Beyond Associés’ Personal Data Protection Policy

 

You trust Beyond Associés when you share your personal data with us, whether it is in the framework of an assignment delivered to a client, to find a job, to better know and understand your skills, and to evolve in your career.

Thus, following the provisions of the General Data Protection Regulation (GDPR), Beyond Associés protects your personal data as well as possible.

 

What is the aim of this Charter?

This charter (hereinafter "the Charter") informs you on the terms of collection and processing of personal data by Beyond Associés. It applies to any personal data that Beyond Associés collects or that is provided by a third party and that may concern you.

It specifies the essential and additional information common to all processing operations carried out by Beyond Associés.

It describes the obligations resulting from the legislation on the protection of personal data and/or from the contractual commitments between us.

 

Who is responsible for processing personal data?

Beyond Associés, 4 rue Daru in Paris (75008), is responsible for the content of this Charter. In the direct or indirect collection and processing of personal information, Beyond Associés generally acts as a data controller for the services we provide to our clients, service recipients or candidates.

 

When and how do we collect your personal data?

Beyond Associés processes information relating to individuals (hereinafter referred to as "Personal Information") in the context of search and assessment assignments, talent management consulting, coaching, sparring-partnering and on-boarding of executives and managers. When contracting with our company, when registering for an event that we organise, when browsing our website, when using one of our tools in the context of an assignment (psychometric tests), when submitting your CV spontaneously via our website or to our team, when applying for a position for which we are involved in the recruitment phase, you are transferring information to us, some of which can identify you directly or indirectly.

 

Which personal data do we collect?

The information we ask for varies depending on the services we provide. However, some data is common to all our services:

  • Contact information such as name, surname, title, email address, postal address, telephone number

  • Practical contact details, email, newsletter subscription

  • Any other relevant data such as your professional activity, education, professional experience, etc.

 

The data you send us directly when entering in a relationship with Beyond Associés

During the various contacts we have with you, you may be asked to provide us with information about yourself. This information is collected when you sign a contract when you are recruited, or when accessing any other offer or service.

If the contact is a company, these data are:

  • The personal data of the people representing the company, such as its legal representative, its employees (salaried or not) and more particularly their first name and their last name

  • The name of the company

  • The function of the person whose data is collected in the user's company

  • The company's address

  • E-mail addresses

  • Telephone number

If the contact is an individual:

  • Their surname

  • Their first name

  • Their phone number

  • Their address or the city they are currently based in

  • Their email address

 

The data we collect during the business relationship

This includes, but is not limited to:

  • Information linked to the history of your commercial relationship with us, assignments taken out, orders for services, date and place of appointments, appointment notes, correspondence, invoicing and payment

  • Your participation in client communication programmes or in some of our events

 

In the context of the conclusion, management, and execution of contracts

  • Data relating to the identification of the parties, beneficiaries, interested or involved in the contract (civil status, contact details, nationality, etc.)

  • Data relating to the professional situation (date of employment, training, diplomas, function, hierarchical position, socio-professional category, employers, etc.)

  • Data relating to the family, economic, property and financial situation (family status, remuneration data, bonuses, social benefits, income, assets, etc.)

  • Data necessary for the assessment of professional skills (training, diploma, certification, etc.)

  • Data needed to assess professional development wishes (projects, desired development, training envisaged)

  • Data needed to assess personal interests (sports practised, hobbies, associative commitments, etc.)

  • Data relating to the conclusion, application, and management of the contract (means of payment, direct debit authorisation, bank details, etc.)

  • Predictable location and mobility data

  • Connection and traceability data (cookies, connections, etc.)

 

Sensitive data

We only collect sensitive data that is strictly necessary for the execution of our services, to meet contractual requirements or deliver the expected service. As a result, we do not request sensitive data as defined by law. This is only if, as a result of your active participation, we may become aware of sensitive data about you. In this case, the use of this data would require your express consent to the use of this data and its sharing.

 

Where is data collected from?

We collect data directly from you, but also:

  • People involved in the contract: the co-contractor, the beneficiary of the assignment, the candidate in a recruitment assignment

  • People involved in the contract (person in charge of managing the contractual assignment, e.g., the HRD)

  • Our contacts with the contact details provided for reference purposes (colleagues, former employer, etc.)

