Its purpose is to inform you about how YesWeHack processes your personal data when you are browsing the Site and use its services, in compliance with the applicable regulations on the protection of personal data - Regulation (EU) 2016/679 of 27 April 2016 (RGPD) and Law 78-17 of 6 January 1978 as amended.
- Personal Data is any information relating to an identified or identifiable person that identifies the person directly (e.g. the surname and the first name) or indirectly (e.g. connection data). (Article 4 (1) of the GDPR)
- Processing (of Personal Data) is any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether by automated means, such as: collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, reconciling or linking, limiting, erasing or destroying (Article 4 (2) of the GDPR)
- The Controller determines the purposes and means of Processing. (Article 4 (7) of the GDPR)
- The Processor processes Personal Data on behalf of and on the instructions of the Controller. (Article 4 (8) of the GDPR)
What is YesWeHack's role ?
YesWeHack is the Data Controller as defined by the RGPD, i.e. it decides on the purpose and means of the Personal Data Processing carried out in relation to visitors of the Site and Users of the services offered on this Site.
What Data Processing is carried out by YesWeHack on the Site (purpose) and on what legal basis?
|THE SITE https://jobs.yeswehack.com|
|Purpose||Legal basis||Data collected||Retention period|
|Management and administration of the Site||Article 6 (1) (f) of the GDPR: Pursuit of legitimate interests, with due respect for the fundamental rights and freedoms of data subjects [Legitimate interest of YesWeHack: management of the site]||Login data: hashed IP address, date and time of connection, location.||Your data is kept for one (1) year. At the end of this period they are deleted.|
|Management of the "Applicant" account creation form available here||Article 6 (1) (b) of the GDPR - performance of the contract [T&C's]||Email, password, pseudo, first name, last name, date of birth, phone number, address (address, zip code, city, country), geographical mobility, looking for a job, desired position(s), social media and internet (website, blog, Github, twitter, linkedin...)||Your Data is retained for two (2) years from the date of your last interaction on your account. After this period, it is deleted.|
|Management of the "Company" account creation form available here||Article 6 (1) (b) of the GDPR - performance of the contract [T&C's]||Email, password, contact name, contact email, contact phone number||Your Data is retained for two (2) years from the date of your last interaction on your account. After this period, it is deleted.|
|Management of applications to offers||Article 6 (1) (b) of the GDPR - performance of the contract [T&Cs]||Professional data (message, CV)||Your Data is retained for two (2) years from the date of your last interaction on your account. After this period, it is deleted.|
|Management of user's rights||Article 6 (1) (c) of the GDPR - YesWeHack's compliance with the GDPR||Identification and contact data: name, first name, e-mail. Subject of the request: right concerned||Your Data are kept for 6 years for the exercise of the right of opposition (criminal statute of limitations) and for 1 year for other rights (criminal statute of limitations), after these periods they are deleted.|
Who are the recipients of your Personal Data?
Internal recipients of your Personal Data are the authorized staff of YesWeHack.
The external recipients of your Personal Data are Processors who process data on behalf of YesWeHack:
- OVH for the hosting of the site (private cloud/dedicated server) - 2 rue Kellermann - 59100 ROUBAIX ;
- Encrypted back up of dedicated servers - OVH Germany (Frankfurt)/SCALEWAY (Ile-de-France).
YesWeHack does not share any of your information with third parties.
The fact of applying for a job or answering an advertisement from a recruiter on the Site entails the transmission of your data to this recruiter, so that it can contact you to follow up on your request for this same offer.
What are your rights?
Regarding the use of the Sites, you have the following rights under the conditions provided for in the regulations:
- The right of access, rectification and erasure of your data (articles 15 to 17 of the GDPR);
- The right to withdraw your consent (opt out) at any time (article 13-2(c) of the GDPR);
- The right to restriction of Processing of your data (article 18 of the GDPR);
- The right to object the Processing of your data (article 21 of the GDPR);
- The right to data portability (article 20 of the GDPR);
- The right to file a complaint with the CNIL (the French data protection authority);
- The right to issue instructions allowing access to your data in the event of death (article 85 of the modified “Informatique et Liberté” French Act).
You can exercise these rights by e-mail at firstname.lastname@example.org, specifying the right you wish to exercise and attaching proof of your identity (if necessary) or a power of attorney if you are being represented.
Contact details of the DPO (Data Protection Officer): email@example.com.
Are there cookies on the Site?
Updating of the Data Protection Policy
We reserve the right to make any changes to this document. You are invited to consult this page regularly to take note of any new information that may be modified or added.