he following information is provided to inform you of the commitments of the entities belonging to the Sodexo Group identified below with regard to the protection of Personal Data (hereinafter "Sodexo").

 

Sodexo builds strong and lasting relationships with its customers, partners and consumers, based on mutual trust: ensuring the security and confidentiality of their Personal Data is a high priority for Sodexo.

 

Sodexo is committed to complying with the applicable regulations and legislation regarding the protection of Personal Data.

 

Sodexo maintains a privacy policy to ensure the protection of Personal Data of users of its websites, platforms and other applications:

 

  • Each user remains in control of his/her data. The data are treated in a transparent, confidential and secure manner.
  • Sodexo is committed to a continuous process of protecting its users' data, in accordance with the European Regulation "GDPR" No. 2016/679 of the European Parliament and of the Council of April 27, 2016 "on the protection of natural persons with regard to the processing of personal data and the free movement of such data" and the amended Data Protection Act.
  • Sodexo has a dedicated Personal Data Protection team, supported by a network of local data protection contact points or data protection officers.

 

 

DEFINITIONS

 

““Cookies  As defined in the Cookie Policy [A1] our service provider, BANKESS SAS, a Simplified Joint-stock company, with a share capital of 75,232 euros, entered on the Trade Register  of NANTERRE, under number 534 776 349, whose registered office is located at 40 rue Madeleine Michelis – 92200 Neuilly-sur-Seine, France, acting as Data Controller concerning the collection and storageof cookies.

 

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

We" or "Our” means the Sodexo group entity that carries out Personal Data processing activities

 

Portal” means this site web and/or, where applicable, mobile application, as well as subsites, mirror sites, portals, variations of URLs relating thereto

  

Data controller” means the natural or legal person who, alone or jointly, determines the purposes and means of the processing of Personal Data

 

Subcontractor” means the natural or legal person who processes Personal Data on behalf of the Data Controller

 

Treatment” means any operation or set of operations carried out, whether or not by automated means, applied to data or on sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

 

You” or "Users” Any user/visitor of the Portal

 

 

PURPOSE OF THIS POLICY

 

Sodexo values the protection of your Personal Data.


We have developed this policy to inform you of the conditions under which we collect, process, use and protect your Personal Data. This policy applies in particular to Personal Data processed by Sodexo group companies via the Portal.

 

Please read it carefully to find out in particular which categories of Personal Data are collected and Processed, how we use this data and with whom we may share it. This policy also describes what your rights are and how you can contact us to exercise them or to ask us any questions you may have about your Personal Data.

 

This Policy may be modified, supplemented or updated in order to comply with any legal, regulatory, jurisprudential and technical developments. However, your Personal Data will always be processed in accordance with the policy in force at the time of collection, unless a mandatory legal requirement provides otherwise and is retroactive.

 

This policy is an integral part of the Legal Notice of the Portal.

 

 

COLLECTION AND ORIGIN OF PERSONAL DATA

 

We may collect your Personal Data directly (in particular via the collection forms available on our Portal) or indirectly (in particular via our service providers and partners, your employer and/or our Portal technologies).

 

We undertake to obtain your consent and/or allow you to object to the use of your data for certain purposes, as soon as necessary.

 

In all cases, you will be informed of the purposes for which your data is collected via this policy, and the various online data collection forms.

 

IDENTITY & CONTACT DETAILS OF THE DATA CONTROLLER

 

The Data Controller is Sodexo Sports et Loisirs SAS, a Simplified Joint-stock company with a share capital of 10,143,751 euro, whose registered office is located at 6, rue de la Redoute in Guyancourt (78280), France and entered on the registered Trade Register of Versailles under number 311 160 592.

 

The Data Controller may also be another legal entity belonging to the Sodexo group that made the job offer. If you do not know its identity, you can contact us by email at recrutement-paris2024@sodexo.com by providing us with the reference of the advertisement for which you have applied or been contacted.

