Introduction
qiub is committed to ensuring that the collection and processing of personal data comply with the General Data Protection Regulation 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978, as amended by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
The data subjects concerned by the processing we carry out include:
Candidates;
Our prospects;
Our clients;
Our employees;
Our suppliers.
Our partners.
This charter aims to govern practices regarding the protection of personal data, to inform data subjects about the processing of their personal data by qiub, their rights regarding the protection of personal data, the security measures implemented to protect them, and to give them the ability to retrieve, rectify, or delete information concerning them.
This charter may be supplemented or modified based on internal or regulatory developments.
Principles applicable to the protection of personal data
Principle of minimizing data collection
The data collected by qiub is strictly necessary for the purpose of its collection. qiub is committed to minimizing the data collected and keeping it accurate and up-to-date.
Principle of Lawfulness and Transparency
qiub informs data subjects about how it uses their personal data when collecting it via this charter published on the qiub website.
Limitation of data retention period
qiub undertakes to retain the collected data for a limited period that does not exceed the duration necessary to fulfill the purposes for which it was collected. Furthermore, data may be retained for security purposes and to comply with legal and regulatory obligations.
Personal Data Collected
qiub may collect personal data directly from the data subject or indirectly through third parties as part of our business processes.
Data collected indirectly may be data publicly available on professional social networks or provided by another person, such as former employers or other professional contacts.
The different categories of personal data that may be collected are as follows:
– Identification data (examples: last name, first name, etc.);
– Contact data (examples: email address, telephone number, etc.);
– Professional data (examples: CV, cover letter, etc.).
qiub does not collect sensitive personal data (such as alleged racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) in the context of its business processes.
Purposes of processing and legal bases
Purposes of processing
Personal data is collected only for the following specific, explicit, and legitimate purposes:
– Managing applications and recruitment: this includes searching for and identifying candidates, selecting candidates, assessing their ability to perform the job, and measuring their professional skills;
– Managing qiub’s relationships with its clients, partners, suppliers, and subcontractors: this includes communicating about the services provided, as well as accounting and tax management;
– Enriching customer, prospect, candidate, and supplier databases.
The data collected may not be subsequently used in a manner incompatible with these purposes.
Legal bases
Any processing carried out by qiub relies on one of these legal bases:
– The data subject’s consent through communication of this charter or the spontaneous sending of information, after which qiub may process their personal data for one or more specific purposes;
– The performance of the contract to which the data subject is a party or pre-contractual measures taken at their request;
– Compliance with a legal obligation;
– The performance of a mission in the public interest;
– The pursuit of a legitimate interest.
Data Processing Recipients and Transfer
Data Processing Recipients
Access to the collected personal data is granted only to authorized qiub personnel and authorized subcontractors. This access is strictly limited to those who require this data in the course of their duties or to provide specific services to the company.
Data Transfer
No transfer of personal data is planned to recipients located outside the European Union.
Respect for the Rights of Data Subjects
Data Subject Rights
Right of Access
Data subjects may request access to their personal data at any time. This includes the right to obtain confirmation as to whether data concerning them is being processed and the right to obtain a copy of that data.
The right to rectification
Data subjects have the right to request the rectification or updating of their personal data if it is inaccurate, incomplete, or outdated.
The right to erasure
Data subjects have the right to request the deletion of their personal data. They may exercise this right in the following cases:
– The data is no longer necessary for the purposes for which it was collected or processed;
– The data subject wishes to withdraw their consent;
– The data subject objects to the processing of their data and there are no overriding legitimate grounds for the processing;
– The data has been unlawfully processed;
– The data must be erased to comply with a legal obligation.
The right to object
Data subjects have the right to object to the processing of their personal data.
The right to withdraw consent
If an individual has consented to the processing of their data for one or more specific purposes, they have the right to withdraw their consent at any time.
The right to portability
Data subjects have the right to request the recovery of the data they have provided. This right is limited to processing whose legal basis is consent or the performance of a contract or pre-contractual measures.
The right to lodge a complaint
Data subjects have the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/plaintes
The right to restrict processing
Data subjects have the right to request the temporary suspension of the processing of their personal data.
How to exercise your rights
Data subjects’ rights may be exercised by contacting the Data Protection Officer either:
– By sending a letter to 11 avenue de l’Opéra, 75001 Paris;
– By email: contact@qiub.fr.
Notification in the event of a breach
In the event of a personal data breach, qiub undertakes to inform the data subjects as soon as possible in accordance with applicable data protection laws.
Data security
qiub is committed to ensuring the security of personal data collected, used, stored, and processed. Security measures are in place to protect the integrity, availability, and confidentiality of data against unauthorized access, disclosure, alteration, or unlawful destruction.
Update of the Personal Data Protection Charter
This charter may be amended due to regulatory developments and internal policies regarding the protection of personal data.
In the event of changes to the charter, the version and revision date will be amended. The amended version of this charter will be applicable as of that date.