This policy is intended for candidates who create a candidate profile and/or apply for one or more jobs offered by the Societe Generale group, either directly via our recruitment site careers.societegenerale.com or at trade fairs and forums, by letter, email, via recruitment firms, through employees (as part of co-optation), job sites or social networks (such as LinkedIn) or any other useful means of finding candidates.
In the event that we need to ask for a reference, this will be carried out within the applicable regulatory framework (with the candidate’s prior agreement). This policy therefore also applies to candidate's referees, whose personal data may be collected during verification.
Unless otherwise stated, we refer collectively to the groups of people referred to above as “you”.

« Collect » refers to the collection of personal data.
« Recipient » is the natural person, legal entity or organisation that receives the personal data, whether or not a third party as defined in the paragraph “Who is likely to receive the data?”.
« Personal data » refers to any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
« Societe Generale » means the legal entity registered with the Paris Trade and Companies Register under the unique identification number 552 120 222
« Societe Generale entity » means any entity of Societe Generale Group.
« Group » or « Societe Generale Group » refer to the whole formed by Societe Generale and the companies it controls within the meaning of Articles L. 23362, L. 233-3 and L. 233-16 of the French Commercial Code.
« Data subject » : is the natural person whose data is processed, i.e. within the framework of this policy: visitors to our recruitment sites, candidates (whether or not they have created an account on our recruitment sites) and referees.
« Controller » is the natural person, legal entity or organisation which, alone or jointly, determines the objectives and methods for processing personal data.
« Processing » :means any operation, or collection of operations applied to personal data, regardless of the process used (e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, deletion or destruction, etc.).
« Processor » :is the natural person, legal entity or organisation that processes personal data on behalf of a Controller.

Via our recruitment site
When browsing our recruitment site careers.societegenerale.com and creating your candidate profile, we may collect personal data about you.
This data has been collected directly from you or has been sent to us – if you have provided your consent – by third parties such as recruitment agencies, job boards for Societe Generale employees or professional social networks (LinkedIn, etc.). In this case, it is specified that we are not responsible for the processing of your personal data by those third parties (with whom you have an independent relationship), Societe Generale acting solely as recipient in this respect.

During consideration of your application
We may need to process various types of personal data, including :

• identification data (e.g. first name, last name and contact details, etc.) ;
• personal data (e.g. personal information included in your CV) ;
• data relating to working life and specifically the information contained in your CV (e.g. education, diplomas, career, skills and qualifications, etc.) ;
• declarative data (e.g. information provided during recruitment interviews by you or third party sources if they are relevant to the processing of your application) ;
• information from your responses to the different tools used during the recruitment process (e.g. personality tests or inventories) ;
• data relating to your profile (e.g. your username and password) ;
• data made public at your initiative (e.g. profiles from professional social networks).

These data may be provided directly by you or collected from third parties.

Limits of data collection
During this collection, we undertake to only ask you for personal data strictly necessary for the purpose of the processing in question (minimisation principle).

Accuracy of your personal data
It is your responsibility to ensure the accuracy, completeness and updating of the data you send us. The transmission of any inaccurate, false or incomplete data may disqualify you from the position or result in the termination of any employment contract between you and a Societe Generale entity. We invite you to inform us in the event of any changes to your personal data during our collaboration.

Additional data
Based on the jurisdiction where you are applying for a role, the entity in charge of the recruitment may be required to collect additional data because of the legal, regulatory, or specific need incumbent upon the entity and specifically under an agreement or commitment made to regulators.
No sensitive data are processed for job positions within the European Union.

From our recruitment site
The data collected is intended to be used as part of our recruitment operations, in particular by allowing information to be extracted directly from your CVs or to offer you positions likely to suit you within the Group.
They also allow us to keep you informed of job offers, events, actions or publications by the Group likely to arouse your interest.

• contacting you by phone or e-mail in addition to reviewing your CV;
• the organization of tests and possible interviews if your application holds our interest;
• contacting you in the event of future employment opportunities other than the specific position that might interest you;
• the measure of diversity and insure non-discrimination;
• the respect of the Group's legal, regulatory, contractual or compliance obligations;
• the management of any appeals or complaints.

During the solution for the analysis of your CV (by CV catcher app)
The data contained in your Curriculum Vitae are collected to assess your profile, skills and experience in order to provide you with current vacancies adapted to your profile.
After uploading your CV, your information is then analysed using a matching algorithm and the online jobs that match your CV are then suggested to you. CV Catcher’s technical solution is based on a combination of semantic analysis algorithms and machine learning to detect the key elements of an applicant’s profile, regardless of the CV’s layout, the vocabulary and language used. The information collected is then compared with Societe Generale’s recruitment open roles in order to automate the matching.

During consideration of hiring process
The personal data collected are processed in accordance with the personal data policies for employees and the information during the hiring process.

The data collected are processed on the basis of Societe Generale’s legitimate interest, which consists in enabling the collection of job applications and their assessment in relation to the job positions available within the Group.
Furthermore, the data collected through the CV Catcher tool as part of the analysis of your CV are processed on the basis of your consent.
The data strictly necessary for examining your application are identified by an asterisk or other equivalent symbol. For data not identified by an asterisk, failure to respond will not impact the handling of your application.

