disclaimer and INFORMATION NOTICE
MANAGEMENT OF RECRUITMENT AND RELATED PROCESSING

disclaimerS

You are informed:

that your personal data will be shared with recruitment teams from AXA Group to allow you to have a good visibility of your applications and profiles and in the absence of opposition from you. If you want to oppose to this sharing, please directly send your application to the recruiter or the local AXA entity mentioned on the job offer;
that robots will support the recruiters for preselection of CV already available on the platform (for the purpose n°1: Management of the recruitment process);
for internal candidates of the AXA Group, that robots will support your job search by using the recruitment platform (purpose n°5);
that information, messages and any attachments (hereinafter "the information") that you upload to the tool are under your responsibility. The information remains confidential, communicated exclusively to its authorized recipients and may be modified at any time. Please do not include any sensitive or confidential personal data in the free text field.

Furthermore, you are reminded, as a future/actual user of the platform, that the information is uploaded into the tool solely for the purposes of managing the recruitment of your application(s) for a position and the associated processing described below. You are informed that the tool is not intended to be used for any other purpose.

Finally, once you are contacted by a local AXA entity about your application, the recruitment process is managed in compliance with applicable local laws and regulations.

GENERAL INFORMATION NOTICE ON THE PROTECTION OF YOUR PERSONAL DATA
Data controllers
Act as data joint controllers in the context of the processing of your personal data (i.e. they jointly determine the purposes n°1, 2, 3, 5 & 6 and means of the processing of your information):

GIE AXA, an economic interest grouping, organized under the laws of France, having its registered office at 23 Avenue Matignon, 75008 Paris, registered with the Registry of Commerce and Companies of Paris under number 333 491 066,
AND
The AXA entities concerned.
GIE AXA also acts as an independent data controller in the context of the processing of your personal data for the purpose n°4 detailed below.

DPO'S CONTACT DETAILS
The Data Protection Officers (DPO) of each entity can be contacted by mail or e-mail address. Please refer to the dedicated addresses indicated by the AXA entity concerned and available below:

AXA Belgium: privacy@axa.be
AXA GO: privacy.axaservices@axa.com
AXA IM dataprivacy@axa-im.com
AXA Partners: Clp.fr.dataprivacy@partners.axa
AXA XL: legalcompliance@axaxl.com
AXA Hong Kong: hk.dpo@axa.com.hk

The Data Protection Officer (DPO) of the GIE AXA can be contacted at the following addresses:

