Company Confidential PRIVACY NOTICE
1. Overview and scope of application:
This Privacy Notice applies to processing of personal data that is collected at the reception/Entry Gate of
offices of Tech Mahindra Limited, it affiliates, branch offices and subsidiaries and managed by TechM or
its respective affiliates or subsidiaries (“TechM”, “We”, “Our” or “Us”), which is information about an
identifiable individual (“You” or “Your”). It also describes Your data protection rights, including Your right to
object to some of the processing that We may carry out. More information about Your rights, and how to
exercise them, is set out in the Your Choices and Rights section below.
2. What Personal Data (as defined below) We may collect:
a. Personal Identification and communication information: Your name, Company, whom have You
come to visit, employee number (if applicable, who have you been escorted by, visitor card number,
your time of entry and exit from the premises.
Personal Identification and communication information and application related information are
hereinafter collectively referred to as “Personal Data”.
3. Why We collect, Use and Store the Personal Data:
a. Collection of Personal Data for visitor management process
We collect your Personal Data for maintaining security of our premises, to keep a detailed record
of all visitors to the premises and for purposes of internal as well as external quality audits.
4. Where We store the Personal Data
The Personal Data You provide to Us is stored within the premises You visit. The Personal Data, may
be processed by staff operating outside Europe by Our staff who work for Us or one of Our suppliers.
If We transfer or store the Personal Data outside Europe in this way, We will take steps with the aim of
ensuring that Your privacy rights continue to be protected, as outlined in this privacy policy and in
accordance with the General Data Protection Regulation (“GDPR,”), local country regulatory privacy
requirements globally and PIMS, ISO 27701 requirements.
5. Processing purposes
The legal basis for processing is Art. 6 para. 1 (f) of GDPR. We have a legitimate interest in ensuring
security of Our premises including without limitation, business data, customer details, employees
security etc. We have assessed and determined that the processing of Your Personal Data is necessary
for the processing purposes and mentioned above. We ensure that minimal categories of Your Personal
Data is collected for this purpose. We also ensure that Your Personal Data is protected with appropriate
technical and organizational measures in place.
Page 1 of 3
�Company Confidential PRIVACY NOTICE
6. Disclosure to third parties
To the extent permitted by law and to fulfill the purpose, We may share Your Personal Data with Our
staff, contractors or partners. The staff, contractors or partners are restricted from using this data in any
way other than for the purpose for which they are collected. We may, for example, provide Your
Personal Data to our corporate services department, our security department and/or contractors and
our internal or external auditors.
We reserve the right to share Your Personal Data to respond to duly authorized information requests
of governmental authorities or where required by law. In exceptionally rare circumstances where
national, state, or company security is at issue, We reserve the right to share Our entire database of
visitors with appropriate governmental authorities.
We may also be required to disclose Your Personal Data in the event of a legal investigation or any
such other process where We are required to do so by applicable law or where We have to establish
Our legal rights or where disclosure is required to prevent or take action regarding illegal activities,
suspected fraud, or situations involving potential threats to the physical safety of any person.
We will process, disclose or share Your Personal Data only if required to do so by law or in good faith
belief that such action is necessary to comply with Our contractual obligations, legal requirements or
legal process served on Us.
7. Your Choices and Rights:
You have the right to ask Us for copy of Your Personal Data; to correct, delete, or restrict processing
of Your Personal Data; and to obtain the Personal Data You provide in a structured and machine
readable format. In addition, You can object to the processing of Personal Data, in some circumstances
(in particular, where We do not have to process the data to meet a contractual or legal requirement).
These rights may be limited, for example, if fulfilling Your request would reveal personal data of another
person, or if You ask Us to delete information which We are required by law or have compelling
legitimate interests to keep. If You have unresolved concerns, You have the right to complain to the
data protection authority.
8. How long We retain Your Personal Data:
We will retain Your Personal Data only for as long as We need it for Our legitimate interest in
accordance with applicable law, to fulfill the purpose for which Your Personal Data is collected, or to
meet legal requirements, after which We will take steps to delete Your Personal Data or hold it in a
form that no longer identifies You.
Please note, Your Personal Data will be processed in or accessed from jurisdiction outside Europe by
members of TechM group entities and categories of recipients (e.g., Customers or Service Providers)
in jurisdiction that do not have equivalent data protection laws to those in India for the purpose outlined
above. When We transfer Your data to outside TechM group, We use standard contractual clauses in
compliance with the provisions of GDPR to safeguard the transfer, unless We transfer the data to third
party, that has implemented GDPR, in which case, We may rely on one of those mechanisms to
safeguard the transfer. For further information, including, how to obtain a copy of the documents used
to protect Your Personal Data, please contact Us as described in the ‘Contact Us’ section below.
Page 2 of 3
�Company Confidential PRIVACY NOTICE
9. Security:
We take Our responsibilities to protect Your privacy very seriously. Organizational safeguards, such as
access controls are used to help ensure that Your Personal Data is kept safe and only disclosed to
people who are authorised to view it.
Where We are required to share Your Personal Data with third parties, We will take reasonable
technical and organisational precautions to prevent the loss, misuse or alteration of Your Personal Data
and We will try to ensure that We only share it in ways that are secure.
The transmission of information via the internet or email is not completely secure. Although We will do
Our best to protect Your Personal Data upon receipt, We cannot guarantee the security of data while
You are transmitting it to Our Platform; any such transmission is at Your own risk. Once We have
received Your Personal Data, We will use strict procedures and security features to try to prevent
unauthorised access.
10. Updates to this Privacy Notice:
This privacy notice may be updated periodically. We will update the date at the top of this privacy notice
accordingly and encourage You to check for changes to this privacy notice, which will be available at
Our office premises.
On some occasions, We may also actively advise You of specific data handling activities or significant
changes to this privacy notice, as required by the applicable law.
11. Contact Us:
The Data Controller for Your Personal Data will be Us.
If You have any question about this privacy notice or wish to contact Us for any reason in relation to
Our Personal Data processing, please contact Us at: [email protected]
Page 3 of 3
