Skip to content

Privacy policy for candidates

1. SCOPE OF THIS PERSONAL DATA PROTECTION POLICY

In accordance with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and local regulations relating to the protection of personal data (together, the “Applicable Regulations”), the purpose of this policy is to inform candidates applying for I-TRACING’s job offers (“You” or “Your”) about how the I-TRACING Group collects and processes Your Personal Data and the means available to You to control such use.

This policy applies to all companies forming part of the I-TRACING Group. It explains how the entities of the I-TRACING Group collect, use, store and protect your personal data, as well as your rights, in accordance with the Applicable Regulations. Each company within the Group is responsible for its own processing activities, subject to the specific terms set out in the following sections.

The term ‘personal data’ refers to any information relating to an identified or identifiable natural person. A person is ‘identifiable’ if they can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to them (the ‘Personal Data’).

The I-TRACING Group affiliate that employs you (“I-TRACING” or “We”) is the “Data Controller” of the Personal Data you provide in the course of your employment relationship. Thus, the Data Controller of your Personal Data is, depending on the offer You are applying to:

FranceI-TRACING SAS (RCS Nanterre 484 841 127)
25 quai du Président Paul Doumer, 92400 Courbevoie
United KingdomI-TRACING Ltd (08436611)
Brenchley House, Brenchley Mews, Charing, Kent – TN27 0JW
SwitzerlandI-TRACING Switzerland Sarl (Geneva Commercial Register No. CHE-408.564.863
quai du Seujet 28, 1201 Geneva
CanadaI-TRACING Cybersécurité INC
5455 avenue de Gaspé, Montréal, Québec
Hong KongI-TRACING LIMITED (67375468)
2101-2102, 21/F, Plaza 228, 228 Wan Chai Road, Wan Chai, Hong Kong
MalaysiaI TRACING SDN. BHD. (202401003766 (1549616-X))
12 (first Floor), Jalan Lembah Permai 1, Taman Lembah Permai, Bukit Mertajam, Pulau Pinang, Malaysia

2. WHAT PERSONAL DATA DOES I-TRACING PROCESS?

We collect and process the following Personal Data about You:

  • Identification data: Your surname, first names, email, postal addresses, telephone number, LinkedIn profile;
  • Data relating to professional life: CV, cover letter, reference letter, qualifications, previous work experience, professional skills and competences
  • Data collected during Your interviews (recording/transcription of interviews, interview reports, salary expectations, contact details of former employers, results of skills assessment tests, follow-up on the application);
  • And any other information You may provide to Us in connection with your application.

I-TRACING does not collect, nor does it wish candidates to provide, any sensitive data, including, in particular, information relating to their ethnic origin, state of health, personal life, sexual orientation, political opinions, trade union activities, religious beliefs, or membership or non-membership of an ethnic group, nation or race.

Mandatory fields are indicated when you provide us with your details. These are marked with an asterisk and are necessary to process your application.

We use an artificial intelligence-based tool to automatically generate transcripts of interviews. However, no fully automated decisions are made on the basis of these transcripts. This process always requires human intervention and is intended solely to ensure accurate note-taking during face-to-face or remote interviews. You will be reminded of this in your invitation to the interview and before the interview begins. You are entirely free to refuse the use of this tool. Should you refuse, this will have no impact on your application. In this case, the interview will take place without recording or transcription.

3. FOR WHAT PURPOSES, ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA, AND HOW LONG DO WE RETAIN IT?

PurposeLegal basisRetention periods
Processing applications:
• identifying candidates and managing the recruitment process,
• receiving, processing and assessing applications,
• assessing candidates’ skills and aptitudes,
• verifying candidates’ eligibility for certain managerial roles,
• recruiting shortlisted candidates.		Implementation of pre-contractual measures For successful candidates: Your data will be retained for the duration of the application process until the job offer.

Then your data may be reused and retained for personnel management purposes in accordance with the provisions set out in the employee data protection policy, which is available on our company’s intranet.

For unsuccessful candidates: Your data is retained for 3 months after the recruitment process has been completed. It will then be retained for extra 5 years in intermediate archive following this rejection decision for evidence purposes.
Recording and transcription of interviewsYour consentFor successful candidates: Your data will be retained for the duration of the application process until the job offer.

Then your data may be reused and retained for personnel management purposes in accordance with the provisions set out in the employee data protection policy, which is available on our company’s intranet.

For unsuccessful candidates: Your data is retained for 3 months after the recruitment process has been completed. It will then be retained for extra 5 years in intermediate archive following this rejection decision for evidence purposes.
Creation of a CV databaseOur legitimate interest in creating a CV databaseYour data is retained 2 years from the date of our last contact with you.
Managing requests to exercise rightsThis processing is necessary to meet our legal obligations Data relating to your request to exercise your rights is retained for the duration of the processing of your request. It is then retained in intermediate archive for extra 5 years for evidence purposes.

If we ask you for proof of identity: we only retain it for the time necessary to verify your identity. Once verification has been completed, the proof of identity is deleted.

4. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?

Only authorized persons, by virtue of their duties or roles, will be able to access your personal data, strictly within the limits of their respective responsibilities and for the purpose of carrying out those duties and roles. These include:

  • authorized personnel responsible for recruitment;
  • your managers.

Your Personal Data is neither sold nor exchanged with third parties for marketing purposes.


