Français   English
GENERAL INSPECTION
2021 PROGRAM

PERSONAL DATA PROTECTION POLICY – CANDIDATES FOR RECRUITMENT

This personal data protection policy is designed to provide you with completely transparent information about how we process your personal data collected on our recruitment site “concours-inspection.societegenerale.com” and, more generally, as part of the assessment of your application for positions offered by the Societe Generale group.

We ensure that the information you provide to us or that we collect through various channels (our recruitment site, our correspondence, conversations and interviews with our employees and particularly our recruitment consultants) are only used for the purposes indicated in this policy.

This policy complies with European personal data protection regulations and particularly the General Data Protection Regulation (GDPR) of 27 April 2016, which came into force in the European Union on 25 May 2018.

WHO IS CONCERNED BY THIS PERSONAL DATA PROTECTION POLICY ?

This policy is intended for candidates who apply for one or more jobs offered by the Societe Generale group, either directly via our recruitment site concours-inspection.societegenerale.com or at trade fairs and forums, by letter, email, via recruitment firms, through employees (as part of co-optation), job sites or social networks (such as LinkedIn) or any other useful means of finding candidates.

In the event that we need to ask for a reference, this will be carried out within the applicable regulatory framework (with the candidate’s prior agreement). This policy therefore also applies to candidate's referees, whose personal data may be collected during verification.

Unless otherwise stated, we refer collectively to the groups of people referred to above as “you”.

WHAT DO WE MEAN BY... ?

  • « Collect » refers to the collection of personal data.
  • « Recipient » is the natural person, legal entity or organisation that receives the personal data, whether or not a third party as defined in the paragraph “Who is likely to receive the data?”.
  • « Personal data » refers to any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  • « Societe Generale entity » means any entity over which the group has control.
  • « Group or Societe Generale » refers to all companies in the group and/or any company which the group controls.
  • « Data subject » : is the natural person whose data is processed, i.e. within the framework of this policy: visitors to our recruitment sites, candidates (whether or not they have created an account on our recruitment sites) and referees.
  • « Controller » is the natural person, legal entity or organisation which, alone or jointly, determines the objectives and methods for processing personal data.
  • « Processing » :means any operation, or collection of operations applied to personal data, regardless of the process used (e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, deletion or destruction, etc.).
  • « Processor » :is the natural person, legal entity or organisation that processes personal data on behalf of a Controller.

WHAT PERSONAL DATA DO WE COLLECT ?

Via our recruitment site

When browsing our recruitment site concours-inspection.societegenerale.com and creating your candidate profile, we may collect personal data about you, in our capacity as controller.

This data has been collected directly from you or has been sent to us – if you have provided your consent – by third parties such as recruitment agencies, job boards for Societe Generale employees or professional social networks (LinkedIn, etc.). In this case, it is specified that we are not responsible for the processing of your personal data by those third parties (with whom you have an independent relationship), Societe Generale acting solely as recipient in this respect.

During consideration of your application

We may need to process various types of personal data, including :

  • identification data (e.g. first name, last name and contact details, etc.);
  • personal data (e.g. personal information included in your CV)
  • data relating to working life and specifically the information contained in your CV (e.g. education, diplomas, career, skills and qualifications, etc.);
  • declarative data (e.g. information provided during recruitment interviews by you or third party sources if they are relevant to the processing of your application);
  • information from your responses to the different tools used during the recruitment process (e.g. personality tests or inventories);
  • data collected using innovative solutions (video interviews to short-list candidates); technical data (e.g. login data used by you to access our website);
  • data relating to your profile (e.g. your username and password);
  • data from video surveillance devices and devices used to record electronic communications, in accordance with applicable rules (e.g. security surveillance cameras on our premises);
  • data made public at your initiative (e.g. profiles from professional social networks).

These data may be provided directly by you or collected from third parties.

Limits of data collection

During this collection, we undertake to only ask you for personal data strictly necessary for the purpose of the processing in question (minimisation principle).

Accuracy of your personal data

It is your responsibility to ensure the accuracy, completeness and updating of the data you send us. The transmission of any inaccurate, false or incomplete data may disqualify you from the position or result in the termination of any employment contract between you and a Societe Generale entity. We invite you to inform us in the event of any changes to your personal data during our collaboration.

Sensitive data

We do not collect sensitive personal data (e.g. about race or ethnicity, religious beliefs, physical or mental health or sexual orientation) as part of our recruitment process or recruitment activities.

However, we may collect sensitive data about you if you voluntarily provide us with such data or if we are required to collect such data because of the legal, regulatory or contractual requirements incumbent upon us and specifically under an agreement or commitment made to regulators or agreed in the context of any kind of litigation.

