Privacy Notice

Mastek Global Privacy Notice

Mastek Limited, is an Indian owned company listed on the Mumbai Stock Exchange. Mastek group of companies includes the following business entities: Mastek Limited, Mastek (UK) Limited, Mastek Enterprise Solutions Private Limited (formerly known as Trans American Information Systems Private Limited), Evolutionary Systems Corp & Newbury Cloud Inc., Mastek Digital Inc., Evolutionary Systems Canada Limited, Mastek Arabia FZ LLC, Evolutionary Systems Consultancy LLC, Evolutionary Systems Egypt LLC, Evolutionary Systems Saudi LLC, Evolutionary Systems Bahrain WLL, Evosys Kuwait WLL, Evolutionary Systems Qatar WLL, Evolutionary Systems Singapore Pte Ltd., Evosys Consultancy Services (Malaysia) Sdn Bhd., Mastek Systems Pty Ltd., Evolutionary Systems B.V.- Netherlands, Evolutionary Systems B.V. – Romania Branch.

 

HOW TO CONTACT US

If you are an EU citizen and you have any questions about how Mastek processes your Personal Data, or you want to report a breach, please contact us at the below address, or by email to our legal team and our Data Protection Officer at data.protection@beta.mastek.com, (available 24 hours) or by phone (UK office hours only) on 0118 903 5700.

Mastek (UK) Limited, Part Ground Floor,
North Wing A, 100 Brook Drive,
Green Park, Reading, England, RG2 6UJ
UK Data Protection Register #Z9935131.

This Privacy Notice describes the type and categories of information we obtain, how and why we use it, and your rights as an EU citizen in connection with such use.
This Privacy Notice and our associated Privacy Policy, also available on our website, forms part of the proprietary Mastek Data Protection Framework. We encourage you to read this Notice in full together with our Privacy Policy which contains further details about how we process your personal data keep your personal data safe.

This Notice is divided into sections, which relate to the type of relationship that you have with the Company. Each section will give you information relating to the way we manage data in each of the types of relationship or interaction that we may have with you.

If you disagree with Mastek processing your personal data, we ask that you make your objection or withdrawal request clear to us by contacting us using the above details. You will find further details about your right of withdrawal, your right to object and your other rights in the GDPR and in our Privacy Policy.

We review the details of our Privacy Notice and Privacy Policy regularly.
Our aim is to give clear, concise and unambiguous information to all EU individuals whose personal data is processed by Mastek and we would welcome hearing from you if you believe we can improve our processes or the information we provide to you.

Third party sites that are linked to / from the Mastek Website are not under the control of Mastek, and Mastek is not responsible for their content or privacy policies or how such organisations may use your personal data.
Mastek is not responsible for any actions or policies of such third parties and users should check the applicable privacy policy of such party when providing personally identifiable information.
Complaints: If you feel we have not handled your compliant effectively or you wish to complain about the way your personal data is being used, you have the right to contact the UK Information Commissioner at https://ico.org.uk, or by calling 0303 123 1113

This Privacy Notice was last updated on: 15 September 2023
——————————————————————

If we communicate with you directly we will typically ask for your explicit consent before processing your personal data. There are certain circumstances, however, in which Mastek may otherwise lawfully process your personal data including without your knowledge or consent, in compliance with the information set out in this Notice, where this is required or permitted by applicable law:

Processing is needed for a contract with you
For personal data received from or provided to our commercial partners and suppliers and others with whom we have contract will be processed pursuant to that contract, pursuant to a specific Data Processing Agreement. We can process your personal information where the processing is necessary for the performance of the contract to which you are a party, or in order to take steps at your request prior to entering into such a contract. This means that we can carry out the actions needed to conclude or execute our contract with you.

Processing is needed to allow us to comply with our legal obligations
We can process your personal information where this processing is necessary for compliance with a legal or regulatory obligation to which we are subject. Therefore, we can carry out any actions we need to take in order to comply with applicable laws.

Processing is needed for legitimate interests
We can process your personal information where the processing is necessary for our legitimate interests, provided that those interests are not overridden by your interests or rights.
Where we are relying on this ground as the basis for our processing, we will tell you what our legitimate interests are and you will see these in this Notice.
We can carry out any actions we consider are needed for these interests, as long as we consider that the processing in question does not negatively infringe on your rights and interests.
In all cases where we consider ‘legitimate interests’ as the lawful basis for processing we work in accordance with the Information Commissioner’s guidance published on 28th March 2018 and assess the legitimate interest.

