During the selection process related to consulting activities, Earon SAS (hereinafter referred to as: Data Controller) processes the data of the persons who uses its services (hereinafter referred to as: Data Subject or Data Subjects).
In connection with processing of data, Data Controller hereby informs the Data Subjects about the personal data processed by itself on its website www.earon-hr.com
), the principles and practices followed by the Data Controller within the framework of processing of personal data, and the method and possibilities of exercising rights of the Data Subjects.
1. Purpose of Processing Of Data
Processing of data provided by the Data Subject as part of his/her job application shall be carried out in order to the Data Subject could establish an employment relationship or other legal relationship related to work with the Data Controller or – even foreign residence business or other organisations being in contractual relationship with the Data Controller as the result of the Data Controller’s activities, in particular but not limited to the selection process required to establish employment relationship or other legal relationship related to work and data processing related to job offers.
The Data Controller shall not use the provided personal data for a purpose other than the purpose defined above. The release of personal data to Third party or to the authority is possible in case of the prior, express consent of the Subject Data, unless otherwise provided in a binding law.
In every case, where the Data Controller wishes to use the provided data to a purpose other than the original purpose, it shall inform the Data Subject and obtain the prior, express consent of the Data Subject to this, and the Data Controller shall make it possible to the Data Subject to prohibit the use of data.
2. Legal Basis of Processing Of Data
The Processing of data is possible on the basis of the voluntary declaration of the Data Subject, which based on appropriate information, which declaration includes the express consent of the Data Subject to the use of his/her personal data provided during the use of services provided by the Data Controller.
The Processing of data carrying out by the Data Controller is possible on the basis of the. voluntary declaration of the Data Subject pursuant to EU 2016/679 General Data Protection Regulation ("GDPR") and Law No. 78-17 of January 6, 1978 on Informational Self-determination and Freedom of Information (hereinafter referred to as: Information Act).
The Data Controller shall not check the provided personal data and their authenticity. The Data Subject as the contracting party is exclusively liable for the adequacy of the personal data provided by him/her. In case of the provision of an e-mail address, the Data Subject shall take responsibility for the fact that via such e-mail, (s)he is the only one who use a service.
3. The Data Controller
38 avenue Wagram 75008 Paris, France
Company registration number
818 192 957
FR 91 818 192 957
+33 1 84 88 54 63
4. Duration of Processing Of Data
The processing of personal data provided in order to use the services, the provision of which is mandatory, lasts from the date of provision of such to the Data Controller until the deletion of such upon a request. In case of a data the provision of which is not mandatory, the Processing of data lasts from the provision of such until the deletion of such upon a request as well.
The deletion of the provided personal data can be performed anytime following that the request has been sent. The Data Controller deletes the personal data from its system within 5 (five) business days following the receipt of the request.
The logged technical data shall be stored for 5 (five) years in the system, from the date of the logging, except the date of the last visit to the website of the Data Controller which is automatically overwritten.
In case of a newsletter, if the Data Subject unsubscribes from the newsletter, then the Data Controller sends no more letter to the Data Subject.
The above provisions do not affect the performance of the obligation to keep such data defined in any legal regulations, especially, but not limited to the performance of the obligation set out by tax and social security legislation.
5. The Scope of The Processed Personal Data
5.1. Data provided during the use of services
Data Subjects shall provide the following data in order to use the services of the Data Controller:
a. personal identification data (family and first name(s), sex, date and place of birth, nationality);
b. contact information (e-mail address, phone number, address);
c. educational and other qualifications, work experience, language skills, area of interest;
d. curriculum vitae;
e. user name and password.
In the case of applying for a specific vacancy notice, it should be possible, that providing other relevant additional personal information become necessary by the perspective of the job concerned.
Sensitive data (e.g. data relating to health, criminal personal data) shall only be processed with the Data Subject’s prior written consent and if such data processing is necessary for the selection to a specific job applied by the Data Subject. Data Controller shall not be liable for processing sensitive data become aware of (e.g. sensitive data in the CV uploaded during the online registration) without the specific request of the Data Controller.
