Log in Candidate account

I already have a candidate account

 
By continuing to browse, you accept use of cookies for the purposes of authentication and adding favourites. Find out more
Indosuez Wealth Management vacancy search engine

You are here : 

Charte candidats Groupe Crédit Agricole Indosuez


  1. DEFINITIONS

     

The following definitions apply in the Charter:


1. Personal Data : Any information relating to an identified or identifiable candidate. For example, personal data can be candidates’ contact details resume or cover letter;
2. Processing: Any operation (or set of operations) performed on personal data, including, for example, its collection, organisation, storage, modification, use, transmission, distribution or erasure;
3. Purpose: The reason for processing personal data. The purposes of personal data processing in the context of this Charter are stated in §3 below;
4. Recipient: Any natural or legal person, public authority, service or other organisation to which personal data is disclosed;
5. Controller: The entity that defines the purpose of the personal data processing and the resources used to perform said processing. The controller of processing that uses candidates’ personal data is the Group entity that is looking to recruit.
6. Processor: Any entity other than the process manage that processes personal data on behalf and at the request of the controller. A Group entity may therefore be a processor for another Group entity. For example, companies that provide IT or consulting services to the controller, or which are entrusted with HR management services, are considered to be processors.


2. WHAT ARE THE DATA PROTECTION PRINCIPLES APPLIED BY THE GROUP ?


Candidates’ personal data is processed in accordance with the following personal data protection principles:


1. Legal, fair and transparent processing: Candidates’ personal data must always be collected and processed (the for a specific purpose “legal basis”). No processing that breaches the principles defined in this Charter and the GDPR may be performed. Furthermore, clear, comprehensive and transparent information must be provided to all candidates regarding the processing of their personal data;
2. Restricted purposes: Candidates’ personal data must always be collected and processed for specific purposes determined from the outset;
3. Lean data: Only personal data that is strictly necessary in order to achieve the stated purposes may be collected from candidates. No personal data superfluous to the processing performed may be collected or used;
4. Accuracy: Candidates’ personal data must always be accurate and regularly updated. All reasonable measures must be taken to ensure that any inaccurate data is either corrected or erased;
5. Limited retention: Candidates' personal data must not be stored for longer than needed to achieve the purposes for which it was collected.
6. Security: Candidates’ personal data must be stored and processed securely and confidentially.

 


3. IN WHAT CIRCUMSTANCES ARE CANDIDATES REQUIRED TO PROVIDE PERSONAL DATA? WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF CANDIDATES’ PERSONAL DATA?


The controller processes candidates’ personal data in order to:


1. Manage candidatures, set up the job interview and selection processes, manage recommendations and references, manage the candidate pool and pre-recruitment, and establish promise-to-hire letters and contracts.
These processing are based on candidate’s consent. A candidate’s consent must always be given freely informed and explicit (generally in writing). Candidates may decide to withdraw their consent at any time. However, doing so does not affect the validity of any processing already performed with the candidate’s consent.
2. Manage access to premises and potential video surveillance of the premises.
These processing are justified by a legitimate interest, which consists of ensuring security of goods and individuals (in the real time and afterwards). In this case, candidates may oppose certain processing involving their personal data for reasons relating to their specific circumstances (unless the data controller proves that there are legitimate and essential reasons for the processing prevail over the data subject’s interests, rights and basic liberties or for the purpose of exercising or defending their legal rights).
The processing of personal data communicated by candidates is not based on profiling.

4. IN WHAT CIRCUMSTANCES ARE CANDIDATES REQUIRED TO PROVIDE PERSONAL DATA?


Some personal data may be necessary to review candidatures by the Group. Candidates will be informed about it during the data collection process, by an asterisk or in an equivalent way.
In the case this data is not communicated, the data controller will not be able to process the candidature.


5. WHO RECEIVES CANDIDATES’ PERSONAL DATA?


For the purposes of the processing described above, candidates’ personal data may in certain cases be disclosed to a variety of recipients, including:
• Group entities,
• IT – Data processing firms, test editors, or data processors in charge of access to premises and eventual video surveillance providers.
• Recruitment agencies
Group entities acting as controllers must choose processors that provide adequate guarantees that the processing will comply with the principles of the GDPR and that the personal data will remain confidential and secure.
If a recipient of personal data is located in a country outside the European Union, the recipient must comply with local legal requirements that provide a suitable level of protection, or, for the case of companies in the United States, comply with the Privacy Shield (a self-certification mechanism recognised by the European Commission), or else provide guarantees ensuring an equivalent level of protection.
These guarantees may be in the form of the standard contractual clauses on personal data protection adopted by the European Commission (namely, a transfer agreement between the controller and a processor, stating the respective obligations upon each if personal data is transferred outside the European Union).