 

Information we collect through our website, mission applications and social networks

We may collect one or more of the following types of information when you subscribe to our services, access content or visit our website:

  • Contact information such as your name, email address, postal address, telephone number

  • Contact data (including your career aspirations, non-executive positions, likes and dislikes, a favourite quote)

  • Information posted in connection with public or community discussions and other online activities

We may collect and analyse all the responses you provide to psychometric tests.

You may interact with us through social networking sites or via links from applications that integrate social media (e.g., LinkedIn).

If you post information when you interact with us through social media, plug-ins, or other applications, subject to privacy settings, this information may become public.

 

How do we use your personal data?

The different purposes for which Beyond Associés processes your personal data are the following:

  • Recruitment of managers and directors

  • Employee recruitment assignments

  • Talent assessment and development

  • Coaching and sparring-partner assignments for managers

  • Mission of collective dynamics of the management teams

  • Conclusion, management, and execution of the above-mentioned contracts

  • Study of the client's specific needs

  • Management of contracts from the pre-contractual phase to termination

  • Exercise of recourse, management of claims and litigation

  • Compilation of statistics and data analysis

  • Enforcement of administrative, legislative, or regulatory provisions including anti-money laundering and combating the funding of terrorism, combating fraud, etc.

  • Customer knowledge, applicant knowledge and compliance checks

  • Execution of services subscribed by the client

  • Management of the commercial relationship

Regarding the data collected from candidates in the context of a recruitment, it is necessary to have access to:

  • Information that is essential for your selection regarding a proposed job offer and/or collaboration

  • The follow-up on your applications by tracing the history of job offers

  • Your profile and keep you regularly informed of offers likely to interest you in your specialist areas

Personal data is collected throughout the entire process of recruitment, from the application or job description to the hiring process.

During your telephone and physical interviews with one of our consultants, the data collected will be validated and completed to enhance your profile.

Insofar as we follow the career development of each candidate, we may need to collect certain data well beyond their integration, to update their professional career path.

 

Do we conduct data analysis?

We may process the data of our clients and of all those involved in an assignment (assignment recipient, job applicant) to establish data to fulfil our assignment or to integrate the database and identify future candidates for our clients.

If we need to use your data for a purpose other than that for which it was collected, we will ask for your prior consent.

 

What is the legal basis for data-processing?

The processing of the personal data we collect is justified by the following legal grounds:

  • The execution of pre-contractual or contractual measures to which the client, applicant or beneficiary is a party, or the employer on behalf of its employees

  • Compliance with legal or fiscal obligations

  • Your consent when applicable

  • Our legitimate interest, subject to your own interest and fundamental rights

 

How long do we keep your personal data?

We retain data according to the purpose for which it was collected.

The personal information collected will be kept for as long as necessary within the applicable limitation period.

After this period, which varies according to the purpose of the collection, we have adopted appropriate organisational and security measures to ensure that the data is destroyed or archived permanently.

 

Do we share your personal data?

The following may have access to your personal data:

  • Those responsible for providing the services and carrying out the assignment within their respective remits

  • Service providers, e.g., external consultants or providers of psychometric tests

  • Our subcontractors

  • Companies affiliated to Beyond Associés in the context of the mission

  • People interested in the contract (client, person in charge of the mission, beneficiaries of the mission, third parties interested in the execution of the contract)

  • Authorised third parties (courts, supervisory authorities, audit, and internal control departments)

We do not sell, rent, or otherwise make available your personal data to unaffiliated third parties for commercial purposes.

 

Can data be exchanged with our service providers?

We may use the services of service providers that we have selected to provide us with the services necessary for the performance of our missions (consultants, service providers in charge of psychometric tests).

These third parties are contractually bound not to communicate or access the personal data entrusted to them in relation to the services provided.

These providers are:

  • IT service providers who host and manage our information system (servers and applications), our backups, the provision and maintenance of our networks, our backup servers, etc.

  • Integrated service platform providers

  • Service providers for digitisation, archiving, etc.

 

Transfers across borders

Due to the international dimension of Beyond Associés' activity and the pooling of certain services, the processing may involve transfers, without moving personal data, to countries that are members or non-members of the European Economic Area, whose personal data protection laws differ from those of the European Union.

In the latter case, Beyond Associés uses various legal mechanisms to ensure that we maintain a protection regime for your rights and your data, that also complies with legal requirements and our commitments.