5.2. Technical data
The technical data is the data of the computer of the Data Subject which is generated during the use of the service and which is recorded by the system of the Data Controller, as an automatic result of the technical processes. Such as, in particular, the date and time of the visit, IP address of the Data Subject, type of the browser, and the location specified by the IP address. The Data Controller maintains the right to place cookies in the computer of the Data Subject.
The data to be automatically recorded is recorded by the system at the time of entering and exit without the separate declaration or other act of the Data Subject. Such data cannot be linked to other personal user data, except cases made mandatory by the law. Such data is only available to the Data Controller.
HTML code of the website may contain reference arriving from an external server and shows towards an external server which is independent from the Data Controller. The service providers of such references are able to collect user data due to the direct connection to their servers.
The Data Controller and the indicated external service provider in order to provide a customized service, place and read back a small package of data, so called cookie on the computer of the Data Subject. If the browser sends back a cookie saved earlier, the service provider processing the cookie is able to link the data saved during the current visit of the Data Subject to the previous ones, but exclusively having regard to its own content.
The Data Controller makes it possible to the Data Subject to subscribe to the newsletter on the website in order to the cognition of job offer appropriate to its qualifications, aptitudes and needs. The newsletter contains direct marketing elements and advertisement.
The Data Subject can anytime unsubscribe from the newsletter free of charge, without any limitation or reasoning. The Data Subject can do it by clicking on “Unsubscribe” at the bottom of the newsletter or by sending via e-mail or post a deletion request to the Data Controller. Following the receipt of the deletion request, the Data Controller will not contact the Data Subject with further newsletter or offers.
6. The Scope of Persons Having Access To Data Disclosure Of Data By Transmission Data Processing
Firstly, it is the Data Controller and its internal employees who are entitled to access to the data, however they cannot publish or transfer such to third party.
The Data Controller may use a data processor (e.g. system operator, carrier) to carry out technical (IT) operations related to data.
The data processors are the following:
ZOHO Corporation B.V
Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands
7. The Rights of The Data Subject And Possibilities To Enforcement Of Rights
7.1. Right to information
The Data Subject is entitled to request anytime information on his/her personal data processed by the Data Controller. The Data Controller provides information upon the request of the Data Subject on his/her personal data processed by itself, on the data processed by itself or by a contracted Data processor, on the sources of such, on the purpose, legal basis and duration of the Processing of data, furthermore on the name, address and on the activity related to data processing of the Data processor, on the circumstances and effects of the Privacy incident, the measures taken to the elimination of the Privacy incident, and - in case of the transmission of the person data of the Data Subject - the legal ground and addressee of such transmission. The Data Controller shall provide the requested information within 30 (thirty) days from the submission of the request. The Data Controller - through its internal
data protection officer, if any - keeps a record in order to control the measures taken in relation to the Privacy incident and to inform the Data Subject, which record includes the scope of the personal data of the Data Subject, the scope and number of the Data Subjects affected by the Privacy incident, the time, circumstances, effects of the Privacy incident, and the measures taken to the elimination of such, and the data defined in laws prescribing Processing of data. The Data Subject can turn to the employee of the Data Controller in case of any question or comment related to data processing via the contact details defined in point 4.
7.2. Right to request for the deletion, correction and blocking of personal data
The Data Subject is entitled to request anytime the correction or deletion of his/her data which has been incorrectly recorded addressed to one of the contact details defined above.
The Data Controller deletes the data within 5 (five) business days from the receipt of the request, in such case, the restoration of these data is no longer possible. The deletion shall not apply to the Data processing necessary on the basis of a legal regulation, these data shall be kept by the Data Controller for as long as necessary.
The Data Subject may request the blocking of his/her data as well. The Data Controller shall block the personal data, if it is requested by the Data Subject or if on the basis of the available information it can be assumed that the deletion violates the legitimate interest of the Data Subject. A data blocked this way can be processed until the purpose of the Data processing, which excludes the deletion of the personal data, exists.
