HR Data Privacy Policy

Privacy Notice on employee and job candidate data

This privacy notice sets out what personal data Capgemini Polska Sp. z o. collects and how Capgemini uses and protects any personal data processed in relation to to potential or existing employment relationship with Capgemini.

1. Who is collecting personal data

Capgemini Polska Sp. z o.o, with registered office at 02-092 Warsaw, ul. Zwirki i Wigury 16a (“Capgemini”), is a Data Controller and Edward Gołda (e-mail: dprequestpoland.pl@capgemini.com) is acting as Data Protection Officer, who is committed to ensuring that your privacy is protected.

2. What information is being collected and processed?

Capgemini processes personal data of candidates, employees employed under a contract of employment and persons employed under a civil law contract, collectively referred to as „Employee/Candidate” and „Employees/Candidates”, respectively.

Capgemini may collect the following information:

·        Personal details, such as name, date of birth, gender, age, address, telephone numbers, email address, number of children, citizenship,ID details, visa details, work permit details, emergency contact details, dependents details, marital status, life insurance beneficiaries, pictures or images;

·        Financial information relating to compensation, benefits and pension arrangements, such as details of salary, bank account, tax codes, travel expenses, stock options, stock purchase plan;

·        Recruitment information, such as CV, application form, notes of interviews, applicant references (if recorded), qualifications, test results (if applicable);

·        Employment administration information, such as employment and career history, grades, managers, employment contract details, absence records, safety records, health and sickness records if the applicable laws allow to collect such personal data, accident reports, personal development reviews, driving license details and associated documents, skills records, government issued identification numbers;

·        Professional experience information, such as professional resume, qualifications, details of projects Employee/Candidate has worked on, training records, mobility records;

·      Details of where Employee/Candidate is located in Capgemini location to the extent recorded by Capgemini electronic card access systems and cameras;

·        Details of IT and connection data to the Capgemini IT systems;

·        Photos

3. How data is it collected?

Capgemini collects certain information provided directly from Employee/Candidate. Capgemini gets part of the personal data by recording how Employee/Candidate interacts with Human Resources electronic platforms and via electronic card access systems and video monitoring.

Capgemini may also collect certain information indirectly, in particular from/or on the basis of:

·  Global database managed by the Affiliates of Capgemini;

·  Its agents, representatives and service providers, for example recruitment agency;

·  Third parties who you have asked to provide your personal information to Capgemini, including via referral process;

·  Insurance Companies to settle an insurance event;

·  Law enforcement, dispute resolution, statutory and regulatory bodies;

·  Marketing or event organisations, to the extent that personal data is required for conducting the recruitment processes;

·  Industry databases such as Pracuj.pl, LinkedIn, Infopraca.pl or other and publicly available sources such as the Internet and telephone directories.

4. For what purposes does Capgemini collect, hold and use your personal information?

Typically, purposes for which Capgemini processes Employee/Candidate Personal Data will include but are not limited to the following activities:

·         Recruitment, including future recruitment and background checks subject to local laws;
· Performance assessment and training;

· Pay-roll and administration of other employment-related benefits (including stock options, stock purchase plan, or other corporate plans or benefits);

· Day-to-day management activities, such as deployment on projects, promotion, disciplinary activities, grievance procedure handling;

· Marketing the professional services of consultants to potential Capgemini clients (e.g., by providing details of experience on previous projects);

· Administration of current benefits, including the Capgemini personal pension plan, life insurance scheme, private health insurance scheme;

· Employment analysis, for example, comparing the success of various recruitment and/or Employee retention programs;

· Compliance with health & safety rules and other legal obligations placed on Capgemini as an employer;

· Where necessary, processing designed to enable Capgemini to exercise its legal rights, and/or perform its legal obligations, as an employer, in so far as it is required by local law of the country where the Data Controller is established;

· IT, security, cybersecurity and access control;

· Human Resource Management, Career management and mobility, also via automated processing, including profiling;

· Internal and external communication;

· Company resources management;

· Video and electronic monitoring in the scope of ensuring the safety of Employee/Candidate due to the manner, quantity and quality of the usual services performed;

· Preventive activities in the area of Capgemini property security by, for example, theft or destruction as well as data leakage and breach of confidentiality, or access to data by unauthorized persons;

· Audit and statistics.

5. What is the legal basis for collection of personal data?

A basis for lawful processing by Capgemini are:

• Legal requirements related to Data Controller
• Contractual undertaking with Employee/Candidate
• Legitimate interests in regards to:

Employee/Candidate rights:

•  Reasonable Expectations of the individual that their personal data are to be processed;

•  Management of Individual Right Requests ( ex. Continued processing when an individual requested erasure);•  Suppression (holding data on a suppressed file);

•  Profiling for analytical reasons;
•  Some Employee relations (to ensure that the employees receive benefits and trainings);

•  Keeping the Human Resources records for the event of employee claims;

•  Keeping the Records including records of monitoring:

•  Lawful monitoring.

