Code of Conduct
This Code of Conduct (“Code”) highlights the standards of our business ethics and practices which are required to be observed in all business transactions. Ethics and Compliance are critical to everyone’s business and all Employees of NTL (“Employees”) shall respect and adhere to the Code, in case of any possible violation, report such violation to the Legal Service Organization (LSO) of the Company.
We believe our most important strength is our employees. We seek to provide a work environment where all employees have the opportunity to reach their full potential and contribute to the Company’s success. We emphasize personal integrity and believe long- term results are the best measure of an employee’s performance.
The Company respects the human rights and dignity of all employees. We endeavor to treat our employees fairly and honestly. We strive to maintain a safe, secure and healthy workplace and it is against our policy to use forced or child labor. We also strive to follow all applicable laws and regulations.
Every employee shall be responsible for the implementation of and compliance with this Code and failure to adhere to the Code could attract the penal consequences including termination of employment.
In case any employee notices or is informed of violation of any Law or this Code, Company’s policy or any fraudulent act w.r.t. shareholders, government or financial market or any act of mismanagement of Company’s resources and business, such employee must promptly report to (in the order of the gravity of the act and independence of such person being reported to):
- Immediate supervisor; or
- Company’s Legal Counsel; or
- Audit Committee of the Board of Directors.
This Code may be updated from time to time.
II. Corporate Mission
NIIT Technologies Limited including its affiliates (“NTL”) is poised to enable individuals and enterprises worldwide, achieve greater success by providing knowledge, skills, solutions and services through pioneering efforts and usage of appropriate technology. NTL remains committed in all its actions to benefit the economic development of the countries in which it operates. NTL shall conduct its business affairs in accordance with the economic development and foreign policies, objectives and priorities of the nation's government, and shall strive to make a positive contribution to the achievement of such goals across the various jurisdictions that it operates.
III. Responsibilities towards the Company and stakeholders Corporate Citizenship
NTL is committed to be a good corporate citizen, not only in relation to the compliance with all relevant laws and regulations, but also by actively assisting its affiliates in the improvement of the quality of life of the people in the communities in which it operates.
Financial Reporting and Records
NTL shall prepare and maintain its accounts fairly and accurately in accordance with the accounting and financial reporting standards which represent the generally accepted guidelines, principles, standards, laws and regulations of the country in which the company conducts its business affairs.
NTL shall be committed to enhance shareholders’ value and comply with all regulations and laws that govern shareholders' rights. The Board shall duly and fairly inform its shareholders about all relevant aspects of the company's business, and disclose all such information in accordance with the respective regulations and laws.
Every employee of NTL shall, in his or her business conduct, comply with all applicable laws and regulations, both in letter and in spirit, in all the territories in which he or she operates. If the ethical and professional standards set out in the applicable laws and regulations are below that of the Code, then the standards of the Code shall prevail.
Equal Opportunities Employer
NTL shall provide equal opportunities to all its employees and all qualified applicants for employment, without regard or bias to their race, caste, religion, color, ancestry, marital status, sex, age, nationality, disability and veteran status. All employees shall be treated with dignity and in accordance with its policy to maintain a safe work environment free of any sort of harassment, whether physical, verbal or psychological. All employees shall be governed by policies and practices that ensure that in all matters equal opportunity is provided to those eligible and the decisions are merit-based.
All employees of NTL, including whole-time directors and the managing director shall, deal in a professional and honest manner with high moral and ethical standards. Such conduct shall be fair and transparent.
In consideration of employment with the Company, all employees of NTL are expected to devote full attention to the business interests of the Company. An employee shall not, without the prior approval of the managing director of the company, accept employment or a position of responsibility (such as a consultant or a director) with any other company, nor provide ‘freelance’ services to anyone or similar position which may be prejudicial to the interest of the Company . In case of a whole-time director or the managing director, such prior approval must be obtained from the Board.
Conflict of Interest
An employee of NTL shall not engage in any business, relationship or activity which might detrimentally conflict with the interest of his or her company or the group. A conflict of interest, actual or potential, may arise where, directly or indirectly:
- An employee engages in a business, relationship or activity with anyone who is party to a transaction with his or her company;
- An employee is in a position to derive a personal benefit or a benefit to any of his or her relatives by making or influencing decisions relating to any transaction;
- An independent judgment of the company's or group's best interest cannot be exercised.
