Data Protection Policy

Update: 06 May 2020

Since the legislative framework has recently changed with the new European regulation on the protection of personal data (GDPR), EASYRECRUE has wished to use this opportunity to put in place the resources required to ensure that it remains a reputable player as regards the new rights and obligations of individuals and businesses.

To do so, we have appointed a Data Protection Officer (DPO) and initiated an important project to check our compliance, overseen by our DPO with the support of a firm specialized in data protection. This process has enabled us to strengthen our Data Protection Policy.

EASYRECRUE’s commitment to personal data protection goes beyond simply complying with a legal requirement. It stems in particular from our desire to work with our customers and their future talented staff in a relationship of respect and trust. In accordance with this philosophy, in our view protecting your personal data is essential.

When you use EASYRECRUE products, services and websites, you entrust us with your personal data. This data protection and non-disclosure policy has been designed to inform you of the reasons why and the way in which we collect and process your data.

 

A. DEFINITIONS

Personal data: any information relating to an identified or identifiable natural person. This person is called the “person concerned”.

Person concerned: is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data: any operation or set of operations performed or not by automated means and applied to the data or sets of personal data such as the collection, recording, organization, structuring, preservation, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, limitation, erasure or destruction.

Controller: natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes (the “why?”) and means (the “how?”) of the processing of personal data.

Processor: natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller.

B. SCOPE OF APPLICATION AND APPLICABLE REGULATIONS

We attach the greatest importance to the confidentiality of your data. This data protection and non-disclosure policy applies to all data collected and processed by EASYRECRUE through our interactions with you via all our products, services and websites. Our commitments and our transparency are uniform and, therefore, valid for all our European establishments whatever method is used for collecting and processing data.

Our policy sets out EASYRECRUE’s broad principles and main guidelines as regards the protection of privacy but is not restricted to the latter. EASYRECRUE undertakes to comply with all the applicable regulatory obligations, in particular the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and:

  • France: the Data Protection Act No. 78-17 of 6 January 1978;
  • United Kingdom: the “Data Protection Act” of 16 July 1998;
  • Italy: the “Personal Data Protection Code” of 30 June 2003;
  • Spain: the “Ley Orgánica 15/1999, de 13 de diciembre, de protección de datos de carácter personal”;
  • Other countries: compliance with the applicable regulations and, even for countries outside the European Economic Area (EEA), application of the GDPR to ensure, in a uniform way, the highest possible level of protection of data processed by EASYRECRUE.

 

C. WHAT DATA DO WE COLLECT AND HOW DO WE USE THEM?

All the data processed by EASYRECRUE meet the regulatory requirements, in particular in relation to the purposes, retention times, recipients and security of the data.

EASYRECRUE informs you specifically about processing of your data prior to it being performed, for example through the use of legal clauses inserted in our tools and contracts. However, some general information about our data processing will be found below.

 

i. Are you an applicant or an employee?

EASYRECRUE mainly processes these data categories about you:

  • Identification data (last name, first name, email, birthdate, phone number, ID photo if applicable);
  • Data about your professional situation (Resume, cover letter, skills and competencies, professional project);
  • Data about the tests and interviews (video interviews, oral responses to recruiters’ questions).

Your data are mainly processed in the frameworks of selecting applicants for the job offers for which you have replied, of assessing a language level or a competency, and of managing internal mobility. They are for the employers who have posted the said job offers or who deal with those frameworks.

The processing purposes presented above are based on the lawfulness condition relating to the contractual performance, with users of the solution accepting the General Conditions of Use of the service provided by EASYRECRUE.

The recipients of all or part of your data are mainly:

  • EASYRECRUE staff - and any subcontractors, supervised, if applicable - responsible for your applications (technical manager, customer service manager, sales manager, support manager);
  • The recruiters to whom you send your application;
  • The recruiters in charge of assessing your profile or studying your professional project

Your data are kept for the duration of the recruitment and assessment campaigns in which you take part, i. e. up to 3 months by default for the video and up to 2 years for other data. Those periods may be increased or decreased by the Controller (the recruiter) so that they can continue to send you relevant job offers or evaluate your profile. You will be informed of the actual retention period by the Controller in the legal notices relating to the protection of your personal data.

As an applicant or an employee, you may at any time request the correction – correction right - or deletion – erasure right - of your personal data by contacting EASYRECRUE’s support services by phone, email or online chat. To learn more about your rights, click here: I - How to exercise your rights regarding your data?

 

ii. Are you a client ?

EASYRECRUE mainly processes these data categories about you:

  • Identification data (last name, first name, contact information);
  • Professional data (company, department, position, etc.);

Your data are processed primarily for the use of our tools and compliance with the contractual commitments of our collaboration:

  • Management of user support services;
  • Management of recruitment and assessment processes;
  • Management of internal mobility;
  • Management of your registrations to events organised by EASYRECRUE;
  • Management of your subscription to EASYRECRUE’s publications (newsletter);
  • Preparation of statistics about our Customer Service.

The processing purposes presented above are based on the lawfulness conditions relating to:

  • contractual performance for all customers who have accepted the EASYRECRUE General Terms and Conditions of Sale;
  • legitimate interest and where required by law, consent (e.g. newsletters).

