Employee Privacy Policy

At AuthBridge Research Services Private Limited and its subsidiaries (“AuthBridge”) we are mindful of our responsibilities when we handle the Personal Data of our current, former and potential employees.

AuthBridge is the data fiduciary (controller) of your Personal Data and, if you have any queries in relation to your Personal Data, this policy or any related matters, please contact HR team at peopleoperations@authbridge.com

Definitions:

• HR Data: personal details such as employees’ names, dates of births, , bank account details, Emergency Contact, contact details terms and conditions of employment, job details, learning and development, performance review process, salary information, bank account details; job application details, medical information such as medical certificates; marital status; gender; additional details required for PF, Gratuity;

• Personal Data: data that relates to a living individual who is identifiable either from the data itself or from the data in conjunction with other information held by AuthBridge. E.g. Online identifier

• Processing Personal Data: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

• Sensitive/ Special Categories of Personal Data: means data relating to an individual’s biometric data; financial details and criminal records.

The Personal Data we process about you includes your name, contact details and HR Data. This Personal Data is used by us to run our business and manage our workforce. We collect, use and process your Personal Data where:

• this is necessary for the performance of our business.
• we are permitted or required to do so by applicable law; or

• this is necessary in connection with your employment contract.

We do not collect, use or otherwise process your Special Categories of Personal Data, except where:

• we are required or permitted to do so by law (including employment and social welfare law); or

• we have, in accordance with applicable law, obtained your explicit consent to process such Personal Data.

We may obtain Personal Data about you from third parties, (e.g. former employers, educational institutions) for purposes such as gathering references, and other purposes permitted by law. Where we obtain Personal Data about you from third parties, we will do so in accordance with applicable law.

Appendix 1 provides an indicative list of the categories of Personal Data that we may process about you, while Appendix 2 sets out a list of the purposes for which we may process your Personal Data. Both lists are non-exhaustive and may change depending on our day-to-day business or contractual needs.

If any information which you provide to us relates to any third party (such as a spouse or next of kin), by providing us with such Personal Data you confirm that you are permitted to give this information.

We take reasonable and proportionate steps to ensure that the Personal Data we process is:

• accurate, up-to-date and complete; and

• limited to the Personal Data required. Employees are responsible for ensuring that they update (internal HR portal) with any changes to their personal details, e.g. change of address.

Personnel across AuthBridge will have access to your business contact information such as name, position, work email address, telephone number and address. Access to, use of and other processing of Personal Data by AuthBridge will be limited to individuals who have a need to know the information for the purposes described in this Notice, which may include your appraiser or others appointed by him or her, as well as personnel in HR, IT, Admin, Compliance, Legal and Finance.

From time to time, we may make Personal Data available to other entities within the AuthBridge group and to other parties, such as legal and regulatory authorities; professional bodies; educational institutions; external professional advisors (such as lawyers, accountants etc.); and third party service providers (such as providers of payroll, insurance, medical benefits, human resources services, IT systems and support, and other third parties engaged to assist AuthBridge in carrying out business activities) located wherever they operate.

AuthBridge may disclose Personal Data to third parties other than service providers:

• if we are required to do so by law, regulation or legal process (such as a court order or subpoena)

• in response to requests by government agencies; or
• when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

We may disclose your Personal Data in the event that we sell or transfer all, or a portion of, our business or assets (including in the event of a reorganization, dissolution or liquidation).

In case of global expansion of AuthBridge operations, we may also disclose your Personal Data to countries outside of the India.

We have in place appropriate legal, organizational, physical and technical measures to protect Personal Data consistent with applicable privacy and data security laws. As required by applicable law, when we retain a third-party service provider, that provider will be required to:

• use measures to protect the confidentiality and security of the Personal Data

• process the Personal Data only as directed by AuthBridge.

We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.

AuthBridge will only retain your data as long as is necessary for protecting our legitimate business purpose or legal requirements.

Please note that personal information submitted to us may be transferred to, stored and processed on servers located in various countries around the world in accordance with applicable laws and regulations.

You may have certain rights with respect to our Processing of your Personal Data, which may include the right to:

• update your personal data in case of any changes
• request information about the basis on which your Personal Data is Processed by us

Employees are responsible for ensuring that they update (internal HR portal) with any changes to their personal details, e.g. change of address.

Employees may have access to a certain amount of Personal Data in the course of their work, relating to colleagues, clients and other third parties. Employees must adhere to the data protection policies and procedures on the AuthBridge’s intranet.

Employees must not access or use Personal Data for any purpose other than in connection with, and to the extent necessary for, your work with us.

Your obligation to keep the Personal Data of others confidential continues after termination of your relationship with us.

If you have any queries in respect of this Privacy Notice, please do not hesitate to contact our Human Resource Department.

This Notice may be updated from time to time to reflect changes in our Personal Data processing practices. The current copy will be available on company’s intranet.

Processed Personal Data

The Personal Data relating to you which we may collect, use, transfer, disclose or otherwise process, includes:

• Personal details: Individual name, Date of birth, Gender Contact number, E-mail ID, Family details, Address details, Identity details, Education details, Previous Employment history, Professional reference

• Compensation, Benefits and Payroll: salary, bonus, benefits, pay grade, other awards, timesheets, pay data,

• Position: Description of current position, job title, management category, entity name, department, location, employment status and type, terms of employment, employment contract, work history, length of service, retirement eligibility, promotions, date of transfers, and reporting manager(s) information.

• Talent Management Information: Details contained in job applications, learning and development, performance and development reviews and processes.

• System Access Data: Information required to access company systems and applications.

• Special Categories of Personal Data: We may also collect certain types of Special Categories of Personal Data where required or permitted by local law, such as health/medical information.

This list is non exhaustive.

Purposes for Processing Personal Data

The purposes for which we may collect, use, transfer, disclose or otherwise process your Personal Data, subject to applicable law, include:

• Background check information where permitted by law and proportionate in view of the function to be carried out by an employee or prospective employee – the results of credit and criminal background checks, the results of drug and alcohol testing, screening, health certifications, medical records and reports, information on accidents at work, vehicle registration, driving history;

• Employee Monitoring – information captured on security systems, including CCTV and key card entry systems, voicemails, e-mails, correspondence and other work product and communications created, stored or transmitted by an employee using (Company Name)’s computer or communications equipment, use of (Company Name)’s computer equipment and company issued mobile devices, including Internet browsing history, mobile app usage, and precise geo-location.

• Managing Workforce: Recruitment, performance management, promotions and succession planning, salary and payment administration and reviews, wages and other benefits and bonuses, healthcare, pensions, learning and development, leave, transfers, secondments, providing employment references, managing employee relations processes.

• Communications, Facilities and Emergencies: Facilitating communication with you, ensuring business continuity, providing references, protecting the health and safety of employees and others, safeguarding and maintaining IT infrastructure, office equipment, facilities and other property, facilitating communication with you and your nominated contacts in an emergency.

• Business Operations: Operating and managing IT, improve internal systems, communications systems and facilities, managing product and service development, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails (including records of changes you may make to customer accounts) and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, reorganizations or disposals and integration with purchaser.

• Compliance: Complying with legal and other requirements, such as income tax , record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.

This list is non exhaustive.