Processing where you have given us your consent
We can process your personal information where you have given clear consent for us to process such personal information for a specific purpose.

Processing is needed to protect a person’s vital interests
We can process your personal information where the processing is necessary to protect someone’s life

Processing is needed for a public task
We can process your personal information where the processing is necessary for us to perform a task in the public interest or an official functions, and the task or function has a clear basis in law

Processing of special category Personal Data and Personal Data relating to criminal convictions and offences may be needed for the following reasons:
We may lawfully process Personal Data for occupational health purposes, protecting your life or the life of another person, in pursuit or the defending legal claims and where to do so is substantially in the public interest. In so doing, Mastek shall always seek to minimize such disclosures and will seek assurances as to the protection of such data by any relevant authority.

SOURCES OF PERSONAL DATA

In most cases, we receive the personal information directly from you. You either provide this to us at the outset of our relationship or do so at another time during your interactions with us. This will include personal information that you input into a form or through any self-service function, as well as information that you give to the HR team, your Company contact and to any member of our workforce. Mastek also obtains the personal data of individuals from a number of different sources, including from third parties and is committed to protecting your privacy, regardless of the source.

We may obtain and process your information through our contractual obligations with a Customer, from a commercial partner, supplier, or from a government or international agency or other entity, from your visit to our website, from your response to our marketing emails, text messages or social media or other communications with us, from a recruitment enquiry, by way of information you have provided as an employee or other member of staff, a dispute, or through a transfer from one of the companies in the Mastek group. We may also obtain personal data from our use of third parties to carry out anti-money laundering, anti-bribery and corruption and Know Your Client checks. If you are an employee, we may obtain references from a previous employer, medical reports from external professionals, information from tax authorities, benefit providers or from a third party that we engage to carry out a background check (where permitted by applicable law).

CATEGORIES OF PERSONAL DATA AND OUR PROCESSING ACTIVITIES

Depending on the source of the personal data and the purpose, we may process personal data in any one or more of the following data categories listed in the Appendix to this Notice.

We may collect and use your personal data directly in our role as data controller and also in the capacity as a data processor when, under direction, we process personal data provided by third parties with which we work.

Our Communications function processes personal data for marketing our products and services, and in connection with developing new and existing business. The primary facility for this is the Internet, although we also use standard mail services, telephone and other forms of telecommunications, the Internet is used to post messages, emails, information, participate in chat sessions, news groups and other group activities on the site and off the site. When communicating with Mastek, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Website. This information may be used to alert an individual to software compatibility issues, or it may be analyzed to improve the Website design and functionality.

The sections below describe in more detail how we process your personal data depending on the relationship you have with the Company.

DISCLOSING PERSONAL DATA TO OTHERS

Mastek will not sell your personal data to third parties. We will only disclose your personal data to third parties where necessary, on a strict ‘need to know’ basis as part of our business operations and where we have your consent or another lawful basis for doing so.

Your personal information may also be accessed by third parties, including suppliers, advisers, national authorities and government bodies. We have sought to identify these parties in this Notice.

In addition, there are circumstances where we may need to disclose your personal information to third parties, to help manage our business and deliver our services. We may disclose your personal information to third parties if:

  • We sell or buy any business, in which case we may disclose your personal information to the prospective seller or buyer of such business;
  • We are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, or in order to enforce or apply our legal rights, in which case we may share your personal information with our regulators and law enforcement agencies in the EEA and around the world, or to our legal advisers;
  • It is necessary to protect the rights, property, or safety of Mastek or any member of the Mastek group of companies, our customers, suppliers or others, in which case we may disclose your personal information to our legal advisers and other professional services firms; and
  • They provide services to us connected with your relationship with us.

Where these third parties (or any others) act as a data processor (for example, a benefits provider), they carry out their tasks on our behalf and upon our instructions for the reasons that we have set out in this Notice. In this case your personal information will only be disclosed to these parties to the extent necessary to provide the required services.

DATA MINIMISATION AND RETENTION

Mastek collects only minimal information it requires for the purposes and holds it only for as long as necessary to fulfil the stated purpose. We regularly review the data we hold in our computer and other filing systems in accordance with our corporate Policies.

SECURITY, YOUR PART IN KEEPING YOUR PERSONAL DATA SAFE

You are responsible for maintaining the confidentiality of your password, user ID and any user name and other access details for our website and other systems we offer for use. We do not have the means to check the identities of people using our website so we will not necessary know if your access details are being used by someone who is not you.

