Privacy policy
CONVENTION
Article 4. Principles relating to Processing
In accordance with the Legislation, the Controller undertakes to respect the following principles for each Processing:
Article 5. Data processed
Article 6. Context of the Processing
The Data may be collected and processed by the Controller on various occasions, including:
Article 7. Detail of the Processing
Purpose of the Processing |
Personal Data |
Legal basis |
Retention period |
Application management |
First name, last name, email address, postal address, telephone number, resume, cover letter, application date.
|
Contract and legitimate interest of the Controller in retaining the history of applications |
2 years from the application date |
Creation and management of candidate accounts |
First name, last name, email address, postal address, telephone number, date of creation of the candidate account, application history, resume, cover letter, messages exchanged with the Data Controller, collection of consent
|
Consent of the Subject |
3 years from the last connection of the Subject to his/her candidate account OR 3 years from the deletion of his/her candidate account
|
Newsletter management
|
Email adress |
Consent of the Subject |
At unsubscription |
Securing and improving the Site |
IP Address, Browsing Personal Data |
Legitimate interest of the Data Controller in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts
|
13 months |
Site statistics and personalized advertising
|
IP address, Browsing Personal Data, collection of Consent
|
Consent of the Data Subject |
13 months |
The Controller reserves the right to anonymise the Data processed before deleting it.
The anonymised data may then be processed for statistical purposes.
Article 8. Recipient
SendinBlue
Simplified joint stock company with a capital of 245,606€
55 Rue d’Amsterdam – 75008 PARIS - FRANCE
RCS Paris 498 019 298
Agitel Groupe
Simplified joint stock company with a capital of 10,000€
8 rue Saint Ambroise 75011 PARIS - FRANCE
RCS Paris 521 506 055
01 40 09 97 47
This list of the Controller's Processors is subject to change at any time.
The Controller undertakes to require its Processors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the Processing complies with legal and regulatory requirements and guarantees the protection of the Subject's rights, in particular in the event of transfer of the Data outside the European Union.
In addition, the Controller may share the Data with any Recipient or Third Party for Processing when a legal obligation to do so is in force or when the Controller considers in good faith that this is necessary in order to:
In the event of the purchase of the Controller by a Third Party, the Controller reserves the right to share the Data with the Third-Party purchaser, subject to compliance with this Privacy Policy by such Third Party.
Article 9. Subject rights
The Data Subject has a number of rights over the Personal Data that he or she can exercise, unless there is an applicable legal exception, by submitting a request to the DPO at the following address:
BA&SH DPO
67 Avenue Raymond Poincaré – 75016 Paris
FRANCE
The DPO will assist the Subject in the exercise of his or her rights over the Data before the Controller.
In case of reasonable doubt regarding the identity of the Subject exercising his or her rights over the Data, the DPO may request a copy of an official identity document in support of the request.
Requests will be processed as soon as possible and at the latest in accordance with the deadlines set by the Legislation.
Article 9.1. Right of access
The Subject shall have the right to obtain from the Controller confirmation as to whether or not Data concerning him or her is being processed, and, where that is the case, access to the Data and the following information:
The Controller shall provide a copy of the Data being processed and reserves the right, in return for providing such a copy, to pay a reasonable fee based on the administrative costs for any additional copy requested by the Subject.
Article 9.2. Right of rectification and erasure
The Subject has the right to obtain from the Controller the rectification and/or deletion of inaccurate or obsolete Data as quickly as possible, unless otherwise hindered by a situation that prevents the exercise of this right, and in particular:
Article 9.3. Right to object
The Subject has the right to object at any time, for reasons relating to his or her particular situation, to Data Processing based on the performance of a task in the public interest or the necessity of the legitimate interest of the Controller.
The Controller then undertakes not to further process the Data, unless it can be demonstrated that there are legitimate and compelling reasons for the Processing that prevail over the interests and rights and freedoms of the Subject, or for the establishment, exercise or defence of legal rights.
In addition, the Subject has the right to object at any time to the Data Processing carried out for the purpose of prospecting by the Controller, insofar as the Subject is linked to such prospecting.
Finally, when Data is processed for scientific or historical research purposes or for statistical purposes, the Subject has the right to object, for reasons relating to his or her particular situation, to the processing of the Data, unless the Processing is required for the performance of a public interest task.
Article 9.4. Right to restriction
The Subject has the right to obtain from the Controller restriction of Processing where one of the following applies:
The Subject who has obtained restriction of Processing shall be informed by the Controller before the restriction of Processing is lifted.
Article 9.5. Right to portability
The Subject shall have the right to receive the Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit this Data to another controller without hindrance from the Controller, where:
The Subject, when exercising his or her right to the portability of the Data, has the right to have the Data transmitted directly from the Controller to another controller, when this is technically possible.
Article 9.6. Right to file a complaint to the Supervisory Authority
The Subject has the right to file a complaint before the Supervisory Authority if he/she considers that he/she is the subject of unlawful Data Processing by the Controller.
Article 9.7. Right to define guidelines on the future state of the Data
The Subject has the right to define guidelines on the future state of the Data after his death to the Controller who will use all his technical means to ensure that this will be respected.
Article 10. Data security
The Controller shall take appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether such actions are voluntary or accidental.
These technical and organizational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the IT systems where the Files are stored.
In order to secure the Subject’ Browsing, the Site is encrypted SSL (Secure Socket Layer).
Article 11. Amendment of the Privacy Policy
The Controller reserves the right to amend this Privacy Policy from time to time, in particular the list of Recipients set out in Article 8.
In the event of a material change to this Privacy Policy, the Subject will be informed personally of the new Privacy Policy.
The Subject is advised to consult this Privacy Policy regularly to be aware of any changes to it.
The Data Subject may send questions about this Privacy Policy to the DPO at the following address:: BA&SH DPO 67 Avenue Raymond Poincaré – 75016 Paris- FRANCE, dpo@ba-sh.com.
Article 12. Invalidity of the Privacy Policy
If any provision of this Privacy Policy shall be deemed invalid under any applicable law or court decision that has been made final, it shall be deemed unwritten, without invalidating the entire Privacy Policy or altering the validity of any other provisions of this Privacy Policy.
Article 13. Cookies management
When Browsing the Site, the Subject is required to consent to the installation of Cookies on his or her computer terminal.
Cookies generally record information relating to Browsing (pages viewed, date and time of viewing, etc.), which may be retrieved during the Subject's subsequent Browsing with transmission of the Data to the Controller. The installation of these Cookies requires the Consent of the Subject.
Some Cookies are essential to the proper functioning of the Site and do not require the Consent of the Subject before installation, we refer to them as functional Cookies.
In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months from their installation if the Subject does not renew his/her Consent before the expiration of this period.
The Subject may refuse to give his Consent to the installation of non-functional Cookies, withdraw his Consent and/or set the Cookies at any time by using the Controller's Cookies manager below or by configuring his browser himself as follows:
For Mozilla Firefox:
- Choose the "tool" menu then "Options".
- Click on the "privacy" icon
- Locate the "cookie" menu and select the options that suit you
For Microsoft Internet Explorer 6.0:
- Select the "Tools" menu, then "Internet Options".
- Click on the "Confidentiality" tab
- Select the desired level with the cursor.
For Microsoft Internet Explorer 5:
- Choose the "Tools" menu, then "Internet Options".
- Click on the "Privacy" tab
- Customize the level" with the cursor
For Netscape 6.X and 7. X:
- Choose the "Edit"> "Preferences" menu
- Confidentiality and Security
- Cookies
For Opera 6.0 and beyond:
- Choose the "File" menu > "Preferences"
- Privacy Policy