Privacy Notice iCIMS EN

DISCLAIMER AND INFORMATION NOTICE

MANAGEMENT OF RECRUITMENT PROCESSING AND INTERNAL MOBILITY USING OUR RECRUITMENT PLATFORM

DISCLAIMER

You are responsible for ensuring that the information, messages and any attachments (hereinafter "the information") that you upload to the tool is correct and truthfully represents your work experience. If you need to make any changes to the information you input, you may adjust it at any time. You should ensure that you only input information in the free text box that is relevant to your application and you should take care to avoid inputting any unnecessary sensitive or confidential personal data in the free text field.

You are reminded, as a future/actual user of the platform, that the information is uploaded into the tool solely for the purposes of managing the recruitment (external or internal) of your application(s) for a position and the associated processing described below. You are informed that the tool is not intended to be used for any other purpose.

GENERAL INFORMATION NOTICE ON THE PROTECTION OF YOUR PERSONAL DATA

To the extent that it does not conflict with the local privacy notice relevant to the AXA company to which you are applying (for which please see the section “Local Privacy Notices below), this privacy notice will apply to AXA’s processing of your personal data.

DATA CONTROLLERS

Act as data joint controllers in the context of the processing of your personal data (i.e. they jointly determine the purposes and means of the processing of your information):

GIE AXA, an economic interest grouping, organized under the laws of France, having its registered office at 23 Avenue Matignon, 75008 Paris, registered with the Registry of Commerce and Companies of Paris under number 333 491 066,

AND

The AXA company to which you are applying.

(Together, “AXA”.)

LOCAL PRIVACY NOTICES

AXA Hong Kong Privacy Notice

Finally, once you are contacted by a local AXA entity about your application, the recruitment process is managed in compliance with applicable local laws and regulations.

DPO'S CONTACT DETAILS 

The Data Protection Officers (DPO) of each entity can be contacted by mail or e-mail address. Please refer to the dedicated addresses indicated by the AXA entity concerned and available below:

AXA Belgium: privacy@axa.be
AXA GO: privacy.axaservices@axa.com
AXA IM dataprivacy@axa-im.com  
AXA Partners: Clp.fr.dataprivacy@partners.axa
AXA XL: legalcompliance@axaxl.com
AXA UK - email: ukgroupprivacy@axa-uk.co.uk; mail: The Data Protection Officer, AXA UK Plc, 20 Gracechurch Street, London EC3V 0BG
GIE AXA : privacy@axa.com

You can also find contact details in the Local Privacy Notices, as set out above.

