SPB's Recruitment Policy
Last updated: April 2, 2025
This policy sets out the principles and guidelines for the protection of your Personal Data and aims to inform you about:
- The Personal Data that SPB processes and the reasons for the Processing implemented in the context of its activities;
- How that Personal Data is used;
- Your rights over your Personal Data.
SPB (hereinafter “SPB”) places the protection of Personal Data at the heart of its recruitment activity. This policy sets out the principles and guidelines for the protection of your Personal Data and aims to inform you about:
- The Personal Data that SPB processes and the reasons for the Processing implemented in the context of its recruitment activity;
- How that Personal Data is used;
- Your rights over your Personal Data.
This Policy applies to the Processing of Personal Data carried out by SPB in the context of its recruitment activity. All Processing operations on your Personal Data are carried out in compliance with the regulations in force and in particular the General Regulation on the Protection of Personal Data, Law No. 78-17 “Informatique, Files et Libertés” of 6 January 1978 as amended as well as its implementing decrees.
Capitalized terms are defined in the glossary of this Policy (see Article X “Glossary” of the Policy).
Identity of the controller
The data collected during the examination of your application is subject to computerised processing by the human resources department of SPB, 71 QUAI COLBERT 76600 LE HAVRE (Simplified joint-stock company – registered with the Le Havre Trade and Companies Register under number 305109779, having its registered office at 71 QUAI COLBERT 76600 LE HAVRE), enabling it to manage the recruitment process for its future employees.
What are the purposes of the processing carried out by SPB and their legal basis?
The purposes and legal basis of the processing carried out by the Human Resources department are:
Purposes | Legal basis(s) |
The search for relevant profiles to fill a job: use of websites offering job offers on the Internet to candidates (Welcome to the jungle, Indeed,…) | Legitimate interest |
Candidate pre-selection: analyzing, receiving, saving, classifying CVs and cover letters as well as any other | Legitimate interest |
Application documents (including portfolios) sent by post, email and website offering job offers on the internet to candidates. | Performance of the contract (pre-contractual measures) |
Contacting the candidate to assess the candidate’s ability to hold a job and measure his or her professional skills (processing of information collected during telephone interviews, by email, by videoconference and face-to-face). | Legitimate interest Performance of the contract (pre-contractual measures) |
Benchmarking with the candidate’s former employers: to assess the candidate’s ability to hold a job | Consent |
Completing mandatory legal formalities | Legal obligation |
Feed the administrative file of the selected candidates. | Performance of the contract (pre-contractual measures |
What personal data is collected by SPB?
To meet these purposes, only personal information that is strictly necessary to assess your ability to hold the job offered or to the extent of your professional abilities will be requested during the selection phase. To this end, we will ask you for data relating to the diplomas you have obtained, your professional experience, your professional skills and abilities in connection with the position offered. The provision of this information is a condition for the conclusion of your employment contract.
Failure to provide this data will make it impossible for you to participate in the recruitment process.
In the event that your application is selected for the conclusion of an employment contract, we will ask you for the information and supporting documents necessary to complete the mandatory formalities. The transmission of this information is a condition for the conclusion of the employment contract for the successful candidates.
In addition, the communication of certain categories of information and supporting documents (civil status, domicile, social security registration number, regularity of residence, etc.) is of a regulatory nature for successful applications. Consequently, the failure to provide this data will make it impossible to conclude the employment contract.
How long is your personal data stored
The data concerning the successful candidates will be integrated into their administrative file and will be kept for the retention period applicable to it (i.e. up to five years after the end of the employment relationship).
Data concerning candidates who have not reached the final selection phase will be deleted without delay, as soon as the recruitment procedure for the position in question is closed.
Who are the recipients of the data collected during the examination of your application?
Your file is treated confidentially. Only the managers of the departments interested in your application (recruitment officers, managers, etc.) have access to the personal data contained therein. In the event of a positive outcome to the recruitment process, in order to finalize the recruitment, the human resources department will be required to transmit some of the information collected to the organizations informed of your hiring (in particular unemployment insurance, health insurance, retirement, mutual insurance).
Your personal data may be transferred outside the European Union
The Personal Data processed by SPB is hosted within the European Union (EU) or the European Economic Area (EEA)
However, within the strict limits necessary for the performance of certain specific services, SPB may use subcontractors operating processing activities outside the EU and certain Personal Data concerning you may be communicated to them for the strict needs of their missions. In this case, prior to any transfer, SPB undertakes to enter into standard contractual clauses with these subcontractors from the European Commission or any other appropriate guarantees necessary for the supervision and security of these transfers of personal data. For more information on the subject, we invite you to contact us at the contact details stipulated in Article VIII of the Policy.
Is your personal data protected?
SPB undertakes to take all measures to ensure the security and confidentiality of Personal Data. In particular, SPB implements all appropriate technical and organisational measures to guarantee the security and confidentiality of the Personal Data processed and to prevent them from being distorted, damaged or communicated to unauthorised third parties, by ensuring a level of security appropriate to the risks associated with the Processing and the nature of the Data Personal to protect. The following measures are included in the technical and organisational measures implemented:
- The protection of the Site by a set of protection systems (e.g. firewall);
- Monitoring of flows to detect possible anomalies;
- Event logging;
- Training and raising awareness of employees with access to Personal Data;
- Encryption of the Personal Data processed;
- Restricted access to the Personal Data processed to persons intended to know it;
- Securing employees’ workstations;
- The implementation of a backup system;
- The physical security of the buildings hosting the Personal Data (secure systems for entering the buildings, isolation of sensitive installations that have alarm system equipment that is periodically checked);
- The security of the equipment (access to which is only possible with the use of a username and password);
- The deployment of an IT charter within the company;
- The audit of the company’s information systems.
In addition, in the event of a Personal Data breach within the meaning of Article 4 of the GDPR affecting your Personal Data (destruction, loss, alteration or disclosure), SPB undertakes to comply with the obligation to notify Personal Data breaches, in particular to the CNIL.
What are your rights over your personal data and how can you exercise them?
You have the right to access your personal data. You also have the right to rectify and delete this data as well as the right to object to its processing.
These rights can be exercised:
- Either to the following email address: spb-dpo@spb.eu ;
- Or to the following postal address: SPB – Data Protection Officer 10, avenue de l’Arche 92400 Courbevoie.
SPB undertakes to respond to your requests to exercise your rights as soon as possible and in any event in compliance with the legal deadlines.
How to contact the Data Protection Officer
You can contact the Data Protection Officer at the following address:
The Data Protection Officer
10 avenue de l’Arche
92400 COURBEVOIE
If, after contacting us, you believe that your rights over your data have not been respected, you can file a complaint with the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07; tel.: 01 53 73 22 22).
Glossary
Each term beginning with a capital letter has the meaning given to it below: “Recipient”: Refers to the service or company or organization that receives communication and can access your Personal Data. “Personal Data”: Refers to any information relating to an identified or identifiable natural person. “Privacy Policy” and “Policy”: Refers to this policy describing the measures taken for the Processing, use and management of Personal Data concerning you and your rights as a data subject by the Processing. “Data Controller”: Refers to the natural person who determines the purposes and means of a Processing (i.e. the purpose and the way in which it is carried out). “Processing”: Refers to any operation or set of operations relating to Personal Data. “Personal Data Breach”: Refers to a security incident characterized, accidentally or unlawfully, by the destruction, loss, alteration, unauthorized disclosure or access of Personal Data. “Processor”: Refers to any natural or legal person who processes Personal Data on behalf of the Data Controller.
