top of page

Policy for Candidates

What is the purpose of our Privacy Policy?

The privacy of personal data of candidates applying for a position at Spimed-AI is, for us, a guarantee of seriousness and trust.
 

As such, our Privacy Policy for personal data clearly reflects our commitment to complying with the applicable personal data protection rules within Spimed-AI, in particular those of the General Data Protection Regulation ("GDPR").
 

In particular, our Privacy Policy aims to inform you about how and why we process your personal data when you apply for a position at Spimed-AI.

Who is our Privacy Policy intended for?

The Privacy Policy is intended for you, as a candidate for a position at Spimed-AI, throughout the recruitment process (e.g., application for a job offer, unsolicited application, recruitment via an external agency, etc.), regardless of the duration or nature of the proposed contract (e.g., employee, temporary worker, intern, etc.).

Why do we process your personal data and on what basis?

As a recruiter, we necessarily process your data to manage recruitment (e.g., interviews, application processing, salary negotiations, etc.), any travel that may occur in connection with recruitment, and the security of our premises.

Processing is based on the discussions we have with you during the recruitment process and on our legitimate interest in recruiting and selecting candidates.

How did we obtain your personal data?

Your data is collected directly from you through your application and CV, and we undertake to process your data only for the purposes described above.

However, we may also obtain your personal data indirectly from recruitment agencies if you have previously given them your consent.

What personal data do we process and for how long?

  • Any personal and professional identification data provided in your CV and cover letter (e.g., name, surname, date of birth, nationality, etc.) — retained for the duration of the recruitment process and for a maximum of 2 years after your application.
     

  • Any contact details provided in your CV and cover letter (e.g., email address, phone number, LinkedIn link, etc.) — retained for the duration of the recruitment process and for a maximum of 2 years after your application.
     

  • Any personal and professional background information provided in your CV and cover letter (e.g., degrees, hobbies, certificates, age, marital status, driver’s license, etc.) — retained for the duration of the recruitment process and for a maximum of 2 years after your application.
     

  • Any economic and financial data (e.g., salaries, bonuses, etc.) provided during job interviews — retained for the duration of the recruitment process and for a maximum of 2 years after your application.
     

  • Any specific data (e.g., residence permit) provided by the candidate in the context of recruitment — retained until the end of the employment relationship if hired, otherwise deleted after the recruitment process in case of rejection.
     

  • Any relevant and required special data (e.g., disability status) provided in the CV and cover letter — retained for the duration of the recruitment process and deleted after its completion.
     

  • Any identity document (e.g., passport or ID card) provided during recruitment — deleted after the recruitment decision.
     

  • If you applied through our website, connection data (e.g., IP address and logs) — retained for a maximum of 12 months.
     

At the end of the applicable retention periods, deletion of your personal data is irreversible, and we will no longer be able to provide it to you. At most, we may only retain anonymous data for statistical purposes.
 

However, in the case of employment, your data collected during the recruitment process is automatically transferred to your employee file and becomes subject to the Employee Data Privacy Policy.
 

Please also note that in the event of litigation, we are obliged to retain all personal data concerning you for the duration of the case, even beyond the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time, free of charge, to control the use we make of your data:
 

  • Right of access and copy of your personal data, provided the request is not in conflict with trade secrets, confidentiality, or correspondence privacy.
     

  • Right to rectify personal data that is incorrect, outdated, or incomplete.
     

  • Right to object to the processing of your personal data for direct marketing purposes.
     

  • Right to request the deletion ("right to be forgotten") of personal data not essential to the proper functioning of our services.
     

  • Right to restrict processing, allowing you to freeze the use of your data in the event of a dispute over the legitimacy of the processing.
     

  • Right to data portability, allowing you to retrieve part of your personal data to store or transfer it easily from one information system to another.
     

  • Right to give instructions on the fate of your data in the event of death, either directly or via a trusted third party or legal heir.
     

To be considered, a request must be made directly by you to dpo@spimed-ai.com. Any request made in another way cannot be processed.
 

Requests cannot be made by anyone other than you. We may ask you to provide proof of identity in case of doubt about the requester's identity.
 

We will respond to your request as soon as possible, with a maximum limit of three months from receipt, in case the request is technically complex or if we receive many requests at the same time.
 

Please note that we may refuse to respond to any excessive or unfounded request, particularly if it is repetitive.
 

Who can access your personal data?
 

Your personal data is processed by our teams and our technical service providers solely for the purpose of operating our service.

Can your personal data be transferred outside the European Union?

Personal data processed in the context of recruitment is exclusively hosted within the European Union.

How do we protect your personal data?

We implement all necessary technical and organizational measures to ensure the security of your data on a daily basis, particularly to prevent any risk of destruction, loss, alteration, or unauthorized disclosure (e.g., secure access, antivirus, etc.).

Who can you contact for more information?

Our Data Protection Officer ("DPO") is always available to explain in more detail how we process your data and to answer your questions on the subject at: dpo@spimed-ai.com.

How can you contact the CNIL?

You can contact the "Commission nationale de l'informatique et des libertés" ("CNIL") at any time at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at 01.53.73.22.22.

Can the Privacy Policy be modified?

We may amend our Privacy Policy at any time to adapt it to new legal requirements and to any new processing we may implement in the future.

Certified compliant by Dipeeo®

bottom of page