Contact

Privacy Policy – EN

EXTERNAL PRIVACY POLICY House of ABY

1. Privacy Policy

The HOUSE OF ABY Group, which includes the brands Abylsen, all of its subsidiaries, as well as ABMI and all of its subsidiaries (hereinafter collectively referred to as “HOUSE OF ABY”), is committed to protecting the privacy of its employees, clients, partners, and candidates who interact with HOUSE OF ABY.

We may collect personal information through forms on our websites, as well as by mail, telephone, email, in person, or through any other means of communication.

This privacy policy outlines our practices regarding the collection, use, and sharing of personal information. Its purpose is to inform individuals concerned about the data collected, the purposes for which it is processed, and the conditions under which it may be shared with third parties.

Specific case for ABMI and its subsidiaries:

A process is currently underway to harmonize personal data processing practices between ABMI and the rest of the group, in order to ensure consistent application of GDPR requirements.

Until this convergence is finalized, the processing activities specifically carried out by ABMI are governed by their own privacy policy, available here: ABMI Privacy Policy.

This policy is currently being updated to reflect the group’s shared commitments to the protection of personal data.

2. Data Collected

As part of our interactions and services, we collect several categories of personal data necessary for the proper execution of our activities and compliance with our legal obligations. This data includes notably:
  • Identification data (such as name, first name, date of birth),
  • Contact information (postal address, email address, telephone number),
  • Financial data (banking or payment data, if relevant),
  • As well as connection and navigation data collected when using our online services (IP addresses, cookies, and other digital identifiers).
We may also process usage and preference information aimed at personalizing our services, as well as, in certain cases, professional data and information related to your activity in a professional context. Each type of data is processed in compliance with applicable laws and exclusively for the specific purposes described in this policy.

a) Data Related to Candidates

  • Website “Contact” section: first name, last name, email address, telephone
  • During a phone interview: name, first name, telephone, email address, CV, mobility
  • In response to the invitation email we send: CV, skills file, cognitive and personality tests
  • During the recruitment interview: candidate interview form

b) Data Related to Clients & Partners

  • Website “Contact” section: name, first name, company, email address, telephone
  • During telephone contact: name, first name, email address, telephone
  • During meetings: name, first name, email address, telephone

c) Data Related to our Employees

At the time of signing the employment contract, the future employee provides all necessary documents for its establishment:
  • Name, first name, nationality, postal address, email address, photo, telephone, date and place of birth,
  • Disabled worker certificate, family status, number of children, name + first name + date and place of birth + Social Security number of family members for mutual insurance, bank details, social security certificate, copy of health card, health card certificate,
  • Copies of diplomas, identity card, vehicle registration, driving license,
  • Automobile insurance certificate, medical fitness certificate, home insurance certificate, electrical installation compliance certificate.
  • Detailed information about visits
  • Information collected through cookies
  • IP address
  • Domain name
  • Browser and operating system version, browser language
  • Access time
  • Traffic data
  • Web logs
  • Movements on the site
  • Referrer website addresses
  • Web pages viewed on websites

3. Data Processing

a) Processing Purposes and Legal Basis

In the course of our activities, we collect and process personal data for various specific purposes, always respecting the applicable legal bases. Each processing is based on specific legal grounds, including consent, contract execution, compliance with legal obligations, or our legitimate interests, depending on the nature of the data and the context of their use:
  • Consent: the individual consents to the use of personal information concerning them (consent form linked to any such use and withdrawal of consent possible)
    • Web forms: transmitted to recruitment and sales departments of each entity, not retained
    • Cookies: retained for a maximum of 13 months
    • Documents and data provided by email or form as part of a recruitment process: retained for 5 years from last contact
  • Contract execution: if personal data is necessary to conclude a contract with the person
    • Documents for employment contract: received by HR department, retained 5 years after contract ends
    • Payroll data and pay slips: generated by payroll department, retained 5 years after contract ends
    • Documents for mandatory declarations: received by HR, retained 5 years after contract ends
  • Legal obligation: when we must use personal data to comply with legal obligations
    • Economic and social databases: generated and received by HR and payroll, retained 5 years after contract ends
    • Documents related to Secret Defense clearance or ionizing radiation: generated by Security Officer or Responsible Person, retained 1 year after clearance expiry
    • Documents related to subcontracting contracts: generated by manager, retained 5 years after contract ends
    • Mission orders and amendments: generated by manager, retained 5 years after contract ends
  • Legitimate interests: to serve a legitimate interest when reasons for using data outweigh any prejudice to data subjects’ rights:
    • CVs: received by Talent Acquisition and Manager, retained 5 years from last contact with candidate, and 5 years after contract ends for employees
    • Skills files: same retention as CVs
    • Candidate interview forms: retained 2 months paper format, 5 years digital format from last contact
    • Candidate satisfaction: retained 5 years from last contact
    • Recruitment monitoring files: retained 5 years from last contact
    • Personnel administrative files: retained 5 years after contract ends
    • Contract, salary, and expense documents: retained 5 years after contract ends
    • Visitor sign-in sheets: retained 2 months
    • User records: retained 5 years after contract ends