 

 

TYPES OF PERSONAL DATA WE COLLECT & USE

 

In particular, we may collect and process the following types of Personal Data:

 

  • the information you provide by filling in the forms on the Portal, in particular for the purposes of subscribing to alerts, participating in surveys (e.g., title, surname, first name, email address, etc.);
  • information you provide for the purpose of managing your application and, where applicable, your recruitment process (e.g., telephone number, postal and e-mail address, CV, information relating to your education, professional experience, awards, diplomas, certificates, attestations, languages spoken, salary expectations, etc.);
  • information collected for connection and Internet browsing purposes (e.g., IP address, operating system and browser type, etc.);

 

Depending on the position for which you are applying, Sodexo or any authority authorised by law may need to consult an extract of your criminal record in order to check your criminal record. These checks are necessary to assess your suitability  to occupy the proposed position and to measure your professional skills and will be carried out in strict compliance with legal and regulatory provisions.

 

The Personal Data identified by an asterisk in the collection forms are mandatory because they are necessary for the consideration of your application file or your request made. If you failto provide this mandatory information, these operations cannot be taken into account.

 

We may aggregate Personal Data in order to establish, in particular, anonymised statistical and reporting studies.

 

 

SOCIAL MEDIA

In addition, please note that you can click on the icons dedicated to social networks (Linkedin etc.) on our Portal.

 

When you click on these icons, we may have access to the Personal Data that you have indicated as public and accessible from your profiles on the relevant social networks. However, we do not create or use any databases, independent of these social networks, based on the Personal Data that you may publish there and we will not process any data relating to your privacy in this way.

 

If you do not want us to have access to the Personal Data published on the public area of your profiles or social accounts, then you must use the means made available to you by the social networks concerned to limit access to this data.

 

These links to other websites should not be considered as browsing tracking and we disclaim any responsibility for the protection of Personal Data implemented by these third-party companies, each acting as a separate Data Controller of your Personal Data within their own perimeter. Once you leave our Portal or click on the logo/link to one of these social networks, it is your responsibility to check the privacy policy applicable to that other platform.

 

 

PURPOSES FOR WHICH WE USE PERSONAL DATA

 

We may use your Personal Data in particular for the following purposes:

 

No.

Purpose of processing

Legal basis

Data retention period

1

Managing of recruitment processes and any hiring procedure

 

 

 

The execution of pre-contractual measures taken at your request and/or execution of the contract

 

 

 

The time of the recruitment procedure

 

In the event of a positive outcome of the recruitment process, during the period of employment

 

In case of a negative outcome of the recruitment process, 24 months and renewable for the same duration, after obtaining your consent

 

2

Managing of application files and creation of a pool of applications, profiles to be used in future recruitment operations

 

Our legitimate interest in analysing and managing applications for profiles tailored to our needs

 

Obtaining consent for the retention of the candidate file in the context of an unsolicited application and for profiles kept beyond 24 months

24 months and renewable for the same period, after obtaining your consent

3

Sending you job offers alerts in accordance with your search (position, function, frequency)

 

Your consent for the receipt of notifications of personalised job offers following the subscription, on your initiative, of the "email alert" service

 

Up to 3 years from the request to register for the service or until the withdrawal of your consent

4

Management of pre-litigation and litigation

 

Our legitimate interest in complying with our legal and regulatory obligations and defending our rights

 

Until the dispute or dispute is fully resolved or within the applicable statutory limitation period

 

 

COMMUNICATION OF PERSONAL DATA

 

The security and confidentiality of your Personal Data is of great importance to us. For this reason, we restrict access  to entities and members of our staff or those of our service providers who have a need to know to the extent strictly necessary to process your request or provide you with the requested service. We ensure that persons authorised to process Personal Data have undertaken to respect its confidentiality or are subject to an obligation of confidentiality.

