DISCLAIMER AND INFORMATION NOTICE
MANAGEMENT OF RECRUITMENT AND RELATED PROCESSING

disclaimerS
You are informed:
  • that your personal data will be shared with recruitment teams from AXA Group to allow you to have a good visibility of your applications and profiles and in the absence of opposition from you. If you want to oppose to this sharing, please directly send your application to the recruiter or the local AXA entity mentioned on the job offer;
  • that robots will support the recruiters for preselection of CV already available on the platform (for the purpose n°1: Management of the recruitment process);
  • for internal candidates of the AXA Group, that robots will support your job search by using the recruitment platform (purpose n°5);
  • that information, messages and any attachments (hereinafter "the information") that you upload to the tool are under your responsibility. The information remains confidential, communicated exclusively to its authorized recipients and may be modified at any time. Please do not include any sensitive or confidential personal data in the free text field.

Furthermore, you are reminded, as a future/actual user of the platform, that the information is uploaded into the tool solely for the purposes of managing the recruitment of your application(s) for a position and the associated processing described below. You are informed that the tool is not intended to be used for any other purpose.
Finally, once you are contacted by a local AXA entity about your application, the recruitment process is managed in compliance with applicable local laws and regulations.


GENERAL INFORMATION NOTICE ON THE PROTECTION OF YOUR PERSONAL DATA
Data controllers
Act as data joint controllers in the context of the processing of your personal data (i.e. they jointly determine the purposes n°1, 2, 3 & 5 and means of the processing of your information):
GIE AXA, an economic interest grouping, organized under the laws of France, having its registered office at 23 Avenue Matignon, 75008 Paris, registered with the Registry of Commerce and Companies of Paris under number 333 491 066,
AND

The AXA entities concerned.
GIE AXA also acts as an independent data controller in the context of the processing of your personal data for the purpose n°4 detailed below.

DPO'S CONTACT DETAILS 
The Data Protection Officers (DPO) of each entity can be contacted by mail or e-mail address. Please refer to the dedicated addresses indicated by the AXA entity concerned and available below:
The Data Protection Officer (DPO) of the GIE AXA can be contacted at the following addresses:  23 avenue Matignon, 75008, Paris / privacy@axa.com

PURPOSES OF PROCESSING, LEGAL BASIS AND CATEGORIES OF personal DATA PROCESSED
PURPOSES OF PROCESSING Of YOUR PERSONAL DATA
                       LEGAL BASIS
CATEGORIES OF personal DATA PROCESSED
Purpose n°1): Management of the recruitment processThe legal basis for the processing of your personal data legitimizing this purpose is the execution of pre-contractual measures (Art. 61.b) GDPR).Purposes n°1) et 2):
- Identification data, such as: first name, last name, gender (Mr./Ms.) (optional), photo (optional), date of birth or age (may be collected on your resume), personal phone number, personal email address, nationality;
- Personal life data: family status (may be collected on your resume), hobbies (may be collected on your resume);
- Professional data, such as : interests, skills (a minimum of one topic) or CV (file or link to LinkedIn), YES employee number, professional email, local ID, job title, manager's name, professional family and sub-family, work site, business unit, assignment categories (local terms, short or long term assignment), Contract type (permanent or fixed term contract), seniority date (job seniority date, entity seniority date or AXA seniority date), geographic mobility (willing to relocate nationally/internationally), management position, business phone number;
- Platform connection data: PassAXA (internal candidates of AXA Group), technical cookies and performance and third-party cookies (optional).
Purpose n°2: Management of CVbankThe legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). The legitimate interests pursued by the data controllers consist in the possibility of offering the applicant the possibility of being called back by another AXA entity located in the same geographical area. For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.
Purpose n°3): Management of the sending of job offers (newsletter) only at your requestThe legal basis legitimizing this purpose is the application of consent (Art. 6 1.a) GDPR). Please note that you can withdraw this consent at any time. If you decide to do so, you will no longer receive job offers from the Data Controllers. The withdrawal of your consent does not affect the lawfulness of the processing previously carried out.
- Identification data, such as: personal email address;

- Connection data to the platform: PassAXA (internal candidates of AXA Group)

Purpose n°4): Administration of the platform (monitoring of use and functioning)The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.- Professional data: professional email address, job position of the user account;
- connection data: PassAXA (internal candidates of AXA Group),
Purpose n°5): Provision of a fitscore to assist internal candidates of AXA Group in their choice of applicationThe legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). The legitimate interests pursued by the data controllers consist in the possibility of offering the candidate a better vision of the positions that correspond to him/her by attributing a "fit" with the position (good fit, potential fit or no mention). For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.It is the match between the data of the job offer and some data filled in by the candidate which are the following:
- skills (key words);
- job family (i.e. compliance, finance, security etc.);
- desired place of work;
- type of contract (fixed-term contract, permanent contract, internship, work experience)

MANDATORY NATURE OF DATA COLLECTION AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE such DATA
The provision of this information is mandatory in order for the data controllers to be able to evaluate your application or to send you the various job offers offered by the data controllers. 
If you do not provide this information, you will not be able to be called back by recruiters or to receive the various job offers offered by the Data Processors. 


