information, such as: 

country of birth, government identification numbers, passport number (and possibly a copy of relevant pages of the identification document), and visa information. 

We use this information to: 

  • maintain employment records; 
  • communicate with employees in an emergency; 
  • process payroll; and 
  • communicate with employees regarding their employment relationship;  
  • determine employees’ eligibility to work; 
  • fulfil our obligations to relevant government authorities (including tax authorities). 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; 

 

or, where the processing also does not fall within what is necessary for the employment contract, 

 

  • our legitimate interests, namely managing our human resources. 

 

If your application at Tejas is unsuccessful or your employment at Tejas ends and you consent to keep in touch with us, the legal basis for the processing of your personal data is your consent. 

Any information obtained in course of payroll processing is, depending on the specific document, kept up to ten years from the end of your engagement with Tejas, unless 

  • further retention is required for the exercise or defence of Tejas legal interests. 

Any information collected in the course of an: 

  • unsuccessful application with respect to European Union individuals will be deleted within six to nine months after the decision on the application; 
  • successful application information is kept in HR file for three years after termination. 

The information may be stored longer, if you consent to keep in touch for the future, in which case, contact details will be retained until you withdraw the consent. 

 

Payroll and benefits information, such as: 

Salary details, bonus payments, pension details, health insurance, share scheme details, company car scheme details, and religious tax (this could indicate sensitive information of religious beliefs).  

Absence records, such as: 

records relating to time away from the office, including holiday, illness, and paternity/maternity leave; Child-sick-days and name of the child; date of birth of the child. 

 

We use this information to: 

  • maintain employment records; 
  • allocate resources; 
  • manage, forecast, assess and make business decisions in relation to financial and other obligations to employees and third parties (such as tax authorities and beneficiaries) in relation to any benefits owed to employees; 
  • plan and strategize group business (including budgeting and profitability analysis); 
  • process payroll; and 
  • to comply with legal obligations. 
  • manage absence and sickness; 
  • make decisions relating to human resource allocation, salary and benefit changes; 
  • address other issues that may arise from absences; 
  • prepare for reporting and strategic planning, including the preparation of statistics for analysis; 
  • plan health meetings; 
  • implementing operational integration management (where applicable); 
  • comply with legal requirements with regard to recording absences (illness, maternity leave, family care, etc.); and 

 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 
  • exercising rights or complying with legal obligations derived from labour law, social security and social protection law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract. 

 

To the extent sensitive information is affected, the processing is based on: 

  • our obligations and rights to assert rights in the field of employment social security law and social protection law. 
Payroll and related accounts information:
ten years General payroll, payroll tax, and certain other tax-related records: Up to ten years from the end of the fiscal year in which the employment contract was terminated.  Entitlements to benefits from the company pension scheme / documents relating to pension provision via pension funds: 30 years after termination of your employment for Tejas. Maternity leave: up to two years from end of maternity leave taken. If such information is of tax or commercial relevance, longer periods of up to ten years apply. Certificates of incapacity for work:
four years after the entitlement to reimbursement arises; without payment of remuneration, one year after receipt. Other records: Maximum period of
five years from the end of your engagement with Tejas. If such information is information with tax or commercial relevance, longer periods of up to ten years apply 

Financial details, such as: 

bank account numbers and credit card details, and national identification information.   

We use this information to: 

  • pay salaries and other benefits to employees; and 
  • process expenses. 

The processing of personal data is necessary for: 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract. 
Ten years from the end of your engagement with Tejas. 

Details of partners, dependents, beneficiaries, such as: 

Name; marital status; eventually also social security number or tax identification number. 

We use this information to: 

  • process benefits (including state taxes and social security benefits) to which employees’ partners, dependents, or other beneficiaries may be entitled. 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract. 
Up to six years from the end of your engagement with Tejas. 

Emergency contact information, such as: 

next of kin; doctors; health-related information depending on the emergency. 

 

We use this information to: 

  • contact the designated contacts in the case of an emergency; and 
  • mitigate risks in case of an emergency. 

The processing is based on: 

  • your consent.
     

To the extent this information contains personal data of third persons (such as your family members), the processing is based on:  

  • our legitimate interests, namely protecting the interests of our employees in case of an emergency.  
Up to three years from the end of your engagement with Tejas. 

Performance and development records, such as: 

training records, records of courses and training undertaken, performance reviews and assessments. 

 

We use this information to: 

  • conduct performance appraisals; 
  • facilitate talent and performance management; 
  • assist with career planning, skills monitoring; 
  • assess suitability for, and process promotions, job moves and staff restructuring; 
  • provide other affiliated Tejas companies with employment references for future applications, as appropriate, for example applications with international ambitions; and 
  • fulfil our regulatory obligations including demonstrating compliance with regulatory and professional requirements in relation to compliance, training and audits. 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • The performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; 

 

or, where the processing also does not fall within what is necessary for the employment contract, 

 

  • our legitimate interests, namely managing our human resources and increasing the quality of our professional activity. 

If hours worked are also included: five years from the end of your engagement with Tejas. 

