1. INTRODUCTION

In the context of the user's use of this website and other associated services, the user, after his/her consent has been acquired for this purpose, and in compliance with the stipulations below, has some of his/her personal data collected by the company EMOSIS.

According to European regulations, personal data refers to any information that may relate to an identified or identifiable natural person. Implementation of automated processing of personal data is regulated by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the treatment of personal data and on the free movement of such data, known as GDPR.
Emosis is committed to take any necessary measures to respect the confidentiality of users' personal data. Personal data are kept in a secure manner and are only accessible to employees or service providers, who are bound to confidentiality.

The purpose of this Policy is to provide you with the necessary information to understand the various processes that we carry out in order to achieve our missions and to provide you with the most suitable services possible.

2. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person.

Person involved: designates any natural person whose personal data are subject to processing whose purpose and means have been defined by the data controller.

Data controller: natural or legal person which determines the purposes and means of processing.

Subcontractor: designates natural or legal person who processes personal data on behalf of the data controller.

Data processing: any operation or set of operations carried out or not by means of automated processes and applied to data or sets of personal data and which take place in the context of the performance of a contract between the parties.

Transfer of Data: any communication, copy or movement of personal data to be processed in a country outside the European Union.

Violation of personal data: breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. KEY AREAS

Emosis, as the Data Controller, informs users of its website in a transparent manner about the personal data processing that may be carried out.

Emosis ensures to collect and process only data that is strictly necessary for the purpose for which it is processed, following the principle of data minimization. Personal data may be collected when browsing the website through Google Analytics. The processing of this data is not under the control of Emosis.

You can consult the privacy policy of Google with the following link:
https://support.google.com/analytics/answer/6004245?hl=fr / https://policies.google.com/privacy?hl=fr#infocollect
You may at any time object to and prevent the collection of your data by Google by following the instructions below: https://tools.google.com/dlpage/gaoptout

Personal data will also be collected:
• When sending an application in response to a job offer or as a spontaneous application on our website. This includes identification and contact data as well as any other data provided at the applicant's initiative as part of the application process.
• When sending the contact form. These are identification and contact data the user freely provides.

4. IMPLEMENTATION OF DATA PROTECTION

Emosis is committed to considering the protection of your personal data and your privacy from the design of the services offered to you. This minimizes the risks of non-compliance with the principles of the GDPR and the amended Data Protection Act.
Thus, appropriate and proportionate measures to the processing of personal data are taken about the purpose sought by Emosis in the envisaged processing.

The application of this principle allows the implementation of preventive measures with the aim of limiting the risks to personal data and guarantees an optimal security of the treatments organized within Emosis.

5. PURPOSES OF DATA COLLECTION

Emosis undertakes to collect only the data strictly necessary to carry out the processing and not to divert such data from the purpose for which it was originally collected.

Personal data may be processed for the following purposes:
• Recruitment management (following an application to a job offer or internship/externship, spontaneous application, etc.).
• The management of the website and marketing activities, such as improving the ergonomics of the site and inserting sharing buttons on social networks without this list being exhaustive.
• The management of your requests, within the framework of information, company, products, positions or any other questions.

6. LEGAL BASIS

The processing of personal data is based on the consent of the user who wishes to use additional services via the website, such as applying or requesting information. The user is informed that the provision of such data is not of a regulatory or contractual nature.

Therefore, personal data may be transmitted, depending on the processing concerned, to the following recipients:

• Human resources and management functions for managing applications and candidate information,
• Communication and marketing department for the management of the website,
• To agents, service providers, subcontractors (e.g., to carry out IT maintenance or to provide support in connection with human resources).

Your personal data will only be disclosed to those persons who are authorized to process it or who have a need to know it and within the European Union. Emosis does not transfer personal data outside the European Union.

7. DATA STORAGE

The duration of your personal data being kept depends on the processing carried out.
Emosis will not keep your personal data longer than necessary, nor will it increase the period of retention imposed by the applicable rules on legal prescription.

Types of data and storage time:
• Recruitment data is kept for 12 months since the last contact.
• Contact data relating to an interest in the products sold are kept for 3 years since the last contact.
• Browsing data on the website is kept for 13 months after the last connection to the website.
• Depending on the particularity of the contact request, a different retention may be applied. To find out about this, you can contact the DPO of Emosis at the following address: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.

8. DATA PROTECTION

Emosis is committed to taking all measures to ensure the security and confidentiality of your personal data and in particular to prevent it from being damaged, deleted or accessed by unauthorized parties. Only authorized persons may access the data.

We are constantly improving our security procedures as technologies evolve to maintain a maximum level of protection. All persons having access to personal data are contractually bound to confidentiality.

Organizational measures include limiting access to personal data only to authorized persons with a legitimate interest in the data.

In addition, in the event of a security incident affecting your data (destruction, loss, alteration or disclosure), Emosis ensures that it complies with the obligation to notify personal data breaches, notably to the CNIL.

9. USER RIGHTS

At any time, you have the right to exercise the rights provided for in the current regulations applicable to personal data with Emosis:

• Access rights: you can ask Emosis if they have any of your data and request that they share it with you to verify its content.

• Right of correction: This right completes the access right. You may request the correction of inaccurate or incomplete information about you. This right prevents Emosis from using or spreading incorrect information about you. It is even advisable to use it from time to time.

• Right to object: you have the possibility to oppose, for legitimate reasons, to be included in a file, and you can refuse without having to justify yourself, that the data which concerns you, are used for commercial prospecting.