We ensure that only authorised persons have access to personal data.
Recipients may include:

Group departments or entities
All personal data you send us in the context of an application is intended to the Societe Generale entity that published the job offer, who will process these data as data Controller.
Where necessary, we may communicate some of your personal data to the various departments concerned (recruitment consultants, HR managers and assistants, etc.) and to managers within Group entities for organizational, operational, management, or internal control reasons or to meet our legal, regulatory or contractual obligations.

Third parties
In the course of our business, third parties (e.g. our subcontractors, service providers, external recruitment consultants, etc.) may be recipients or have access to some of your personal data.
In that case, we ensure that the transfers or exchanges are necessary and are carried out within the limit of these purposes, while providing all the appropriate data protection safeguards.
Exceptionally and in compliance with applicable regulations, some of your personal data may also be sent to third parties in France or abroad for the purpose of establishing, safeguarding or defending a right in court, in the context of administrative or criminal investigations by one or more regulators, compliance with commitments made to them or in the context of legal disputes of any kind.
Some of your personal data may particularly be sent not only to regulators or judicial authorities but also to Societe Generale's advisors and those of the other parties to the proceedings, as well as to those parties themselves. In that case, Societe Generale ensures that data transferred or exchanged are relevant and necessary for the purposes referred to above.

Is your personal data communicated or accessible from a country outside the European Union? In view of the international structure and activities of our Group, personal data may, in accordance with the specified purposes of the processing, be transferred to group entities, service providers, subcontractors or partners located in a European Union country or a country outside the European Union.

To fulfil the purposes mentioned above, we may be required to disclose the information collected to people in charge of recruitment and related services, to the Group’s legal entities, to its partners and to its subcontractors and providers established inside or outside the European Union (EU). These parties may therefore need to contact you directly, using the contact details that you have provided to us, in order to offer you positions within our group corresponding to your profile.

Personal information or data may potentially be transferred to non-EU countries and be subject to different laws or regulations from those applicable in the European Union.

Rules ensuring the protection and security of this information have been put in place in the event of any future transfer to a country outside the EU. In particular, we have put in place legal protections to secure this type of transfer (standard contractual clauses with our service providers, partners and Group entities).

These transfers are covered by the Standard Contractual Clauses of the European Commission. For further information, you may contact sg-protection.donnees@socgen.com.

Your personal data will be kept for the period necessary to complete the recruitment process.

Unless you request otherwise, your personal data will be kept in order to study the possibility of offering you other positions that may correspond to your profile for a maximum of two (2) years from your last contact with Societe Generale (your last log-in to your Candidate Space on the website careers.societegenerale.com).

The results of any tests you are asked to take during the recruitment process are processed separately and will be kept for 12 months after completion.

We take all appropriate security measures to ensure the security and confidentiality of your personal data, in particular with a view to protecting them from any loss, accidental destruction, alteration or unauthorised access. Security is essential to our activities. When we use subcontractors or service providers, we select them based on the quality and safety criteria they are able to offer. We therefore impose confidentiality rules on our subcontractors and our service providers that are at least equivalent to our own. Measures are implemented to control access to processing and secure the communication of personal data. We favour the use of techniques that render your data anonymous as soon as possible or necessary.

As part of the processing of personal data implemented by Societe Generale or other entity within the European Union, you enjoy a number of rights provided by the GDPR. Within the limits and conditions permitted by that regulation, where applicable you can therefore:

• request access to your personal data (right of access);
• correct, update and erase your personal data (right of rectification and erasure), it being specified that erasure can only occur when the personal data are no longer necessary for the purposes for which they were collected or processed and of the processing was based on consent;
• oppose the processing of your personal data on legitimate grounds;
• request a limitation on the processing of your personal data (right to limitation);
• withdraw your consent at any time for the processing related to the CV Catcher tool;
• receive or request the transfer of your personal data that you have provided to the group (right to portability).

Exclusively in France, you have the option of appointing a person to whom Societe Generale can send instructions relating to the retention, deletion and communication of your personal data after your death.

Exercise of these rights is subject to a number of conditions specified in the applicable regulations and must be exercised in accordance with them.

Regarding access to your data and their correction, you may, at any time within 12 months after your last log-in, access your Candidate Space on our website careers.societegenerale.com to consult and update them as applicable.

For any other request relating to the processing of your personal data, you can use the contact form available on our recruitment site, selecting the message subject “GDPR”.

You may also send your questions directly to our “Data Privacy” correspondents by writing to the following address: privacysupport@socgen.com.

The supervisory authority in France is CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 - www.cnil.fr.

The contact details of Societe Generale’s Data Protection Officer (DPO) are sg-protection.donnees@socgen.com.

This policy may be updated or amended. Therefore, we invite you to regularly visit our recruitment sites (and more specifically the site careers.societegenerale.com).

Depending on the job offer location, specific local requirements may be applied by Group entities, particularly to adapt to regulatory requirements.