If you choose to provide us with personal data over the Internet, you should be aware that data transmission via this medium cannot be guaranteed to be 100% secure. While we will take all reasonable efforts to protect such personal data, you acknowledge that we cannot ensure or warrant absolutely, the security of any personal data provided by these means and you provide to us. We use industry leading security methods for the storage and use of your personal data in order to prevent unauthorised access, use or disclosure. If, despite our security precautions, personal data is inadvertently disclosed, we shall use all reasonable endeavours to limit, minimise and remedy the disclosure.

TRANSFER OF PERSONAL DATA OVERSEAS

We share your personal information within the Mastek group of companies as set out in this Notice. Some of the people who access your personal information may not be in the same country as you and may be outside of the EEA.

Any transfers within the Mastek group will be covered by an intra-group agreement based on the EU Model Clauses which gives specific contractual protections to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the group.

In addition, some of the external organisations we share your personal information with may be located outside of the EEA. We will always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:

  • we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights,
  • transfers to service providers and other third parties will be protected by contractual commitments (such as the European Commission-approved Standard Contractual Clauses), certification schemes (for example, the EU – U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America) or other legally acceptable mechanisms that ensure an adequate level of protection, and
  • any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed.

YOUR RELATIONSHIP WITH THE COMPANY

1. JOB APPLICANTS

  • Recruitment: We process Staff related data and Recruitment data we receive from you directly, that we may have received from a recruitment agency or your former employer. We may also gather data from public sources. Processing carried out by us includes communicating with you about your application, considering you against our requirements and other applicants and ultimately making our final recruitment decisions.
    Should you be unsuccessful for the role that you apply for, we will retain your personal information so that you can be considered for any future roles which may become vacant from time to time.
    The Company considers that it has a legitimate interest in fully assessing applications for employment to ensure that only suitable and appropriate candidates are both assessed and selected. The Company considers that this is important to ensure the right people re identified for its business who will be able to contribute to its operations and culture.
  • Background checks and vetting: If you are successful in applying for a role, before your engagement with us begins, we undertake appropriate background checks, references and vetting. This includes, where relevant and appropriate, credit checks, driving licence checks, identity fraud checks, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and professional qualifications. In some cases we are legally obliged to carry out such checks. Otherwise we do so for our legitimate interests.
  • Immigration: If you are successful in applying for a role, before your engagement with us begins, we make arrangements to ensure you have the correct visa or work permit, and undertake checks relating to your right to work in the relevant jurisdiction. To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Vetting data, Immigration information and, in some jurisdictions, information relating to your religion, your health or other medical information and criminal records information. This processing is necessary for the compliance with legal obligations to which the Company is subject and for the purpose of Mastek’s legitimate interests to ensure we comply with all applicable immigration law obligations, whether within the EEA or otherwise.
  • Medical matters: In some jurisdictions, we may undertake a review or assessment regarding your physical or mental health or condition as part of our pre-employment checks and for employee related management during your employment. For this we process Staff related data, Recruitment data and data relating your health, as appropriate. The purpose of this processing activity is to assess capacity for your role, where required or permitted under applicable laws; make adjustments or accommodations to the recruitment process; and conduct related management processes. This processing is necessary for the compliance with Mastek’s legal obligations to which the Company is subject and for the purpose of Mastek’s legitimate interests in fully assessing applications for employment to ensure that only suitable and appropriate candidates are both assessed and selected.
  • Who is the information shared with?
    This information will be shared internally with restricted key people in HR, Recruitment, Delivery, Service Lines and other key internal staff on a ‘need to know’ basis only. In addition, some of your personal information will be shared with medical professionals as needed.

2. EMPLOYEES

  • HR Admin and process: For the Personal Data of Mastek employees and other staff, our processing is based on your consent where consent has been provided or otherwise under your respective employment or other contract. We use your personal information to administer and manage our relationship with you, to allow you to carry out your role and to administer your employment contract and to manage and operate HR processes. This processing is necessary to perform the contract between you and the Company. This processing is also necessary for the purpose of the legitimate interests pursued by the Company for example, for ensuring that each member of staff undertakes appropriate duties, is properly trained and undertakes their role correctly and in accordance with appropriate procedures, undertaking normal business operations and maintaining a dialogue with staff; and complying with applicable laws and regulations. We may also process your Personal Data
    where we have a legal obligation to do so. For example, complying with maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations to which the Company is subject in the conduct of its business.

