menu

Privacy policy

 
 
PREAMBLE
 
Article 1.  Parties to this Act
 
Between:
 
 1° The simplified joint stock company BA&SH, with a capital of €1,000,000, registered in the Paris Trade and Companies Register under number 449 158 898, whose registered office is located at 67 Avenue Raymond Poincaré 75016 Paris, France, and whose VAT number is FR42449158898.
 
Hereinafter referred to as the “Controller”.  
 
On the one hand,
 
And
 
2° Any individual browsing the Data Controller's website;
 
Hereinafter referred to as the « Subject »,
 
On the other hand,
 
It was stated and agreed as follows:
 
Article 2.  Object
 
This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller.
 
The purpose of this Privacy Policy is to provide information on how the Controller collects and processes some of the personal data relating to the Subject (hereinafter the "Data"), in accordance with the applicable laws and in particular European Regulation No 2016/679 and French Law No 78-17 (hereinafter the "Legislation"), in connection with the use of the website www.talents.ba-sh.com (hereinafter the "Site") by the Subject.
 
This Privacy Policy is part of the Controller's Legal Notice / General Terms and Conditions of Use[CB-A1] .
 
Article 3.  Definitions
 
-          Supervisory authority refers to the Commission nationale de l'informatique et des libertés (CNIL), the French independent public authority for the regulation of data protection;
 
-          Consent refers to any free, specific, enlightened and unambiguous expression of will by which the Subject accepts, by a declaration or by a clear positive act, that Data relating to him/her may be processed by the Controller.
 
-          Cookie refers to a file used to track the browsing of the Subject on the Site.
 
-          Recipient means any individual or legal entity, public authority, department or other organization that receives communication of the Data, whether or not it is a Third Party. However, public authorities likely to receive communication of the Data, in particular in the context of a fact-finding mission, shall not be considered as Recipients within the meaning of this definition.
 
-          Data refers to any information relating to the Subject.
 
-          DPO refers to the Data Protection Officer of the Controller, namely BA&SH DPO, 67 Avenue Raymond Poincaré - 75016 Paris, dpo@ba-sh.com, in charge of assisting the Subject in the exercise of his or her rights to the Data. 
 
-          File refers to any structured set of Data accessible according to specific criteria, whether it is centralized, decentralized or distributed in a functional or geographical manner.
 
-          Legislation refers to any law and regulation relating to data protection, and in particular European Regulation No. 2016/679 and French Law No. 78-17.
 
-          Browsing refers to the consultation and review on the Site by the Subject.
 
-          Subject refers to any individual who browses the Site, provided that he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
 
-          Pseudonymisation refers to the processing of Data in such a way that it can no longer be attributed to the Subject without the use of additional information.
 
-          Controller refers to the simplified joint stock company BA&SH, with a capital of €1,000,000, registered in the Paris Trade and Companies Register under number 449 158 898, whose registered office is located at 67 Avenue Raymond Poincaré 75016 Paris, France, and whose VAT number is FR42449158898, which alone or jointly with others, determines the purposes and means of the Processing.
 
-          Site refers to the infrastructure developed by the Controller in accordance with the computer formats that can be used on the Internet, including data of various kinds, and in particular texts, sounds, still or moving images, videos, databases, intended to be consulted by the Subject to find, book, order and/or purchase Products (www.talents.ba-sh-.com).
 
-          Subcontractor refers to any individual or legal entity, public authority, department other than the Controller who processes the Data on behalf of the Controller.
 
-          Third Party refers to any individual or legal entity, public authority, department or other body other than the Controller, Subcontractor and persons who, under the direct authority of the Controller or Subcontractor, are authorised to process the Data.
 
-          Processing refers to any operation or set of operations performed or not performed using automated processes and applied to the Data or sets of Data, such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, distributing or otherwise making available, matching or interconnecting, limiting, deleting or destroying.
 
 

 

CONVENTION

 

Article 4.  Principles relating to Processing

 

In accordance with the Legislation, the Controller undertakes to respect the following principles for each Processing:

 

  • Lawfulness;
  • Fairness;
  • Transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity;
  • Confidentiality;
  • Accountability.

 

Article 5.  Data processed

 

In the frame of Browsing, the Controller is required to collect and process a certain number of Data, and in particular:
 
  • Personal information (name, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the candidate account and to the Controller Newsletter, messages exchanged with the Controller, CV, CV, motivation letter, professional experience) ;
  • Technical information (Browsing behaviour on the Site, IP address, products added to the cart, collection of Consent).
 

Article 6.  Context of the Processing

 

The Data may be collected and processed by the Controller on various occasions, including:

 

  • Online application;
  • Contact with the Controller;
  • Subscription to the newsletter;
  • Creating a candidate account;
  • Browsing on the Site.

 

Article 7.  Detail of the Processing

 

Purpose of the Processing

Personal Data

Legal basis

Retention period

 

 

 

Application management

 

 

First name, last name, email address, postal address, telephone number, resume, cover letter, application date.