FOR WHAT PURPOSES DO WE COLLECT OR USE YOUR PERSONAL DATA ?

Via our recruitment site

The collected data is for use within the framework of our recruitment process and its optimisation, enabling us in particular to extract the information directly from your CVs or to propose positions within the group that may be appropriate for you.

It is also used to keep you informed of job advertisements, events, actions or publications likely to be of interest to you.

During consideration of your application

The personal data collected can be used for the purposes of management of your candidate account and the processing of your application, including:

  • identification data (e.g. first name, last name and contact details, etc.);
  • personal data (e.g. personal information included in your CV)
  • data relating to working life and specifically the information contained in your CV (e.g. education, diplomas, career, skills and qualifications, etc.);
  • declarative data (e.g. information provided during recruitment interviews by you or third party sources if they are relevant to the processing of your application);
  • information from your responses to the different tools used during the recruitment process (e.g. personality tests or inventories);
  • data collected using innovative solutions (video interviews to short-list candidates); technical data (e.g. login data used by you to access our website);
  • data relating to your profile (e.g. your username and password);
  • data from video surveillance devices and devices used to record electronic communications, in accordance with applicable rules (e.g. security surveillance cameras on our premises);
  • data made public at your initiative (e.g. profiles from professional social networks).

ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

For our recruitment site

The data collected are processed with your consent, unless otherwise required by legal or regulatory requirements.

The data strictly necessary for examining your application are identified by an asterisk or other equivalent symbol. For data not identified by an asterisk, failure to respond will not impact the handling of your application.

During consideration of your application

Your personal data is processed with your consent. By submitting your application, you consent to the processing of your personal data in accordance with the purposes of this policy. In very exceptional cases, some processing relating to the recruitment process may be required in order to comply with our legal, regulatory or sectoral obligations or be justified by our legitimate interest and therefore not require your prior consent.

Refusal or withdrawal of your consent to the processing of all or part of your personal data may have consequences on the processing of your application by preventing it from being considered fairly compared with other applications. Such withdrawal may therefore constitute abandonment of your application.

WHO IS LIKELY TO RECEIVE YOUR DATA?

We ensure that only authorised persons have access to personal data.

Recipients may include:

Group departments or entities

All personal data you send us in the context of an application is communicated to the Societe Generale entity that published the job offer.

Where necessary, we may communicate some of your personal data to the various departments concerned (recruitment consultants, HR managers and assistants, etc.) and to managers within Group entities for organisational, operational or management reasons or to meet our legal, regulatory or contractual obligations.

Third parties

In the course of our business, third parties (e.g. our subcontractors, service providers, external recruitment consultants, etc.) may be recipients or have access to some of your personal data.

In that case, we ensure that the transfers or exchanges are necessary and are carried out within the limit of these purposes, while providing all the appropriate data protection safeguards.

Exceptionally and in compliance with applicable regulations, some of your personal data may also be sent to third parties in France or abroad for the purpose of establishing, safeguarding or defending a right in court, in the context of administrative or criminal investigations by one or more regulators, compliance with commitments made to them or in the context of legal disputes of any kind.

Some of your personal data may particularly be sent not only to regulators or judicial authorities but also to Societe Generale's advisors and those of the other parties to the proceedings, as well as to those parties themselves. In that case, Societe Generale ensures that data transferred or exchanged are relevant and necessary for the purposes referred to above.

IS YOUR PERSONAL DATA COMMUNICATED OR ACCESSIBLE FROM A COUNTRY OUTSIDE THE EUROPEAN UNION ?

Is your personal data communicated or accessible from a country outside the European Union? In view of the international structure and activities of our group, personal data may, in accordance with the specified purposes of the processing, be transferred to group entities, service providers, subcontractors or partners located in a European Union country or a country outside the European Union.

To fulfil the purposes mentioned above, we may be required to disclose the information collected to people in charge of recruitment and related services, to the group’s legal entities, to its partners and to its subcontractors and providers established inside or outside the European Union (EU). These parties may therefore need to contact you directly, using the contact details that you have provided to us, in order to offer you positions within our group corresponding to your profile.

Personal information or data may potentially be transferred to non-EU countries and be subject to different laws or regulations from those applicable in the European Union.

Rules ensuring the protection and security of this information have been put in place in the event of any future transfer to a country outside the EU. In particular, we have put in place legal protections to secure this type of transfer (standard contractual clauses with our service providers and partners and binding corporate rules (BCRs) between group entities).

HOW LONG ARE YOUR DATA KEPT ?

Your personal data will be kept for the period necessary to complete the recruitment process.