6. HOW IS CANDIDATES’ PERSONAL DATA SECURED?


Solutions used to store and process candidates’ personal data must satisfy the security prerequisites specified by the Group’s Information Systems department and are subject to stringent approval and audit procedures.
The Group has implemented technical and organisational measures to ensure that candidates’ personal data remains secure and confidential. These include:
§ Access control and user permissions for IT equipment used to process candidates’ personal data;
§ Ensuring the security of technical infrastructures (including workstations, networks and servers) and data (for example, backups and business continuity plan);
§ Restricting who is authorised to process personal data, depending on the purpose of the processing and the resources allocated;
§ Strict non-disclosure obligations binding the Group’s processors;
§ Rapid response procedures in the event of a security incident involving candidates’ personal data.


7. HOW LONG IS CANDIDATES’ PERSONAL DATA STORED?


The candidate’s personal data regarding the processing of candidatures’ management, mentioned in 1. of §3 is stored for eighteen (18) month after the candidate’s last contact with the Group.
Personal data collected for managing access to the premises is stored for three (3) month. Personal data collected for the management of eventual video surveillance systems is stored for thirty (30) days.
Throughout the storage period, only “need-to-know” individuals with the appropriate permissions may have access to candidates’ personal data, based on the purposes of the intended processing.
At the end of the storage period, candidates’ personal data must be either permanently erased or irreversibly anonymised.

8. WHAT RIGHTS DO CANDIDATES HAVE REGARDING THE PROCESSING OF THEIR PERSONAL DATA?


All candidates may exercise the following rights at any time:


1. Right to access: Candidates may obtain information regarding the nature, source and use of their personal data. Whenever personal data is disclosed to third parties, candidates may also obtain information concerning the identities or categories of the recipients;
2. Right to rectification: Candidates may request that inaccurate or incomplete personal data be corrected or supplemented;
3. Right to erasure: Candidates may request that their personal data be erased, particularly if it is no longer necessary for the performed processing. The controller must erase personal data promptly, except in the cases provided for in the Regulation;
4. Right to restrict processing: Candidates may request that their personal data be made temporarily unavailable to prevent its subsequent processing, for example by moving their data to a different processing system, in the circumstances defined by the GDPR .
5. Right of opposition: Candidates may oppose certain processing involving their personal data for reasons relating to their specific circumstances, except where legitimate and essential reasons for the processing prevail over the data subject’s interests, rights and basic liberties or for the purpose of exercising or defending their legal rights;
6. Right to portability: Whenever personal data is processed after obtaining the candidate’s consent or required for the performance of a contract, the candidates concerned may ask to receive their personal data provided to the controller, in a widely-used and structured electronic format. This right to portability can be exercised only if the data processing is operated under candidate’s consent.

The controller undertakes to examine requests submitted by candidates within the time limits specified in the GDPR.

9. CONTACT


To get a copy of the appropriate warranties mentioned at the paragraph 5 and to exercise the rights mentioned on the §8 , candidates may contact the Data Protection Officer.

Candidates may also submit a complaint to the relevant data protection authority if they consider that any personal data processing does not comply with the GDPR.

ENTITY

DPO postal adress

DPO email adress

Data protection authority

CA INDOSUEZ WEALTH (GROUP)

CA INDOSUEZ WEALTH (Group)

Monsieur le DataProtection Officer

12 place des Etats Unis

92545 MONTROUGE CEDEX

DataProtection.indosuezgroup@ca-indosuez.com

 

Commission Nationale de l'Informatique et des Libertés – CNIL

8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02

CA INDOSUEZ WEALTH FRANCE

CA INDOSUEZ WEALTH FRANCE
Monsieur le Data Protection Officer
17 rue du Docteur Lancereaux
75 008 PARIS

dpo@ca-indosuez.fr

VALBAUME IMMOBILIER

Valbaume Immobilier
Monsieur le Data Protection Officer
17 rue du Docteur Lancereaux
75 008 PARIS

dpo@ca-indosuez.fr

CA INDOSUEZ GESTION

CA INDOSUEZ GESTION
Monsieur le DataProtection Officer
17 rue du Docteur Lancereaux
75 008 PARIS

dpo@ca-indosuez.fr

CA INDOSUEZ WEALTH (EUROPE)

