If you don’t want to provide us with the information requested, ITC might not be able to meet all of the obligations to you that we outlined in your employee contract. We will inform you in the event we are unable to comply with the conditions of your contract due to missing or withheld data.

We may anonymise your personal data in some cases so that it cannot be used to identify you. This may be done without notifying you.

After your relationship with our company has ended and you are no longer an employee at ITC, we will store and/or securely destroy the data we hold relating to you in-line with applicable regulations.

There may be limited circumstances in which your data must be transferred outside the country of your residence. This will only ever be done to comply with our legal obligations, or our company’s contractual obligations to you as our employee. To protect your personal data, ITC has implemented the following safeguards for data transfers:  
‍

• Access Controls

• Data Minimization

• Employee Training

• Incident Response Plan

• Legal Compliance

• Regular Audits and Monitoring

• Secure Transfer Protocols  

• Data Encryption

Your personal data will be stored for a period of 1 year, unless otherwise noted. Criteria used for determining data retention for other situations are as follows:  

1. Employment Records

• Contracts and Agreements: Employment contracts, non-disclosure agreements, and other binding documents.

• Job Descriptions and Performance Reviews: Historical records that can inform future hiring, training, and promotions.

2. Payroll and Compensation Information

• Tax Records: Payroll data for tax reporting and compliance (often required to be kept for several years).

• Compensation History: Information about salary changes, bonuses, and benefits over time.

3. Training and Certification Records

• Training History: Documentation of employee training programs and certifications that may be relevant for compliance or future roles.

4. Health and Safety Records

• Workplace Injury Reports: Records related to workplace injuries, which may need to be maintained for legal or insurance reasons.

5. Disciplinary Records

• Employee Misconduct Documentation: Records of disciplinary actions, which can be important for future evaluations or legal compliance.

6. Termination Records

• Exit Interviews and Termination Documentation: Records that may be relevant for understanding past employment practices and trends.

7. Legal Compliance Documentation

• EEO Data: Records required for equal employment opportunity compliance and other legal obligations.

8. Succession Planning

• Talent Assessments and Development Plans: Data that can inform future talent management and succession planning efforts.

9. Pension and Retirement Information

• Retirement Benefits Documentation: Information related to pension plans or retirement benefits, often needed for years after employment ends.

10. Client and Project Involvement

• Project History: Documentation of employee involvement in significant projects or client accounts that may have long-term relevance.

There may also be situations in which your data is used as part of automated decision-making processes. Examples of these processes include profiling activity, as well as:

1. Recruitment and Hiring

• Resume Screening: Algorithms can automatically scan and rank resumes based on predefined criteria, streamlining the initial selection process.

• Candidate Assessment: Automated tools may evaluate candidates through online tests or assessments, providing insights into their suitability for specific roles.

2. Performance Management

• Performance Analytics: Automated systems can analyze employee performance data, identifying trends and generating performance reviews based on predefined metrics.

• Feedback Mechanisms: Automated tools can gather and analyze feedback from multiple sources, facilitating 360-degree reviews.

3. Employee Engagement

• Pulse Surveys: Automated survey tools can regularly assess employee engagement and satisfaction, providing real-time feedback to HR.

• Sentiment Analysis: Using natural language processing, organizations can analyze employee communications (e.g., emails, chat) to gauge overall morale and sentiment.

4. Promotion and Career Development

• Promotion Algorithms: Data-driven systems can analyze qualifications, performance metrics, and skill gaps to recommend candidates for promotions or leadership roles.

• Training Recommendations: Automated systems can suggest training programs based on employee performance data and career aspirations.

5. Workforce Planning

• Predictive Analytics: Automated tools can forecast workforce needs by analyzing trends in employee turnover, performance, and external labor market conditions.

• Skill Gap Analysis: Automated systems can identify skill shortages within teams and recommend hiring or training initiatives.

6. Compensation and Benefits

• Salary Benchmarking: Automated tools can analyze industry data to recommend competitive compensation packages based on employee performance and market conditions.

• Benefits Administration: Systems can automate enrollment and management of employee benefits, tailoring options based on individual needs.

7. Compliance Monitoring

• Data Privacy Compliance: Automated systems can monitor access to sensitive employee data, ensuring compliance with regulations like GDPR.

• Policy Enforcement: Tools can analyze employee behavior against company policies to identify potential compliance issues.
  
