Privacy Policy for Candidates
What is the purpose of our Privacy Policy ?
The confidentiality of the personal data of candidates for a position within Deepki and its subsidiaries represents, for us, a guarantee of seriousness and trust. As such, our Personal Data Privacy Policy precisely demonstrates our desire to enforce, within Deepki and its subsidiaries, the applicable rules on the protection of personal data and, more particularly, those of the General Data Protection Regulation ("GDPR"). In particular, our Privacy Policy aims to inform you about how and why we process your personal data when you apply for a position within Deepki and its subsidiaries.
Who is our Privacy Policy for ?
The Privacy Policy is addressed to you, who are a candidate for a position within Deepki and its subsidiaries, throughout the entire recruitment process (e.g., application for an offer, unsolicited application, recruitment via an external firm, etc.) , regardless of the duration or nature of the proposed contract (e.g., employee position, temporary worker, intern, etc.).
Why do we process your personal data and on what basis ?
As a recruiter, we are necessarily required to process your data to manage recruitment (e.g., interviews, application processing, salary negotiation, etc.), any travel that may occur as part of these recruitments, and the security of our premises. The processing is carried out on the basis of the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates. Please note that we use video protection cameras based on our legitimate interest in guaranteeing the safety of our employees and our premises.
How did we obtain your personal data ?
Your data is collected directly from you through your application and your CV, and we commit to processing your data only for the reasons described above. However, we may also obtain your personal data indirectly from recruitment firms if you have previously consented to them.
What personal data do we process and for how long ?
- Any personal and professional identification data provided in the candidate's CV and cover letter (e.g., last name, first name, date of birth, nationality, etc.) kept for the entire duration of the recruitment process and for a maximum period of 2 years after your application.
- Any contact details provided in the candidate's CV and cover letter (e.g., email address, telephone, Linkedin link, etc.) kept for the entire duration of the recruitment process and for a maximum period of 2 years after your application.
- Any data relating to personal and professional life provided in the candidate's CV and cover letter (e.g., diplomas, passions, certificates, age, marital status, driver's license, etc.) kept for the entire duration of the recruitment process and for a maximum period of 2 years after your application.
- Any economic and financial data (e.g., salaries, bonuses, etc.) provided during job interviews kept for the entire duration of the recruitment process and for a maximum period of 2 years after your application.
- Any data extracted from criminal record bulletin n°3 , communicated by the candidate based on a legitimate interest duly justified by the nature and context of the position to be filled , and which is not subject to any retention.
- Any specific data (e.g., residence permit, etc.) provided by the candidate as part of the recruitment is kept until the end of the employment relationship in case of hiring and deleted after the recruitment process in case of refusal.
- Any relevant and required particular data (e.g., disability status) provided in the candidate's CV and cover letter kept for the entire duration of the recruitment process and deleted after the end of the recruitment process.
- Any identification document (e.g., passport or identity card) provided as part of the recruitment process is deleted after the candidate is hired or not hired.
- Video protection images collected using our video protection cameras and kept for a maximum period of one month.
- If you applied through our website, connection data (e.g., IP address and logs) kept for a maximum period of 12 months.
Upon expiration of the applicable retention periods, the deletion of your personal data is irreversible, and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.
However, in the event of hiring, your data collected during the recruitment process are automatically transferred to your personal file and become subject to the Employee Data Privacy Policy.
Please also note that in the event of litigation, we are obliged to keep all personal data concerning you for the entire duration of the case processing, even after the expiration of their retention periods described above.
How is artificial intelligence used in processing your application ?
As part of application processing, some stages of the recruitment process may involve artificial intelligence, particularly for sorting or evaluating applications. These tools do not replace human decision, but assist recruiters in the pre-selection of candidates. The processing of this data is based on the company's legitimate interest in optimizing its recruitment process. In the context of this type of recruitment, the personal data processed by artificial intelligence is contained in the CV transmitted by the candidate. The data is kept for a maximum period of 2 years from the end of the recruitment process, unless the candidate consents otherwise.
The candidate may, at any time, object to the processing of their personal data. They also have the right to request the intervention of a human person, to express their point of view, to challenge a decision based on automated processing, as well as to exercise all the rights recognized to them by the GDPR.
What rights do you have to control the use of your personal data ?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data:
- Right of access and copy of your personal data, provided that this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
- Right to rectification of personal data that would be erroneous, outdated, or incomplete.
- Right to object to the processing of your personal data implemented for commercial prospecting purposes.
- Right to request the erasure ("right to be forgotten") of your personal data that would not be essential for the proper functioning of our services.
- Right to restriction of your personal data, which allows the use of your data to be "photographed" in the event of a dispute over the legitimacy of processing.
- Right to data portability, which allows you to retrieve a part of your personal data in order to store or easily transmit them from one information system to another.
- Right to give directives on the fate of your data in the event of death, either through you, or through a trusted third party or a beneficiary
To exercise your rights under the GDPR, we invite you to use the dedicated email address: privacy@deepki.com. This allows us to process your request quickly and efficiently. Requests cannot originate from anyone other than you. We may therefore ask you to provide proof of identity in case of doubt about the applicant's identity. The elements communicated only allow us to verify your identity and are not retained.
We will respond to your request as soon as possible, with a maximum limit of three months from its receipt in the event that the request is technically complex or if we receive numerous requests at the same time. Please note that we may always refuse to respond to any excessive or unfounded request, particularly in light of its repetitive nature.
Who can access your personal data ?
Your personal data is processed by our teams as well as by our technical service providers exclusively within the framework of the functioning of our service. In particular, data related to an application is processed by our HR team and may be transmitted to the relevant manager.
Can your personal data be transferred outside the European Union ?
Personal data processed as part of recruitment are exclusively hosted within the European Union.
How do we protect your personal data ?
We implement all the required technical and organizational means to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or unauthorized disclosure of your data (e.g., secure access, antivirus, etc.).
Who can you contact for more information ?
Our Data Protection Officer ("DPO") is always available to explain in more detail how we process your data and to answer your questions on the subject at the following address: privacy@deepki.com.
How can you contact the CNIL ?
You can contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at any time at the following coordinates: Service des plaintes de la CNIL, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by phone at 01.53.73.22.22.
Can the Privacy Policy be modified ?
We are likely to modify our Privacy Policy at any time to adapt it to new legal requirements as well as to new processing operations that we might implement in the future.