 

We do not disclose your Personal Data to unauthorised third parties. However, we may share this data with:

  • Sodexo personnel authorised to review and manage, on behalf of Sodexo group companies, your application and recruitment;
  • the staff of subcontractors that Sodexo may use to manage the recruitment process (e.g., recruitment agencies, personality/skills test companies, etc.);
  • the staff of the service providers that Sodexo may use for the provision of the services offered by the Portal and other services (e.g., IT providers, technical hosting and maintenance providers, consulting, etc.);
  • staff of organisations authorised by Sodexo or by law to manage your recruitment (e.g., unemployment insurance, health insurance, retirement, mutual insurance company, administrative or judicial authorities, etc.);
  • personnel authorised by Sodexo or by law in the context of compliance with Sodexo's legal obligations or to enable it to defend its rights and interests (e.g., counsel, court officers and ministerial officers, administrative authorities, etc.).

 

We do not allow these service providers to use or disclose your data, except to the extent necessary to perform services on our behalf or comply with legal obligations. In addition, we may share your Personal Data (i) if we are required to do so by law or legal process, (ii) in response to a request from public administrative or judicial authorities, or other officials, or (iii) if we consider that the transmission of such data is necessary or appropriate to prevent financial loss,  to ensure the safety of persons or the public, to protect our rights and property and those of our customers or in connection with an investigation of suspected or actual illegal activity.

 

 

RETENTION PERIOD OF PERSONAL DATA

 

We will retain your Personal Data for a period that does not exceed the period necessary for the purposes for which it is collected and processed, which is extended, where applicable, by the periods of applicable legal or regulatory requirements (see tables above). 

 

To determine the retention period of your Personal Data, we take into consideration several criteria such as:

  •  The purpose for which we process your Personal Data;
  • Our legal and regulatory obligations regarding such Personal Data;
  • Any specific request from you regarding the deletion of your Personal Data;
  • If you are an active User of the Portal, if you have agreed to receive communications in connection with, for example, our email alerts, we retain your Personal Data until you: (i) unsubscribe from receiving communications (ii) request that we delete your Personal Data, or (iii) after a period of inactivity (i.e., where you have not interacted with us for some time). This period is defined in accordance with local regulations and guidelines;
  • Any statutory limitation periods for evidentiary purposes and the defence of our own rights (in the event of any claim, litigation or in the event of an audit by authorised bodies) or compliance with a contractual obligation with our clients; and
  • Any regulation or recommendation from a local supervisory authority.

 

SENSITIVE PERSONAL DATA

In general, we do not collect Sensitive Personal Data through our Portal. "Sensitive Personal Data" is any information concerning racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health data, or data concerning the sex life or sexual orientation of a natural person. This definition also includes Personal Data relating to criminal convictions and offences.

 

In the event that the collection of such data is strictly necessary to achieve the purpose of the Processing carried out, we will do so in accordance with the requirements of local legislation on the protection of Personal Data and, in particular, with your explicit prior consent and under the conditions described in this Privacy Policy.

 

PERSONAL INFORMATION OF MINORS

Our Portal is intended for adults capable of entering into obligations in accordance with the legislation of the country in which you are located.

 

Users who are minors under 15 years of age or lack legal capacity must obtain the consent of their legal guardian prior to entering their Personal Data on the Portal.

 

TRANSFERS OF PERSONAL DATA

As Sodexo is an international group, your Personal Data may be transmitted to internal or external recipients authorised to perform services on our behalf. Some of these recipients are located in countries outside the European Union or the European Economic Area.

 

In order to ensure the security and confidentiality of the Personal Data transferred in this way, we take all necessary measures to ensure that such data is adequately protected, such as signing with the recipients of your Personal Data the European Commission's Standard Contractual Clauses ("SCCs") or any other valid transfer mechanism. To this end, we carry out, in accordance with the recommendations of the European Data Protection Board, a risk assessment of the transfer of data.

 

YOUR RIGHTS 

Sodexo is committed to facilitating the exercise of your rights in accordance with applicable regulations. Below is a table summarising the different rights you have:

 

RIGHT OF ACCESS AND RECTIFICATION

You may request a copy of the Personal Data we hold about you. You may also request the rectification of inaccurate Personal Data, or the completion of incomplete Personal Data.