23 avenue Matignon, 75008, Paris
privacy@axa.com

PURPOSES OF PROCESSING, LEGAL BASIS AND CATEGORIES OF personal DATA PROCESSED

PURPOSES OF PROCESSING Of YOUR PERSONAL DATA	LEGAL BASIS	CATEGORIES OF personal DATA PROCESSED
Purpose n°1): Management of the recruitment process	The legal basis for the processing of your personal data legitimizing this purpose is the execution of pre-contractual measures (Art. 61.b) GDPR).	Purposes n°1) et 2): Identification data, such as: first name, last name, gender (Mr./Ms.) (optional), photo (optional), date of birth or age (may be collected on your resume), personal phone number, personal email address, nationality; Personal life data: family status (may be collected on your resume), hobbies (may be collected on your resume); Professional data, such as : interests, skills (a minimum of one topic) or CV (file or link to LinkedIn), YES employee number, professional email, local ID, job title, manager's name, professional family and sub-family, work site, business unit, assignment categories (local terms, short or long term assignment), Contract type (permanent or fixed term contract), seniority date (job seniority date, entity seniority date or AXA seniority date), geographic mobility (willing to relocate nationally/internationally), management position, business phone number; Platform connection data: PassAXA (internal candidates of AXA Group), technical cookies and performance and third-party cookies (optional). To the extent strictly authorized by law, special categories (i.e. data revealing the so called “racial” or ethnic origin of an individual, their political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data or data concerning their sex life or sexual orientation) of Personal Data can be processed on the CV as follow: Health Data, such as status of disabilities or percentage of disabilities for the purpose of complying with obligations owed to disabled employees and in accordance with Article 9-2-h of the GPDR.
Purpose n°2: Management of CVbank	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). The legitimate interests pursued by the data controllers consist in the possibility of offering the applicant the possibility of being called back by another AXA entity located in the same geographical area. For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.
Purpose n°3): Management of the sending of job offers (newsletter)	The legal basis legitimizing this purpose is the application of consent (Art. 6 1.a) GDPR). Please note that you can withdraw this consent at any time. If you decide to do so, you will no longer receive job offers from the Data Controllers. The withdrawal of your consent does not affect the lawfulness of the processing previously carried out. When you are recommended by an AXA employee, the legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.	Identification data, such as: personal email address; Connection data to the platform: PassAXA (internal candidates of AXA Group)
Purpose n°4): Administration of the platform (monitoring of use and functioning)	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.	Professional data: professional email address, job position of the user account; connection data: PassAXA (internal candidates of AXA Group).
Purpose n°5): Provision of a fitscore to assist internal candidates of AXA Group in their choice of application	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR). The legitimate interests pursued by the data controllers consist in the possibility of offering the candidate a better vision of the positions that correspond to him/her by attributing a "fit" with the position (good fit, potential fit or no mention). For GIE AXA, you can obtain information on the matching test on request by writing to the following address: privacy@axa.com.	It is the match between the data of the job offer and some data filled in by the candidate which are the following: skills (key words); job family (i.e. compliance, finance, security etc.); desired place of work; type of contract (fixed-term contract, permanent contract, internship, work experience).
Purpose n°6): Referral of external candidates	The legal basis for the processing of your personal data legitimizing this purpose is the application of the legitimate interest (Art. 6 1.f) of the GDPR. The legitimate interests pursued by the data controllers consist in the possibility of obtaining recommendation from its employees on potential candidates and helping recruiters in the pre-selection of candidates.	Identification data, such as: first name, last name, personal email address, personal phone number (optional); Professional data: resume (optional), job category, preference in the location of the job offer (optional).

MANDATORY NATURE OF DATA COLLECTION AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE such DATA

The provision of this information is mandatory in order for the data controllers to be able to evaluate your application or to send you the various job offers offered by the data controllers.
If you do not provide this information, you will not be able to be called back by recruiters or to receive the various job offers offered by the Data Processors.

THE SOURCE OF THE personal DATA IN CASE OF INDIRECT COLLECTION

When you are an employee of an AXA entity, your profile is created by the human resources of the AXA entity concerned and some data is already present in other human resources databases.

When you are an external candidate, you can share personal information with an AXA employee to be referred (purpose 6. Referral of external candidates). In this case, the AXA employee will be in charge of the transfer of your personal information to AXA recruiters and the follow-up of your status.

SECURITY OF PERSONAL DATA The data controllers use appropriate technical and organizational measures to protect the Personal Data that the data controllers collect and process about you. The measures that the data controllers put in place are designed to ensure a level of security that is sufficient in light of the risks associated with the processing of your Personal Data in accordance with AXA Group standards.

RECIPIENTS OR CATEGORIES OF RECIPIENTS AND NON-EU TRANSFERS

The data controllers will communicate your personal data only to identified and authorized recipients.

These recipients are:

AXA Group Operations (France) in charge of the integration of the recruitment platform and the management of IT support;
Local AXA entities: authorized persons involved in the recruitment process such as human resources (recruiters only), manager(s) involved in your recruitment process;
Cap Gemini (India), subcontractor of AXA Group Operations and in charge of the processing of requests to exercise rights;
Phenom People (United States, Netherlands, United Kingdom, India) and its subcontractors, in charge of the maintenance of the recruitment platform, the management of the access to the CRM and the delivery of reports (aggregated data) of the platform use.

