Applicants Privacy Policy
What is the purpose of our Applicants Privacy Policy?
The confidentiality of the personal data of applicants for a position within Ummon HealthTech SAS represents, for us, a guarantee of seriousness and trust.
In this respect, our Applicants Privacy Policy specifically demonstrates our desire to ensure that Ummon HealthTech SAS complies with the rules applicable to the protection of personal data and, more specifically, those of the General Data Protection Regulation ("GDPR").
In particular, our Applicants Privacy Policy aims to inform you about how and why we process your personal data when you apply for a position with Ummon HealthTech SAS.
Who is our Applicants Privacy Policy intended for?
The Applicants Privacy Policy applies to you, as a applicant for a position within Ummon HealthTech SAS, throughout the recruitment process (e.g. application to a vacancy, unsolicited application, recruitment via an external firm, etc.), regardless of the duration or nature of the proposed contract (e.g. salaried position, temporary worker, trainee, etc.).
Why do we process your personal data and on what basis?
As a recruiter, we necessarily need to process your data in order to manage recruitment (e.g. interviews, processing of applications, salary negotiations, etc.), any travel involved in recruitment and the security of our premises.
Processing is carried out on the basis of discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting applicants.
How did we obtain your personal data?
Your data is collected directly from you via your application and CV, and we undertake to process your data only for the purposes described above.
However, we may also obtain your personal data indirectly from recruitment agencies if you have given your prior consent to them
What personal data do we process and for how long?
- any personal and professional identification data provided in the applicant's CV and covering letter (e.g. surname, first name, date of birth, nationality, etc.) retained for the duration of the recruitment process and for a maximum of 2 years after your application.
- any details provided in the applicant's CV and covering letter (e.g. email address, telephone number, Linkedin link, etc.) retained for the duration of the recruitment process and for a maximum of 2 years after your application.
- any data relating to personal and professional life provided in the applicant's CV and covering letter (e.g. diplomas, hobbies, certificates, age, marital status, driving licence, etc.) retained for the duration of the recruitment process and for a maximum of 2 years after your application.
- any economic and financial data (e.g. salaries, bonuses, etc.) provided during job interviews will be kept for the duration of the recruitment process and for a maximum of 2 years after your application.
- any specific data (e.g. residence permit, etc.) provided by the applicant as part of the recruitment process is kept until the end of the employment relationship in the case of recruitment, and is deleted after the recruitment process in the case of refusal.
- any specific relevant and required data (e.g. disability status) provided in the applicant's CV and covering letter retained for the duration of the recruitment process and deleted after the recruitment process has ended.
- any identity document (e.g. passport or ID card) provided as part of the recruitment process will be deleted once the applicant has or has not been recruited.
- if you have applied for a job via our website, connection data (e.g. IP address and logs) kept for a maximum of 12 months.
Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you. At the most, we may only keep anonymous data for statistical purposes.
However, if you are recruited, the data collected during the recruitment process is automatically transferred to your personal file and becomes subject to the Employee Privacy Policy.
Please also note that in the event of a dispute, we are obliged to keep all your personal data for the duration of the case, even after the retention periods described above have expired.
What rights do you have to control the use of your personal data?
The applicable data protection regulations give you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.
- The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
- The right to rectify personal data that is incorrect, obsolete or incomplete.
- The right to object to the processing of your personal data for commercial prospecting purposes.
- The right to request the deletion ("right to be forgotten") of your personal data that is not essential for the proper functioning of our services.
- The right to limit your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
- The right to data portability, which allows you to recover part of your personal data so that it can be easily stored or transmitted from one information system to another.
- The right to give instructions on what should happen to your data in the event of your death, either through you or through a trusted third party or beneficiary.
For a request to be taken into account, it must be sent directly by you to dpo@ummon.health. Any request that is not made in this way cannot be processed.
Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.
We will respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request is technically complex or if we receive a large number of requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, particularly if it is repetitive.
Who can access your personal data?
Your personal data is processed by our teams for the sole purpose of managing applications.
Can your personal data be transferred outside the European Union?
The personal data processed by the company for recruitment purposes is hosted exclusively within the European Union.
How do we protect your personal data?
We implement all the technical and organisational means required to guarantee the security of your data on a day-to-day basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data (e.g. secure access, antivirus, etc.).
Who can you contact for more information?
Our Data Protection Officer ("DPO") is always available to explain in more detail how we process your data and to answer any questions you may have on the subject at the following address: dpo@ummon.health.
How can you contact the CNIL?
You may at any time contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at the following address: CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.
Can the Applicants Privacy Policy be modified?
We may amend our Applicants Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future.
Certified by Dipeeo ®.