THE SOURCE OF THE personal DATA IN CASE OF INDIRECT COLLECTIOn
When you are an employee of an AXA entity, your profile is created by the human resources of the AXA entity concerned and some data is already present in other human resources databases.

SECURITY OF PERSONAL DATA
The data controllers use appropriate technical and organizational measures to protect the Personal Data that the data controllers collect and process about you. The measures that the data controllers put in place are designed to ensure a level of security that is sufficient in light of the risks associated with the processing of your Personal Data in accordance with AXA Group standards.

RECIPIENTS OR CATEGORIES OF RECIPIENTS AND NON-EU TRANSFERS
The data controllers will communicate your personal data only to identified and authorized recipients.
These recipients are:
  • AXA Group Operations (France) in charge of the integration of the recruitment platform and the management of IT support;
  • Local AXA entities: authorized persons involved in the recruitment process such as human resources (recruiters only), manager(s) involved in your recruitment process;
  • Cap Gemini (India), subcontractor of AXA Group Operations and in charge of the processing of requests to exercise rights;
  • Phenom People (United States, Netherlands, United Kingdom, India) and its subcontractors, in charge of the maintenance of the recruitment platform, the management of the access to the CRM and the delivery of reports (aggregated data) of the platform use.
For countries that do not provide an adequate level of protection, data controllers provide safeguards to ensure the security and confidentiality of your personal data and frame this transfer either by:
  1. the Standard Contractual Clauses adopted by the European Commission,
  2.  when your personal data is transferred to other AXA Group entities, by the Group's Binding Corporate Rules (available via the following link - Learn More section: https://www.axa.com/fr/a-propos-d-axa/nos-engagements). These Binding Corporate Rules apply to relationships between entities, including those located in countries that do not provide an adequate level of protection.
DATA retention period
For the purposes 1), 2) and 5) concerning the management of the recruitment process, the constitution of a CV-library and the provision of a fitscore, the data retention period depends on the country from where the data subject is. Please refer to the link below according to your country: click here
However, for France it is 6 years from the leave of the employee from AXA Group or from the inactivity of the data subject on his/her own account AXA Group. 6 years is the limitation period for offenses in France. The objectives of this duration are to protect AXA from any action related to employment discrimination.
 
For the purpose n°3) concerning the sending of job offers (newsletter), the duration of conservation of your data depends on the withdrawal of your consent. However, after two (2) years of inactivity on the platform, the sending of these newsletters will be deleted.

For the purpose n°4) concerning the administration of the platform, the retention period should be defined following the purposes identified above. Deletion regarding cookies (6 months from the first consent) should be implemented and effective.

DATA SUBJECTS’ RIGHTS 
In accordance with the French "Informatique et Libertés" law n° 78-17 of 6 January 1978 and the GDPR, you have the right to:
  • access your personal data;
  • rectify your personal data;
  • request erasure of your personal data, except if the processing is based upon the respect of a legal obligation of the data controllers;
  • request to obtain the restriction of the processing of your personal data, unless you have given your consent, if your data are necessary for the establishment, exercise or defense of legal rights, if your data are necessary for the protection of the rights of another natural or legal person or if the use of your data is justified by important reasons in the public interest of the Union or a Member State;
  • request the portability of your personal data, when your personal data are processed automatically on the basis of your consent or the execution of a contract binding you to the data controllers;
  • decide on the fate of your personal data after your death.  
For processing with purpose n°2 Management of Cvbank, the purpose n°4 Administration of the platform (monitoring of use and functioning) and the purpose n°5) Provision of a fitscore to assist internal candidates of AXA Group in their choice of application, you also have the right to object, at any time, for reasons relating to your particular situation, to the processing of your personal data.

For processing with purpose n°3 the management of the sending of job offers (newsletter), please note that you can withdraw this consent at any time. If you decide to do so, you will no longer receive job offers. The withdrawal of your consent does not affect the legality of the processing previously carried out.
In any case, you have the right to object to the marketing of your data. Please note that AXA Group does not market your personal data.
To contact the DPO or exercise your rights, the contact details are as follows:
  • For GIE AXA, the contact details are as follows:  23 avenue Matignon, 75008, Parisprivacy@axa.com
  • For local entities: please refer to the contact information provided by the entity that employs you.
You may be asked for information to confirm your identity and/or to assist the Company to locate the data you are seeking as part of our response to your request.

THE RIGHT TO MAKE A COMPLAINT TO A SUPERVISORY AUTHORITY
Finally, you have the right to raise any concerns about how your personal data is being processed with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place where you think an alleged infringement to your rights occurred.
In France, the data protection authority is the Commission nationale de l'informatique et des libertés, or “CNIL” - 3 place de Fontenoy - TSA 80715 – 75334 Paris Cedex 07.


UPDATES TO THIS PRIVACY NOTICE
The data joint controllers may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When the data controllers update this privacy notice, the data controllers will take appropriate measures to inform you, consistent with the significance of the changes the data controllers make. The data controllers will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws.
This Privacy Notice was last updated on November, 17th 2021.