Last Modified: October 2024

1. SCOPE OF THIS PRIVACY NOTICE

Tejas Networks Limited (“Tejas“, “we“, “us” or “our“) are committed to protecting the personal data of our Team Members (“Team Members“). Team Members include employees, consultants, advisors, trainees, applicants, agency workers, interns and contractors who are engaged by Tejas and its affiliates. 

This Privacy Notice (“Notice“) describes how we process your personal data. Personal data means any information that can be used to directly or indirectly identify a natural person or that is likely to make a person identifiable (“personal data“). By way of example, a person can be identified by reference to an identifier such as a name, an identification number, location data or by reference to individual physical, physiological, economic, or cultural identity characteristics. 

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data. It does not matter whether the data processing is automated or not. Processing may include, for example, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data. 

2. WHO IS THE CONTROLLER AND TO WHOM CAN I REACH OUT?

We are the controller of the processing of personal data described in this privacy notice. This means that Tejas determines the purposes and means of the processing of your personal data. You can contact the following address for all data protection inquiries: 

Tejas Networks Limited
Plot No. 25, JP Software Park
Electronics City, Phase 1
Hosur Road
Bangalore (India):- 560 100
Phone:-  + 91 80 4179 4600/700/800
E-Mail:- dpo@tejasnetworks.com

3. WHAT DATA DO WE COLLECT? 

• Tejas collects and processes personal data about you when you voluntarily submit information directly to us, when you communicate with us in respect of your employment or when you fill in certain forms at the start of your employment. Such information typically includes your name, address, gender, marital status, emergency contacts, job references, education details, position, remuneration details, and previous employment history, and, as necessary, religious affiliations, trade union membership, and health-related information. When we collect such information from you, we will inform you if the information is mandatory or optional. If you do not provide any information which is marked as mandatory, we may be unable to perform some of our obligations to you. Particularly, we may not be able to make you an offer of employment.
• When necessary, we may also collect personal data about you from other parties, such as, for example, information collected through publicly accessible and available sources, including the Internet, if such information (i) is available without signing-up to a service or (ii) can be found on professional social media platforms (e.g., LinkedIn), as well as in the context of background checks.

• Tejas may also create and maintain internal records which may contain personal data about you, such as performance and development records, disciplinary, capability and conduct records, absence and attendance records. 

The table in Annex 1 sets out more information about the categories of personal data we collect about you. 

4. PURPOSES AND LEGAL BASES

The purposes and legal bases for processing your personal data may vary from case to case. In principle, we process your personal data for several purposes, including, but not limited to: 

The purposes and legal bases for processing your personal data may vary from case to case. In principle, we process your personal data for several purposes, including, but not limited to: 

• The processing of your personal data is necessary for hiring decisions or, after hiring, for carrying out or terminating the employment contract. For example, we process your personal data if you apply for a job, to contact you and maintain an internal employee directory, or to pay your salary. 

• We may process your personal data based on our legitimate interests, such as for our own business interests, for example, to defend against and exercise legal claims, to the extent our legitimate interests are not overridden by your interests or fundamental rights and freedoms. 

• We may process your personal data to comply with legal obligations. For example, we are required to retain certain information due to statutory law. 

• We may process special categories of information, e.g., health data, if this is, for example, necessary to exercise legal claims or to comply with legal obligations derived from employment law, society security and social protection law. 

• In certain limited circumstances, we may process certain personal data based on your consent. In general, we only request your voluntary consent when you have a legal or economic advantage or if we and you pursue the same interests. If we need your consent, we will notify you of the personal data we intend to use and how we will use it. You do not have to give your consent. Where you have granted us your consent to collect, use or disclose your personal data in a certain way, you have the right to withdraw your consent at any time with effect for the future. Please note that neither the refusal nor the withdrawal of your consent will have negative consequences for your employment relationship with us. 

Detailed information about how, and on which legal basis we process your personal data can be found in Annex 1. 

5. MONITORING of Our IT systems 

We may monitor the use of Tejas IT systems from time to time to detect misuse of the systems which may damage our business or endanger our systems, identify activities that constitute an infringement of our IT and security related policies or to detect a crime. We will not use the monitoring data for any other purposes as set out herein. For example, we use spam filters, virus protection and firewalls. You should be aware that monitoring may take place of incoming and outgoing emails, internet access and other forms of electronic communications in accordance with our policies and limited to what is legally permitted. 