CA Indosuez Wealth (Europe)
Monsieur Le Dat aProtection Officer
39 Allée Scheffer
2520 Luxembourg

dpo@ca-indosuez.lu

Commission Nationale pour la Protection des Données

1, avenue du Rock’n’Roll L-4361 Esch-sur-Alzette

CA Indosuez Wealth (Europe), Sucursal en España

CA Indosuez Wealth (Europe), Sucursal en España
Data Protection Officer
Paseo de la Castellana, 1
28046 Madrid, Espagne

dpo@ca-indosuez.es

Agencia de Protección de Datos C/Jorge Juan, 6 28001 Madrid Tel. +34 91399

CA Indosuez Wealth (Europe) Belgium Branch

CA Indosuez Wealth (Europe) Belgium Branch
Monsieur le Data Protection Officer
Chaussée de la Hulpe 120
1000 Bruxelles, Belgique

dpo@ca-indosuez.be

Commission de la protection de la vie privée Commissie voor de bescherming van de persoonlijke levenssfeer Rue de la Presse 35 / Drukpersstraat 35 1000 Bruxelles / 1000 Brussel

CA Indosuez Wealth (Europe) Italy Branch

CA Indosuez Wealth (Europe) Italy Branch
Data Protection Officer
Piazza Cavour, 2
20121 Milano MI, Italie

dpo@ca-indosuez.it

Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma

Banca Leonardo S.p.A.

Banca Leonardo S.p.A.
 DataProtection Officer
Via Broletto, 46
20121 Milano MI, Italie

bancaleonardo.dpo@avvera.it
aldo.manzi@avvera.it

Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma

CA Indosuez Fiduciaria

CA Indosuez Fiduciaria
 Data Protection Officer
Piazza Cavour, 2
20121 Milano MI, Italie

dpo@ca-fiduciaria.it

Garante per la protezione dei dati personali Piazza di Monte Citorio, 121 00186 Roma

CA INDOSUEZ ASSET MANAGEMENT

CA Indosuez Wealth (Asset Management),

31-33 avenue Pasteur, L-2311 Luxembourg

dataprotectionofficer@ca-indosuez-am.com

Commission Nationale pour la Protection des Données 1, avenue du Rock’n’Roll L-4361 Esch-sur-Alzette

CA INDOSUEZ PRIVATE EQUITY

CA Indosuez Wealth (Asset Management),

31-33 avenue Pasteur, L-2311 Luxembourg

dataprotectionofficer@ca-indosuez-am.com

CFM INDOSUEZ WEALTH

CFM Indosuez Wealth
Monsieur le DataProtection Officer
11 Boulevard Albert 1er
98000 Monaco

data-protection-officer@cfm-indosuez.mc

Commission de Contrôle des Informations Nominatives

12 Avenue de Fontvieille, 98000 Monaco

CFM INDOSUEZ GESTION

CFM Indosuez Gestion
Monsieur le DataProtection Officer
11 Boulevard Albert 1er
98000 Monaco

data-protection-officer@cfm-indosuez.mc

CFM Conseils en Investissement France

CFM Indosuez Conseils en Investissement

Data Protection Officer, 1 Place de la Liberté – Bâtiment C La Lombarde, 06320 Cap d’Ail

data-protection-officer@ci-cfm-indosuez.com

Commission Nationale de l'Informatique et des Libertés – CNIL

8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02

CA INDOSUEZ SWITZERLAND

CA Indosuez (Switzerland) SA
Data Protection Officer
Quai Général-Guisan 4
Case Postale 5260
1211 Genève 11

dpo@ca-indosuez.ch

 

Data Protection and Information Commissioner of Switzerland Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter

Mr Adrian Lobsiger Feldeggweg 1 3003 Bern

 

CA INDOSUEZ SINGAPOUR

FINANZIARIA SA

 AZQOREAZQORE
Monsieur le Data Protection Officer
chemin de Bérée 38
1010 Lausanne
 dpo@azqore.com

 


10. CHARTER APPLICABILITY AND AMENDMENTS


The Charter shall be applicable with effect from 25 May 2018.
The Charter is available to download from each intranet Group entity, at the following address:
https://jobs.ca-indosuez.com/mention-legale.aspx.

 

It is liable to change, in response to regulatory or processing changes.