Contraste Europe - Privacy policy for candidates
1. Introduction
Contraste Europe is a group of companies offering IT services and solutions to businesses. It operates exclusively in the B2B market, and does not offer its services to private individuals.
The group operates in Belgium, France, Switzerland and Tunisia, and comprises the following companies: Contraste Europe, Contraste Digital, Audaxis SA, Audaxis SAS, Audaxis Maghreb and The Digital Journey.
In this policy, we use the name Contraste to refer to all group companies.
This policy describes all Processing of Personal Data carried out by Contraste as Data Controller, concerning candidates in relation to recruitment and hiring of candidates.
2. This privacy notice for applicants
In the course of its activities, Contraste collects, stores and uses data on candidates as part of the recruitment process
This policy governs such processing. It is designed to comply with Directive 95/46/EC (the "Data Protection Directive") and, after May 25, 2018, the General Data Protection Regulation (GDPR).
This Privacy Notice describes the Processing of Personal Data carried out about applicants. It is designed to comply with the General Data Protection Regulation (GDPR) of April 27, 2016 of the European Parliament and Council.
General considerations
What data about candidates is collected by Contraste as part of the recruitment process?
For each candidate, Contraste Europe collects the following data:
- Last name, First name
- Date of birth
- Type
- Country of nationality
- Main language
- Language skills
- Job description (data)
- Job description (data/standard)
- Telephone numbers (business, mobile, personal)
- Addresses (business, personal)
- E-mail addresses (business, private)
- Company name
- Education level
- Information on any training courses and certifications obtained
- Any other information on the candidate's CV
- Personal interests (sports, art, etc.)
- Employment references
- Photo
- Copy of diploma, if any
- Copy of identity card (front only!)
- National registration number used only for social security purposes if an employment contract is actually concluded.
2.1 For what purposes does Contraste use your personal data and what legal basis?
Contraste processes data on professionals seeking employment.
This personal data is used for the main purpose of assessing the applicant's suitability for a job offered by Contraste (qualifications, experience, etc.). This includes processing the data listed above for the following purposes, and justified by the corresponding legal bases:
Purpose | Legal basis |
Communicate with candidates (additional requests, interview results, news about the assignment, etc.). | Execution of pre-contractual measures |
Forward a candidate's contact details (CV, contact...) to a customer for a potential assignment | Consent |
Management of candidate documents (photo, diploma, cover letter, etc.) | Execution of pre-contractual measures or performance of a contract |
Candidate CV management | Consent or performance of a contract |
Call report management | Execution of pre-contractual measures or performance of a contract |
Management of technical test results | Execution of pre-contractual measures or execution of a contract |
Candidate data will only be used for these purposes.
2.2 How Contraste collects personal data
Contraste collects your data from the following sources:
- Candidates should send an e-mail to join-us@contraste.com ;
- Candidates apply for a position on one of Contraste's websites, in response to a job posting on that site;
- Candidates publish their profiles on specialized websites such as LinkedIn.com, monster.be, monster.fr, monster.lu, ICTjob.be ;
- Partners (specialized recruitment agencies) provide Contraste with information about a candidate;
- A Contraste employee/consultant passes on a candidate's details to the recruitment department (cooptation);
- Candidates are interviewed;
- Candidates undergo technical tests.
2.3 Who processes candidates' personal data?
Contraste's recruitment department is the main recipient of candidates' personal data for the purposes described in this privacy notice. In the course of the recruitment process, candidate data may also be passed on to contact persons at Contraste clients and to Contraste consultants who are looking for clients.
Every Contraste employee and consultant has signed a confidentiality and data protection agreement to ensure, inter alia, that data processing within the company takes place only for the defined purposes and in compliance with the principles of the GDPR, including secure data processing.
Contraste's customers to whom we may share some of your data with them are partners to whom we transfer some of your data on the basis of our legitimate interest. Your interests, freedoms and fundamental rights are safeguarded by contractual commitments from these companies, in compliance with the GDPR (e.g. confidentiality agreement; NDA). These clients are responsible for any Data Processing they may carry out for their own purposes, however they will not be able to disclose information relating to your applications to third parties or use this data for any purpose other than assessing the suitability of your profile for the job on offer.
We also collaborate with service providers who work on our behalf and who may need access to some of your Personal Data in order to provide their services to us. These service providers have contractually undertaken to protect and secure your data as Data Processors in accordance with the requirements of Article 28 GDPR. These include the companies we have hired to provide a social secretarial service; recruitment agency; Microsoft Dynamics CRM; Microsoft Office 365; recruitment website hosting...
