The purpose of this document is to inform you of the policy pursued within the RAINBOW PARTNERS group with regard to the protection of personal data and the rights relating to the protection of personal data.
This policy can be consulted on the RAINBOW PARTNERS Group websites and can be made available on request by a candidate or an employee at dpo@rainbowpartners.com.
"Entity" means a company in the RAINBOW PARTNERS Group.
"Mission" refers to a service agreed between a customer and one of the entities of the RAINBOW PARTNERS Group to provide assistance to the customer according to the agreed terms.
"Candidate" means a person wishing to join one of the entities of the RAINBOW PARTNERS Group.
"Employee" refers to a person who has joined one of the entities of the RAINBOW PARTNERS Group and is still working for the entity.
"Ex-employee" refers to a person who has joined one of the RAINBOW PARTNERS Group entities but is no longer part of the workforce following termination of the contract at the initiative of the employee or the entity.
"User" refers to a person with no connection to one of the entities (neither candidate nor employee) using the website and leaving his/her contact details to be recontacted.
"Subcontractor" refers to any company that may be required to process Personal Data on behalf of one of the companies in the RAINBOW PARTNERS Group in accordance with the instructions given by the latter.
"Prospect" refers to the legal or corporate entity that is approached to provide a service.
"Customer" refers to the legal or corporate entity for which a Rainbow Partners Group entity performs a service. The customer determines the purposes and means of the service.
The Data Protection Policy applies to:
By giving your explicit consent to this Data Protection Policy you agree that your personal data may be made available to all entities of the RAINBOW PARTNERS Group in accordance with the terms of this policy.
The Data Protection Officer of the RAINBOW PARTNERS Group companies can be reached at dpo@rainbowpartners.com.
On the initiative of a website user who submits his or her CV with a view to being recontacted or on the initiative of the people in charge of finding candidates to meet a commercial need. The search is carried out using public social networks. At this stage the persons identified cannot be considered as candidates and the public information gathered is not recorded in the company's information system.
During an application interview personal data may be collected and recorded in the information system in order to ensure the recruitment follow-up process. The collection of personal data will be validated with the applicant beforehand. The applicant will have been informed of his or her rights and remedies relating to data protection and of the means of exercising them.
When a contract is signed to join one of the RAINBOW PARTNERS Group entities the personal information required for the administrative or commercial management of the employee will be collected and recorded in the information system. The employee will have been informed of his or her rights and remedies relating to data protection and of the means of exercising them.
An employee working for one of the RAINBOW PARTNERS Group's entities may complete or modify the content of his or her personal data. The data that can be modified concerns the person's identity, residence, diplomas, languages spoken, skills, and CV.
Secure access (login/password) is required to access this modifiable personal data. Employees are informed of their rights and remedies with regard to data protection and how to exercise them.
For employees working on May 25, 2018, whose personal data is recorded in the information system, dedicated information is provided to present the rights and remedies relating to data protection as well as the means of implementing them.
Among the Personal Data collected directly from you during an interview we may collect the following:
In addition, we may collect Personal Data indirectly from sites on which you have made your information available (LinkedIn, Viadeo, etc.). In this case, the data collected will be limited to the data made available.
Depending on the contractual services, the data transmitted by the Customer may concern:
This list, which is not exhaustive, may be adapted according to the needs of the contract between the Customer and the entity of the RAINBOW PARTNERS group.
The Personal Data we collect directly from you, in particular during recruitment or annual interviews, may be processed for the following purposes:
The retention times are listed below:
Data transmitted by a customer: At the end of the Contractual Engagement for any reason whatsoever, the RAINBOW PARTNERS group entity holding the data undertakes within one (1) month to destroy the personal data relating to the customer, subject to its legal obligations. Once the legal deadline has expired, the personal data relating to the service will be destroyed.
The following may have access to your Personal Data:
We inform you that your personal data limited to the "professional experience" dimension may be transferred to one of the entities of the RAINBOW PARTNERS Group in the context of an assignment search.
This transfer will be made with the agreement of the person concerned. The entity receiving the personal data is subject to the same Data Protection Policy.
Within the framework of a contract between a Customer and one of the entities of the RAINBOW PARTNERS group, the data made available by the Customer may under no circumstances be transferred to another legal entity (internal or external to the RAINBOW PARTNERS group) unless the Customer expresses an opinion to the contrary in writing.
In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, you have several rights to inspect your personal data, which complements the right to information enabling you to be informed about the collection of your data and what happens to it.
You can exercise your rights:
Pursuant to the provisions of Decree no. 2007-451 of March 25, 2007 amending Decree no. 2005-1309 of October 20, 2005 implementing Law no. 78-17 of January 6, 1078 on data processing, data files and individual liberties, your request to exercise one of your rights must be accompanied by a photocopy of an identity document bearing the holder's signature. Your request must also specify the address to which the reply should be sent.
We will then have one (1) month following receipt of the request to reply. This period may be extended by two (2) months depending on the complexity and number of requests.
These rights are not absolute: you may exercise them within the legal framework provided and within the limits of these rights. In certain cases, we may not be able to respond favorably to your request (legal obligation, compliance with our commitments to you, etc.). In such cases, we will inform you of the reason(s) for our refusal.
(Article 15 of the GDPR "Data subject's right of access"): the case where you would like to know whether one of the entities of the RAINBOW PARTNERS group holds or processes your personal data and if so, obtain a copy and contact details of the processing.
(Article 16 of the RGPD "Right of rectification"): the case where you consider that some of your data is inaccurate or incomplete and you request that it be updated as soon as possible.
(Article 17 of the RGPD "Right to erasure" or "right to be forgotten"): in the event that you no longer wish your data to be processed within the RAINBOW PARTNERS group, you withdraw your consent, as well as any link, copy or reproduction of your data.
(Article 18 of the RGPD "Right to restrict processing"): the case where you wish to be able to isolate your data so that it is only used in processing with your consent.
(Article 20 of the RGPD "Right to data portability"): You have the right to the portability of your personal data, i.e. to request and receive your personal data that you have provided to us in a structured, commonly used and machine-readable format in order to pass it on to a contact of your choice.
(Article 21 of the GDPR "Right to object"): The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, including profiling.
(Article 22 of the RGPD "Right to refuse profiling"): The data subject has the right not to be subject to a decision based exclusively on automated processing, including profiling, producing legal effects concerning him or her or significantly affecting him or her in a similar way.
You have the right to define directives concerning the fate of your Personal Data after your death.
To exercise this right, please send an email to dpo@rainbowpartners.com with the subject "Directives concerning the fate of my Personal Data after my death". Indicate the person(s) who can act on our behalf in the event of your death and the instructions you would like us to follow.
In the event that an employee dies without having left any instructions concerning the fate of his or her Personal Data after his or her death, the employee's heirs may request the deletion of the deceased's data once all the necessary steps have been completed by contacting us by email at dpo@rainbowpartners.com.
In the event of difficulties, you have the right to lodge a complaint with the CNIL.
https://www.cnil.fr/fr/plaintes
The RAINBOW PARTNERS Group ensures that your data is treated with the utmost security and confidentiality, including when certain operations are carried out by subcontractors. To this end, appropriate technical and organizational measures are taken to prevent the loss, misuse, alteration, or deletion of your personal data. These measures are adapted according to the sensitivity of the data processed and the level of risk presented by the processing or its implementation.