    Such processing also includes the administrative and management activities that we undertake during employment, for example:
  • Training, development, performance management, promotion, career and succession planning and business contingency planning
  • Allocating and managing duties and responsibilities and the business activities to which they relate
  • appraisal, conduct, performance, capability, absence and grievance related reviews, managing ethics processes, assessments, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions
  • We may also use your personal information in connection with consultations or negotiations with representatives of staff
  • monitoring of accidents and incidents in the workplace, reviewing export control or other legal compliance and disciplinary and grievance investigations
  • Identifying and communicating effectively with staff
  • Conducting surveys for benchmarking and identifying improved ways of working and data subject relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results)
  • Reporting (for business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images)
  • Issuing passes, including car passes and security passes
  • Managing customer, supplier and other business relationships
  • Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances
  • Archiving and managing your personnel file and employment record

To manage your employment relationship, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Remuneration and benefits data, Leave information, Financial information and HR processes data as well as vehicle information. This may include your photograph or other images. Some of this personal information will come from internal sources, such as your manager and the HR team.
Other information may come from customers, suppliers and other business partners. We may receive information from other sources as set out in this Notice

We may process information about your leave, absence or medical information regarding your physical or mental health or condition in order to:

  • assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work;
  • facilitate a return to work;
  • undertake health and safety risk assessments (including workstation and display screen assessments);
  • make adjustments or accommodations to duties or the workplace;
  • make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and
  • conduct related management processes.

To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Vetting data, Regulatory data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.

Depending on the type of HR process, we may also process special categories of personal information, such as your religion, race, sexual orientation, health and medical information, details of trade union membership, and information relating to your criminal record.

  • Compensation and benefits: Your personal information is used to provide and administer your remuneration, benefits and incentive schemes to ensure that you are properly compensated and rewarded for your contribution to Mastek
    This includes:
  • budgeting and forecasting, including setting salary and remuneration eligibility
  • payroll operations and management of taxation
  • operating the Company’s share plans, delivering share plan benefits and determining eligibility for awards under the Company’s share plans
  • reimbursement of business costs and expenses
  • making social security deductions and contributions
  • facilitating expense claims and applications for company credit cards To manage your pay, benefits and other remuneration, we process Staff related data, Data related to your engagement with the Company, Leave information, Remuneration and benefits data and Financial information.
  • Business Travel and Immigration: We undertake travel planning for our employees, which includes immigration arrangements, booking flights and making other travel arrangements.
    This may also include relocation arrangements and other processing activities in connection with.
    To manage travel arrangements, we process Staff related data, Data related to your engagement with the Company and Financial data. In some countries, we may also need to process your religion, health and medical information and information regarding your race. We use your personal information to make appropriate business travel arrangements for you and to comply with immigration law requirements
  • Vetting: We undertake appropriate vetting before your employment begins and during employment, should your role change.
    This includes, where relevant and appropriate, credit checks, driving licence checks, identity fraud checks, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and professional qualifications.
    To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
    Depending on the type of process, we may also process special categories of personal information and information relating to your criminal record, to the extent permitted by criminal law.
  • Drug and alcohol testing: If you work in a health and safety critical environment, we may carry out drug and alcohol testing. To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, and Employment claims, complaints and disclosures data.
    We also process information related to the drug and alcohol tests, including the results of the same. This may include health information, a special category of personal information.
  • Acquisitions/merger/transformation: We may need to undertake processing activities in connection with business changes or planned activities, whether internal or external.
    For example, this could include:
  • planning, managing and carrying out restructuring or redundancies or other change programmes (including appropriate consultation, selection, alternative employment searches and related management decisions)
  • planning, due diligence and implementation in relation to a commercial transaction or service transfer involving the Company that impacts on your relationship with the Company (for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules)

    To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Remuneration and benefits data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
  • Business monitoring and security: We undertake processing activities during your employment which are designed to ensure that our business operations are protected. These activities include monitoring both the behaviour and activity of our employees and the use of our systems.
    This includes CCTV, call recording, email filtering and other monitoring activities, including the use of software or other tools.