Unless you request otherwise, your personal data will be kept in order to study the possibility of offering you other positions that may correspond to your profile for a maximum of one (1) year from your last contact with Societe Generale (your last log-in to your Candidate Space on the website concours-inspection.societegenerale.com).

The results of any tests you are asked to take during the recruitment process are processed separately and will be kept for 12 months after completion.

HOW DO WE ENSURE THE SECURITY AND CONFIDENTIALITY OF YOUR PERSONAL DATA ?

We take all appropriate security measures to ensure the security and confidentiality of your personal data, in particular with a view to protecting them from any loss, accidental destruction, alteration or unauthorised access. Security is essential to our activities. When we use subcontractors or service providers, we select them based on the quality and safety criteria they are able to offer. We therefore impose confidentiality rules on our subcontractors and our service providers that are at least equivalent to our own. Measures are implemented to control access to processing and secure the communication of personal data. We favour the use of techniques that render your data anonymous as soon as possible or necessary.

WHAT ARE THE MAIN PRINCIPLES OF THE GDPR?

In accordance with the main principles set out in the GDPR, we take all necessary measures to ensure that your personal data are:

  • processed lawfully, fairly and transparently;
  • collected for specified, explicit and legitimate purposes;
  • adequate and relevant to the purpose of the processing;
  • kept in accordance with the defined retention periods;
  • processed in a way that ensures appropriate security.

We implement the necessary measures to respect the protection of personal data, both from the design stage, for example of a service or an application, and during their usage period. When necessary, we also carry out impact assessments on protection of the personal data in question.

HOW CAN YOU EXERCISE YOUR RIGHTS ?

As part of the processing of personal data, you enjoy a number of rights provided by the GDPR. Within the limits and conditions permitted by that regulation, where applicable you can therefore:

  • request access to your personal data (right of access);
  • correct, update and erase your personal data (right of rectification and erasure), it being specified that erasure can only occur when the personal data are no longer necessary for the purposes for which they were collected or processed and of the processing was based on consent;
  • oppose the processing of your personal data on legitimate grounds;
  • request a limitation on the processing of your personal data (right to limitation);
  • file a complaint with a supervisory authority;
  • receive or request the transfer of your personal data that you have provided to the group (right to portability).

Exclusively in France, you have the option of appointing a person to whom Societe Generale can send instructions relating to the retention, deletion and communication of your personal data after your death.

Exercise of these rights is subject to a number of conditions specified in the applicable regulations and must be exercised in accordance with them.

Regarding access to your data and their correction, you may, at any time within 12 months after your last log-in, access your Candidate Space on our website concours-inspection.societegenerale.com to consult and update them as applicable.

For any other request relating to the processing of your personal data, you can use the contact form available on our recruitment site, selecting the message subject “GDPR”.

You may also send your questions directly to our “Data Privacy” correspondents by writing to the following address:

COOKIES AND OTHER TRACKERS

For statistical purposes, indirectly nominative data may also be used to manage your connection and browsing. This enables us to better understand your behaviour on the site and thereby optimise your browsing experience.

POSSIBILITY OF APPEAL

The supervisory authority in France is CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 - www.cnil.fr. For other countries (Societe Generale group entities using the concours-inspection.societegenerale.com website for the processing of applications), you will find a list of supervisory authorities in the appendix.

FINALLY... FOR FURTHER INFORMATION

The contact details of Societe Generale’s Data Protection Officer (DPO) are sg-protection.donnees@socgen.com.

This policy may be updated or amended. Therefore, we invite you to regularly visit our recruitment sites (and more specifically the site concours-inspection.societegenerale.com).

Depending on your country of residence, specific local requirements may be applied by Group entities, particularly to adapt to regulatory requirements. These will be specified to you on a case-by-case basis by the recruitment advisers in the entities concerned.

APPENDIX – SUPERVISORY AUTHORITIES

Australiahttps://www.oaic.gov.au/
Belgiumhttps://www.autoriteprotectiondonnees.be/
Canadahttps://www.priv.gc.ca/index_f.asp
Chinahttp://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0050021
Czech Republichttp://www.uoou.cz
Francehttps://www.cnil.fr
Germanyhttps://www.bfdi.bund.de/
Hong-Konghttp://www.pcpd.org.hk/
Indiahttp://mit.gov.in/
Italyhttp://www.garanteprivacy.it/
Japanhttp://www.ppc.go.jp/en/
Luxembourghttp://www.cnpd.lu/
Maroccohttp://www.cndp.ma/
Monacohttp://www.ccin.mc
Polandhttps://uodo.gov.pl/
Portugalhttps://www.cnpd.pt/
Roumaniahttp://www.dataprotection.ro
Serbiahttps://www.poverenik.rs/en
South Koreahttp://www.pipc.go.kr/cmt/main/english.do
Spainhttp://www.agpd.es
Switzerlandhttp://www.leprepose.ch
United-Kingdomhttps://ico.org.uk/
United-Stateshttps://www.privacyshield.gov/

WHAT IS A COOKIE?

