Since the legislative framework has recently changed with the new European regulation on the protection of personal data (GDPR), EASYRECRUE has wished to use this opportunity to put in place the resources required to ensure that it remains a reputable player as regards the new rights and obligations of individuals and businesses.
To do so, we have appointed a Data Protection Officer (DPO) and initiated an important project to check our compliance, overseen by our DPO with the support of a firm specialising in data protection. This process will, in the near future, enable us to make changes to our Data Protection Policy.
EASYRECRUE’s commitment to personal data protection goes beyond simply complying with a legal requirement. It stems in particular from our desire to work with our customers and their future talented staff in a relationship of respect and trust. In accordance with this philosophy, in our view protecting your personal data is essential.
When you use EASYRECRUE products, services and websites, you entrust us with your personal data. This data protection and non-disclosure policy has been designed to inform you of the reasons why and the way in which we collect and process your data.
Personal data: any information relating to an identified or identifiable natural person. This person is called the “person concerned”.
Person concerned: is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Processing of personal data: any operation or set of operations performed or not by automated means and applied to the data or sets of personal data such as the collection, recording, organisation, structuring, preservation, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, limitation, erasure or destruction.
Controller: natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes (the “why?”) and means (the “how?”) of the processing of personal data.
Processor: natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
We attach the greatest importance to the confidentiality of your data. This data protection and non-disclosure policy applies to all data collected and processed by EASYRECRUE through our interactions with you via all our products, services and websites. Our commitments and our transparency are uniform and, therefore, valid for all our European establishments whatever method is used for collecting and processing data.
Our policy sets out EASYRECRUE’s broad principles and main guidelines as regards the protection of privacy but is not restricted to the latter. EASYRECRUE undertakes to comply with all the applicable regulatory obligations, in particular the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and:
All the data processed by EASYRECRUE meet the regulatory requirements, in particular in relation to the purposes, retention times, recipients and security of the data.
EASYRECRUE informs you specifically about processing of your data prior to it being performed, for example through the use of legal clauses inserted in our tools and contracts. However, some general information about our data processing will be found below.
EASYRECRUE mainly processes these data categories about you:
Your data are mainly processed to select applicants for the job offers for which you have replied. They are for the employers who have posted the said job offers.
The recipients of all or part of your data are mainly:
Your data are kept for the duration of the recruitment campaigns in which you take part, i. e. normally 3 months. This period may be increased/decreased by the controller (recruiter) so that they can continue to send you relevant job offers. You will be informed of the actual retention period by the controller in the legal notices relating to the protection of your personal data.
As an applicant, you may at any time request the correction – correction right - or deletion – erasure right - of your personal data by contacting EASYRECRUE’s support services by phone, email or online chat. To learn more about your rights, click here: I - How to exercise your rights regarding your data?
EASYRECRUE mainly processes these data categories about you:
Your data are processed primarily for the use of our tools and compliance with the contractual commitments of our collaboration:
The recipients of all or part of your data are mainly the EASYRECRUE teams - and any of their subcontractors, supervised, if applicable - responsible for your account.
Your data are retained for the duration of our contractual relationship, plus 3 years for the purposes of promotion and commercial prospecting and/or 5 years as evidence (statutory limitation period).
In accordance with the regulations in force, any commercial prospecting carried out by EASYRECRUE, whatever channel used (postal mail, e-mail, SMS/MMS, auto dialler, etc.), is only carried out with your prior consent.
When you have placed your trust in us and given us your agreement to send you relevant information about our products and services, in line with your needs, you retain the ability to reverse your decision at any time.
Apart from the data transfer scenarios referred to below and the transfers of Applicants’ data to Recruiters, <strong>EASYRECRUE does not transfer or share any of your personal data</strong>.
“Cookies” are small text files written by a website or application onto your device (computer, tablet or phone). They are mainly used to:
Although the data are mainly hosted in Europe at the <a href="https://www. ovh. com/fr/apropos/securite. xml" target="_blank" rel="noopener">OVH Datacenter</a> (in Gravelines, France) EASYRECRUE, a leader in its field in the European market, may transfer some of your data outside the country in which it was initially collected, or even in some restricted cases (primarily technical) to countries which are not members of the European Economic Area whose legislation as regards the protection of personal data differ from those of the European Union, in order to optimise the quality of its products and services.
EASYRECRUE undertakes to ensure, before transferring your data, that the entities outside the European Union and the conditions of the transfer offer an adequate level of protection in accordance with the European regulations in force (self-regulatory mechanisms such as the Privacy Shield, standard contractual clauses, data protection watchdog (CNIL) permissions, etc.).
It is paramount for EASYRECRUE to protect your data and your privacy. Unprotected data however are no longer private and that is why at EASYRECRUE, security is given a central place in all our products and services.
EASYRECRUE strives to protect and secure your data in order to ensure they are kept confidential and to prevent them from being distorted, damaged, destroyed or disclosed to unauthorised third parties. The measures taken are at different levels:
TECHNOLOGIES Our software programs use technologies that among the most recognised and popular on the Web. We take particular care to comply with the associated good practices and to deal quickly with any vulnerabilities found. We rely on the principles set out in the Open Web Application Security Project (OWASP).
AUDITS At least once a year we carry out security audits including intrusion tests (of the “blackbox” and “greybox” types) and we undertake to correct any vulnerabilities detected as quickly as possible.
You have a right of access, correction, objection for legitimate reasons, portability, limitation and erasure with regard to all data about you under the terms set out in the “GDPR” regulation, 2016/679, of 27 April 2016. You also have the right to issue instructions relating to what should be done with your personal data after your death under the terms set out in the “for a digital Republic” Act No. 2016- 1321 of 7 October 2016. Finally, you have the right to refuse, free of charge, that data about you are processed for prospecting purposes, in particular commercial ones, by EASYRECRUE.
You may exercise your rights by contacting EASYRECRUE by online chat, by email to <a href="mailto:DPO@easyrecrue.com">DPO@easyrecrue.com</a> or by postal mail to the Data Protection Officer at EASYRECRUE, 38 rue du Sentier, 75002 PARIS, accompanying your request with any signed identity document.
In a concern for transparency that has guided the design of this data protection and non-disclosure policy, EASYRECRUE informs you that you have a right to make a complaint to a supervisory authority regarding the data processing implemented as indicated above, as well regarding the exercise of your rights related thereto:
This data protection and non-disclosure policy may be changed at any time in line with legal, regulatory, judicial and doctrinal changes (the doctrine of the CNIL personal data watchdog in particular).
We will publish any changes on this page and, in the event of significant changes, on other pages of the <a href="https://www.easyrecrue.com">www.easyrecrue.com</a> website through dedicated inserts or information banners. Those people who need to be specifically informed of a change regarding particular data processing, will be informed of it, for example, by email.