Privacy notice : recruitment
The LFB Group entity concerned (hereinafter LFB) by the career opportunity to which you have replied acts as a data controller.
In this context, LFB undertakes to provide clear and concise information to any person concerned, in particular health care professionals, on the processing of their data.
The purpose of this notice is therefore to inform you, in full transparency, of the way in which your personal data is processed by LFB.
Please note that your data is processed in compliance with General Data Protection Regulation (GDPR) if you respond to a career opportunity published by a LFB entity established within the European Union
- Data controller:
LFB acts as a data controller as defined in General Data Protection Regulation (GDPR).
- Purpose of the processing:
We process your personal data for the following purpose: recruitment management.
More specifically, we process your personal data in order to:
- Process applications (CV and cover letter) and manage interviews.
- Build up a CV-library.
- Legal basis:
We can only process your personal data if it is lawful. Processing is only lawful insofar as it based on one of the legal bases mentioned in the applicable law (GDPR).
The processing of your personal data is based on the following legal bases:
- Process applications and manage interviews: performance of a pre contract.
- Build up CV-library: we have a legitimate interest in retaining your application in order to contact you in the event that a career opportunity might be interested for you based on the content of your CV. The legitimate interests that we pursue are balanced against your interests, fundamental freedoms and rights that require protection of personal data.
- Data subject:
This processing of personal data concerns the following data subject: applicant.
- Categories of personal data concerned:
The following categories of personal data are concerned by the processing:
- Information provided in the online recruitment form.
- Information provided in your CV and cover letter.
- Information obtained from references in your CV.
- Source of the personal data:
Personal data come:
- Directly from you
- From alternative sources including persons mentioned as references in your CV and, if applicable, recruitment agency.
- Obligation to provide your personal data:
The processing of your personal data is necessary to carry out the processing referred above. Failure to provide this data would not allow us from analysing and processing your application.
- Recipients of personal data:
Depending upon their respective needs, recipients of all or part of the personal data are the following recipients:
- The LFB Group parent company and its subsidiaries (especially the Human Resources Direction)
- Our service providers acting as a data processor on our behalf (within the limit necessary for the performance of the work we have entrusted to them).
In the event that personal data is entrusted to a data processor, an agreement will be concluded in order to ensure and guarantee that personal data is processed in accordance with our instructions and that adequate technical and organisational measures are taken to protect it.
- Where appropriate, recruitment agency
- Data transfers outside the European union:
Your personal data is processed in the European Union but may be transferred to countries outside the European Union (USA).
When we transfer your data to countries which do not offer a level of protection equivalent to that implemented within the European Union, we put in place appropriate technical and legal guarantees in order to protect your data against any access, use or unauthorized disclosure.
- Period for which the personal data will be stored:
Your personal data is kept no later than years after our last contact.
Once the retention period has been reached, personal data is, depending on the case, destroyed or anonymized. In the latter case, this means that it will be impossible to identify you from this data.
We put in place technical and organisational measures allowing the protection of your personal data. We take reasonable steps to protect your data from loss, misuse, unauthorised access, disclosure, modification or destruction of your data.
- Your rights:
Within the conditions and limits of the applicable regulations, you have the following rights:
- Right of access: you can access the personal data that we hold about you.
- Right of rectification: you can ask us to correct data that is inaccurate or incomplete.
- Right to erasure (right to be forgotten): you have the possibility under certain conditions to obtain the erasure of the personal data that we hold about you. However, we have the possibility of not responding favourably to your request, in particular in the event that we need your personal data to meet a legal obligation.
- Right to restriction of processing, in particular in the event that you dispute the accuracy of the personal data that we hold about you.
- Right to object: you can object, for reasons relating to your particular situation and under certain conditions, to the processing of data concerning you.
- Right to portability: you can receive the personal data that we hold about you in a readable format so that we can store or transmit it.
- Right not to be subject to a decision based exclusively on automated processing, including profiling.
Under certain circumstances, we will not be able to respond to your request if you want to exercise your rights. In such a case, we will explain the reasons for our refusal.
- Contact and reclamation:
To exercise the above rights or for any questions in connection with personal data, please send any request to the LFB Group Entity’s Data Protection Officer, in priority by email: firstname.lastname@example.org or by post to the following address: LFB BIOMEDICAMENTS, Data Protection Officer, Legal Affairs and Compliance Department, ZA de Courtabœuf, 3 avenue des Tropiques, 91940 LES ULIS.
If you consider, after contacting us at the contact details above, that your rights are not respected or that data processing does not comply with data protection rules, you may lodge a complaint with a supervisory authority in particular in the Member State in which your habitual residence, place of work or the place where you consider that a breach of the regulations has been committed.