PURPOSES OF PROCESSING, LEGAL BASIS AND CATEGORIES OF PERSONAL DATA PROCESSED

PURPOSES OF PROCESSING OF YOUR PERSONAL DATA	LEGAL BASIS	CATEGORIES OF PERSONAL DATA PROCESSED
Purpose n°1): Management of the recruitment process of external candidates	The legal basis for the processing of your personal data legitimizing this purpose is the execution of pre-contractual measures (Art. 6. 1.b) GDPR).	- Identification data, such as: first name, last name, gender (Mr./Ms.) (optional), photo (optional), date of birth or age (may be collected on your resume), personal phone number, personal email address, personal address, nationality; - Personal life data: family status (may be collected on your resume), hobbies (may be collected on your resume); - Professional data, such as : interests, skills (a minimum of one topic) or CV (file or link to LinkedIn), professional email, local ID, job title, work site, Contract type (permanent or fixed term contract), - Platform connection data: technical cookies and performance and third-party cookies (optional). To the extent strictly authorized by law, special categories (i.e. data revealing the so called “racial” or ethnic origin of an individual, their political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data or data concerning their sex life or sexual orientation) of Personal Data can be processed on the CV as follow: Health Data, such as status of disabilities or percentage of disabilities for the purpose of complying with obligations owed to disabled employees and in accordance with Article 9-2-h  of the GDPR.
Purpose n°2: Management of CV bank and Management of the sending of job adverts (newsletter)	The legal basis for the processing of your personal data legitimizing this purpose is the application of consent (Art. 6 1.a) GDPR). Please note that you can withdraw this consent at any time. If you decide to do so, you will no longer receive job offers from the Data Controllers. The withdrawal of your consent does not affect the lawfulness of the processing previously carried out, or any processing for which the legal basis is not consent. Your personal data will be shared with recruitment teams from AXA : 1) to allow you to have a good visibility of your applications and profiles within all AXA entities and 2) to enable them to perform analytics on the use of the platform	- Identification data, such as: first name, last name, gender (Mr./Ms.) (optional), photo (optional), date of birth or age (may be collected on your resume), personal phone number, personal email address, personal address, nationality; - Personal life data: family status (may be collected on your resume), hobbies (may be collected on your resume); - Professional data, such as : interests, skills (a minimum of one topic) or CV (file or link to LinkedIn), employee number, professional email, local ID, job title, manager’s name, professional family and sub-family, work site, business unit, assignment categories (local terms, short or long term assignment), Contract type (permanent or fixed term contract), seniority date (job seniority date, entity seniority date or AXA seniority date), geographic mobility (willing to relocate nationally/internationally), management position, business phone number; - Platform connection data: PassAXA (internal candidates of AXA Group), technical cookies and performance and third-party cookies (optional).
Purpose n°3): Management of internal mobility of AXA employees	The legal basis for the processing of your personal data legitimizing this purpose is the execution of contractual measures (Art. 6. 1.b) GDPR).	- Identification data, such as: first name, last name, gender (Mr./Ms.) (optional), photo (optional), date of birth or age (may be collected on your resume), personal phone number, personal email address, personal address, nationality; - Personal life data: family status (may be collected on your resume), hobbies (may be collected on your resume); - Professional data, such as : interests, skills (a minimum of one topic) or CV (file or link to LinkedIn), employee number, professional email, local ID, job title, manager’s name, professional family and sub-family, work site, business unit, assignment categories (local terms, short or long term assignment), Contract type (permanent or fixed term contract), seniority date (job seniority date, entity seniority date or AXA seniority date), geographic mobility (willing to relocate nationally/internationally), management position, business phone number; - Platform connection data: PassAXA (internal candidates of AXA Group), technical cookies and performance and third-party cookies (optional).
Purpose n°4): Match candidates’ profiles to job positions (“the matching test”) using artificial intelligence	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). This data processing should help either AXA entities to find the most adapted candidates for a job role or to help the candidate to find the best job positions in AXA.	It is the match between the data of the job offer and some data filled in by the candidate which are the following: - skills (key words); - job family (i.e. compliance, finance, security etc.); - experiences - desired place of work; - type of contract (fixed-term contract, permanent contract, internship, work experience).
Purpose n°5): Administration of the platform (monitoring of use and functioning and ticket management)	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). The legitimate interests pursued by the data controllers consist in the necessity to maintain the platform to enables recruitment and the provision of additional services to applicants while respecting the principles of security, compliance and necessary technical developments.	All personal data mentioned in this privacy policy, except authentication (password and passAXA)
Purpose n°6): Referral of internal AXA candidates	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR. The legitimate interests pursued by the data controllers consist in the possibility of obtaining recommendation from its employees on potential internal candidates and helping recruiters in the pre-selection of internal candidates.	- Identification data, such as: first name, last name, personal email address, personal phone number (optional); - professional data: resume (optional), job category, preference in the location of the job offer (optional).
Purpose n°7): Development of AXA Employees’ expertise & skills (GIG)	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6. 1.f) of the GDPR. The legitimate interest pursued by the data controllers consist in enabling employees to develop additional expertise and skills, as well as utilizing employee skills sets where required across the AXA Group.	- Identification data: First name, last name, gender, language - Professional data: number of years of experience, name of employers - Personal life: competencies & interests (optional)
Purpose 8) : Restricted data processing (archive)	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6. 1.f) of the GDPR. The legitimate interest pursued by the data controllers consist in keeping evidential purposes in case of litigation.	All data except e-mail

For all the purposes for which the legal basis is the legitimate interest (Art. 6.1.f of the GDPR), you can obtain information on these purposes on request by writing to the DPO contact of the company to which you are applying.

MANDATORY NATURE OF DATA COLLECTION AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE SUCH DATA

Some information collected in the application is mandatory in order for the data controllers to be able to evaluate your application or to send you the various job offers offered by the data controllers. Fields marked with an asterisk (*) in the application are mandatory where others are optional.

If you do not provide this mandatory information, you will not be able to be called back by recruiters or to receive the various job offers presented by the data controllers.

THE SOURCE OF THE PERSONAL DATA IN CASE OF INDIRECT COLLECTION

When you are an employee of an AXA entity, we will collect data relating to you from existing human resources databases.

Another source of data may come from LinkedIn when the candidate applies for job roles in AXA on LinkedIn website.

SECURITY OF PERSONAL DATA

The data controllers use appropriate technical and organizational measures to protect the Personal Data that the data controllers collect and process about you. The measures that the data controllers put in place are designed to ensure a level of security that is sufficient in light of the risks associated with the processing of your Personal Data in accordance with AXA Group standards. You can find more information in the Country-Specific Privacy Notices as set out above.

RECIPIENTS OR CATEGORIES OF RECIPIENTS AND NON-EU TRANSFERS

The data controllers will communicate your personal data only to identified and authorized recipients.

