Applicant data privacy policy - Buyco
Select Page

Applicant data privacy policy

How useful is this policy ?

In the same way as protecting our employees, the confidentiality of the personal data of applicants for positions within our organization is a priority for us.

The data privacy policy specifically demonstrates our commitment to ensuring compliance with applicable data protection rules and, in particular, those of the General Data Protection Regulation (“GDPR”).

The privacy policy aims to inform you about how and why we process your data when you apply for a position with us.

This policy only addresses the processing that we carry out ourselves and not the processing that may be carried out by external recruiters in order to assist us in the selection of candidates.

If you would like more information about the processing carried out by external recruiters, please contact them directly.

Who does this policy apply to ? 

The privacy policy applies to you during the recruitment process (e.g. application to a job offer, unsolicited application, recruitment via an external firm, etc.) for a position with us, regardless of the duration or nature of the proposed contract (e.g. salaried position, temporary worker, trainee, etc.).

Why do we process your data ? 

As a recruiter, we necessarily need to process your data in order to manage hiring (e.g. interviews, processing of applications, salary negotiations, etc.), any travel that may occur in connection with recruitment and the security of our premises.

Processing is carried out on the basis of the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates.

We undertake to process your data only for the purposes and on the basis set out above.

What data do we process and for how long?

We have summarized below the categories of personal data we collect directly from you or through external recruiters, as well as their respective retention periods.

  • Personal and professional identification and contact data (e.g. surname, first name, date of birth, nationality, e-mail address, telephone number, etc.) retained for the duration of the recruitment process.
  • Personal and professional data (e.g. diplomas, certificates, age, marital status, driving license, etc.) for the duration of the recruitment process.
  • Economic and financial data (e.g. salaries, bonuses, etc.) for the duration of the recruitment process.

More generally, we keep your CV for a maximum of 2 years after you have applied for a job, unless you instruct us otherwise at

Once the above retention periods have expired, we delete all your personal data to guarantee your confidentiality for future years.

The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At the most, we may only retain anonymous data for statistical purposes.

On the other hand, in the event of hiring, your data collected during the recruitment process is automatically transferred to your personal file and becomes subject to the Employee Data Privacy Policy.

Furthermore, in the event of litigation, we are also obliged to retain all data concerning you for the duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your data ? 

The applicable data protection regulations grant you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.

  • The right to request access to and a copy of your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
  • The right to rectify any personal data that may be erroneous, obsolete or incomplete.
  • The right to request the deletion (“right to be forgotten”) of personal data that is not essential to the proper functioning of our services.
  • The right to restrict the use of your personal data in the event of a dispute over the legitimacy of processing.
  • The right to give instructions concerning the fate of your data in the event of your death, either through you or through a trusted third party or beneficiary.
  • Droit de demander l’accès et la copie de vos données personnelles dès lors que cette demande n’est pas en contradiction avec le secret des affaires, la confidentialité, ou encore le secret des correspondances.

For a request to be taken into account, it must be sent directly by you to Any request that is not made in this way cannot be processed.

Requests cannot be made by anyone other than you, and we may ask you to provide proof of identity if there is any doubt about the identity of the person making the request.

Please note that we can always refuse to respond to any excessive or unfounded request, particularly in view of its repetitive nature.

Who can access your data ?

We only share your data with people who are duly authorized to use it to provide you with our services. These are mainly our human resources staff, the team recruiting a candidate or the staff in charge of security on our premises.

How do we protect your data ?

We implement all the technical and organizational means required to guarantee the security of your data on a day-to-day basis and, in particular, to combat any risk of unauthorized destruction, loss, alteration or disclosure of your data (e.g. anti-virus, locked offices, information systems charter, PSSI, anti-spam, passwords, “HTTPS”, etc.).

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union, and your data is always hosted on European soil. Furthermore, we do our utmost to recruit only service providers who host your data within the European Union.

Should our service providers nevertheless transfer your personal data outside the European Union, we scrupulously ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information ?

Notre Délégué à la protection des données (“DPO”) est toujours à votre disposition pour vous expliquer plus en détail la manière dont nous utilisons des cookies et pour répondre à vos questions sur le sujet des données personnelles à l’adresse

How can you contact the CNIL ?

You may at any time contact the French data protection supervisory authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone at

Can the policy be changed ?

We may modify our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any changes to this policy.

Certified compliant by Dipeeo ®