Societe Generale Global Solution Centre (hereinafter referred to as "SG GSC” or “we” or “our” or “us”), a member entity of Société Générale Group, pays great attention to protect personal data and respect data privacy of individuals, including our customers and clients in accordance with legal requirements.
We are committed to adhere to the Information Technology Act, 2000 for the time being in force (“Act”) and the Information Technology (Reasonable Security Practices and Procedures And Sensitive Personal Data Or Information) Rules, 2011 for the time being in force (“Rules”) and in accordance with applicable laws.
"Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
“Sensitive personal data or information” of a person means such personal information which consists of information relating to; —
- financial information such as Bank account or credit card or debit card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- Biometric information;
- any detail relating to the above clauses as provided to body corporate for providing service; and
- any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
Who is concerned by this policy?
This policy is intended to onboard you as a vendor, service provider or to provide our products and services or to process your job application or onboard you as an employee of SG GSC, either directly via our recruitment site or at trade fairs and forums, by letter, email, via recruitment firms, through employees (as part of co-optation), job sites or social networks (such as LinkedIn) or any other useful means of finding candidates.
In the event that we need to ask for a reference, this will be carried out within the applicable regulatory framework (with the candidate’s prior agreement for recruitment). This policy therefore also applies to candidate's referees, whose personal data may be collected during verification.
Unless otherwise stated, we refer collectively to the groups of people referred to above as “you”.
What type of personal data & sensitive personal data do we collect?
We may need to process various types of personal data, including but not limited to:
- Identification data (e.g. first name, last name, email ID and contact details, etc.);
- Financial data (e.g. bank account, credit history, etc.);
- Health data (e.g. medical records, medical certificates, etc.);
- Official identifier (e.g. Aadhar, Passport, PAN, etc.) ;
- Login data used by you to access our website, Log files such as Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP) etc.
We may use third party services for such automatic collection, however no personally identifiable information will be shared with such third parties, unless required under applicable laws.
By providing your details/documents via the App / Website, including but not limited to personal data as mentioned herein above, you expressly consent to the processing of such information by us.
The providing of your Personal Data is voluntary. However, if you do not provide us your Personal Data, your request may be incomplete, and we will not be able to process your request and the Personal Data for the Purposes outlined below and may cause us to be unable to allow you to engage with us or use our products and service.
If you choose to provide us with a third party's Personal Data, you represent and warrant that you have the third party's permission/consent to do so.
For what purposes do we collect or use your personal data?
For recruitment purposes:
When browsing our recruitment site and creating your candidate profile, we may collect personal data about you, in our capacity as controller.
The data collected are processed with your consent, unless otherwise required by legal or regulatory requirements. The data strictly necessary for examining your application are identified by an asterisk or other equivalent symbol. For data not identified by an asterisk, failure to respond will not impact the handling of your application.
During consideration of your application, your personal data is processed with your consent. By submitting your application, you consent to the processing of your personal data in accordance with the purposes of this policy. In very exceptional cases, some processing relating to the recruitment process may be required in order to comply with our legal, regulatory obligations or be justified by our legitimate interest and therefore not require your prior consent.
Refusal or withdrawal of your consent to the processing of all or part of your personal data may have consequences on the processing of your application by preventing it from being considered fairly compared with other applications. Such withdrawal may therefore constitute abandonment of your application.
If you have provided your consent – by third parties such as recruitment agencies, job boards for SG GSC employees or professional social networks (LinkedIn, etc.). In this case, it is specified that we are not responsible for the processing of your personal data by those third parties (with whom you have an independent relationship), SG GSC acting solely as recipient in this respect.
For our legitimate business requirements & purposes:
We may use your Personal Data for our legitimate business requirements and related activities, which shall include, without limitation the following (the “Purpose”):
- To perform our obligations in respect of any contract entered with you;
- To onboard or register you as vendor or service provider with us;
- To process your application for any employment with us, conduct background verification and for related purposes;
- To respond to your inquiries or to fulfill and process your request;
- To process your participation in any events, promotions, activities, focus groups, research studies, contests, polls, surveys or any productions and to communicate with you regarding your attendance thereto;
- To notify, communicate and invite you to event or activities organized by us, our partners, advertisers, and or sponsors;
- To send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings from us, our partners, advertisers and or sponsors;
- To provide our products and services and for other purposes incidental to the same;
- For internal administrative purposes, such as process improvements, data analysis, database optimizations;
- For purposes of detection, prevention and prosecution of crime;
- For us to comply with its obligations under any law;
- To comply with the law on in a judicial proceeding or other legal processes to exercise our legal rights or defend against legal claims
Who your data may be disclosed to?
In the course of our business, we may share your Personal Data with third-parties as described below:
- With our parent entity Société Générale (SG) and its affiliates and subsidiaries worldwide in connection with the business activities of SG GSC and the SG Group.
- With third-party vendors, service providers, contractors, business partners or agents as required to perform specific tasks/obligations on our behalf.
- With our partners who perform services for us (e.g. Payments, settlement, service providers etc.) and help us operate our business.
- With regulatory authorities to comply with regulatory requirements.
- With third-parties, in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.
We ensure that the data transfers or exchanges with third parties are necessary and are carried out within the limit of these purposes, while providing all the appropriate data protection safeguards.