The Data Subject and those who have received the data for the purpose of Processing of data shall be informed on the correction, blocking and deletion of data. Such notification can be ignored if it does not violate the legitimate interest of the Data Subject having regard to the purpose of Processing of data.
If the Data Controller does not fulfil the request of the Data Subject to correct, block or delete the data, it shall inform the Data Subject in writing providing the facts and legal reasoning of the refusal of such request within 30 (thirty) days from the receipt of such request.
7.3. Right to object against the processing of the personal data
The Data Subject may object to the processing of his/her personal data. The Data Controller examines the objection as soon as possible following the submission of the request, but no later than within 15 (fifteen) days, it makes a decision regarding whether it is well-founded, and it shall inform the Data Subject as applicant in writing on its decision thereon.
7.4. Remedies related to data processing
The Data Subject may turn to the to French National Commission for Data Protection (CNIL) at the following address: https://www.cnil.fr/fr/plaintes or by addressing your complaint by mail to the following address:
CNIL 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07
• enforce his/her rights before the competent court.
If the Data Subject provided the data of a Third party for the use of service or caused a damage in any way, the Data Controller is entitled to enforce a compensation against the Data Subject.
8. Use of The E Mail Address The Data Controller pays special attention to the lawfulness of the use of e-mail addresses processed by itself, thus such e-mail addresses are exclusively used for sending informational or advertising e-mails.
The processing of the email addresses firstly serves to the identification of the Data Subject, the fulfilment of the orders, maintenance of the contact during the use of the service, thus primarily the emails are sent for such purposes.
9. Data Protection The Data Controller shall ensure the security of the data and shall take all technical measures ensuring the protection of the recorded, stored and processed data, and shall make every effort in order to prevent the destruction, unauthorized use and alteration of such. In addition, Data Controller shall draw the attention of any Third party to whom the data has been transmitted or provided to the performance of such obligation.
• Data Subject or Data Subjects: a natural person who has been identified based on a specific personal data, or who can be identified directly or indirectly on the basis thereof;
• Personal data: any information relating to the Data Subject, in particular by reference to his/her name, identification number or by reference to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject;
• Consent of the Data Subject: any voluntary and definite expression of the will of the Data Subject, which based on an appropriate information and by which the Data Subject gives his/her unambiguous consent to the processing of personal data relating to him without limitation or with regard to specific operations;
• Objection of the Data Subject: the declaration of the Data Subject by which (s)he objects to the processing of his/her personal data and requests the termination of processing of data, or the deletion of the processed data;
• Data controller: a natural or legal person - in the present case it is the Data Controller , or unincorporated organization, which individually or jointly with others determines the purpose of processing of data, makes decisions regarding the processing of data (including the means) and executes such decisions or engages a Data processor to execute them;
• Processing of data: any operation or set of operations that is performed upon data regardless to the used method, such as in particular collection, recording, systematization, storage, amendment, use, retrieval, disclosure by transmission, publication, alignment or combination, blocking, deletion or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical characteristics suitable for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
• Data processing: the technical operations involved in data control, irrespective of the method and instruments used for the execution of such operations and the venue where it takes place, provided that such technical operations are carried out on the data;
• Data processor: a natural or legal person, or unincorporated organization that is engaged in personal data processing under a contract concluded with the Data Controller, including when the contract is concluded by virtue of law;
• Disclosure of data by transmission: making the data available to a specific Third party;
• Public disclosure: making the data available to the general public;
• Deletion of data: making the data unrecognizable in a way that the restoration of such is no longer possible;
• Blocking of data: provision of the data with an identification mark for the purpose of the permanent or temporary restriction of further processing of such;
• Destruction of data: the complete physical destruction of the medium containing data;
• Third party: any natural or legal person, or unincorporated organization other than the Data Subject, the Data controller or the Data processor;
• Privacy incident: the unlawful use or processing of personal data meaning, in particular, unauthorized access, alteration, transmission, publication, deletion destruction as well as damage and accidental destruction.