  

Our legitimate interests

ITC may occasionally need to process your data to pursue legitimate interests relating to our company and its business interests. Examples of situations in which we may process your personal data in the legitimate interests of the company include (but are not limited to):  

• Fraud prevention

• Administrative purposes

• Crime reporting and detection

• Regulatory and compliance perspective

ITC will never use your information or wilfully process your data in any situation in which your own interests outweigh the legitimate interests of our company. We process your personal data only within our rights as enshrined in law, and we do so in a way that is transparent and fair.

We may occasionally need to process your data to ensure it is accurate and up-to-date or to ensure it is safe and secure.

What information do we collect?

ITC collects, stores and processes the following types of information about you as an employee:

• Your name

• Your title

• Your date of birth

• Your gender

• Your present address

• Your permanent address

• Your telephone number(s)  

• Your personal email address(es)

• Your marital status  

• Information about dependents

• Your emergency contact information

• Your next of kin

• Your bank account details

• Your tax information

• Your payroll records

• Your salary

• Information about your annual leave

• Your benefits information

• Your National Insurance/AVS/Aadhar/Social Security number or its county equivalent

• Your photograph(s)

• Location of your employment or place of work

• A copy of your driving license

• A copy of your passport

• Your right to work documentation (if applicable)/Visas/Work Permits

• Your referees

• Your CV/Employment history

• Your performance history

• Your disciplinary history

• Your grievance history

• CCTV footage (if applicable)

• Electronic key card records (if applicable)

• Information about your use of information systems

• Your Geolocation and IP numbers

• Your background verification reports
  
  

 Why do we process your information?

ITC may process your data for the following reasons:

• To make a decision about your appointment

• To carry out payroll processes

• To provide you with benefits

• To file withholding taxes or any other relevant taxes as mandated by the law of the land

• To liaise with your pension provider

• To administer other elements of your contract

• To manage performance

• To carry out accounting and auditing functions

• To assess your qualifications for a particular project, task or promotion

• To make a decision about salary reviews

• To make a decision about your continued employment

• To gather evidence about grievance or disciplinary hearings

• To address legal disputes

• To share the team and individual strengths with prospective clients on need basis

• To decide about terminating our relationship

• To assess your education or training requirements

• To manage your absences

• To ascertain your fitness to work

• To comply with health and safety obligations

• To carry out equal opportunities monitoring

• To check misuse of position in the company

• To prevent fraud and cheating  

• To ensure network and information security

• To conduct data analytics

It is inevitable that in your capacity as an employee you will be referred to in company records. Please also note that wherever necessary, ITC may need to keep information relating to your health, such as reasons for absence and evidence of GP notes. This information will only ever be used to comply with our health and safety obligations and to administer benefits such as statutory sick pay or health insurances if applicable.

If we need to process special categories of data, we will always obtain your explicit consent and explain for what purpose this information must be processed, unless this information is required to protect your health in an emergency, or if consent is not required by law.

Special categories of information may include (but are not limited to):

• Sexual orientation

• Racial or ethnic origin

• Political affiliations

• Religious affiliations

• Trade Union membership

• Biometric data

Where consent is given to process this information, you reserve the right to withdraw your consent at any time.

We will only ever disclose information about you to external parties if ITC is legally obligated to do so, or in situations in which we must disclose your information to comply with our company’s contractual obligations to you. Examples may include passing your contact details onto your pension provider. We may also transfer information about you to other companies within our wider family of companies, for purposes related to your employment or purposes related to company management and administration.

We may occasionally rely on profiling and/or automatic decision-making. This will only be used in certain limited situations,  

We also monitor computer and telephone usage, to ensure that employment activities are carried out in-line with our Data Protection Policy and the Company Handbook.  

To perform our contract with you or adhere to our legal requirements, your information may be transferred to global organisations. To ensure your data is protected, we have a list of security measures. A copy of these security measures can be requested from. A updated list of third parties who have your data can be requested from DPO.  

We will store your personal information for a period of 1 year. We will also rely on the criteria outlined in the retention schedule when deciding how long to store your information. If we decide to store your personal information for a new reason, or a reason which differs from the one it was originally collected and stored for, the Data Protection Officer will provide you with this reason and any other accompanying information.

 What are your rights?

ITC observes a host of regulatory obligations under the EU’s GDPR legislation and the Data Protection Act 2018. As part of our ongoing commitment to preserve and uphold these regulatory commitments, we will also uphold your personal rights under these regulations.

Your statutory rights under GDPR and the Data Protection Act 2018 include:

• The right to request access to your personal information (also known as a ‘data subject access request’)

• The right to request corrections be made to the data we hold about you

• The right to request erasure of your personal data

• The right to object to the processing of your data

• The right to request any restrictions to the processing of your data

• The right to request the transfer of your data to another party