For countries that do not provide an adequate level of protection, data controllers provide safeguards to ensure the security and confidentiality of your personal data and frame this transfer either by:

the Standard Contractual Clauses adopted by the European Commission,
when your personal data is transferred to other AXA Group entities, by the Group's Binding Corporate Rules (available via the following link - Learn More section: https://www.axa.com/fr/a-propos-d-axa/nos-engagements). These Binding Corporate Rules apply to relationships between entities, including those located in countries that do not provide an adequate level of protection.

DATA retention period

For the purposes 1), 2), 5) and 6) concerning the management of the recruitment process, the constitution of a CV-library, the provision of a fitscore and the referral of external candidates, the data retention period depends on the country from where the data subject is. Please refer to the link below according to your country (click here). However, for France it is 6 years from the leave of the employee from AXA Group or from the inactivity of the data subject on his/her own account AXA Group. 6 years is the limitation period for offenses in France. The objectives of this duration are to protect AXA from any action related to employment discrimination.

For the purpose n°3) concerning the sending of job offers (newsletter), the duration of conservation of your data depends on the withdrawal of your consent. However, after two (2) years of inactivity on the platform, the sending of these newsletters will be deleted.
For the purpose n°4) concerning the administration of the platform, the retention period should be defined following the purposes identified above. Deletion regarding cookies (6 months from the first consent) should be implemented and effective.

DATA SUBJECTS’ RIGHTS

In accordance with the French "Informatique et Libertés" law n° 78-17 of 6 January 1978 and the GDPR, you have the right to:

access your personal data;
rectify your personal data;
request erasure of your personal data, except if the processing is based upon the respect of a legal obligation of the data controllers;
request to obtain the restriction of the processing of your personal data, unless you have given your consent, if your data are necessary for the establishment, exercise or defense of legal rights, if your data are necessary for the protection of the rights of another natural or legal person or if the use of your data is justified by important reasons in the public interest of the Union or a Member State;
request the portability of your personal data, when your personal data are processed automatically on the basis of your consent or the execution of a contract binding you to the data controllers;
decide on the fate of your personal data after your death.

For processing with purpose n°2 Management of Cvbank, the purpose n°3 Management of the sending of job offers (newsletter) for referred candidates by an AXA employee, the purpose n°4 Administration of the platform (monitoring of use and functioning), the purpose n°5) Provision of a fitscore to assist internal candidates of AXA Group in their choice of application and the purpose n°6) Referral of external candidates, you also have the right to object, at any time, for reasons relating to your particular situation, to the processing of your personal data.

For processing with purpose n°3 Management of the sending of job offers (newsletter) except for referred candidates by an AXA employee, please note that you can withdraw this consent at any time. If you decide to do so, you will no longer receive job offers. The withdrawal of your consent does not affect the legality of the processing previously carried out.
In any case, you have the right to object to the marketing of your data.  Please note that AXA Group does not market your personal data.
To contact the DPO or exercise your rights, the contact details are as follows:

For GIE AXA, the contact details are as follows:
- 23 avenue Matignon, 75008, Paris
- privacy@axa.com
For AXA local entities: please refer to the contact information provided by the entity that employs you.

You may be asked for information to confirm your identity and/or to assist the Company to locate the data you are seeking as part of our response to your request.

THE RIGHT TO MAKE A COMPLAINT TO A SUPERVISORY AUTHORITY

Finally, you have the right to raise any concerns about how your personal data is being processed with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place where you think an alleged infringement to your rights occurred.
In France, the data protection authority is the Commission nationale de l'informatique et des libertés, or “CNIL” - 3 place de Fontenoy - TSA 80715 – 75334 Paris Cedex 07.

UPDATES TO THIS PRIVACY NOTICE

The data joint controllers may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When the data controllers update this privacy notice, the data controllers will take appropriate measures to inform you, consistent with the significance of the changes the data controllers make. The data controllers will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws.
This Privacy Notice was last updated on January, 27^th 2022.

PURPOSES OF PROCESSING Of YOUR PERSONAL DATA

LEGAL BASIS

CATEGORIES OF personal DATA PROCESSED