Privacy Policy
SOMDIA attaches great importance to the protection of your privacy and data.
“SOMDIA” or “we” refers to the company SOMDIA, a public limited company with its registered office at 39 rue Jean-Jacques Rousseau, 75001 Paris, registered with the Paris Trade and Companies Register under number 036 510 865.
SOMDIA’s policy on the protection of online data explains how SOMDIA collects, processes, and protects your personal data when you visit our website, as required by the data protection laws in force in the countries where we operate, including the European General Data Protection Regulation (Regulation 2016/679, known as “GDPR”) and Law No. 78-17 of January 6, 1978, as amended (known as the “Data Protection Act”), together referred to as the “Data Protection Laws”.
We have implemented a data protection program, which includes the adoption, on a global scale, of the principles set out in the GDPR and, more generally, the Data Protection Laws. This program includes:
- The adoption of internal policies and procedures to ensure compliance with the Data Protection Laws;
- The implementation of appropriate technical and organizational measures to apply data protection principles.
1. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
The website is operated by SOMDIA, which acts as the data controller within the meaning of the Data Protection Laws. When we collect personal data about you, we may then disclose it to our subsidiaries (the “Subsidiaries,” whose list you can consult on our website), in accordance with the guarantees provided in this Privacy Policy. Please note that the Subsidiaries may be located in a third country outside the European Economic Area that does not provide the same level of data protection as European countries.
We may also act as a data processor on behalf of the Subsidiaries when you apply directly on SOMDIA’s website for a job within one of the Subsidiaries. The applications submitted on our website will be forwarded to the human resources departments of the relevant Subsidiaries, unless the application form fields have not been duly completed, in which case the data will be sent directly to us.
To contact us, please refer to section 9 of this Privacy Policy.
2. WHAT PERSONAL DATA DO WE COLLECT AND HOW?
Information you provide to us directly
We process the information collected online on our website, for example when you apply directly online for a job offer at SOMDIA or one of its Subsidiaries, or when you submit your spontaneous application. We may collect:
- Personal information such as, among others: name, first name, date and place of birth, email address, postal address, other contact details including mobile phone number, professional background and qualifications (academic and professional), gender, nationality and work permit for the location where you are applying, marital status; and
- Other information you provide in support of your application, including (among others) the information contained in your CV and/or your application email, as well as the reasons for your application to SOMDIA.
Important note: When we collect personal data through forms, including electronic forms, we indicate the mandatory fields with asterisks. If the fields marked with an asterisk are not completed, we may not be able to process your request effectively. Please ensure that the personal data you transmit is accurate/precise.
Information about you that we obtain indirectly
As part of the application process, we may also collect:
- The same information when it has been made public on social networks (e.g., through LinkedIn or Xing);
- The same information from your recruitment agency or ours;
- Information from preselections, background checks, and/or references that we may carry out as part of the application or recruitment process.
We do not collect special categories of data or sensitive data unless you provide them in your CV or the position requires the disclosure of information about your medical or disability status.
Other information about you is collected indirectly when you visit the SOMDIA website. This information is necessary, technically, for the proper functioning of the SOMDIA website or to improve your browsing experience. This includes:
- Technical information, such as IP address, related to your browsing on our website, for the purpose of identifying your country/city through geolocation;
- Data relating to the use of the website (e.g., tracking your browsing on the website, language preferences);
- Personal data collected through media platforms and social networks (e.g., when you follow SOMDIA’s pages on these social networks, personal data that you have designated as public and can be viewed by everyone from your profile on these social networks).
For more information on the use of cookies and other trackers on our website, please refer to our Cookie Management Policy.
Our website is not intended for minors. However, if we inadvertently collect information about minors, the legal representative of the minor concerned may exercise the rights of the minor on their behalf and for their account at any time, in accordance with section 8 of this Policy.
3. WHY DO WE COLLECT YOUR PERSONAL DATA?
We may use your personal data to:
- Allow you to browse our website;
- Allow you to apply for our job offers;
- Allow you to submit spontaneous applications;
- Enable us to review your application and communicate with you about the recruitment process;
- Establish statistics and conduct financial and commercial studies.
4. HOW DO WE JUSTIFY THE PROCESSING OF YOUR PERSONAL DATA?
We process your personal data in compliance with the Data Protection Laws. We will only collect and process your data if an appropriate and relevant legal basis allows it.