This includes:

  • The implementation of standard contractual clauses approved by the European Commission, which guarantee that personal data are processed with a level of protection equivalent to that of the European Economic Area within Beyond Associés

  • The use of service providers certified to the Privacy Shield, or recipients who have adopted a precise and demanding contractual framework, in accordance with the models adopted by the European Commission, as well as appropriate security measures, ensuring the protection of personal data transferred

  • Transfers of personal data that are strictly necessary shall take place under conditions and safeguards that ensure the confidentiality and security of such data

If you require further information about access to your data by recipients outside the EEA, please contact us as set out below.

We will also be able to provide you with details of the security measures adopted.

 

Which security measures are applied to protect your data?

The security of your personal data is important to us, and we have adopted state-of-the-art physical, technical, and organisational security measures to protect your data from loss, misuse, accidental alteration, or destruction. We protect your data from unauthorised access, use or disclosure by using encryption procedures and access limitations. Only people who need access to your data to perform their duties will have access to it.

Our service providers are contractually obliged to maintain the confidentiality of personal data and may not use it for any other purpose.

 

What choices do you have about your personal data?

Our information policies and collection forms or questionnaires specify the fields that must be completed and the purposes for which we collect data.

 

How can you update your communication preferences?

Newsletter/emails: even where you have agreed to receive electronic communications from us, you may unsubscribe at any time by following the instructions in the communication.

 

Do you have any other rights?

Right of access

You have the right to access the personal data we hold about you.

You may contact your usual contact person or ask us, in accordance with the applicable legal provisions, for a copy of the information we hold about you.

To do so, you must prove your identity by providing us with a copy of a valid identity document. We may charge you a fee if your request is unfounded or repeated.

We will provide you with the information in writing or electronically unless you request another method of communication.

You may exercise your right of access by sending an e-mail to the following address: dataprivacy@beyond-associes.com or by sending a letter to the attention of: Data Privacy Officer – Beyond Associés – 4, rue Daru – 75008 Paris – France.

Your request will be processed as soon as possible and at the latest within 30 days. If it is not possible for us to respond within this period, we will inform you and process your request as soon as possible.

If it is not possible for us to respond positively to your request for legal reasons, we will inform you of this, unless this is impossible due to a decision of an administrative or judicial authority or a legal obligation.

 

Right of rectification

You have the right to have inaccurate or incomplete data corrected by providing us with an additional declaration.

 

Right to be forgotten - Right to deletion of data

You have the right, on specific grounds, to have your personal data erased. This applies when the data is no longer necessary for the purposes for which it was collected or processed, or the processing is unlawful, or the erasure is required by law.

You may also, in certain cases, define directives relating to the conservation, deletion and communication of your personal data after your death.

 

Right to portability

You have the right to the portability of the data that you have personally provided to us, as well as those resulting from the execution of the contract(s) that bind us or those collected with your consent. This does not include anonymous data and data derived or derived from structured data in our information systems.

This right is subject to the technical feasibility of transmission in a structured, commonly used format that can be read by the information system of another data controller.

 

Right to object to processing

You have the right to object to any processing of personal data if such processing is lawfully based on our legitimate interest, unless the reasons justifying the processing outweigh the possible prejudice to the rights and freedoms of the person wishing to object to the processing.

 

Right to restrict processing

You can ask us to restrict the processing of your personal data if:

  • You contest the accuracy of the data within a period that will allow us to carry out the necessary checks

  • The processing is unlawful, and you request the restriction of the processing rather than its deletion

  • We no longer need the data for the purposes of the processing concerned, but the data are necessary for the establishment, exercise, or defence of legal claims

  • You object to processing based on our legitimate interest, while we check the validity of the processing reason

 

Transfers across borders

As mentioned above, you can obtain a copy of the security measures applicable to the transfer of your personal data outside the European Economic Area.

 

Reaching out

If you need any information about this Policy, you can contact: Data Privacy Officer - Beyond Associés - 4, rue Daru - 75008 Paris – France

 

Claim

You have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the supervisory authority in charge of compliance with obligations relating to personal data: Commission Nationale Informatique et Libertés, 3 place de Fontenoy TSA 80715 75334 Paris Cedex 07 France.

 

Policy update

We may update this Policy from time to time. Lats update: September 2021.