Exceptionally and in compliance with applicable regulations, some of your personal data may also be sent to third parties in India or abroad for the purpose of establishing, safeguarding or defending a right in court, in the context of administrative or criminal investigations by one or more regulators, compliance with commitments made to them or in the context of legal disputes of any kind.
Some of your personal data may particularly be sent not only to regulators or judicial authorities but also to Société Générale’s advisors and those of the other parties to the proceedings, as well as to those parties themselves. In that case, Société Générale ensures that data transferred or exchanged are relevant and necessary for the purposes referred to above.
How do we ensure the security and confidentiality of your personal data?
We take all appropriate security measures to ensure the security and confidentiality of your personal data, with a view to protecting them from any loss, accidental destruction, alteration or unauthorized access. Security is essential to our activities. When we use subcontractors or service providers, we select them based on the quality and safety criteria they are able to offer. We therefore impose confidentiality rules on our subcontractors and our service providers that are at least equivalent to our own.
For the protection of your personal data, we implemented the following technical and organizational measures, against unauthorized access, loss or unlawful disclosure, unauthorized handling, alteration or destruction. Measures are implemented to control access to processing and secure the communication of personal data.
The security measures applied by SG GSC include:
- Implementation and periodic review of the Policies, Procedures and Work instructions for ensuring the security of personal data;
- Periodic training, through dedicated courses, of the employees who process personal data;
- Limitation of the access to personal data in accordance with the need to know, the need to see and need to have principle;
- Processing of personal data lawfully, fairly and transparently;
- Limitation on purpose of processing of personal data in accordance with specific, explicit and legitimate purposes;
- Limitation on collection of personal data in accordance with data minimization principle;
- Securing access to the applications and files containing personal data;
- Monitoring of processes of personal data transfer carried out via the e-mail service;
- Ensuring personal data processed is complete, accurate, not misleading and updated periodically to maintain quality of data;
- Apply restriction on retention of personal data and kept in accordance with the defined retention periods;
- Processing of personal data in a way that ensures appropriate security
- Encryption of the communications containing personal data, etc.
We implement the necessary measures to respect the protection of personal data, both from the design stage, for example of a service or an application, and during their usage period. When necessary, we also carry out privacy impact assessments on protection of the personal data in question.
How long are your data kept?
We will retain and use your Personal Data as needed to fulfil the purpose for which it was collected and as necessary to comply with our business requirements, legal obligations, resolve disputes or enforce our agreements. Subject to any applicable business, legal, or regulatory requirements, we delete or erase Personal Data when it is no longer required to enforce our rights or meet our obligations. We may retain the Personal Data for a longer period if it is necessary to comply with any obligation under any law for the time being in force.
Post termination of your account, we may continue to use your anonymised data aggregated or in combination with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes. We may keep your contact information along with your application details (if any) for fraud prevention purposes and for the exercise/ defence of a legal claim or for providing evidence in legal proceeding(s) if required.
How can you exercise your rights?
Where permitted by law, SG GSC will take reasonable steps to permit you to access and modify Personal Data that you have submitted or shared with us, but we reserve the right to use Personal Data obtained or provided previously to verify your identity or take other actions that we believe are appropriate. Within the limits and conditions permitted by applicable regulation, where applicable you can exercise your right, therefore;
- request access to your personal data (right to confirmation & access);
- correct, complete, update and erase your personal data (right of correction and erasure), it being specified that erasure can only occur when the personal data are no longer necessary for the purposes for which they were collected or processed;
- request a restriction or prevent the continuing disclosure of your personal data (right to be forgotten);
- receive or request the transfer of your personal data where processing has been carried out by automated means (right to portability);
Exercise of these rights is subject to several conditions specified in the applicable regulations and must be exercised in accordance with them. You may exercise your rights under applicable data protection laws by contacting us directly at the following email address provided as below: email@example.com
We will acknowledge the receipt of such request and respond to your request within 30 days or as period specified by applicable regulations. If we are unable to comply with your request, we will provide you with an explanation.
Confidentiality of your account:
Link to third party sites:
Our Website and Services may contain links to third party websites or automatically produce search results that refer or link to other party websites. We are providing these links to you only as a convenience and the inclusion of any of these links does not constitute any endorsement by us. Links to other websites are not under the control of us and we are not responsible for the content or the accuracy or reliability of any such contents and materials made on any linked site or any link contained in a linked site, or any changes or updates to such sites. Any access to and use of such linked sites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information and privacy practices of such third-party websites. Third parties may independently collect information about their website visitors. We cannot control the collection of this information. Your use of third-party websites is at your own risk.
If you have any queries, complaint, grievance or want to exercise your rights under the relevant and applicable data protection regulation, you may write to us at: firstname.lastname@example.org
Data Privacy Officer (DPO)
Société Générale Global Solution Centre Pvt. Ltd.
10th Floor Voyager Building, ITPB, Whitefield Road, Bangalore, India - 560 066.
Amendment of this policy
We reserve the right to change or modify the Policy at any time and in our sole discretion. If we decide to change our Policy, we will post those changes on this page. When you visit the Website, you are accepting the current version of this Policy as posted on the Website at that time. We recommend that users revisit this Policy on occasion to learn of any changes.
Governing Law & Jurisdiction
This Policy shall be governed and construed in accordance with the laws of India. The courts of Bangalore shall have the exclusive jurisdiction for any litigation that may arise under this Policy.