In this context, we will in particular process the following types of personal data: date and time of internet activities, transmitted data volume, IP addresses, communication metadata, and user IDs. Pursuant to our Acceptable Use Policy, limited use of our IT systems for private purposes is permitted. However, in order to protect Tejas’ interest, we reserve the right to monitor and/or access our devices as outlined in that policy and in compliance with applicable law. Personal correspondence and files should therefore be stored in folders clearly identified as “Personal” and will be subject to review in accordance with applicable law. We generally do not advise employees to store any personal data on the company IT assets, however if stored, we shall not be held liable for any loss, damage and/or breach of such data.   

6. HOW LONG WE STORE YOUR INFORMATION 

We only process your personal data for as long as is necessary to fulfil the purposes for which it was collected. This also applies to the fulfilment of our legitimate interests or statutory retention and documentation obligations that we must observe. Subject to appliable laws and statutes, once the purposes have been fulfilled, your personal data will generally be deleted.

Upon request, we will delete the data collected and stored for the use of our website, unless we are legally required to keep this data or we need this data to protect, enforce or assert our rights. We will delete the data ourselves within a certain cycle and in accordance with any contractual obligations that we may be subject to, unless there is a special interest in continued storage in individual cases, e.g., in the event of cyber-attacks.

When determining the retention period required in individual cases, we take into account the scope, nature and sensitivity of the data, the potential risk of damage through unauthorized use or disclosure, the purposes for which we process your personal data and the applicable legal provisions.

Insofar as statutory retention and documentation obligations or the protection of our legitimate interests, which outweigh your conflicting interests, require longer storage, for example in the event of legal disputes, your personal data will be stored and processed for a longer period of time.

Detailed information about the retention periods can be found in Annex 1.

7. WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your personal data with the following recipients:

• Affiliates.  As we are a globally acting company that relies on centralized resources and global decision-making, we may in particular share and jointly process your personal data in connection with:
  • The provision of centralized human resources management;
  • Group business planning, budgeting, reporting, and strategy;
  • Group-level legal and regulatory compliance and managing associated risks, providing legal advice, and in connection with potential or actual litigation;
  • Auditing compliance with policies, procedures, applicable laws, and regulations;
  • Providing and administering whistleblowing schemes;
  • Internal accounting;
  • Reporting, assessing, and responding to claims for risk management;
  • The provision of centralized IT infrastructure such as information regarding security and monitoring of users’ traffic;
  • Customer support; and
  • Payroll processing.
    
    The legal bases for such processing of your personal data are:
    
    
    • The performance of the employment contract or, prior to the employment contract, actions such as hiring decisions or, after hiring, for carrying out or terminating the employment contract; and
    • our legitimate interests in the points described above.
  • Service providers and advisors: Third–party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing or email, tax and accounting, payments and payroll processing and travel booking services. Such information may be disclosed in connection with:
    • The provision of human resources management;
    • The provision of IT infrastructure;
    • Centralized processing of salary and benefits payments;
    • Obtaining professional services such as legal and accountancy services on behalf of the entire group.The legal bases for such processing of your personal data are: 
    • the performance of the employment contract or prior to entering into the employment contract; and 
    • our legitimate interests, namely our interest in managing our resources and pursuing our business as set out in Annex 1 and, in this context, obtaining professional services.our legitimate interests, namely our interest in managing our resources and pursuing our business as set out in Annex 1 and, in this context, obtaining professional services.
  • Purchasers and third parties in connection with a business transaction: personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. Such personal data may be disclosed for due diligence purposes to allow a potential buyer or investor to assess our business. The legal basis for such processing of your personal data is the legitimate interest to conduct such a business transaction.
  • Law enforcement, regulators, and other parties for legal reasons. Third parties as required by law or if we reasonably believe that such action is necessary to:
    • Comply with the law and the reasonable requests of law enforcement;
    • Comply with legal process;
    • Receive legal advice;
    • Respond to requests from public or government authorities, including public or government authorities outside your country of residence;
    • Detect and investigate illegal activities and breaches of agreements; and
    • Exercise or protect the rights, property, or personal safety of you, Tejas, our Team Members, or third parties.
      The legal bases for such processing of your personal data are:
      