b) Data Controllers & DPO

In our commitment to protect your personal data, we inform you that processing activities are managed by HOUSE OF ABY, depending on the nature and specific purposes of the data collected, with its headquarters located in France. HOUSE OF ABY acts as data controller and ensures the security, confidentiality, and regulatory compliance of data processing activities. Responsibilities are divided as follows:
  • Candidates: processing under HOUSE OF ABY’s responsibility, supervised by Human Resources Management
  • Clients and partners: processing under HOUSE OF ABY’s responsibility, supervised by Development & QRSE Management
  • Employees: processing under HOUSE OF ABY’s responsibility, supervised by Human Resources Management
  • Navigation: processing under HOUSE OF ABY’s responsibility, supervised by Information Systems Management
To guarantee your rights and ensure compliance, HOUSE OF ABY appointed a Data Protection Officer (DPO) common to all group entities, including Abylsen and its subsidiaries. The DPO oversees personal data management, protection, and regulatory compliance within the group. You can contact the DPO at dataprotection@abylsen.com or 06 37 20 50 41 (Michelle BRUNO).

c) Data Recipients

Your personal data may be disclosed only to the following categories of recipients, strictly for defined purposes:
  • Internal services: HR, finance, legal, and IT teams
  • Service providers and subcontractors: IT providers and subsidiaries
  • Commercial partners (only with your prior consent)
  • Public and judicial authorities (when required by law or legal request)
We ensure all subcontractors and partners comply with GDPR rules and implement adequate safeguards. A detailed list of recipients is available upon request from our DPO at dataprotection@abylsen.com.

4. Data Security

a) Internet Security

We cannot guarantee that data transmissions over the Internet or on a website will be fully protected against intrusion. However, we apply reasonable physical, electronic, and procedural security measures, from a commercial perspective, to protect personal information in compliance with data protection laws. All information communicated via websites is stored on our secure servers or those of our subcontractors, and access/use is subject to our security policies and rules.

b) Transfers Outside the EU

In most cases, your personal data is stored and processed within the European Union. However, in specific circumstances, it may be hosted in the United States. In such cases, we ensure protective mechanisms compliant with EU requirements are in place to guarantee equivalent security and confidentiality, including data transfer agreements compliant with regulations.

c) Data Retention

Our retention periods for personal data depend on business needs and legal requirements. We keep personal data as long as necessary for the processing purposes for which it was collected, including any related legitimate purposes. When personal data is no longer needed, we either irreversibly anonymize it (allowing continued use in anonymized form) or securely delete it.

5. Your Rights

Under applicable laws, you have several rights regarding your personal data. You may request access to your data to know what information is held about you. You may also request correction of inaccurate or incomplete data, as well as deletion when data is no longer necessary or when you withdraw your consent. Additionally, you can request restriction of processing in certain cases, such as contesting data accuracy or objecting to processing. You have the right to object to data processing for legitimate reasons and for specific processing purposes, and to request data portability—i.e., receiving your data in a structured, commonly used format to transfer it to another controller. For any questions regarding our use of your personal data, contact the Data Protection Officer at dataprotection@abylsen.com. Please note that some exceptions apply to exercising these rights, and they may vary slightly between EU member states. We verify the requester’s right before responding within applicable deadlines. Anyone may file a complaint with the supervisory authority where they reside or where the alleged violation occurred. Below are the contact details of supervisory authorities: You may also consult the guidelines of the European Data Protection Board (EDPB) at: https://www.edpb.europa.eu

6. Cookies

When visiting a website, data may be stored in or retrieved from your browser, usually as cookies. These data may relate to the user, their preferences, or device, mainly used to ensure the website works properly. Generally, this information does not directly identify the user but may provide a personalized web experience. Because we respect privacy rights, we offer the possibility to disable certain types of cookies. Below are different cookie categories. Blocking certain cookies may affect browsing experience and the services we provide.

a) Strictly Necessary Cookies

Always active, these cookies are essential for website functionality and cannot be disabled in our systems. They are usually set in response to user actions constituting service requests, such as privacy preference settings, login, or form submissions. Users can configure their browser to block or notify about these cookies, but some parts of the website may be affected. These cookies do not store personal identification information.

b) Targeted Advertising Cookies

These cookies may be set by our advertising partners on our website. They may be used by these companies to profile user interests and provide relevant ads on other websites. They do not directly store personal data but rely on unique browser and device identification. If these cookies are not allowed, advertising will be less targeted.

c) Performance Cookies

These cookies help us count visits and traffic sources to measure and improve site performance. They help identify most/least visited pages and evaluate visitor navigation. Data collected is aggregated and anonymized. If these cookies are declined, we won’t know about site visits.

d) Functionality Cookies

These cookies improve and personalize website features. They can be enabled by our teams or third parties whose services are used on our pages. If declined, some or all of these services may not work correctly.

7. Updates

We commit to maintaining this privacy policy updated according to legislative evolutions, including GDPR requirements, and changes in our activities and personal data processing. Any changes will be communicated and take effect upon publication on our site. Last updated: 06/13/202X