    This will also include investigations into security or compliance concerns, as appropriate. To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Remuneration and benefits data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
    We may also incidentally process special categories of personal information, and criminal records information, to the extent permitted by applicable laws.
    We carry out these activities to protect our business. In particular, we do so in order to ensure compliance with applicable laws and Company policies and procedures, to monitor use of the Company’s IT systems and to manage the activities and behaviour of our employees
  • Equality and diversity: We are an equal opportunities employer. As such, we undertake monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws.
    To run the processes set out above, we process data related to your religion, your health, your sexual orientation and your race and ethnic origin, which are special categories of personal information.
    We carry out these activities to promote and monitor our equal opportunities policy and promote equality and diversity within our business.
  • IT Systems: We undertake administration and management of Information Technology systems and services which contain your personal information. To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Remuneration and benefits data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.We may also incidentally process special categories of personal information, and criminal records information.
    We process your personal information in order to:
    • change access permissions;
    • provide technical support and maintenance for HR information systems; and
    • operate email, IT, internet, social media, HR related and other company policies and procedures.

    In addition, to the extent permitted by applicable laws, the Company carries out monitoring of the Company’s IT systems to protect and maintain the integrity of the Company’s IT systems and infrastructure, to ensure compliance with the Company’s IT policies, and to locate information through searches where needed for a legitimate business purpose.
  • Legal and Regulatory: We use your personal information in connection with our legal rights and obligations.
    This includes:
  • taking steps to enforce or defend any legal claims made by, against or otherwise involving you;
  • any associated investigations or discovery exercises;
  • managing patents and other intellectual property belonging to us;
  • complying with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements);
  • discovery requests; or
  • where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.

    We may process any personal information held on you in connection with this activity. This includes Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Remuneration and benefits data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data. It also includes special categories of personal information and criminal records information.

    We carry out these activities in order to defend against legal claims and comply with legal requirements and obligations that we are subject to.
  • Company Accounts: If you act as an authorised signatory for the Company, we use your personal information to open, operate and administer company bank accounts where you have signing authority.
    If you have a business credit card or other finance account, we process your personal information in connection with the application for and administration of this account. We may process Staff related data, Data related to your engagement with the Company, Financial information and your signature.
    We carry out this activity in order to comply with legal obligations and to ensure that the Company is able to execute financial transactions.
  • Legal compliance, registers and records: We maintain a records of potential legal risks or concerns. For example, we maintain records of any request for a facilitation payment, bribe or extortion request made by a third party, community interests (including possible conflicts of interest), gifts and hospitality and political interests.
    We also maintain records of incidents and accidents, including health and safety reports, driving incidents and other issues.
    We may process any personal information that we hold or collect about you for this reason. This includes Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Remuneration and benefits data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
    It also includes special categories of personal information and criminal records information.
    We hold this database in order to keep and maintain appropriate records and to comply with applicable laws.
  • Insurance: We process your personal information in connection with the administration and management of our insurance policies.
    This will include processing your personal information in connection with insurance claims and risk management, as appropriate.

3. CONTRACTORS AND WORKERS

  • Compensation: Your personal information is used to provide and administer your remuneration.
    This includes reimbursement of business costs and expenses and making appropriate tax and social security deductions and contributions, as appropriate and as applicable.
  • Workforce Admin: We administer and manage your relationship with the Company and maintain the general records necessary to do so.
    This includes the administrative and management activities that we undertake during your engagement, for example:
  • Allocating and managing duties and responsibilities and the business activities to which they relate
  • Identifying and communicating effectively with staff
  • Conducting surveys for benchmarking and identifying improved ways of working and data subject relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results)
  • Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances
  • Reporting (for business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images)
  • Managing customer, supplier and other business relationships
  • Issuing passes, including car passes and security passes
  • Archiving and managing your personnel file and other records
  • Training, where appropriate
    To manage your relationship with us, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data and Remuneration and benefits data, as well as vehicle information. This may include your photograph or other images.

    Your personal information is used to manage and operate certain health and safety processes, as required by law and Company policy.
    We may process your personal information in order to undertake health and safety risk assessments and to make adjustments or accommodations to duties or the workplace.