 

 

 

Contract and legitimate interest of the Controller in retaining the history of applications

 

 

2 years from the application date

 

 

 

Creation and management of candidate accounts

 

First name, last name, email address, postal address, telephone number, date of creation of the candidate account, application history, resume, cover letter, messages exchanged with the Data Controller, collection of consent

 

 

 

 

 

Consent of the Subject

 

 

3 years from the last connection of the Subject to his/her candidate account OR 3 years from the deletion of his/her candidate account

 

 

 

Newsletter management

 

 

 

Email adress

 

 

Consent of the Subject

 

 

At unsubscription

 

 

 

Securing and improving the Site

 

 

 

 

IP Address, Browsing Personal Data

 

Legitimate interest of the Data Controller in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts

 

 

 

 

13 months

 

Site statistics and personalized advertising

 

 

 

IP address, Browsing Personal Data, collection of Consent

 

 

 

Consent of the Data Subject

 

 

13 months

 

The Controller reserves the right to anonymise the Data processed before deleting it.

 

The anonymised data may then be processed for statistical purposes.

 

Article 8.  Recipient

 

As a matter of principle, the Controller is the sole Recipient of the Data.
 
However, the Controller may transfer the Data to Recipients, in particular in the context of the management of applications, and/or to any public authority that so requests, in particular in the context of an investigation mission.
 
The following Recipients may process the Data, as Processor, on behalf of the Controller:
 

SendinBlue

Simplified joint stock company with a capital of 245,606€

55 Rue d’Amsterdam – 75008 PARIS - FRANCE

RCS Paris 498 019 298

 

Agitel Groupe

Simplified joint stock company with a capital of 10,000€

8 rue Saint Ambroise 75011 PARIS - FRANCE

RCS Paris 521 506 055

01 40 09 97 47

 

This list of the Controller's Processors is subject to change at any time.

 

The Controller undertakes to require its Processors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the Processing complies with legal and regulatory requirements and guarantees the protection of the Subject's rights, in particular in the event of transfer of the Data outside the European Union.

 

In addition, the Controller may share the Data with any Recipient or Third Party for Processing when a legal obligation to do so is in force or when the Controller considers in good faith that this is necessary in order to:

 

  • Respond to any claim against him;
  • Comply with the requirements of the judiciary and/or administrative order and/or the Supervisory Authority;
  • Enforce any contract to which the Subject is a party;
  • Safeguard the vital interests of any individual;
  • The performance of a public interest mission.

 

In the event of the purchase of the Controller by a Third Party, the Controller reserves the right to share the Data with the Third-Party purchaser, subject to compliance with this Privacy Policy by such Third Party.

 

Article 9.  Subject rights

 

The Data Subject has a number of rights over the Personal Data that he or she can exercise, unless there is an applicable legal exception, by submitting a request to the DPO at the following address:

 

BA&SH DPO

67 Avenue Raymond Poincaré – 75016 Paris

FRANCE

dpo@ba-sh.com  

 

The DPO will assist the Subject in the exercise of his or her rights over the Data before the Controller.

 

In case of reasonable doubt regarding the identity of the Subject exercising his or her rights over the Data, the DPO may request a copy of an official identity document in support of the request.

 

Requests will be processed as soon as possible and at the latest in accordance with the deadlines set by the Legislation.

 

Article 9.1. Right of access

 

The Subject shall have the right to obtain from the Controller confirmation as to whether or not Data concerning him or her is being processed, and, where that is the case, access to the Data and the following information:

             

  • The purposes of the Processing;
  • The categories of Data concerned;
  • The Recipients or categories of Recipient to whom the Data have been or will be disclosed, in particular Recipients in third countries or international organisations; 
  • Where possible, the foreseeable period for which the Data will be stored, or, if not possible, the criteria used to determine this period;
  • The existence of the right to request from the Controller rectification or deletion of Data or restriction of processing of Data concerning the Subject or to object to such processing;
  • The right to lodge a complaint with the Supervisory Authority;
  • Where the Data is not collected from the Subject, any available information as to its source;
  • The existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the foreseeable consequences of such Processing for the Subject.

 

The Controller shall provide a copy of the Data being processed and reserves the right, in return for providing such a copy, to pay a reasonable fee based on the administrative costs for any additional copy requested by the Subject.

 

Article 9.2. Right of rectification and erasure

 

The Subject has the right to obtain from the Controller the rectification and/or deletion of inaccurate or obsolete Data as quickly as possible, unless otherwise hindered by a situation that prevents the exercise of this right, and in particular:

 

  • The exercise of the freedom of expression and information;
  • Compliance with a legal obligation;
  • Public interest in the area of public health, archives, scientific or historical or statistical research;
  • The establishment, exercise or defence of legal rights.

 

Article 9.3. Right to object

 

The Subject has the right to object at any time, for reasons relating to his or her particular situation, to Data Processing based on the performance of a task in the public interest or the necessity of the legitimate interest of the Controller.