Compliance and fraud cases:

•  Prevention activities within Capgemini and its Affiliates, implemented on the basis of internal policies of Capgemini

•  Risk management

IT Network, IT Security

• IT Network and Information Security regarding the management of Employee/Candidate profiles, the access rights, employees’ passwords;

• Application of the Artificial Intelligence in the analytical processes and related to automated decision-making processes.

The provision of Employees’ personal data is a statutory requirement or contractual requirement or a requirement necessary to perform contractual obligations. In the event of failure to provide such personal data Capgemini shall not :

• Performing the obligations of the Data Controller for benefit of the Employees in the field of employment and social security and social protection law;

• Sending marketing communication, and/or commercial information (including the information relates to recruitment process) and evaluation of employment applications;

• Profiling of Employees or Candidates in order to prepare an appropriate recruitment offer;

• Detecting, investigating and preventing fraud;

• Verifying and provision an adequate level of protection of Employee/Candidate and property of Capgemini.

6. How long does Capgemini keep the personal information?

Capgemini will retain personal information for the period required by applicable laws or for the period necessary to fulfil the purposes outlined in this Privacy Notice not longer than 10 years from date of the termination or expiration of the employment relation.

Regarding recruitment data Capgemini will retain for period not longer than 3 years since its collection.

Regarding monitoring: Capgemini will usually retain personal information for the period of 30 days from the recording date, and when the recording shall constitute an evidence of a prohibited act which may be used before any court or other formal proceeding, not longer than 10 years from date of the recording.

After the expiration of the above period, personal data shall be anonymised or deleted from any electronic devices and/or the copies of such Personal Information will be destroyed as well. Within the scope of the Employer’s obligations, regarding the archiving of employee files, Capgemini shall comply with all mandatorily applicable laws.

7. Who will it be shared with?

Capgemini shall not share Employees’/Candidates’ personal data to third parties unless Capgemini has Employees’ permission or it is required by law to do so.

Affiliates of Capgemini and/or strategic partners
Capgemini shall only share the personal data with Affiliates of Capgemini (entities controlled directly or indirectly by Capgemini SE) or/and strategic partners that work with Capgemini to provide products and services.

Service Providers
Capgemini does share the personal data with companies who provide services to Capgemini such as information processing, fulfilling orders, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect personal data and keep confidentiality.

Public and governmental authorities
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities for Capgemini to disclose Employees’ personal data. Capgemini may also disclose information about Employees if Capgemini determines that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

Service Providers
Capgemini does share the personal data with companies who provide services to Capgemini such as information processing, fulfilling orders, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect personal data and keep confidentiality.

Public and governmental authorities
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities for Capgemini to disclose Employees’ personal data. Capgemini may also disclose information about Employees if Capgemini determines that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

Please note that some of the above mentioned entities may be located outside the European Economic Area. Capgemini will ensure that the transfer of personal data to a third country located outside the European Economic Area is conducted in compliance with the appropriate and/or suitable safeguards. Employees shall has the right at any time to obtain a copy of their personal data processed by such companies and to obtain the list of companies to which their personal data has been made available by sending a request to the e-mail address: dprequestpoland.pl@capgemini.com.

Such entities and business partners have implemented Capgemini privacy standards with respect to the use of this data and are bound by appropriate confidentiality agreements.

8. How will the personal data be secured?

In order to prevent unauthorised access or disclosure, Capgemini has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information Capgemini collects and Capgemini follows industry practices and standards in adopting procedures and implementing systems designed to prevent unauthorized access to personal data and to avoid its accidental loss, damage or destruction.
All Affiliates of Capgemini have the obligation to abide the security standards established by the Capgemini SE and adequately monitored.
In accordance with article 33 and 34 GDPR and taking into account the level of risk for the rights and freedom of Employees, Capgemini shall report personal data breaches to the authorities and/or the Employees/Candidates if it becomes aware that the security, confidentiality or integrity of the personal data has been compromised.

9. How will Employee/Candidate control their personal information?

Capgemini is committed to keep personal data accurate. Capgemini shall provide Employees/Candidates with access to theirs personal data to view, update or correct this information directly in TETA HRM platform or via request through email: dprequestpoland.pl@capgemini.com.

Employee/Candidate may request by email dprequestpoland.pl@capgemini.com: deletion of the their personal data, the provision of details of their personal information which Capgemini hold about them and/or copy of the personal data in a standard format.

Employee/Candidate may choose to restrict the collection or use of their personal data. Employee/Candidate have a right at any time to restrict processing or to object to processing of personal data or sharing their personal data to other Affiliates of Capgemini.

Personal data may have undergone automated processing, including profiling. Please note that Employee/Candidate have a right at any time to object to such making automated decision, including profiling.

If Employees consider that processing of their personal data infringes data protection laws, they have a legal right to lodge a complaint with a supervisory authority responsible for data protection.

10. How to contact Capgemini?

In case the Employees requires more information about how Capgemini processes the personal data, then please go to the following website or contact Capgemini by sending email  to this below address: dprequestpoland.pl@capgemini.com

HR Privacy Notice (PDF)

HR Privacy Policy PL

In the event of the discrepancies between the Polish and English version of this Privacy Notice, the Polish version shall prevail.