Notwithstanding that such or other instances of conflict of interest exist due to any reason, adequate and full disclosure by the interested employees should be made to the company's management. It is also incumbent upon every such employee to make a full disclosure of any interest which the employee, may have in a company or firm which is a supplier, customer, distributor of or has other business dealings with his company.
Securities Transactions and Confidential Information
An employee of NTL and his or her immediate family shall not derive any benefit, or assist others to derive any benefit from the access to and possession of information about the company or the group, which is not in the public domain and thus constitutes insider information.
An Employee shall not use or proliferate information which is not available to the investing public and which therefore constitutes insider information for making or giving advice on investment decisions on the securities of the respective NTL Group Company on which such insider information has been obtained.
Such insider information might include the following:
- Acquisition and divestiture of businesses or business units;
- Financial information such as profits, earnings and dividends;
- Announcement of new product introductions or developments;
- Asset revaluations;
- Investment decisions/plans;
- Restructuring plans;
- Major supply and delivery agreements;
- Raising finances.
The Employees shall always protect and hold confidential Company’s proprietary information, trade secret, products, architectures, source codes, project plans, names and list of customers and including but not limited to financial information, shall not take information of competitors in an unethical manner.
Protecting Company Assets
The assets of NTL should not be misused but employed for the purpose for which they are duly authorized. These include tangible assets such as equipment and machinery, systems, facilities, materials, resources as well as intangible assets such as proprietary information, relationships with customers and suppliers, etc.
Integrity of Data Furnished
Employees shall ensure, at all times, the integrity of data or information furnished by him or her to the company.
NIIT shall be committed to and support a functioning democratic constitution and system with a transparent and fair electoral system in India. It will fully comply with all local, state and federal or foreign laws and regulations regarding political contribution.
IV. Responsibilities to the Employees, Customers and Vendors
NTL and entities respects the personal information of employees. NTL and its authorized entities / individuals collect and maintain personal information about employees, such as employment, medical, educational, family, travel, financial data, and other personal history. NTL will maintain the confidentiality of such information about its former and existing employees; access to such information will be restricted to people who need to know that information. Employees who have access to personal information have the added responsibility of ensuring the confidentiality of all such information. The disclosure of such information is to be made only in accordance with NTL policies, and where there is a genuine business or legal requirement to do so. Personal information of employees is secured with high degree of controls, including technical and organizational security measures.
However, this privacy protection does not apply to an employee’s own personal information stored by self on NTL devices or in office files. NTL also has the right to monitor an employee’s use of his / her equipment and systems – telephones, emails, internet, computers, fax machines, etc. This applies to all NTL-owned devices in the workplace and other locations. Mobile devices like – iPad, Tablets etc. NTL understand its responsibility to appraise and acquaint all individuals working for NTL anywhere in the world and at all levels and grades, including but not limited to officers, directors, employees, consultants, or any other persons associated with NTL or any of its subsidiaries or their employees. Proper data protection awareness training programs are provided to keep them abreast of relevant legislation and guidance regarding the processing of personal data / information.
Quality of Products and Service
Company and Employees shall be committed to supply goods and services of the highest quality & international standards, backed by efficient after-sales service consistent with the requirements of the customers to ensure their total satisfaction.
Employees shall conduct business in such a manner that it creates value for the customers and builds a relationship based upon trust and goodwill. All employees, agents and contractors must act to preserve such goodwill and enhance Company’s as well as the Group’s reputation.
Company and Employees shall fully make every effort for the establishment and support of a competitive, open market economy in India and abroad and shall cooperate in the efforts to promote liberalization of trade and investment.
Company and employees shall comply fully with all applicable laws and regulations and to adhere to high ethical and legal standards of business practices.The Company will ensure that the disclosures we make in reports and documents that we submit to various Government / Statutory authorities and in other public communications are full, fair, accurate, timely and understandable.
Gifts and Donations
Under no circumstances, the Employees, agents or contractors offer, make, directly or indirectly, any illegal payments, promise to pay, remuneration, gifts, donations or comparable benefits which are intended to or perceived to influence any business decision or uncompetitive favors for the conduct of its business or any act or failure to act or any commitment of fraud, or opportunity for the commitment of any fraud. However, NTL and its employees may accept and offer inexpensive gifts, infrequent business meals or celebratory events, which are customarily given and are of a commemorative nature, for special events.