RIGHT TO ERASURE / RIGHT TO BE FORGOTTEN

Your right to be forgotten allows your Personal Data to be erased when:

 

(i)     they are no longer necessary in relation to the purposes for which they were collected and processed;

(ii)    you decide to withdraw your consent (in cases where your consent has been collected as a legal basis for the Processing). This withdrawal does not impact the lawfulness of the Processing before its implementation;

(iii)   you object to the Processing of your Personal Data;

(iv)  your Personal Data has been unlawfully Processed;

(v)   your Personal Data must be erased to comply with a legal obligation;

(vi)  Their erasure is mandatory to ensure compliance with applicable legislation.

RIGHT TO RESTRICTION OF PROCESSING

You may request to restrict the Processing of your Personal Data where:

 

(i)     you dispute their accuracy;

(ii)    they are no longer necessary for the purposes of the Processing;

(iii)   you have objected to the Processing for legitimate reasons;

(iv)  The processing of this data is unlawful and you prefer the restriction of its use rather than its deletion.

RIGHT TO DATA PORTABILITY

Where applicable, you may request the portability of the Personal Data concerning you that you have provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit such Personal Data to another Controller without hindrance from Sodexo, where:

 

(i)     the Processing of your Personal Data is based on your consent or on an existing contractual relationship; and

(ii)    the Processing is carried out by automated means.

 

You also have the right to have your Personal Data transmitted directly to another Controller (where technically feasible).


RIGHT TO OBJECT

You have the right to object (right of "withdrawal") to the Processing of your Personal Data (including profiling or commercial communications). Where we process your Personal Data on the basis of your consent, you may withdraw it at any time.

RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS

 

You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

RIGHT TO ISSUE ADVANCE INSTRUCTIONS ON THE PROCESSING OF YOUR PERSONAL DATA AFTER YOUR DEATH

In application of the French law on the protection of Personal Data, you can also define guidelines on the exercise of your rights provided for in this section after your death, (in particular on their storage period, their deletion and/or their communication) as well as designate a person responsible for the exercise of these rights.

RIGHT TO LODGE A COMPLAINT

You may decide to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) [The French Data Protection Authority] via the address https://www.cnil.fr, without prejudice to any other administrative or judicial remedy.

 

SAFETY

We implement all technical and organisational measures to ensure the security and confidentiality of the Processing of Personal Data.


As such, we take all necessary precautions, with regard to the nature of the Personal Data and the risks presented by the Processing, in order to preserve the security of the data and, in particular, to prevent them from being distorted, damaged or accessed by unauthorised third parties (physical protection of the premises, authentication processes with personal and secure access via confidential identifiers and passwords, logging connections, encrypting certain data, etc.).

 

However, you are also responsible for ensuring the security and confidentiality of your Personal Data. We therefore invite you to remain vigilant, especially when using an open system such as the Internet.

 

LINKS TO OTHER SITES

As part of the provision of certain services, the Portal may redirect you to mobile applications and/or websites managed by third parties (hereinafter the "Platforms"). These third parties are responsible for creating and administering any account(s) that allow you to access the Platforms. These platforms operate independently of our Portal and are not under our control. These platforms have their own privacy notice or terms of use, which we invite you to read.

 

If you have any questions about the conditions under which your Personal Data is collected and processed by these third parties and to know in particular what your rights are (access, rectification etc.) and how to exercise them, please consult the privacy policies available on their Platforms.

 

UNSUBSCRIBE

You may also at any time ask us to stop receiving notifications by contacting us directly and free of charge, or by using the unsubscribe link included in the email alert email we may send you or via our Online Form . This opposition is without prejudice to the legality of items sent made before its implementation.  

 

 

UPDATING OUR PRIVACY POLICY

We may update or modify, from time to time, this Privacy Policy. In this case, the changes made will only be applicable after the expiry of a period of 30 working days from the modification. Check this page periodically if you want to monitor for changes.

 

Last updated: JANUARY 2024