We only process your personal data if this processing is necessary for the performance of pre-contractual measures, based on our legitimate interest, or based on a legal and regulatory obligation. The following table shows how your personal data is processed, for what purpose, and on what legal basis:
Purpose
|
Personal Data
|
Legal Basis
|
Sending applications, reviewing applications, including assessing your abilities, skills, and qualifications for the position
|
Name, first name, date of birth, professional background and qualifications (academic and professional), information contained in your CV and/or application email, as well as the reasons for your application to SOMDIA, nationality and work permit for the location where you are applying, marital status
|
Performance of pre-contractual measures Legal or regulatory obligation
|
Communicating with you about the recruitment process
|
Name, first name, email address, postal address, other contact details including mobile phone number
|
Performance of pre-contractual measures
|
Verifying the information you provide, directly or through authorized third parties
|
Name, first name, date and place of birth, professional background and qualifications (academic and professional), information contained in your CV and/or application email
|
SOMDIA’s legitimate interest Legal or regulatory obligation
|
Checking your criminal records if necessary for the position
|
Name, first name, date and place of birth
|
Legal or regulatory obligation
|
Keeping records of your recruitment process
|
Name, first name, date and place of birth, email address, postal address, other contact details including mobile phone number, professional background and qualifications (academic and professional), gender, nationality and work permit for the location where you are applying, marital status, information contained in your CV and/or application email, as well as the reasons for your application
|
SOMDIA’s legitimate interest
|
Conducting statistical studies
|
Name, first name, date and place of birth, email address, postal address, professional background and qualifications (academic and professional), gender, nationality and work permit for the location where you are applying, marital status, information contained in your CV and/or application email, as well as the reasons for your application
|
SOMDIA’s legitimate interest
|
Processing of data from the deposit or reading of cookies or other trackers is subject to specific developments in our Cookie Management Policy, which we invite you to consult.
5. WHO MAY WE DISCLOSE YOUR PERSONAL DATA TO?
Within SOMDIA
When your data is disclosed within SOMDIA, we take the necessary measures to ensure that it is only accessible to a limited number of people who need to know it in the course of their activities.
Only authorized SOMDIA employees working in teams that need to have your information (including recruitment teams) will have access to your personal data.
Outside SOMDIA
When you specify a country where you wish to apply, we will transmit your data to authorized personnel of the relevant Subsidiary.
These Subsidiaries may be located in countries that do not provide an adequate level of protection as defined by the European Commission. Therefore, we have concluded standard contractual clauses with them, in accordance with the models established and published by the European Commission. For more information on the transfer of your data abroad, please refer to section 6.
If you would like more information about the transfer of your data, please contact us in accordance with the provisions of section 9.
Furthermore, we may disclose your personal data to service providers acting as data processors on behalf of SOMDIA, based on secure contractual agreements that include strict obligations regarding data protection.
In particular, we will disclose your personal data to service providers or suppliers who help us operate our website or protect the security and integrity of our activities (including maintenance, security, and IT support service providers, hosting providers, marketing and advertising partners, direct mailing or customer relationship services, etc.). Specifically, for the technical storage of your personal data, it will be hosted on third-party servers located in Clichy (92110).
We may also transfer personal data to another legal entity in the event of collaboration, joint venture, restructuring, change of legal status, or any similar event, under conditions that provide appropriate guarantees and ensure a sufficient level of security. In the event of a merger or sale, your personal data will be permanently transferred to our successor.
In any case, SOMDIA makes every effort to implement all necessary precautions to preserve the confidentiality and security of the personal data processed and prevent it from being distorted, damaged, destroyed, or accessed by unauthorized third parties. Technical and organizational security measures in line with the state of the art have been implemented for this purpose.
6. TRANSFER OF DATA ABROAD
Your data may be transferred to Subsidiaries located on the African continent, as well as to certain service providers located outside the European Economic Area. We will only share your data when necessary to fulfill your request or for technical reasons. We expect and require our Subsidiaries or service providers to respect your rights under the Data Protection Laws, regardless of the geographical location of the data recipient.
These Subsidiaries or service providers may be located in countries that do not provide an adequate level of protection as defined by the European Commission. Therefore, we have concluded standard contractual clauses with each of them, in accordance with the models established and published by the European Commission. These contractual measures aim to ensure an adequate level of protection for your data and allow you to exercise all your rights as mentioned in section 8, regardless of the geographical location of the data recipient.
