Job Applicants Privacy Notice of Unblokt Technology
S.A.S

Last Update: 28th September 2024

As a responsible company, Unblokt Technology S.A.S., a limited company incorporated under the laws of France, having its corporate seat at Bureau 46 49-51 rue de Ponthieu 75008 Paris, France, registered under the trade register number 984 116 566 (“ComPilot”) is aware that it is very important to you to understand how we collect, store, share and use your personal data as job applicants. We are committed to ensuring that the personal data of our job applicants is handled in accordance with the principles set out in the applicable legislation.

This privacy notice tells you what to expect when ComPilot collects personal information about you. It applies to our job applicants. However, the information we will process about you will vary depending on your personal circumstances. ComPilot is the controller for this information unless this notice specifically states otherwise. You may contact us at: Bureau 46 49-51 rue de Ponthieu 75008 Paris, France.

Please review this privacy notice carefully before applying for a job with us bearing in mind that you should read it in conjunction with any other additional documents we may address to you. Please note that this privacy notice does not grant you any contractual rights, nor creates legal obligations for us. When appropriate we will provide a “just in time” notice to cover any additional processing activities not mentioned in this notice. For further questions, you may contact us at DPO@compilot.ai.

How do we get your information

We may get information about you from the following sources:

• directly from you;
• from recruitment agencies;
• from referees, either external or internal;
• your previous or current employers with the aim of obtaining recommendations or general feedback;
• public sources, such as professionally related social networks.

Should you provide us with information regarding another individual, you must make sure that the individual concerned is aware of it and is provided with a copy of, and made aware of the contents of, this notice.

What personal data we process and why

This notice applies to any personal data concerning you, regardless of the form they are incorporated in – such as emails, hard copies of documents or electronic documents. The categories of personal data will depend on the stage of the recruitment process.

Application stage

You may apply for a job with us:

• by using our online application system available on our website, where your details will be collected by on our behalf by a specialized service provider;
• by using an online application system available at a website of other specialized service providers, as the case may be;
• through a recruitment agency;
• through an internal referral.

At this stage we may process the following personal data concerning you:

• personal contact details such as your name, address, contact phone number and personal email addresses;
• your date of birth, gender, and photo (if attached);
• video and voice recordings (in case of a recorded video interview);
• your nationality and location;
• your employment and education history, including your previous experience and qualifications;
• employment references;
• right to work information;
• data contained in motivation letter (if attached or on additional request);
• data contained in certificates, diplomas, recommendations (if applied or on additional request);
• background verification information;
• information on the person who referred you;
• whether you agree that we retain the personal data provided by you for a longer period than the statutory one;
• other information you may provide us with.

Our recruitment team and hiring managers will have access to all this information.

Assessments

We may ask you to attend an interview or more than one interview depending on the role you apply for. This process will involve one or more recruitment specialists and hiring managers reviewing the data provided by you. During the interviews, information about you will be generated by you and by us. For example, we may ask you additional questions in order to assess whether you are a suitable fit for the position and we might take notes. This information is held by us.

We do not rely on automated decision-making processes that could affect employees without human intervention. If this changes, we will inform you and ensure that you have the right to request human intervention, express your views, and contest the decision.

Job offer

If you accept our offer, we will need some additional information from you in order to prepare the contractual documentation for your engagement, for example:

• full name and date of birth (if we do not have this data already);
• unique identification number;
• citizenship;
• permanent residence address and residual address, if any;
• highest level of completed educational degree;
• phone number (if we do not have this data already);
• personal email address used for registration at evergonlabs.com application (if we do not have this data already).

We may also request some data contained in paper copies of specific documents, for example:

• bank details including IBAN as issued by your bank;
• copy of your last obtained diploma confirming your degree, specialization, qualification, certification, scientific title or scientific degree;
• document showing national tax authority number.

We do not use your data for automated individual decision making, which means we do not take decisions about you by way of technological means and without personal participation.

Lawful basis for processing your personal data

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. You may contact us if you need details about the specific legal basis we are relying on to process your personal data:

• processing is necessary to take steps at your request prior to entering into a contract (for instance, in order to administer your application);
• processing is necessary for compliance with a legal obligation to which we are subject (for instance, collecting of specific documents, including permissions by relevant authorities);
• processing is necessary for the purposes of the legitimate interests pursued by us as your potential employer or contracting entity and our interests do not contradict to your interests, fundamental rights or freedoms (for instance, the interest in assessing your suitability for a role you have applied for, organizing and conducting of interviews, selection of the most suitable candidates and hiring of those among them who have the necessary experience and skills for working with us, developing and improvement of our recruitment process, etc.).

Special category of data

We may process information you provide as part of your job application which is special category data, such as health information, for the purposes of performing our rights and obligations as your employer or performing the rights you have under labor law and the law in the field of social security and social protection, and as far as it is permitted by the European and national legislation. This may include health issues that could affect your employment with us, or any applicable disability status which may necessitate adjustments during the interview and/or recruitment process and/or workplace adjustments in general (where your application is successful and leads to a job offer).

In cases where we process sensitive personal data, such as health or biometric data, we will seek explicit consent from employees. Consent will be obtained through a clear, affirmative action, and you will have the right to withdraw your consent at any time by contacting our Data Protection Officer. However, withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

What will we do with the information you give us?