A cookie is a text file that can be saved in a dedicated space on the hard drive of your device (computer, tablet, smartphone, etc.) when you consult an online service using your browser software. A cookie file allows its issuer to identify the device on which it is saved for the period of validity or recording of this cookie.

WHAT COOKIES DO WE USE?

Below we describe the purposes of the cookies that we issue subject to your choices, which result from the settings of your browser software used during your visit to our website or other means available to you.

Functionality cookies to facilitate your browsing on our website

These are the cookies necessary for browsing on our website:

  • some are essential to the operation of the website: they allow you to use the main features of the website and secure your connection.
    For example, they allow you to directly access the reserved and personal areas of our website, thanks to identifiers or data that you may have previously entrusted to us. Without these cookies, you will not be able to use the website normally. We do not advise deleting them.
  • others are not essential to browsing on our website but can optimise its operation and give you access to specific features. They also allow you to adapt the presentation of our website to the display preferences of your device (language used, display resolution, operating system used, etc.). These cookies thus allow you to enjoy smooth, personalised browsing
    Placing cookies on your device is the easiest and fastest way to personalise and enhance your user experience.

The list of these cookies is as follows:

ses,ses.sig Technical identifier
Duration : user session
Keeps the session authenticated
hl Site language
Duration : 1 year
Keeps the selected language to display site

Analytical cookies to improve our services

These cookies allow us to better understand the use and performance of our website and to establish statistics and volumes of frequency and use of the various components of our website (content visited, paths), allowing us to improve the interest and ergonomics of our services (the pages or sections most often consulted, the articles most read, etc.).

These are the following cookies:

Google Analytics
_ga,_gid,_gat
Internet pages viewed on our website - Third-party cookie Establish statistics and volumes of frequency and use of the various components of our website
Azure Application Insights
ai_session,ai_user
Internet pages viewed on our website - Third-party cookie Establish statistics and volumes of frequency and use of the various components of our website

Advertising cookies

These cookies are used to offer advertising adapted to your interests, on our website but also other websites. In particular, they are used to limit the number of times you see an advertisement and help measure the effectiveness of an advertising campaign. The relevance of the advertising content displayed on your device can also be achieved by combining the browsing information of your device on our website with the data that you have provided. The refusal of these advertising cookies has no impact on the use of our website. However, refusing them will not stop the advertisement. It will only have the effect of displaying an advertisement (which will not take into account your interests or preferences).These cookies are mainly third-party cookies and depend primarily on advertising agencies or our partners.

THIRD-PARTY COOKIES

Third-party cookies are cookies placed on your device by third-party companies (including partners) when you browse our website. The issuance and use of cookies by third parties are subject to the “cookies” privacy policies of those third parties. We inform you about the purpose of cookies when we know and the means available to you to make choices about these cookies.

REFUSING/REMOVING COOKIES

The recording of a cookie on a device is conditional on the desire of the user of the device, which the user can express and modify at any time free of charge. You may configure your browser so that cookies are stored on your device or, on the contrary, rejected either systematically or according to their issuer. You may also configure your browser so that the acceptance or refusal of cookies is occasionally proposed to you, before a cookie can be saved on your device.

Configuration of your browser

Most browsers accept cookies by default. However, you may decide to block these cookies or ask your browser to notify you when a website tries to implement a cookie on your device. To change how cookies are managed by your browser, you can change the settings in the privacy tab.

For the management of cookies and your choices, the configuration of each browser is different. The procedure to be followed is described in your browser’s help menu, which will explain how to change your preferences regarding cookies:

  • For Internet Explorer™
  • For Safari™
  • For Google Chrome™
  • For Firefox™
  • For Opéra™

“Flash”© cookies of “Adobe Flash Player™”

“Adobe Flash Player™” is a computer application that permits the rapid loading of dynamic content using the “Flash” programming language. Flash (and similar applications) remembers the settings, preferences, and usage of this content through a technology similar to cookies. However, “Adobe Flash Player”™ manages this information and your choices through an interface different from that provided by your browser.

Since your device might be able to view content developed using Flash, we urge you to access your Flash cookies management tools, directly from the website http://www.adobe.com.

Opt-out links for analytical cookies:

For Google Analytics cookies: https://tools.google.com.

Note that the consideration of your preference is based on a cookie. If you delete all the cookies stored in your device without distinction (via your browser), we or our service providers will not know that you have chosen this option.