• Right to delete: you may request the deletion of your personal data, subject to the legal storage period, in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest of Emosis. On the other hand, you cannot request the erasure of data from a processing carried out in the framework of a legal obligation.

• Right to restrict: you can request the temporary suspension of the processing of your data. For example, if you dispute the accuracy of data used by Emosis or object to your data being processed. The law allows Emosis to conduct a verification or review of your request for 2 months, depending on the complexity of the request, at which time you will be informed. During this period, you have the possibility to ask Emosis to freeze the use of your data. Specifically, Emosis will not have to use the data anymore, but it will remain stored. Conversely, you may directly request the limitation of certain data if Emosis wishes to delete it (e.g., data concerning unsuccessful recruitments). You can then exercise your rights afterwards.

• Right of portability: you can request to have back the data you have provided to Emosis, either for your own use or to pass it on to a third party of your choice. This new right is intended to strengthen the control of your personal data and to allow you to take advantage of its power. Please note that only data collected with your consent or within the framework of a contract are concerned! Conversely, video surveillance images for example, or your tax return are not concerned by the right of portability. This data will be provided in a structured and machine-readable format.

How to exercise your rights regarding your personal data?

When collecting your personal data, you are indicated in the legal notice, the address (postal and electronic) to which you can send your request to exercise your rights. A model is attached to this policy.

Any request that is made must be accompanied by a copy of the applicant's identification.
Emosis undertakes to respond to your requests to exercise your rights as soon as possible and at the latest within one month of receiving the request. If necessary, this period may be extended in case of complexity (compliance with legal and regulatory obligations, etc.).

Emosis has appointed a Data Protection Officer (DPO) in accordance with its obligations regarding the protection, security and confidentiality of personal data. To exercise these rights or for any questions about the processing of your data in this collection system, you can contact him/her.

E-mail : Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
Phone : (+ 33) 3 66 32 63 26

If you believe, after contacting us, that your rights on the protection of your personal data according to Regulation (EU) 2016/679 are not respected, you can send a complaint to the CNIL on:
Adresser une plainte à la CNIL | CNIL.


APPENDIX: FORM TO EXERCE YOUR RIGHTS

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, "GDPR"), you have several rights regarding your personal data, as well as regarding the processing of these data.
In order to exercise all the rights granted to you by the GDPR, we kindly ask you to complete the form below:

• APPLICANT'S IDENTIFICATION

Family Name: ………………………………………………………………………………………………………………………………….
Surname :………………………………………………………………………………………………………………………………
Address : ……………………………………………………………...………………………………………………………………. …………………………………………………………………………………… ZIP Code / City: …………………………….
E-mail: ……………………………………………………………………………………………………………….

• RECEIVER IDENTIFICATION

EMOSIS SAS
In accordance with Articles 39 I and 40 I of Law No. 78-17 of January 6, 1978, relating to data, files and freedoms, for your request for access to your personal data and your request for rectification of your personal data to be considered, you must send the necessary elements to prove your identity, namely a copy of a valid proof of identity.

If you wish to know more about the conditions for exercising your rights, we invite you to read the section « 9. USER RIGHTS » from our privacy policy.

• SUBJECT OF THE REQUEST

☐ Access request to your personal data, i.e., if you wish to know whether EMOSIS is processing your personal data, and if so, you wish to obtain a copy of it (in accordance with Article 15 "Data subject's right of access" of the GDPR)
☐ Rectification request of your personal data, i.e., if you consider that certain personal data concerning you are inaccurate or incomplete (in accordance with Article 16 "Right of rectification" of the GDPR).
If applicable, please specify the data to which the request for rectification relates: ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

☐ Deletion request of your personal data, i.e., if you no longer wish your personal data to be processed by EMOSIS (in accordance with Article 17 "Right to erasure ("right to be forgotten")" of the GDPR)

 

If applicable, please specify the data to which the request for deletion request:
………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
☐ Request for limitation of the processing, i.e., the case where you wish to limit the processing operated by the controller and therefore that the personal data referred to may, except for storage, only be processed with your consent (in accordance with Article 18 "Right to the limitation of processing" of the GDPR).
This request can only take place when:

- You dispute the accuracy of your personal data for a period allowing the controller to verify the accuracy of the data.
- The processing is unlawful, and you object to the erasure of the data and instead request the restriction of their use.
- The controller no longer needs your personal data for the purposes of the processing, but they are still necessary for the establishment, exercise or defense of your legal rights.
- You have objected to the processing pursuant to Article 21(1) of the GDPR during the verification as to whether the legitimate grounds pursued by the controller prevail over yours.

If applicable, please specify the data to which the limitation request applies:
………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

 

☐ Portability request of data, i.e., the case where you wish to receive your personal data provided to the data controller and you wish to transfer them to another data controller (in accordance with Article 20 "Right to data portability" of the GDPR)

If applicable, check the following boxes:
☐ You wish to receive your personal data.
☐ You would like EMOSIS to transfer your personal data to another data controller (please provide us with proof of the data controller): ……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

☐ Opposition request to data processing, i.e., the case where you object to the processing of your personal data referred to in Article 6 §1 e) or f) of the GDPR, i.e., the processing necessary for the performance of a public service task by the controller, or the processing necessary for the purposes of the legitimate interests pursued by the controller or by a subcontractor, or the case where you no longer wish your personal data to be processed for the purposes of commercial canvassing (in accordance with Article 21 "Right of objection" of the GDPR)

If applicable, please specify the data to which the request for opposition to processing relates: ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

…………………………………, on …………………….

Signature

 

Download the French version of our GDPR policy