We will use all the information you provide during the recruitment process to:

• manage your application with a view to offering you a contract with us;
• assess your skills, qualifications and suitability for the role;
• carry out background and reference checks and other pre-employment vetting activities;
• communicate with you about the application and recruitment process;
• keep records related to our hiring process; and
• comply with our legal requirements (e.g., to verify that you, the candidate, are eligible to work in the respective country of your residence).

We also need to process your personal information to:

• decide whether to enter into an employment with you; and
• take the necessary steps prior to entering into a contract with you.

We will request your confirmation before contacting your previous or current employer(s) for a reference.

We may use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.

We will not share any of the information you provide with any third parties for marketing purposes.

How long we keep your personal data

We are committed to the principle of data minimisation, meaning that we only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes stated in this notice. We do not collect excessive data and ensure that personal information is processed in a manner that respects this principle.

We retain personal data in line with our internal Records, Retention & Erasure Guidelines. For example:

• Payroll records: 6 years (for tax compliance purposes).
• Performance reviews: 3 years after termination of employment.
• Health and safety records: 40 years (for compliance with health and safety legislation).

We may retain certain data beyond these periods for legal or regulatory reasons, but only as long as it is necessary.

In case legal proceedings are initiated by or against us in connection with your unsuccessful application, we will need to retain your information until the conclusion of those proceedings and the execution of the final decision rendered by the respective court or other relevant authority.

For more information, you may contact us at DPO@compilot.ai.

How we protect your personal data

We follow the necessary physical, technical and administrative security standards with the aim to protect your personal data from loss, misuse, alteration, destruction or damage, as required by law.

We are committed to the principle of data minimisation, meaning that we only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes stated in this notice. We do not collect excessive data and ensure that personal information is processed in a manner that respects this principle.

In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you without undue delay, following the requirements of GDPR. This notification will include details of the breach, the potential consequences, and the measures taken to mitigate the risk.

If you need more information on our security and privacy practices, we would be glad to give you more details – please contact us at DPO@compilot.ai. Do not forget that you also play a major role in the process of protection of your personal data and shall observe to whom you share your data and how you protect your communications and devices.

Data sharing

In some circumstances, such as under a court order, we may disclose your personal data to specific categories of persons, entities, state bodies or other organizations. We may also share information about you with third parties including external auditors.

Our service providers

We use service providers in order to facilitate the management of our business. Such may be, for example, lawyers or other legal advisors – in case of disputes or in regard to other legal procedures; experts – in order to comply with our obligations; other service providers, including the service providers listed in Annex A.

Inter entity agreements

Per our inter entity agreements, we may need to share your personal data with other entities bound by the agreements.

Data recipients upon reorganization and changes to our business

In case we are part of sale negotiations concerning our business or a part thereof, merging our business with other business, we are acquired by other business or we are subject to other kind of reorganization, we may have to share your personal data or a part thereof to the respective business or to its legal consultants as part of any due diligence process for the purposes of the analyzing of the proposed sale or reorganization. We may need to share your data to the reorganized business structure or to a third structure after the reorganization has been finalized.

State bodies

If required or provided by law and upon compliance with the statutory required procedure, we may share your personal data to the respective public authorities.

Your rights in relation to this processing

As an individual, you have certain rights regarding our processing of your personal data, including a right to lodge a complaint with a supervisory authority. The supervisory authority competent for France is the Commission Nationale de l'Informatique et des Libertés (CNIL). You may also seek a defense of legal claims before the competent court.

You may find more information on your rights here.

If you want to review, verify, correct or request the erasure of your personal information, or object to the processing of your personal information by us, or request that we transfer a copy of your personal information to another party, please contact us in writing, via DPO@compilot.ai.

If you raise a concern under our whistleblowing policy, your personal data will be processed in accordance with legal requirements, including the EU Whistleblower Protection Directive. We will take all reasonable steps to ensure that your identity remains confidential, unless disclosure is required by law.

Transfers of personal data

We transfer staff personal data outside the European Economic Area and when this is necessary, we ensure that we have appropriate safeguards in place.

The European Commission has decided that some countries ensure an adequate level of protection of personal data. Therefore, where we transfer personal data to such countries, no additional security measures are required.

When transferring personal data outside the EEA, we ensure that such transfers are carried out in compliance with GDPR, using legally recognised mechanisms such as:

• Countries deemed to have adequate data protection by the EU Commission.
• Standard Contractual Clauses (SCCs) approved by the EU or UK.
• Binding Corporate Rules (BCRs), where applicable.

You may request further details about the protections in place for international data transfers by contacting our Data Protection Officer.

In all other cases, we apply appropriate measures and guarantees, such as standard contractual clauses for data protection. You may obtain a copy of these standard contractual clauses by contacting us at DPO@compilot.ai.

Further information

Confidential references

In the course of the recruitment process, we may give or receive references about you. We usually treat such references as confidential. Please note that the personal data included in such confidential reference may be exempt from the right of access.

Annex A – Our service providers

Our service providers are third parties who provide certain parts of our staff services for us. We have contracts in place with them related to the processing of your personal information. You may find below more specific information in this respect.

‍

if you have any additional questions in this regard, please do not hesitate to contact us at DPO@compilot.ai.

‍