    We undertake travel planning for our contractors and workers, which includes immigration arrangements, booking flights and making other travel arrangements.
    This may also include relocation arrangements and other processing activities in connection with Global Mobility.
  • Vetting: We undertake appropriate vetting before your engagement begins and during your engagement with us, should your role change.
    This includes, where relevant and appropriate, credit checks, driving licence checks, right to work verification, identity fraud checks, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and professional qualifications.
    To run the processes set out above, we process Staff related data, Data related to your engagement with the Company, Recruitment data, Regulatory data, Vetting data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
    Depending on the checks carried out, this could include special categories of personal information and criminal record information.
    We undertake vetting in order to protect our business and to ensure that only appropriately qualified and suitable individuals are engaged by the Company.
  • Drugs and Alcohol: If you work in a health and safety critical environment, we may carry out drug and alcohol testing. This is carried out on a random basis. We undertake this activity to help safeguard the health and wellbeing of all individuals on site including visitors and to discharge our health and safety obligations under applicable law.
  • Business monitoring and security: We undertake processing activities during your engagement which are designed to ensure that our business operations are protected. These activities include monitoring our staff and the use of our systems.
    This includes CCTV, call recording, email filtering and other monitoring activities, including the use of software or other tools.
    This will also include investigations into security or compliance concerns, as appropriate. We carry out these activities in order to protect our business. This includes ensuring compliance with applicable laws and Company policies and procedures, to monitor use of the Company’s IT system and to manage the activities and behaviour of our contractors and workers.
  • We undertake administration and management of Information Technology systems and services which contain your personal information. We process your personal information in order to:
  • change access permissions;
  • provide technical support and maintenance for HR information systems; and
  • operate email, IT, internet, social media, HR related and other company policies and procedures.
    In addition, to the extent permitted by applicable laws, the Company carries out monitoring of the Company’s IT systems to protect and maintain the integrity of the Company’s IT systems and infrastructure, to ensure compliance with the Company’s IT policies, and to locate information through searches where needed for a legitimate business purpose.
  • We use your personal information in connection with our legal rights and obligations.
  • This includes:
  • taking steps to enforce or defend any legal claims made by, against or otherwise involving you;
  • any associated investigations or discovery exercises;
  • managing intellectual property belonging to us;
  • complying with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements);
  • discovery requests; or
  • where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
  • Legal compliance registers and records: We maintain a records of potential legal risks or concerns. For example, we maintain records of any request for a facilitation payment, bribe or extortion request made by a third party, community interests (including possible conflicts of interest), and gifts and hospitality.
    We also maintain records of incidents and accidents, including health and safety reports, driving incidents and other issues.

4. FORMER EMPLOYEES AND OTHER STAFF

  • Archiving: We maintain our records relating to your relationship with the Company in order to comply with record keeping obligations and to maintain an appropriate archive. This archive allows us to keep historical information about the Company and to ensure that we have sufficient information relating to our business, including with respect to any legal obligations or potential legal claims.
    Where you have provided the Company as a referee, we process your personal information as needed to comply with any reference request that we receive from a third party.

5. BOARD MEMBERS, DIRECTORS AND NON EXECUTIVE DIRECTORS

  • We administer and manage your relationship with the Company and maintain the general records necessary to do so.
    This includes the administrative and management activities that we undertake with respect to governance requirements, for example:
  • Maintaining Mastek group companies’ statutory registers
  • Managing compliance with overseas registrations and government agencies
  • Complying with statutory reporting requirements
  • Archiving and managing your personnel record, as appropriate

6. PENSIONS

  • Your personal information is used to provide and administer your pension.
    This includes facilitating the following pension related activities:
  • Making contributions into the pension scheme
  • Providing and administering benefits
  • Making additional voluntary contributions
  • Moving from active to deferred status or active to pensioner status
  • Facilitating ill health retirement
  • Managing the member transfer out process, the member divorce process and the complaints process
  • Reconciling financial records and managing liabilities

7. CUSTOMERS

  • Administration: You liaise with us on behalf of one of our customers or contacts (including prospective customers). As such we process your personal information as needed to administer and manage such customer or contact’s relationship with the Company and maintain the general records necessary to do this.
    This includes:
    • Communicating with you in connection with the relevant customer or contact’s business with us
    • Contacting you in order to be able to provide the customer with pricing information, deliver services, manage and facilitate the relationship and raise invoices
    • Facilitating payment for goods and services
    • Creating, managing and maintaining a CRM database, including relevant organisational charts
    • Keeping records and audit information relating to our customers and contacts, including minutes of meetings and other notes
  • Marketing: We process your personal information in order to send marketing communications via email.
    The categories of personal information that we process for this particular purpose are your name and business contact details. Where we have not obtained this data directly from you, we source this data from reputable third party agencies who have a direct relationship with you and who will have informed you of their disclosure of your personal data to recipients such as Mastek.
    We use your personal information to decide which marketing communications to send to you. These decisions do not have any legal effects concerning you or significantly affect you. We tailor our marketing communications based on industry, job title and preferences that you or your employer have selected. As a result of this activity, you will receive tailored marketing material relating to your (or your eomployer’s) industry or selected interest areas.
    This processing is necessary for the purpose of the legitimate interests pursued by the Company and its customers and contacts.
    Where we are required to do so by applicable law, we will get your express consent to marketing communications.
  • We may need to undertake due diligence before commencing our relationship with the relevant customer. We do this to ensure that the relationship with the customer is appropriate and that any associated risk is identified and managed effectively.
    This includes, where relevant and appropriate, vetting activities for individuals associated with such customers. These vetting activities may include anti-money laundering checks, anti-bribery and corruption checks, credit checks, identity fraud checks and criminal record checks (if and to the extent permitted by applicable laws).
  • Risk Management: We use your personal information in connection with our legal rights and obligations. This includes taking steps to enforce or defend any legal claims made by, against or otherwise involving you.
    However, it also includes complying with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
    This will also include investigations into security or compliance concerns, as appropriate.