The recipients of all or part of your data are mainly the EASYRECRUE teams - and any of their subcontractors, supervised, if applicable - responsible for your account.

Your data are retained for the duration of our contractual relationship, plus 3 years for the purposes of promotion and commercial prospecting and/or 5 years as evidence (statutory limitation period).

 

iii. Are you a visitor ?

Since we have not yet had the pleasure of being directly in contact with you, we do not process any data about you with the exception of cookies. To learn more about our cookies, go to: F - Do we use cookies and other trackers?

 

D. OUR COMMERCIAL PROSPECTING METHODS

In accordance with the regulations in force, any commercial prospecting carried out by EASYRECRUE, whatever channel used (postal mail, e-mail, SMS/MMS, auto dialer, etc.), is only carried out with your prior consent.

When you have placed your trust in us and given us your agreement to send you relevant information about our products and services, in line with your needs, you retain the ability to reverse your decision at any time.

 

E. DO WE SHARE YOUR PERSONAL DATA?

Apart from the data transfer scenarios referred to below and the transfers of applicants’ and employees’ data to recruiters, EASYRECRUE does not transfer or share any of your personal data.

 

F. DO WE USE COOKIES AND OTHER TRACKERS?

“Cookies” are small text files written by a website or application onto your device (computer, tablet or phone).

They are mainly used to:

  • Allow the technical operation of a website;
  • Collect statistics;
  • Build a personalised experience and environment for a user (for example when an online service remembers your user profile without you having to log in).

 

G. WHERE DO WE HOST YOUR PERSONAL DATA?

Although the data are mainly hosted in Europe at the OVH Datacenter (in Gravelines, France) EASYRECRUE, a leader in its field in the European market, may transfer some of your data outside the country in which it was initially collected, or even in some restricted cases (primarily technical) to countries which are not members of the European Economic Area whose legislation as regards the protection of personal data differ from those of the European Union, in order to optimise the quality of its products and services.

EASYRECRUE undertakes to ensure, before transferring your data, that the entities outside the European Union and the conditions of the transfer offer an adequate level of protection in accordance with the European regulations in force (self-regulatory mechanisms such as the Privacy Shield, standard contractual clauses, data protection watchdog (CNIL) permissions, etc.).

 

H. HOW DO WE PROTECT YOUR PERSONAL DATA?

It is paramount for EASYRECRUE to protect your data and your privacy. Unprotected data however are no longer private and that is why at EASYRECRUE, security is given a central place in all our products and services.

EASYRECRUE strives to protect and secure your data in order to ensure they are kept confidential and to prevent them from being distorted, damaged, destroyed or disclosed to unauthorised third parties. The measures taken are at different levels:

Organisational: accreditations, data processing procedures that ensure only those people who need your data to perform their missions access them (these people being subject to a nondisclosure obligation);

Physical/material: protection of our premises, encryption of our working tools, choice of a hosting provider whose security is acknowledged worldwide (OVH, with dedicated EASYRECRUE servers);

Logical: use of security tools (virus protection, firewall, anti-intrusion systems, etc.), secure computer workstations and network devices, encryption of personal data “at rest” and in transit.

TECHNOLOGIES Our software programs use technologies that among the most recognised and popular on the Web. We take particular care to comply with the associated good practices and to deal quickly with any vulnerabilities found. We rely on the principles set out in the Open Web Application Security Project (OWASP).

AUDITS At least once a year we carry out security audits including intrusion tests (of the “blackbox” and “greybox” types) and we undertake to correct any vulnerabilities detected as quickly as possible.

 

I. HOW TO EXERCISE YOUR RIGHTS REGARDING YOUR DATA?

You have a right of access, correction, objection for legitimate reasons, portability, limitation and erasure with regard to all data about you under the terms set out in the “GDPR” regulation, 2016/679, of 27 April 2016. You also have the right to issue instructions relating to what should be done with your personal data after your death under the terms set out in the “for a digital Republic” Act No. 2016- 1321 of 7 October 2016. Finally, you have the right to refuse, free of charge, that data about you are processed for prospecting purposes, in particular commercial ones, by EASYRECRUE.

You may exercise your rights by contacting EASYRECRUE by online chat, by email to DPO@easyrecrue.com or by postal mail to the Data Protection Officer at EASYRECRUE, 38 rue du Sentier, 75002 PARIS, France, accompanying your request with any signed identity document.

In a concern for transparency that has guided the design of this data protection and non-disclosure policy, EASYRECRUE informs you that you have a right to make a complaint to a supervisory authority regarding the data processing implemented as indicated above, as well regarding the exercise of your rights related thereto:

  • France: https://www.cnil.fr/fr/plaintes ;
  • United Kingdom: https://ico.org.uk/concerns/ ;
  • Italy: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524 ;
  • Spain: https://www.aepd.es/reglamento/derechos/index.html.

J. CHANGES TO THE DATA PROTECTION POLICY

This data protection and non-disclosure policy may be changed at any time in line to reflect legal, regulatory, judicial and doctrinal changes (the doctrine of the French CNIL, the competent authority regarding personal data, in particular).

We will publish any changes on this page and, in the event of significant changes, on other pages of the www.easyrecrue.com website through dedicated inserts or information banners. Those people who need to be specifically informed of a change regarding particular data processing, will be informed of it, for example, by email.