The Company enforces this policy across the organization with all employees to ensure that the PII collected from the personnel is not disclosed to any third party without the consent of such individuals which are detailed in this document more in detail. This policy is also put in place to educate the importance of data protection and data privacy within the organization.
Any individual accidentally or willfully violates this policy will be subject to and not limited to disciplinary action which might include termination in few cases.
2. ISO 27001 – 2013 Reference
This policy is put in place to comply with the rules defined as per the privacy and data protection principles under ISO 27001 – 2013. Below are the references for the relevant codes of ISO 27001
A.18.1.4 – Privacy and protection of personally identifiable information A.7.1.2 – Terms and conditions of employment
3. Why we collect personal information?
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). We collect personally identifiable information of individuals for purpose of employment only.
To verify the eligibility of employment within United States through the Form I-9 which is used for verifying the identity and employment authorization of individuals hired for employment in the United States
4. What is collected and what do we do with the information?
The Company may collect certain “Personal Information,” which is information that identifies you as an individual or relates to an identifiable individual. The categories of Personal Information we may collect include: your name and contact information (email, address, home phone and mobile phone number), your job search criteria and preferences, your employment experience, educational history, your skills, reference information, background information, other information contained in your resume, or any login ID or email address and password created by you. By providing your mobile phone number to us, you opt in and consent to receive text messages from us, which includes but is not limited to text messages sent through an automatic telephone dialing system.
All the information that can verify the individuals’ identity and eligibility to getting employed with the Company or its clients which includes and is not limited to the name, social security number, email ID, proof of identification, proof of address, employment history and relevant proof, educational history and relevant proof of graduation for each degree achieved, criminal records collected through background verification agencies, drug test records.
These records are stored in a cloud based secured location for future references and retention period of such documents is mentioned in the later part of the policy document.
5. How we collect this information?
The Company collects this information from job portals where potential candidates post their resumes as part of personal interviews and subsequent document requirements for employment. As a part of this process, each candidate is required to share their personal information limited to that information that is relevant for employment. By posting your resume in one of our partner job portal sites, you are agreeing to the terms and conditions and providing a consent to the job portal site for sharing such information with us.
6. Where do we store this information?
All the documents and relevant data of the employees is stored in a cloud-based environment which is also used by the Human Resources department to complete the onboarding formalities of the employee.
This information is also uploaded and saved in the payroll processing software for purposes of processing the payroll.
We seek employees consent as part of the screening process to collect and process the personal data. During the onboarding process each employee agrees to disclose the information as correct and accurate without which we stop the onboarding process of the employee and the employee loses the opportunity to work for the Company or its clients.
All the data is stored in a cloud-based, well configured, strong encryption via TLS 1.1 or
higher platform to ensure the data security and protection. Reasonable security controls are in place that includes people, process and technology that has been implemented to secure the location. Controls to protect the location includes access control, CCTV, restricted printing of any documents, access to the technology provided only on a ‘need to know’ and role-based access control to the tools.
9. Documents & Records and their retention period
Destroyed within 6 months 7 years
A written request needs to be sent to firstname.lastname@example.org or through mail to the address: US Tech Solutions Inc. 10 Exchange Place, STE 1710, Jersey City, New Jersey 07302 and upon confirmation of the identity of the requestor, the data will be deleted in our database within 30 days from the date of request.
11.Access and Updating of Information
Candidates have the right to review their information and seek modification during the course of their employment or candidature with the Company. A written request needs to be sent to email@example.com or through mail to the address US Tech Solutions Inc. 10 Exchange Place, STE 1710, Jersey City, New Jersey 07302 and upon confirmation of the identity of the requestor, the data will be updated in our database within 30 days from the date of request.
12.What do we with information when an employee leaves the organization?
Documents and PII of the employees or personnel who leave the Company are stored as per the legal and statutory standards or requirements that are governed by the law.
We have a management system in place to secure all information and enforcement of the protection of the privacy of every individual employed or partnered with the Company.
14.Data privacy, protection and risk mitigation
In the unforeseen event of data breach and the data of any employee / personnel is compromised or is at risk of being distributed outside the authorized individuals, all personnel are required to inform the designated ISMS manager along with the Human Resources Manager immediately.
ISMS Manager and Human Resources Managers are required to take necessary steps to protect the data as much as possible with the help of technology and other authorized personnel. If it is not possible to recover the situation, ISMS Manager and Human Resources Manager will inform the senior management for immediate actions and informing the personnel whose data is compromised and data security authorities. ISMS Manger will in-turn review the complete situation including doing a thorough root cause analysis of the situation and will put together a risk mitigation plan for senior managements’ review and approval.
If you have any questions or complaints about the Terms or the Policy, or if you would like to update any personal information you have provided to us, please contact us at:
US Tech Solutions Inc.
10 Exchange Place, STE 1710 Jersey City, New Jersey 07302
Please note that e-mail communications will not necessarily be secure; accordingly, you should not include credit card information or other sensitive information in your e-mail correspondence with us.
Our policy review happens twice a year with multiple levels of approvals to ensure the organization is up to date with the changes in the law, technology and industry best practices.