We may also have to transfer some of your data to various public authorities in accordance with our legal obligations, in particular to complete the formalities associated with your employment.
2.4 How Contraste collects and stores candidate consents
Each candidate will be clearly informed of the use of his/her personal data in the context of Contraste's recruitment procedure and as described in this privacy policy. After the first contact, the candidate is invited to give his/her explicit consent to data processing by means of an online form. Consent is stored in Contraste's system. If Contraste does not obtain the applicant's consent, the applicant's data will not be stored and processed.
2.5 How long does Contraste keep candidates' personal data?
After the candidate's online acceptance, Contraste retains the data for two years in accordance with the recommendations of the data protection authorities and only with the candidate's express consent. On the basis of the legal grounds mentioned above in this declaration, Contraste retains a minimum amount of the candidate's personal data (surname, first name, postal address, telephone number) for the proper operation of the recruitment service. Data is retained for a maximum of 2 years from the last contact from the individual or, where applicable, the last feedback from a client on an application.
2.6 Rights of the Data Subject with regard to personal data
In relation to the General Data Protection Regulation (GDPR), users have the following rights in relation to their personal data stored by Contraste:
• Right to information
• Right of access
• Right of rectification
• Right to erasure (or the right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object
• Right not to be the subject of an automated decision
• Right to withdraw consent
To exercise any of these rights, Data Subjects may send an e-mail to ContrastePrivacy@contraste.com stating the reason for the request. Contraste will provide any requested information relating to Data Subjects' rights within one calendar month of receipt of the request. If Contraste receives a large number of requests or particularly complex requests, the deadline may be extended by up to two months.
For security reasons, upon receipt of a request, Contraste will check the applicant's identity. To this end, the acknowledgement of receipt will contain an invitation to perform one of the following operations:
Send a scan of an official proof of identity (ID card, passport, etc.), or other document clearly indicating the name and address of the Data Subject, justifying his or her identity.
The organization of a telephone conversation, during which a number of questions can be asked, the answers being compared with the personal data contained in the Contraste database.
The request will be processed if and only if a positive authentication is obtained.
3. Security measures for technical information
Contraste Europe uses a networked IT infrastructure, enabling its employees to communicate internally and with third parties, and to use applications and services. Contraste has implemented various security measures covering the following areas:
- User awareness
- User authentication
- Authorization management
- Access monitoring and incident management
- Securing workstations
- Secure mobile computing
- Securing the computer network
- Server security
- Secure websites
- Store and plan for business continuity
- Secure archiving
- Data maintenance and destruction control
- Outsourcing management
- Secure exchanges with other organizations
- Protecting buildings
- Guide IT developments
- Encrypt, guarantee integrity or sign
- Contraste regularly tests and improves these security measures.
- Detecting and managing security vulnerabilities
4. Definitions
Data Controller
The Data Controller is a natural or legal person (e.g. a company), public authority, department or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
For example, Contraste is a legal entity which is responsible for Processing the Personal Data of its employees as part of its human resources management.
GDPR, Art.4 (7)
Data Processor
The Data Processor is a natural or legal person, public authority, department or other body which processes Personal Data on behalf of the Data Controller and only on the latter's instructions.
An employee of the Data Controller is not considered a Data Processor.
GDPR, Art.4 (8)
Processing Personal Data
Processing of Personal Data is any operation or set of operations which may or may not be performed upon Personal Data or sets of Personal Data by automated means (e.g. software), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
GDPR, Art.4 (2)
Personal Data
Personal Data refers to any information relating to an identified or identifiable natural person, also known as a "Data Subject". A person is considered identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors characterizing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Source: GDPR, Rec.26; Art.4 (1)
Sensitive Personal Data
Particular personal data" are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to offences and convictions are processed separately (criminal law does not fall within the legislative competence of the EU)".
Source : GDPR, Rec.10, 34, 35, 51 ; Art.9 (1)
Privacy authorities
Depending on the legal entity for which you are applying to Contraste, you can contact the national authority of the country of this legal entity.
Belgium
Data Protection Authority
Rue de la Presse, 35
B-1000 Brussels, Belgium
Phone +32 2 274 48 00
https://www.autoriteprotectiondonnees.be/citoyen
contact@apd-gba.be
France
French Data Protection Authority (CNIL)
3 Place de Fontenoy
TSA 80715
F-75334 Paris Cedex 07, France
Phone +33 1 53 73 22 22
https://cnil.fr/