If you would like more information about the transfer of your data, please contact us in accordance with the provisions of section 9. A copy of these safeguards can be provided upon request.
7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
SOMDIA complies with the retention periods imposed by applicable laws and regulations. Unless otherwise provided by law, these periods are generally five (5) years from the end of the contractual relationship. At the end of the retention period, your data will be immediately deleted or archived in an anonymized form in accordance with applicable regulations.
7.1. Application data
In the event of a negative response to your application, we will inform you of our intention to retain your personal data.
Unless you request deletion, your personal data will be retained by SOMDIA for a period of two (2) years from our last contact.
After this period, your data will be regularly deleted unless it is necessary to retain it for a longer period (i) to comply with legal, accounting, and tax retention obligations, (ii) for the retention of evidence during applicable limitation periods, (iii) for the exercise of SOMDIA’s rights in the event of legal or judicial action throughout the duration of the proceedings or investigation.
However, you may authorize us to retain your data for a longer period so that we can offer you a job within the SOMDIA group when the opportunity arises. In this regard, we will seek your consent to retain your data beyond the two-year period from our last contact and will delete your data as soon as you withdraw your consent, unless it is necessary to retain it for a longer period (i) to comply with legal, accounting, and tax retention obligations, (ii) for the retention of evidence during applicable limitation periods, (iii) for the exercise of SOMDIA’s rights in the event of legal or judicial action throughout the duration of the proceedings or investigation.
You may withdraw your consent at any time by contacting us in accordance with the provisions of section 9.
The withdrawal of your consent will not affect the validity of the processing carried out on this basis prior to the date of withdrawal.
7.2. Other data
Cookies managed by SOMDIA are retained for up to thirteen months. Please refer to our Cookie Management Policy for more information on this.
8. WHAT ARE YOUR RIGHTS?
- The right to access and information: You have the right to be informed in a concise, transparent, understandable, and easily accessible manner about how your personal data is processed. You also have the right to obtain (i) confirmation of whether personal data concerning you is being processed or not, and, if so, (ii) access to such personal data and a copy thereof.
- The right to rectification: You have the right to have your inaccurate personal data rectified. You also have the right to request that your incomplete personal data be completed.
- The right to erasure: You have the right to obtain the erasure of your personal data. However, this is not an absolute right, and SOMDIA may retain this data to the extent permitted by law, particularly when its processing is necessary for compliance with a legal obligation to which SOMDIA is subject or for the establishment, exercise, or defense of legal claims.
- The right to restriction of processing: You have the right to obtain the restriction of the processing of your personal data in certain circumstances (e.g., when SOMDIA no longer needs the data for the purposes of processing, but they are still necessary for the establishment, exercise, or defense of your legal claims).
- The right to data portability: You have the right to receive the personal data you have provided to SOMDIA in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another data controller without hindrance from SOMDIA. These rights only apply if the processing of your personal data is based on your consent or the performance of a contract and this processing is carried out by automated means.
- The right to object to processing: You have the right to object to the processing of your personal data when this processing is based on SOMDIA’s legitimate interest. However, SOMDIA may invoke compelling legitimate grounds requiring the continuation of the processing. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.
- The right to provide instructions: You have the right to provide us with instructions regarding the fate of your data after your death.
To exercise the aforementioned rights, please contact us in accordance with the provisions of section 9 and provide us with the following information: first name, last name, email address, or any other information necessary to confirm your identity and allow us to process your request (e.g., your postal address) as well as a copy of your identity document.
You have the right to lodge a complaint with the competent supervisory authority in the event of a violation of the applicable data protection laws and regulations, including the GDPR, as well as any other national or regional data protection laws that apply to you.
In France, you can lodge your complaint with the:
National Commission for Informatics and Liberties (CNIL):
3 Place de Fontenoy – TSA 80715
75334 Paris CEDEX 07
Tel: 01 53 73 22 22
9. HOW TO CONTACT SOMDIA FOR ANY QUESTIONS REGARDING DATA PROTECTION
Please feel free to contact us with any requests:
- By email at the following address: dpo@somdia.com;
- By postal mail at the following address:
Attention: Data Protection Officer
SOMDIA
39 rue Jean-Jacques Rousseau
75001 PARIS.
This data protection policy was last updated on December 15, 2023.
Regarding any changes that may be made to this Policy, please regularly consult the “Privacy Policy” section of our website.