    • the fulfilment of legal obligations; and
      
    • the legitimate interest in preventing adverse consequences for refusal to comply with governmentally binding disclosures; detecting and investigating illegal activities and breaches of agreements; and exercising or protecting the rights, property, or personal safety of you, Tejas, our Team Members or third parties.
  • Third parties you request or consent we disclose certain personal data to, such as banks, third party payroll service providers and insurance providers  as may be required for the employment purpose, if you apply for a mortgage or another (potential) employer if you seek a reference from us. The legal basis for such processing of your personal data is your consent.
  • Third parties where the disclosure is necessary as part of your job role, such as by providing your work contact details to customers or service providers to facilitate communication with you. The legal basis for such processing of your personal data is the performance of the employment contract or prior to entering into the employment contract. 

8. INTERNATIONAL TRANSFER OF AND ACCESS TO YOUR INFORMATION

It is possible that we or one of our service providers may process your data in a so-called third country, i.e., outside the European Economic Area, or access it from such a country (e.g., to carry out maintenance work). If this is the case, we ensure that your data is still subject to an appropriate level of protection by applying one or more security mechanisms, including, but not limited to: 

An adequacy decision exists from the European Commission for the relevant country (e.g., the United Kingdom) or the relevant company (e.g., companies certified under the EU-US Data Privacy Framework). With such a decision, the European Commission determines that a level of data protection that is essentially the same as in the EU can be expected. 

We conclude the standard contractual clauses issued by the European Commission, if necessary, in conjunction with appropriate additional measures. The decision and the sample text of these standard contractual clauses can be found here. 

The transfer takes place within the framework of suitable guarantees, such as binding corporate rules. 

9. WHAT ARE YOUR RIGHTS IN RELATON TO YOUR PERSONAL DATA? 

Below you will find a list of your rights regarding the processing of your personal data: 

• Right of access: 
  You have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have the right to information about this personal data, in particular (i) information on the categories of personal data, the purposes of the processing and information on how we determine the retention and storage periods, (ii) information on the recipients or categories of recipients to whom we disclose your personal data, in particular recipients in third countries and (iii) under certain circumstances, a copy of the data that is the subject of the processing.
• Right to rectification:
  You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
  
  
• Right to erasure:
  You have the right to request that we erase your data without undue delay if (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) your data are processed on the basis of your consent and you withdraw your consent, (iii) you have objected to processing and there are no overriding legitimate grounds for the processing, or you have objected to the processing, (iv) your personal data are being processed unlawfully, or (v) the erasure of your personal data is necessary for compliance with a legal obligation to which we are subject.
  
  
• Right to restriction of processing:
  You have the right to request the restriction of processing. This means that you can demand that we restrict the purposes of the processing. The right to restriction exists if (i) you have contested the accuracy of the personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (iii) we no longer need the personal data for the purposes of the processing, but they are required by us, for example for the establishment, exercise or defense of legal claims or as per applicable law, or (iv) you have objected to processing, you have objected to processing pending the verification whether our legitimate grounds override yours.
  
  
• Right to data portability:
  You have the right to receive personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR, and the processing is carried out by automated means.
  
  
• Right to information:
  You have the right to request information about the recipients of data to whom a correction, deletion or restriction of the processing of your personal data has been communicated.
  
  
• Right to object
  You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data where such processing is for the purposes of our legitimate interests, including profiling based on those interests (e.g., for creditworthiness assessment). Further processing of your personal data will then no longer take place unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. You also have the right to object to processing for direct marketing purposes at any time.
  
  
• Right to lodge a complaint:
  You have the right to lodge a complaint with the competent supervisory authority against the processing of your personal data or any
  other decision by Tejas.
  
  The supervisory authority responsible for:
  1. Italian individuals is Garante per la Protezione dei Dati Personali; Address: Piazza Venezia 11, 00187, Rome; Phone: +39 06.696771, E-Mail: protocollo@gpdp.it;
     PEC: protocollo@pec.gpdp.it 
  2. Indian individuals as provided as per applicable laws.