Data Protection Policy

Since the legislative framework has recently changed with the new European regulation on the protection of personal data (GDPR), EASYRECRUE has wished to use this opportunity to put in place the resources required to ensure that it remains a reputable player as regards the new rights and obligations of individuals and businesses.

To do so, we have appointed a Data Protection Officer (DPO) and initiated an important project to check our compliance, overseen by our DPO with the support of a firm specialising in data protection. This process will, in the near future, enable us to make changes to our Data Protection Policy.

EASYRECRUE’s commitment to personal data protection goes beyond simply complying with a legal requirement. It stems in particular from our desire to work with our customers and their future talented staff in a relationship of respect and trust. In accordance with this philosophy, in our view protecting your personal data is essential.

When you use EASYRECRUE products, services and websites, you entrust us with your personal data. This data protection and non-disclosure policy has been designed to inform you of the reasons why and the way in which we collect and process your data.

A. Definitions

Personal data: any information relating to an identified or identifiable natural person. This person is called the “person concerned”.

Person concerned: is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Processing of personal data: any operation or set of operations performed or not by automated means and applied to the data or sets of personal data such as the collection, recording, organisation, structuring, preservation, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, limitation, erasure or destruction.

Controller: natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes (the “why?”) and means (the “how?”) of the processing of personal data.

Processor: natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

B. Scope of application and applicable regulations

We attach the greatest importance to the confidentiality of your data. This data protection and non-disclosure policy applies to all data collected and processed by EASYRECRUE through our interactions with you via all our products, services and websites. Our commitments and our transparency are uniform and, therefore, valid for all our European establishments whatever method is used for collecting and processing data.

Our policy sets out EASYRECRUE’s broad principles and main guidelines as regards the protection of privacy but is not restricted to the latter. EASYRECRUE undertakes to comply with all the applicable regulatory obligations, in particular the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and:

  • France: the Data Protection Act No. 78-17 of 6 January 1978;
  • United Kingdom: the “Data Protection Act” of 16 July 1998;
  • Italy: the “Personal Data Protection Code” of 30 June 2003;
  • Spain: the “Ley Orgánica 15/1999, de 13 de diciembre, de protección de datos de carácter personal”;
  • BENELUX:
    • Belgium: the Data Protection Act of 8 December 1992 relating to the protection of privacy with regard to the processing of personal data;
    • The Netherlands: “Personal Data Protection Act” of 6 July 2000 (Act of 6 July 2000 containing rules for the protection of personal data);
    • Luxembourg: the Act of 2 August 2002 relating to the protection of individuals with regard to the processing of personal data.
  • Other countries: compliance with the applicable regulations and, even for countries outsidethe European Economic Area (EEA), application of the GDPR to ensure, in a uniform way, the highest possible level of protection of data processed by EASYRECRUE.

C. What data do we collect and how do we use them?

All the data processed by EASYRECRUE meet the regulatory requirements, in particular in relation to the purposes, retention times, recipients and security of the data.

EASYRECRUE informs you specifically about processing of your data prior to it being performed, for example through the use of legal clauses inserted in our tools and contracts. However, some general information about our data processing will be found below.

i. Are you an Applicant?

EASYRECRUE mainly processes these data categories about you:

  • Identification data (last name, first name, email, phone number);
  • Data about your professional situation (C.V., cover letter etc.);
  • Data about the tests and interviews (video interviews, verbatim responses to recruiters’ questions).

Your data are mainly processed to select applicants for the job offers for which you have replied. They are for the employers who have posted the said job offers.

The recipients of all or part of your data are mainly:

  • EASYRECRUE staff - and any subcontractors, supervised, if applicable - responsible for yourapplications (technical manager, customer service manager, sales officer responsible for thecustomer account, applicant support manager);
  • The recruiters to whom you send your application.

Your data are kept for the duration of the recruitment campaigns in which you take part, i. e. normally 3 months. This period may be increased/decreased by the controller (recruiter) so that they can continue to send you relevant job offers. You will be informed of the actual retention period by the controller in the legal notices relating to the protection of your personal data.

As an applicant, you may at any time request the correction – correction right - or deletion – erasure right - of your personal data by contacting EASYRECRUE’s support services by phone, email or online chat. To learn more about your rights, click here: I - How to exercise your rights regarding your data?

ii. Are you a Customer?

EASYRECRUE mainly processes these data categories about you:

  • Identification data (last name, first name, contact information);
  • Professional data (company, department, position, etc.).

Your data are processed primarily for the use of our tools and compliance with the contractual commitments of our collaboration:

  • Management of customer support services;
  • Management of recruitments;
  • Management of your registrations to events organised by EASYRECRUE;
  • Management of your subscription to EASYRECRUE’s publications (newsletter);
  • Preparation of statistics about our Customer Service;
  • Etc.

The recipients of all or part of your data are mainly the EASYRECRUE teams - and any of their subcontractors, supervised, if applicable - responsible for your account.