 

The Controller then undertakes not to further process the Data, unless it can be demonstrated that there are legitimate and compelling reasons for the Processing that prevail over the interests and rights and freedoms of the Subject, or for the establishment, exercise or defence of legal rights.

 

In addition, the Subject has the right to object at any time to the Data Processing carried out for the purpose of prospecting by the Controller, insofar as the Subject is linked to such prospecting.

 

Finally, when Data is processed for scientific or historical research purposes or for statistical purposes, the Subject has the right to object, for reasons relating to his or her particular situation, to the processing of the Data, unless the Processing is required for the performance of a public interest task.

 

Article 9.4. Right to restriction

 

The Subject has the right to obtain from the Controller restriction of Processing where one of the following applies:

 

  • The accuracy of the Data is challenged by the Subject, for a period enabling the Controller to verify the accuracy of the Data;
  • The Processing is unlawful, and the Subject opposes the deletion of the Data and requests the restriction of its use instead;
  • The Controller no longer needs the Data for the purposes of the Processing, but it is required by the Subject for the establishment, exercise or defence of legal claims;
  • The Subject has objected to Processing pending the verification of whether the legitimate grounds of the Controller override those of the Subject.

 

The Subject who has obtained restriction of Processing shall be informed by the Controller before the restriction of Processing is lifted.

 

Article 9.5. Right to portability

 

The Subject shall have the right to receive the Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit this Data to another controller without hindrance from the Controller, where:

 

  • The Processing is based on the Consent of the Subject or on the performance of a contract to which the Subject is a party;
  • The Processing is carried out using automated processes.

 

The Subject, when exercising his or her right to the portability of the Data, has the right to have the Data transmitted directly from the Controller to another controller, when this is technically possible.

 

Article 9.6. Right to file a complaint to the Supervisory Authority

 

The Subject has the right to file a complaint before the Supervisory Authority if he/she considers that he/she is the subject of unlawful Data Processing by the Controller.

 

Article 9.7. Right to define guidelines on the future state of the Data

 

The Subject has the right to define guidelines on the future state of the Data after his death to the Controller who will use all his technical means to ensure that this will be respected.

 

Article 10.  Data security

 

The Controller shall take appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether such actions are voluntary or accidental.

 

These technical and organizational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the IT systems where the Files are stored.

 

In order to secure the Subject’ Browsing, the Site is encrypted SSL (Secure Socket Layer).

 

Article 11.  Amendment of the Privacy Policy

 

The Controller reserves the right to amend this Privacy Policy from time to time, in particular the list of Recipients set out in Article 8. 

 

In the event of a material change to this Privacy Policy, the Subject will be informed personally of the new Privacy Policy.

 

The Subject is advised to consult this Privacy Policy regularly to be aware of any changes to it.

 

The Data Subject may send questions about this Privacy Policy to the DPO at the following address:: BA&SH DPO 67 Avenue Raymond Poincaré – 75016 Paris- FRANCE, dpo@ba-sh.com.

 

Article 12.  Invalidity of the Privacy Policy

 

If any provision of this Privacy Policy shall be deemed invalid under any applicable law or court decision that has been made final, it shall be deemed unwritten, without invalidating the entire Privacy Policy or altering the validity of any other provisions of this Privacy Policy.

 

Article 13.  Cookies management

 

When Browsing the Site, the Subject is required to consent to the installation of Cookies on his or her computer terminal.

 

Cookies generally record information relating to Browsing (pages viewed, date and time of viewing, etc.), which may be retrieved during the Subject's subsequent Browsing with transmission of the Data to the Controller. The installation of these Cookies requires the Consent of the Subject.

 

Some Cookies are essential to the proper functioning of the Site and do not require the Consent of the Subject before installation, we refer to them as functional Cookies.

 

In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months from their installation if the Subject does not renew his/her Consent before the expiration of this period. 

 

The Subject may refuse to give his Consent to the installation of non-functional Cookies, withdraw his Consent and/or set the Cookies at any time by using the Controller's Cookies manager below or by configuring his browser himself as follows:

 

For Mozilla Firefox:

- Choose the "tool" menu then "Options".

- Click on the "privacy" icon

- Locate the "cookie" menu and select the options that suit you

 

For Microsoft Internet Explorer 6.0:

- Select the "Tools" menu, then "Internet Options".

- Click on the "Confidentiality" tab

- Select the desired level with the cursor.

 

For Microsoft Internet Explorer 5:

- Choose the "Tools" menu, then "Internet Options".

- Click on the "Privacy" tab

- Customize the level" with the cursor

 

For Netscape 6.X and 7. X:

- Choose the "Edit"> "Preferences" menu

- Confidentiality and Security

- Cookies

             

For Opera 6.0 and beyond:

- Choose the "File" menu > "Preferences"

- Privacy Policy

 

You want to join ba&sh ? Discover all our job offers !

Join the adventure

X By continuing to browse this site, you accept the use of cookies to provide you with a better service. To learn more and set these cookies. Click here