Otherwise, up to three years from the end of your engagement with Tejas. 

Disciplinary, capability and conduct records, such as: 

details of warnings letters and other behavioural records. 

We use this information to: 

  • conduct disciplinary actions, evaluate complaints, skills and conduct, and take action in this regard; 
  • maintain employment records; 
  • monitor and improve our human resources procedures and processes; and 
  • fulfil our obligations to regulators. 

The processing of personal data is necessary for: 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; 

 

or, where the processing does not fall within what is necessary for the employment contract, 

 

  • our legitimate interests, namely managing our human resources, ensuring compliance with internal policies and procedures, and fulfilment of our professional obligations. 

Disciplinary letters: ten years after they are issued, if no similar violations have occurred since then and if needed for future proceedings in case of repeated misconduct. 

Other records: ten years after you stop working for Tejas. 

Disability and health records, such as: 

information relating to any disability or health condition that are relevant to an individual’s job role.  

Equal opportunities information, such as 

information relating to gender, ethnicity, religion, and sexual orientation. 

Health and safety records: 

including information relating to health and safety in the workplace, accidents and near misses. 

Professional and trade union memberships, such as: 

membership of professional bodies, consultation bodies, including works councils and trade unions. 

We use this information to: 

  • fulfil legal obligations to employees; 
  • assist employees in the performance of their job role;  
  • determine whether an employee is fit to undertake tasks required by their job role;  
  • conduct equal opportunity and diversity monitoring, where permitted or required by law; 
  • address legal obligations to employees in relation to health and safety in the workplace. 
  • perform our legal obligations in relation to professional or trade membership. 

We will process this personal data only to the extent of: 

  • our obligations and rights to exercise specific rights in the field of employment social security law and social protection law; 
  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 

  

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; 

 

or, where the processing also does not fall within what is necessary for the employment contract, 

 

  • our legitimate interests, namely managing our human resources, ensuring compliance with internal policies and procedures, and fulfilment of our professional obligations. 

To the extent sensitive information is affected, the processing is based on: 

exercising rights or comply with legal obligations derived from labour law, social security and social protection law. 

Up to three years from the end of your engagement with Tejas. 

Recruitment information, such as: 

CVs, references and recruitment assessments, including opinions and comments of interviewers and the recruitment team, and your contract with Tejas. 

 

We use this information to: 

  • assess and maintain a record of suitability or eligibility for a position; and 
  • fulfil our obligations to regulators, including demonstrating the suitability of employees for their role to regulators and professional bodies. 

 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 
  • exercising rights or complying with legal obligations derived from labour law, social security and social protection law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract, or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract. 

 

If your application at Tejas is unsuccessful or your employment at Tejas ends and you consent to keep in touch, the legal basis for the processing of your personal data is your consent. 

Any information collected in the course of an: 

  • unsuccessful application with respect to European Union individuals will be deleted within six to nine months after the decision on the application; 
  • successful application, information is kept in HR file for three years after termination. 

 

The information may be stored longer for up to 10 years, if you consent to keep in touch for the future, in which case, contact details will be retained until you withdraw your consent.  

 

Any other information provided by you that is stored on Tejas equipment and computer systems, such as: 

electronic communications, information relating to use of the computer systems, documents stored on company hardware, IP address, username, and password. 

We use this information to: 

  • monitor compliance with internal rules and policies; 
  • investigate (potential) security breaches and misuse of computer equipment and systems; and 
  • maintain and secure records in accordance with back-up and disaster recovery plans. 

 

 

  • our legitimate interests, namely managing our human resources, maintaining our IT systems and their security, ensuring compliance with internal policies and procedures, and fulfilment of our professional obligations. 
For no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests. 

Information collected through monitoring of Team Member communications and use of employer equipment, such as:  

IP address, URL visited, and meta data on downloaded files. 

We use this information to: 

  • monitor compliance with internal rules and policies; 
  • investigate (potential) security breaches and misuse of computer equipment and systems; and 
  • detect crimes. 

The processing of personal data is necessary for: 

  • Fulfilling legal obligations, such as those under the Social Security and Employment or tax law; 
  • exercising rights or comply with legal obligations derived from labour law, social security and social protection law; 

 

or, where the processing is not in relation to the fulfilment of a legal obligation, 

 

  • the performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract;
     

or, where the processing also does not fall within what is necessary for the employment contract, 

 

  • our legitimate interests, namely managing our human resources, providing internal computer systems, ensuring the security of such systems, and detect crime. 

For no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests, but no longer than 90 days, unless  

  • further retention is required for the exercise or defence of Tejas legal interests; 
  • we detect any criminal activity; or 
  • we are required by law or binding order by an authority to store the information further. 


Annex 2

Categories of third-party Service Providers

Categories of third-party Service Providers
Payroll
Accounting, taxes, consulting
Global employment solution
Recruiting software
Employee development service
Tool for collaborative working
Tool for benefits, HR, and payroll
Cloud storage provider
Ethic hotline
Backup storage
Electronic communication
Reimbursement of business spending / travel costs
Customer support platform
Scroll to Top