Recruitment privacy policy

What is the purpose of our Privacy Policy?

The confidentiality of personal data of candidates for a position within Tomorro represents a guarantee of seriousness and trust.

As such, our Personal Data Privacy Policy specifically demonstrates our desire to ensure compliance, within Tomorro, with the rules applicable to the protection of personal data and, more particularly, those of the General Data Protection Regulation ("GDPR").

In particular, our Privacy Policy aims to inform you about how and why we process your personal data when you apply for a position within Tomorro.

Who is our Privacy Policy for?

The Privacy Policy is addressed to you, who are a candidate for a position within Tomorro, throughout the entire recruitment process (e.g., application to an offer, spontaneous application, recruitment via an external firm, etc.), regardless of the duration or nature of the proposed contract (e.g., employee position, temporary worker, trainee, etc.).

Why do we process your personal data and on what basis?

As a recruiter, we are necessarily required to process your data to manage recruitments (e.g., interviews, processing of applications, salary negotiation, etc.), any potential travel that may occur as part of these recruitments, and the security of our premises.

The processing is carried out on the basis of the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.

Please note that we use video surveillance cameras on the basis of our legitimate interest in ensuring the safety of our employees and our premises.

How did we obtain your personal data?

Your data is collected directly from you through your application and your CV, and we undertake to process your data only for the reasons described above.

However, we may also obtain your personal data indirectly from recruitment agencies if you have previously consented to this with them.

What personal data do we process and for how long?

• any personal and professional identification data provided in the candidate's CV and cover letter (e.g., name, first name, date of birth, nationality, etc.) kept for the duration of the recruitment process and for a maximum of 2 years after your application.
• any contact details provided in the candidate's CV and cover letter (e.g., email address, telephone, LinkedIn link, etc.) kept for the duration of the recruitment process and for a maximum of 2 years after your application.
• any data relating to personal and professional life provided in the candidate's CV and cover letter (e.g., diplomas, passions, certificates, age, marital status, driver's license, etc.) kept for the duration of the recruitment process and for a maximum of 2 years after your application.
• any economic and financial data (e.g., salaries, bonuses, etc.) provided during job interviews kept for the duration of the recruitment process and for a maximum of 2 years after your application.
• any specific data (e.g., residence permit etc.) provided by the candidate as part of the recruitment process is kept until the end of the working relationship in case of recruitment and is deleted after the recruitment process in case of refusal.
• any relevant and required specific data (e.g., disability status) provided in the candidate's CV and cover letter kept for the duration of the recruitment process and deleted after the end of the recruitment process.
• any identity document (e.g., passport or identity card) provided as part of the recruitment process is deleted after the recruitment or non-recruitment of the candidate.
• Video surveillance images collected using our video surveillance cameras and kept for a maximum of one month.
• if you have applied via our website, connection data (e.g., IP address and logs) kept for a maximum of 12 months.

At the expiration of the applicable retention periods, the deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.

However, in the event of hiring, your data collected during the recruitment process is automatically transferred to your personal file and becomes subject to the Employee Data Privacy Policy.

Please also note that in the event of litigation, we are obliged to keep all personal data concerning you for the entire duration of the file processing, even after the expiration of their retention periods described above.

What rights do you have to control the use of your personal data?

The regulations applicable to data protection give you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data.

• Right of access and copy of your personal data provided that this request does not contradict business secrecy, confidentiality, or the secrecy of correspondence.
• Right to rectify personal data that is incorrect, outdated, or incomplete.
• Right to object to the processing of your personal data carried out for commercial prospecting purposes.
• Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
• Right to limit your personal data which allows to photograph the use of your data in case of dispute over the legitimacy of a treatment.
• Right to portability of your data which allows you to recover part of your personal data in order to store them or transmit them easily from one information system to another.
• Right to give instructions on the fate of your data in the event of death either through you or through a trusted third party or a beneficiary.

For a request to be taken into account, it is imperative that it be made directly by you to the address dpo@gotomorro.com. Any request that is not made in this way cannot be processed.

Requests cannot come from someone other than you. We may therefore ask you to provide proof of identity in case of doubt about the identity of the requester.

We will respond to your request as soon as possible with a maximum deadline of three months from its receipt in the event that the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially given its repetitive nature.

Who can have access to your personal data?

Your personal data is processed by our teams and by our technical service providers for the sole purpose of making our service work.

Can your personal data be transferred outside the European Union?

The personal data processed in the context of recruitment are exclusively hosted within the European Union.

How do we protect your personal data?

We implement all the technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or unauthorized disclosure of your data (e.g., secure access, antivirus, etc.).

Who can you contact for more information?

Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at the following address: dpo@gotomorro.com.

How can you contact the CNIL?

You can contact the “Commission nationale de l'informatique et des libertés” or “CNIL” at any time at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone at 01.53.73.22.22.

Can the Privacy Policy be changed?

We may modify our Privacy Policy at any time to adapt it to new legal requirements as well as to the new processing that we may implement in the future.

‍

‍