Your data are retained for the duration of our contractual relationship, plus 3 years for the purposes of promotion and commercial prospecting and/or 5 years as evidence (statutory limitation period).

iii. Are you a Visitor?

Since we have not yet had the pleasure of being directly in contact with you, we do not process any data about you with the exception of cookies. To learn more about our cookies, go to: F - Do we use cookies and other trackers?

D. Our commercial prospecting methods

In accordance with the regulations in force, any commercial prospecting carried out by EASYRECRUE, whatever channel used (postal mail, e-mail, SMS/MMS, auto dialler, etc.), is only carried out with your prior consent.

When you have placed your trust in us and given us your agreement to send you relevant information about our products and services, in line with your needs, you retain the ability to reverse your decision at any time.

E. Do we share your personal data?

Apart from the data transfer scenarios referred to below and the transfers of Applicants’ data to Recruiters, <strong>EASYRECRUE does not transfer or share any of your personal data</strong>.

F. Do we use cookies and other trackers?

“Cookies” are small text files written by a website or application onto your device (computer, tablet or phone). They are mainly used to:

  • Allow the technical operation of a website;
  • Collect statistics;
  • Build a personalised experience and environment for a user (for example when an online service remembers your user profile without you having to log in).

G. Where do we host your personal data?

Although the data are mainly hosted in Europe at the <a href="https://www. ovh. com/fr/apropos/securite. xml" target="_blank" rel="noopener">OVH Datacenter</a> (in Gravelines, France) EASYRECRUE, a leader in its field in the European market, may transfer some of your data outside the country in which it was initially collected, or even in some restricted cases (primarily technical) to countries which are not members of the European Economic Area whose legislation as regards the protection of personal data differ from those of the European Union, in order to optimise the quality of its products and services.

EASYRECRUE undertakes to ensure, before transferring your data, that the entities outside the European Union and the conditions of the transfer offer an adequate level of protection in accordance with the European regulations in force (self-regulatory mechanisms such as the Privacy Shield, standard contractual clauses, data protection watchdog (CNIL) permissions, etc.).

H. How do we protect your personal data?

It is paramount for EASYRECRUE to protect your data and your privacy. Unprotected data however are no longer private and that is why at EASYRECRUE, security is given a central place in all our products and services.

EASYRECRUE strives to protect and secure your data in order to ensure they are kept confidential and to prevent them from being distorted, damaged, destroyed or disclosed to unauthorised third parties. The measures taken are at different levels:

  • Organisational: accreditations, data processing procedures that ensure only those people who need your data to perform their missions access them (these people being subject to a nondisclosure obligation);
  • Physical/material: protection of our premises, encryption of our working tools, choice of a hosting provider whose security is acknowledged worldwide (OVH, with dedicated EASYRECRUE servers);
  • Logical: use of security tools (virus protection, firewall, anti-intrusion systems, etc.), secure computer workstations and network devices, encryption of personal data “at rest” and in transit.

TECHNOLOGIES Our software programs use technologies that among the most recognised and popular on the Web. We take particular care to comply with the associated good practices and to deal quickly with any vulnerabilities found. We rely on the principles set out in the Open Web Application Security Project (OWASP).

AUDITS At least once a year we carry out security audits including intrusion tests (of the “blackbox” and “greybox” types) and we undertake to correct any vulnerabilities detected as quickly as possible.

I. How to exercise your rights regarding your data?

You have a right of access, correction, objection for legitimate reasons, portability, limitation and erasure with regard to all data about you under the terms set out in the “GDPR” regulation, 2016/679, of 27 April 2016. You also have the right to issue instructions relating to what should be done with your personal data after your death under the terms set out in the “for a digital Republic” Act No. 2016- 1321 of 7 October 2016. Finally, you have the right to refuse, free of charge, that data about you are processed for prospecting purposes, in particular commercial ones, by EASYRECRUE.

You may exercise your rights by contacting EASYRECRUE by online chat, by email to <a href="mailto:DPO@easyrecrue.com">DPO@easyrecrue.com</a> or by postal mail to the Data Protection Officer at EASYRECRUE, 3bis rue de la Chaussée d'Antin, 75009 PARIS, accompanying your request with any signed identity document.

In a concern for transparency that has guided the design of this data protection and non-disclosure policy, EASYRECRUE informs you that you have a right to make a complaint to a supervisory authority regarding the data processing implemented as indicated above, as well regarding the exercise of your rights related thereto:

J. Changes to the Data Protection Policy

This data protection and non-disclosure policy may be changed at any time in line with legal, regulatory, judicial and doctrinal changes (the doctrine of the CNIL personal data watchdog in particular).

We will publish any changes on this page and, in the event of significant changes, on other pages of the <a href="https://www.easyrecrue.com">www.easyrecrue.com</a> website through dedicated inserts or information banners. Those people who need to be specifically informed of a change regarding particular data processing, will be informed of it, for example, by email.