How useful is this Policy?
Like the protection of our employees, the confidentiality of the personal data of applicants for positions within Cherry Biotech is a priority for us.
This Policy applies only to processing that we do ourselves and not to processing that may be done by external recruiters to assist us in selecting candidates.
If you would like more information about the processing of external recruiters, we invite you to contact them directly.
Who is this Policy for?
Why do we process your data and on what basis?
As a recruiter, we necessarily need to process your data in order to manage recruitment (e.g. interviews, processing of applications, salary negotiations, etc.), any travel that may take place in the context of such recruitment and security of our premises.
Processing is carried out on the basis of discussions we have with you during the recruitment process and our legitimate interest to recruit and select candidates.
We undertake to process your data only for the purposes and on the grounds set out above.
What data do we process and for how long?
We have summarized below the categories of personal data that we collect directly from you or through external recruiters, and their respective retention periods.
- Personal, professional and contact information (e.g. last name, first name, date of birth, nationality, email address, telephone number, etc.) retained for the duration of the recruitment process.
- Personal and professional data (e.g. degrees, certificates, age, marital status, driver’s license, etc.) for the duration of the recruitment process.
- Economic and financial data (e.g. salaries, bonuses, etc.) throughout the recruitment process.
More generally, we will keep your CV for a maximum of 2 years after your application, unless you give us an instruction to the contrary at email@example.com.
Upon expiration of the retention periods summarized above, we delete all of your personal data to ensure your privacy for future years.
The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.
In addition, in the event of litigation, we are also obliged to retain all of your data for the duration of the processing of the case, even after the expiration of the retention periods described above.
What rights do you have to control the use of your data?
The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control how we use your data.
- The right to request access and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
- Right to rectify personal data that are incorrect, outdated or incomplete.
- Right to request deletion (“right to be forgotten”) of your personal data that is not essential for the proper functioning of our services.
- Right to limitation of your personal data which allows you to photograph the use of your data in case of dispute about the legitimacy of a processing.
- Right to give instructions on what to do with your data in the event of your death either through you, a trusted third party or an estate.
In order for a request to be processed, it must be made directly by you to the address firstname.lastname@example.org. Any request that is not made in this way cannot be processed.
Requests cannot be made by anyone other than you, and we may ask you for proof of identity if there is any doubt about the identity of the requester.
We will respond to your request as quickly as possible, subject to a maximum period of three months from receipt if the request is technically complex or if we receive many requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.
Who can access your data?
We will only share your information with those who are properly authorized to use it to provide our services to you. These are primarily our human resources staff, the team recruiting a candidate, and our security staff.
How do we protect your data?
We implement all technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g. secure passwords, data encryption, secure servers, training, access control, antivirus, etc.).
Can your data be transferred outside the European Union?
Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted in European soil. In addition, we make every effort to hire only service providers who host your data within the European Union.
Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.
Who can you contact for more information?
Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at email@example.com.
How can you contact the CNIL?
You may at any time contact the French data protection supervisory authority (the “Commission nationale de l’informatique et des libertés” or “CNIL”) at the following address CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by phone at +33(0)126.96.36.199.22.
Can the Policy be changed?
Certified compliant by Dipeeo ®