In addition to any recipients set out in the relevant Country-Specific Privacy Notices as set out above, these recipients include:

AXA Group Operations (France) in charge of the integration of the platform and the management of IT support;
Local AXA entities: authorized persons involved in the recruitment process such as human resources (recruiters only), manager(s) involved in your recruitment process;

AXA Group Operations (Portugal), subcontractor of AXA Group Operations and in charge of the processing of requests to exercise rights;
iCIMS (United States, United Kingdom, Germany, Ireland) and its subcontractors, in charge of the maintenance of the platform, the management of the access to the CRM and the delivery of reports (aggregated data) of the platform use; this recruitment platform supports the recruiters for preselection of CV already available on the platform (for the purpose n°1) Management of the recruitment process and for purpose 3) Management of internal mobility of AXA employees (purpose n°3);
LinkedIn Recruiter System Connect (“LinkedIn RSC”);
Aon (Germany), subcontractor of AXA Germany.

For countries or jurisdictions that do not provide an adequate level of protection, data controllers provide safeguards to ensure the security and confidentiality of your personal data and frame this transfer either by:

the Standard Contractual Clauses adopted by the European Commission or similar where required by local regulation (eg. International Data Transfer Agreement in the UK),

when your personal data is transferred to other AXA Group entities, by the Group's Binding Corporate Rules (available via the following link - Learn More section: https://www.axa.com/fr/a-propos-d-axa/nos-engagements). These Binding Corporate Rules apply to relationships between entities, including those located in countries that do not provide an adequate level of protection.

DATA RETENTION PERIOD

For the purposes 1) concerning the management of the recruitment process of external candidates, 3) concerning the internal recruitment, 4) concerning the provision of the matching test, 6) concerning the referral of internal candidates and 7) concerning GIGs, the data retention period will usually depend on the country of the AXA entity to which you are applying. . Please refer to the link below according to your country : click here.

For the purpose 2) concerning the constitution of a CV-library and the sending of job adverts, the data retention period is 6 months after your consent in the active database.

For the purpose n°5) concerning the administration of the platform, the retention period should be defined following the purposes identified above. Deletion regarding cookies (6 months from the first consent) should be implemented and effective.

There is a restricted data processing (archiving data) before purging your data (purpose 8), meaning that AXA overwrites the email with a pseudo email and changes the person folder to “restricted processing”. That restricted data processing is strictly necessary for evidence purposes in case of litigation. The record stays in the platform based on country retention period and then it is purged.

DATA SUBJECTS’ RIGHTS 

Where relevant, in accordance with the French "Informatique et Libertés" law n° 78-17 of 6 January 1978 and the GDPR, you have the right to:

access your personal data;
rectify your personal data;
request erasure of your personal data, except if the processing is based upon the respect of a legal obligation of the data controllers;
request to obtain the restriction of the processing of your personal data, unless you have given your consent, if your data are necessary for the establishment, exercise or defense of legal rights, if your data are necessary for the protection of the rights of another natural or legal person or if the use of your data is justified by important reasons in the public interest of the Union or a Member State;
request the portability of your personal data, when your personal data are processed automatically on the basis of your consent or the execution of a contract binding you to the data controllers;
decide on the fate of your personal data after your death (French law only.

For processing with the purpose n°4) Provision of the matching test, n°5) Administration of the platform, the purpose n°6) Referral of internal candidates, the purpose n°7) Development of AXA Employees’ expertise & skills (GIG) and the purpose 8) : Restricted data processing (archive) you also have the right to object, at any time, for reasons relating to your particular situation, to the processing of your personal data.

For processing with purpose n°2) Management of CV-library and of the sending of job adverts, please note that you can change your consent type at any time. If you decide to do so, you will no longer receive information about potential new roles. The withdrawal of your consent does not affect the legality of the processing previously carried out.

To contact the DPO or exercise your rights, the contact details are as follows:

For GIE AXA, the contact details are as follows:

23 avenue Matignon, 75008, Paris
privacy@axa.com

For AXA local entities: please refer to the contact information provided above or by the entity that employs you.

You may be asked for information to confirm your identity and/or to assist the Company to locate the data you are seeking as part of our response to your request.

THE RIGHT TO MAKE A COMPLAINT TO A SUPERVISORY AUTHORITY

Finally, you have the right to raise any concerns about how your personal data is being processed with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place where you think an alleged infringement to your rights occurred.

UPDATES TO THIS PRIVACY NOTICE

The joint data controllers may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When the data controllers update this privacy notice, the data controllers will take appropriate measures to inform you, consistent with the sgnificance of the changes the data controllers make. The data controllers will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws.

This Privacy Notice was last updated on May 16 h, 2024.