V. Commitment towards Data Protection Regulation
Compliance with Data Protection Laws
NTL ensures that
- Proper procedures for the processing and management of personal data are in place and reviewed on regular intervals (Twice in a year).
- Data collectors within the organization have specific knowledge about data protection, compliance, and data subjects have right to information, which is precise, concise and easy to comprehend.
- A better and supportive environment is in place and personal data processing best practices are adopted in which purpose, period and category of processing is defined.
- Employees understand the process of managing personal data and the responsibilities associated with it
- Personal data is processed in accordance with data protection principles to keep data secure and safe from unauthorized access, alteration, use, or loss
- Other organizations with whom personal data needs to be shared or transferred meet compliance are traceable and auditable.
NTL’s Rights and Obligations
NTL reserves the right to collect, process, store, transfer, and retain the personal information of employees in the following manner:
- Collection: NTL collects employees’ personal information at the time of joining and during their employment with the organization. The information includes personal identifiable information (such as name, middle name, last name, email address, family data, educational data, financial data, employment data, and health data and travel documents) that NTL collects for its legitimate business purpose.
- Processing: NTL processes employees’ personal and family information for the purpose of facilitating employment benefits (processing salaries, salary slips, appraisal letters, investment declaration, tax deduction benefits, health & insurance benefits, and other payroll activities) as well as for other administrative purposes. The data will be processed in accordance with the terms agreed under the employment contract or informed during employment and as required by law.
- Monitoring: NTL reserves the right to monitor email communication, internet usage, telephone calls, and security checks within the organization to ensure compliance with personal data protection laws.
- Sharing / Transfer:Employees’ personal data shall be shared between NTL entities and / or with third parties having contractual relationships with NTL for the purpose of providing employment benefits, performing background checks, legal & statutory requirements and other administrative activities.
- Retention of records:NTL shall retain the personal data of employees during their employment and after the cessation of the employment contract for a defined period as mentioned in retention policy and as per applicable laws of the jurisdictions where NTL entities are located.
NTL’s Responsibility and Commitment as a Data controller and Processor
Fair and transparent data processing: NTL has set out rules for handling and processing personal information in accordance with data protection laws. Employees’ personal information shall be processed for specified explicit and legitimate business purpose and may not be processed further in a way incompatible with law. Employee personal data shall be processed lawfully, fairly, and in a transparent manner.
Purpose of processing: NTL understands and accepts its obligation to ensure that personal data is collected for specified, explicit, and legitimate purposes and that the data is not further processed in a manner incompatible with the defined purposes. Every reasonable step must be taken to ensure that any inaccurate personal data, with regard to the purposes for which it is processed, is erased or rectified without delay. NTL collects minimum personal information from employees for facilitating employment-related benefits.
Storage of personal information: NTL keeps personal information in a form that permits identification of employees for no longer than is necessary for the purposes for which the personal information is processed, subject to the contract entered into with employees or consent obtained.
Security of personal information: NTL processes personal information in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
NTL has adopted the required possible technical, organizational, and administrative security measures to ensure that the data is kept secured and is not disclosed – whether electronically, verbally, or in writing – to any unauthorized person, taking into account the type of information, the risk of breach associated, and the harm that may result from such a breach.
Information about the technical measures adopted to safeguard employees’ personal data is given in NTL’s “Data Protection Policy”.
Communication with employees: NTL apprises all employees and acquaints them with the intended use of their personal data. NTL ensures that employees are informed and aware of the following details with the help of employment contract, policies, handbooks, etc.
- The identity and the contact details of the controller or its representative
- The contact details of the data protection officer
- The purposes of the processing/updating/correcting/rectifying inaccurate datasets.
- The legal basis for the processing
- Where the processing is based on a legitimate interest, details must be provided
- The recipients or categories of recipients of the personal data
- Details of third country transfers (if any)
- Retention of personal data
- Portability/Erasure of data based on data subject legitimate rights
- Information about notification of breach / violation of data protection laws
Protection of Children’s Personal Data
NTL ensures that (where applicable) when services are offered directly to a child, the privacy notice is written in a clear, plain manner that the child will understand it.