8. SUPPLIERS AND SUB-CONTRACTORS

  • You liaise with us on behalf of one of our suppliers or subcontractors. As such we process your personal information as needed to administer and manage such supplier or subcontractor’s relationship with the Company and maintain the general records necessary to do this.
    This includes:
  • Communicating with you in connection with the relevant supplier or subcontractor’s business with us
  • Contacting you to obtain pricing information and to finalise the procurement process regarding the supplier’s goods and services
  • Facilitating payment for goods and services
  • Creating, managing and maintaining supplier databases, including organisational charts
  • Keeping records and audit information relating to our suppliers or subcontractors, including minutes of meetings and other notes
  • Supplier due diligence: Before we engage with any new supplier or subcontractor, we undertake due diligence to ensure that the supplier or subcontractor is appropriate and that any associated risk is identified and managed effectively.
    This includes, where relevant and appropriate, vetting activities for individuals associated with such suppliers or subcontractors. These vetting activities may include anti-money laundering checks, anti-bribery and corruption checks, credit checks, identity fraud checks and criminal record checks (if and to the extent permitted by applicable laws).
  • Supplier Training: We undertake checks and manage records to ensure that our suppliers and subcontractors have appropriate qualifications and training to ensure safe working on our sites.
  • Risk Management: We use your personal information in connection with our legal rights and obligations.This includes taking steps to enforce or defend any legal claims made by, against or otherwise involving you.
    However, it also includes complying with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
    This will also include investigations into security or compliance concerns, as appropriate

9. VISITORS ON SITE

  • Visitor Logs: We maintain a visitors’ access log at all of our sites, which we ask you to populate with your personal information. We use this information in order to have a record of all visitors to our sites. This is for health and safety reasons (including for use in an emergency situation), as well as to protect and secure our site and assets.
  • CCTV: We operate Closed Circuit television (CCTV) systems on our sites and around the perimeter of the same. This includes CCTV recording of external site areas covering walkways, roads and other public areas.

10. EVENT ATTENDEES

  • We use personal information in connection with events that we hold on our sites.
    This includes:
  • Managing a database of potential guests and attendees
  • Issuing invitations
  • Producing agendas and brochures for Conferences, including pictures, names, biopics and contact details
  • Managing and administering the event or conference
    We process the personal information of individuals on our database, attendees, speakers, organisers and exhibitors.

11. MEDIA

The Company maintains a database of journalists, which is used to distribute press releases.

12. WEBSITE VISITORS

Generally, you can visit this website without revealing who you are, or disclosing any personal data about you. However, there may be times when we require personal data about you or when you wish to disclose personal data to us such as for recruitment and career purposes. All personal data we hold and process about you is subject to the provisions of this Notice. This includes data

provided at the time of registering to use the registration-only sections of the website (such as our careers and brand sections). You should be aware that when you apply for a vacancy through our website, your details are passed to ‘Workable’, a third party service provider. For details on the Workable processes your personal data, please refer to the Workable website and/or contact Workable directly. We may also ask you for personal data (such as when you report a problem with this website)

Mastek may collect data which does not personally identify anyone and perform statistical analysis of user behaviour and characteristics in order to measure interest in and use of the various areas of the website and to inform advertisers of such information as well as the number of users that have been exposed to or clicked on their advertising banners. Mastek will provide only aggregated data from these analyses to third parties.

