Candidate privacy policy

What is the purpose of this policy?

Just as we protect our employees, we also prioritise the confidentiality of personal data belonging to candidates applying for positions at NG Biotech SAS.

Our data privacy policy reflects our commitment to complying with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

This policy applies only to the processing we carry out ourselves and not to the processing that may be carried out by external recruiters or recruitment websites to assist us in selecting candidates.

If you would like more information about the processing carried out by external recruiters or recruitment websites, please contact them directly.

Who is this policy for?

The privacy policy applies to you during the recruitment process (e.g. application for a job offer, unsolicited application, recruitment via an external agency, etc.) for a job with us, regardless of the duration or nature of the contract offered (e.g. permanent employee, temporary worker, intern, etc.).

Why do we process your data and on what basis?

As a recruiter, we necessarily process your data to manage recruitment (e.g. interviews, processing applications, salary negotiations, etc.), any travel that may be required as part of the recruitment process, and the security of our premises.

Processing is carried out on the basis of the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.

We undertake to process your data only for the reasons and on the grounds mentioned above.

What data do we process and for how long?

Below is a summary of the categories of personal data we collect directly from you or through external recruiters, as well as their respective retention periods.

  • Personal and professional identification data and contact details (e.g. surname, first name, date of birth, nationality, email address, telephone number, etc.) are retained for the duration of the recruitment process.
  • Data relating to personal and professional life (e.g. diplomas, certificates, age, marital status, driving licence, etc.) for the duration of the recruitment process.
  • Economic and financial data (e.g. salaries, bonuses, etc.) for the duration of the recruitment process.

More generally, we keep your CV for a maximum of two years after your application, unless you request otherwise by sending an email to rgpd@ngbiotech.com.

At the end of the retention periods summarised above, we delete all your personal data in order to guarantee your confidentiality for years to come.

The deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we can only retain anonymous data for statistical purposes.

However, if you are hired, the data collected during the recruitment process will be automatically transferred to your personal file and will be subject to the Employee Data Privacy Policy.

Furthermore, in the event of a dispute, we are also obliged to retain all data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data.

  • Right to request access to and a copy of your personal data, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
  • Right to rectify personal data that is inaccurate, obsolete or incomplete.
  • Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
  • Right to restrict your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
  • Right to give instructions on the fate of your data in the event of death, either through you, a trusted third party or a beneficiary.

For a request to be considered, it must be made directly by you at rgpd@ngbiotech.com. Any request not made in this manner cannot be processed.

Requests cannot be made by anyone other than yourself, and we may ask you to provide proof of identity if we have any doubts about the identity of the person making the request.

We will respond to your request as soon as possible, within a maximum of three months of receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who can access your data?

We only share your data with persons duly authorised to use it in order to provide you with our services. These are mainly our human resources staff, the team wishing to recruit a candidate, or the staff responsible for the security of our premises.

How do we protect your data?

We implement all the technical and organisational measures required to ensure the security of your data on a daily basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data (e.g. secure access, antivirus software, etc.).

Can your data be transferred outside the European Union?

Unless it is strictly necessary and in exceptional circumstances, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we do our utmost to only recruit service providers who host your data within the European Union.

In the event that our service providers are nevertheless required to transfer your personal data outside the European Union, we take great care to ensure that they implement the appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer (DPO) is always available to explain in more detail how we use cookies and to answer your questions on the subject of personal data at rgpd@ngbiotech.com.

How can you contact the CNIL?

You can contact the French data protection supervisory authority (the “Commission nationale de l’informatique et des libertés” or “CNIL”) at any time at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the policy be changed?

We may amend our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will, of course, be informed of any changes to this policy.

Certified compliant by Dipeeo ®

 

 

Last update: 23/10/2025

Text Widget
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus quis neque vel quam fringilla feugiat. Suspendisse potenti. Proin eget ex nibh. Nullam convallis tristique pellentesque.