It may be disclosed in certain cases, where strictly necessary for the purposes mentioned, to third parties:

  • to I-TRACING subsidiaries (as listed in “1. SCOPE OF THIS PERSONAL DATA PROTECTION POLICY”), in particular to best meet your needs and requests in a consistent and harmonized manner;
  • to judicial or financial authorities, government agencies or public bodies, upon their request and within the limits permitted by regulations, if required by law or if I-TRACING believes in good faith that such disclosure is reasonably necessary to comply with a legal procedure (for example, a warrant, a summons or any other court order) or to protect the rights, property or personal safety of I-TRACING, its partners or the public;
  • service providers or partners providing services to I-TRACING (solicitors, auditors, etc.);
  • to various service providers to whom we may outsource the management of certain activities (professional profile search tools, professional skills assessment tools, tools for recording and transcribing candidate interviews, recruitment and application management software, recruitment agencies). These service providers act solely on the instructions of I-TRACING and will only have access to Your Personal Data for the purpose of performing these services; they will be subject to the same security and confidentiality obligations as I-TRACING;

5. IS YOUR PERSONAL DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?

Your data is retained and stored on our servers located in France and on those of OVH and Interxion, located in France and within the European Union respectively.

In the context of the tools we use, your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools:

  • either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, that country ensures a level of protection deemed sufficient and adequate under the provisions of the GDPR;
  • or the data is transferred to a country whose level of data protection has not been recognized as adequate under the GDPR: in which case these transfers are based on appropriate safeguards set out in Article 46 of the GDPR, tailored to each service provider, including, but not limited to, the use of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or pursuant to an approved certification mechanism.
  • or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

You may obtain a copy of the tools enabling the transfer of your data outside the European Union by contacting us using the contact details provided in the section ‘What are the contact details of the Data Protection Officer (DPO)’ below.

6. WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?

You have the following rights regarding your personal data:

  • Right to information: this is why we have drawn up this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: You have the right to access all your personal data at any time, pursuant to Article 15 of the GDPR.
  • Right to rectification: You have the right to rectify your inaccurate, incomplete or outdated personal data at any time, in accordance with Article 16 of the GDPR.
  • Right to restriction of processing: You have the right to obtain the restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: You have the right to request that your personal data be erased and to prohibit any future collection of such data on the grounds set out in Article 17 of the GDPR, subject to any data we may need to retain subsequently to comply with our legal or regulatory obligations.
  • Right to lodge a complaint with a competent supervisory authority if you consider that the processing of your personal data constitutes a breach of applicable legislation, in accordance with Article 77 of the GDPR, or in the event of an unresolved issue relating to the use of your personal data.

FranceCommission Nationale Informatique et Libertés,
3, Place de Fontenoy,
75007 Paris,
www.cnil.fr
United KingdomInformation Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
https://ico.org.uk/
SwitzerlandFederal Data Protection and Information Commissioner
Feldeggweg 1
CH-3003 Bern
www.edoeb.admin.ch
Canada Office of the Privacy Commissioner of Canada
30, rue Victoria
Gatineau (Quebec)
K1A 1H3
www.priv.gc.ca
Hong Kong Privacy Commissioner
Unit 1303, 13/F, Dah Sing Financial Centre,
248 Queen’s Road East,
Wanchai,
Hong Kong
www.pcpd.org.hk
Malaysia Privacy Commissioner
Level 8, Galeria PjH, Jalan P4W, Persiaran Perdana,
Precinct 4, Federal Government Administration Center
62100 Putrajaya, Malaysia.
www.pdp.gov.my/ppdpv1/en/ppdp-eng/

  • Right to set guidelines regarding the retention, erasure and disclosure of your personal data after your death, for processing carried out in France.
  • Right to data portability: subject to certain conditions set out in Article 20 of the GDPR and for purposes based on the performance of the contract, you have the right to receive the personal data you have provided to us in a standard, machine-readable format and to request its transfer to a recipient of your choice.
  • Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data where the processing is based on legitimate interests. Please note, however, that we may continue to process your data despite this objection, for legitimate reasons or to defend our legal rights.

You may exercise these rights by writing to us at the contact details below. We may ask you at that time to provide us with additional information or documents to verify your identity.

7. WHAT ARE THE CONTACT DETAILS OF THE DATA PROTECTION OFFICER?

I-TRACING has appointed a Data Protection Officer (DPO) responsible for ensuring the protection of personal data and compliance with the relevant legal and regulatory requirements.

If you wish to exercise your rights, you may write to the address below, stating your identity and the nature of your request:

  • by post
    I-TRACING
    Legal Department
    25 Quai du Président Paul Doumer
    92400 Courbevoie
  • by email:
    dpo@i-tracing.com

8. WHAT SECURITY MEASURES ARE IN PLACE TO PROTECT YOUR DATA?

We aim to keep your data secure at all times during its processing. Upon receipt of your Personal Data, we implement appropriate technical and organizational measures as well as various controls to prevent, as far as possible, any accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access.

9. CHANGES TO THE POLICY

We may amend this policy at any time, in particular to comply with any regulatory, legal, editorial or technical developments. Such amendments will apply from the date the amended version comes into force. You are therefore invited to consult the latest version of this policy regularly. Nevertheless, we will keep you informed of any significant changes to the policy.