Links to other websites
This Privacy Notice does not apply to personal data collected by third parties who may be linked to the Mastek website. Other websites may be linked may or may not contain privacy policies. We have no influence or control over those sites. The use of other sites, and the submission of personal data to them is at your own risk and is subject to the privacy statements and policies of any such third party.

Use of Cookies
The Mastek website, like many other websites, uses “cookies” (information stored on an individual’s computer by the individual’s browser at Mastek request). “Cookies” is a term generally used for small text files a web site can use to recognize repeat users, facilitate the user’s ongoing access to and use of the site, allow a site to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising etc. Cookies themselves do not personally identify an individual, but they do identify the individual’s computer. Cookies work by assigning a unique number to the user computer that has no meaning outside the assigning site. Users are also being made aware that Mastek cannot control the use of cookies or the resulting information by advertisers or third parties hosting data for Mastek. If a user does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the user to deny or accept the cookie feature; however, users should note that cookies may be necessary to provide the user with certain features (e.g., customized delivery of information) available from website. If the individual chooses to be a registered user of Mastek website, then he/she must accept a cookie from Mastek website.

ANNEX

CATEGORIES OF PERSONAL DATA:

The following categories are not exhaustive but illustrate the types of personal information that we process.

* Business information: your business contact details (e.g. address, telephone number, e-mail), your job title, your employer and any other relevant information

* Contact information: home address, email address and telephone number/s

* Data related to your employment with the Company: work contact details (e.g. address, telephone number, e-mail), work location default hours, default language, time zone and currency for location, your worker ID and various system IDs, your performance review information, your work biography, your reporting line, your employee/contingent worker type, your hire/contract begin and end dates, your cost centre, your job title and job description, your working hours and patterns, whether you are full or part time; your termination/contract end date; the reason for termination; your last day of work; exit interviews, references, status (active/inactive/terminated); position title; the reason for any change in job and date of change; your benefit coverage start date

* Employment claims, complaints and disclosures data: termination arrangements and payments, subject matter of employment based litigation and complaints, employee involvement in incident reporting and disclosures

* Financial data: credit card information, bank account details and other relevant information about your payment information

* HR processes data: allegations, investigations and proceeding records and outcomes, colleague and line management feedback, appraisals, talent programmes, formal and informal performance management processes, flexible working processes, restructure and redundancy plans, consultation records, selection and redeployment data, health and safety audits, risk assessments, incident reports, data relating to training and development needs or training received

* Identity information: your title, forename and surname, preferred name and any additional names

* Immigration information: gender, nationality, second nationality, civil/marital status, date of birth, age, national ID number, immigration data, languages spoken and next-of-kin/dependent contact information

* Leave information: absence records (including dates and categories of leave/time-off), holiday dates and information related to family leave

* Monitoring data (to the extent permitted by applicable laws): Closed Circuit television footage, system and building login and access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters

* Share information: number of shares held, date joined the register, date left the share register, dividends paid/not cashed; bank mandate details; share transactions; nationality and AGM / Proxy voting

* Staff related data: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, former names, gender, nationality, second nationality, civil/marital status, date of birth, age, home contact details (e.g. address, telephone number, e-mail), national ID number, immigration and eligibility to work data, marital status, languages spoken, next-of-kin/dependent contact information, passport details, driving licence and car registration details

* Recruitment data: qualifications, references, CV and application, interview and assessment data

* Regulatory data: records of your registration with any applicable regulatory authority, your regulated status and any regulatory references

* Remuneration and benefits data: your remuneration information (including salary/hourly plan/contract pay information as applicable, allowance, bonus and merit plans), bank account details, grade, social security number, tax information, third party benefit recipient information

* Vetting data: vetting and verification information, including results of any background or other checks.

* Website information: this includes: – data that you provide by filling in forms on the Website, including data provided at the time of registering to use the registration-only sections of the Website (such as our careers and brand sections); any personal information requested from you by the Company (such as when you report a problem with the website); if you contact us, in writing, by email or other electronic means through the Website, we may keep a record of that correspondence; and details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.

Government Access Request Policy:

The Government Access Request (“GAR”) policy describes how we will respond to requests from law enforcement agencies or government authorities (collectively, “Government Authority”). If you are a Government Authority and would like to submit GAR then please click on our link below.

Government Access Request Policy

Mastek’s Privacy Policy

 

Mastek have not received any GARs form a Government Authority nor have Mastek received and GARs relating to our Customers from a Government Authority from December 2020 to July 2023.

California Consumer Privacy Act Notice

Data Subject Access Request Policy