Appointment of Data Protection Officer
NTL has appointed a data protection officer (DPO) to act as a central person, advising the company on compliance with the General Data Protection Regulation (GDPR). Details of the DPO are available on the NTL website. NTL’s DPO is responsible for overseeing the data protection strategy as well as its implementation to ensure compliance with the data protection requirements. The DPO is also a contact person for Supervisory Authorities (SAs) for communication and notification of personal data breaches, audit reports, results of privacy impact assessments, etc.
Data Protection Impact Assessment
All high-risk processes at NTL are subject to a privacy impact assessment, which is conducted within the organization, group entities, etc., to identify and reduce risks.
- Data protection audit and compliance verification: NTL conducts internal audits on a regular basis or whenever required by law. NTL agrees to provide a right of external audit to data protection authorities upon their request to verify compliance with applicable data protection legislation
- ISO 27001 internal audits: NTL conducts regular internal audits across the organization as well as in specific departments to ensure physical, logical, and information security standards are being followed as per ISO27001: 2013 standards.
- External audits: NTL undergoes external audits on an annual basis, as part of its continued compliance to ISO 27001 certification requirements.
Personal Data Breach Notification
A personal data breach refers to a security breach that leads to loss, altercation, unauthorized disclosure, or access to personal data. Any breach of data protection laws will be considered an offence. Violation / Any suspected breach with respect to these laws should be reported to the DPO via email at (firstname.lastname@example.org) or through the incident reporting mechanism available on iNIITian portal. Wherever applicable, under breach notification laws and regulations, NTL may notify the Data Protection Authority/Supervisory Authority and/or Data Subjects about the Privacy Breach, unless exempted.
With regard to applicable data protection laws, data subjects (employees) are entitled to the below mentioned rights at NTL:
- Right to be informed: Employees whose personal data is obtained, processed, stored, and shared are entitled to know that NTL holds their personal data as well as the purpose for which such data will be processed.
- Right to Access, Rectify, Erase, and Freeze: Employees have the right to access their personal information that the company holds and can ask NTL to “delete, freeze, or correct” such data. Employees can get their personal data deleted when it is no longer necessary to be processed or when it has been unlawfully processed. They can also require it to be frozen (i.e., prevent further processing of their data) where the processing is unlawful or when the employee contests the accuracy of the data.
- Right to Object to Data Processing: Employees have the right to object to / restrict the processing of their personal data, including profiling of personal data for any purpose considered to be illicit or about which they have not been informed at the time the information was collected from them. NTL reserves the right to reject such requests if they affect NTL’s business purposes. Also, employees shall note that the request raised for objection / restriction processing shall in no manner obstruct the day-to-day business activities or disrupt the disciplinary procedures of NTL.
- Right to Object to Data Sharing: Employees have the right to object to the sharing of their personal data with cross-border NTL entities or a third party having contractual relationships with NTL for any purpose not defined or consented to. Employees can obtain their data when required or provide it to a third party, or they can ask NTL to transfer it to a third party.
- Right to Lodge Complaint and Obtain Redressal: Violation with respect to these laws should be reported to the company’s DPO via an email (privacy@NTL-tech.com) or through the incident reporting mechanism available on iNIITian portal. Further, employees have a right to lodge a complaint to the relevant supervisory authority in case of any breach of data protection laws and claim compensation if they suffer as a result of the breach.
Reporting Violation of Code
Every employee and representative has a duty to adhere to this Code and all existing policies and procedures of NTL, and to report any suspected violations in accordance with the procedure stated in the Whistleblower Policy. Employees and representatives must adhere to the letter and spirit of the Code. It is reiterated that this Code is not intended to be totally comprehensive, and NTL relies on its employees and representatives to exercise discretion and engage in ethical conduct consistent with this Code.
Violation of / Non-compliance with this Code may subject the violator to individual criminal or civil liability (including penalties, fines, etc.), as well as to strict disciplinary action by NTL (including dismissal). Disciplinary action may also be taken for authorizing or participating in a violation, knowingly failing to report a violation or suspected violation, refusing to cooperate with the investigation of a suspected violation, and retaliating against an individual who reported a suspected violation in good faith.
Any complaint / concern / incident / violation / non-compliance should be reported to the Disciplinary Committee
NIIT has established global privacy standards known as Binding Corporate Rules (BCRs). They are its commitment to protect Data Subject’s personal information and honor its privacy obligations regardless of where its personal information is collected, processed or retained within NIIT.
NIIT BCRs are in place to assure Data subjects that its personal information everywhere in the NIIT will be treated according to International Privacy standards.