Recruitment Privacy Policy
At Thalys we respect your privacy. We are committed to protecting and processing your personal data in strict compliance with the data protection legislation, and in full transparency. Take a minute to familiarise yourself with our Recruitment Privacy Policy.
The purpose of this Privacy Policy is to inform you, in the most clear and concise way possible, about how we process your personal data when you apply for a job with Thalys. It explains:
1. Who is "responsible for processing"? Who is the "DPO" and preferred contact person? Who is concerned?
2. What data do we collect?
3. For what purposes and on what legal basis is your data processed?
4. How do we protect your data?
5. Who is your data transferred to?
6. What are your rights and how can you exercise them?
7. Where can you make a complaint about the processing of your data by Thalys?
8. How long do we keep your data?
9. How can you stay informed about changes to this Privacy Policy?
1. Who is "responsible for processing"? Who is the "DPO" and preferred contact person? Who is concerned?
"THI Factory" (hereinafter "Thalys") is data controller for processing your personal data available to it. This means that we, Thalys, determine the purposes and means of processing of this data and that we are your interlocutor and that of the supervisory authorities (the Belgian Data Protection Authority and the other European supervisory authorities) for any questions relating to its use.
We designated a Data Protection Officer or "DPO") as a single point of contact within our company with the following details:
Data Protection Officer
Our Privacy Policy applies to all individuals whose personal data is processed as part of the recruitment process.
2. What data do we collect?
Your personal data (hereinafter "your data") is data that allows your identification either directly (data such as your name and surname allows your immediate identification), or indirectly (data such as your postal code, your phone number or your contract number allows your identification indirectly).
We collect and process personal data that you provide directly to us (by sending your CV), or your personal data that is provided to us by a recruitment agency.
During our interactions with you, we may have to collect different data particularly :
• Identification data (surname, first name, address, e-mail address, etc.)
• Demographic data (such as gender, language, age)
• Education and training data (such as training, diplomas, certifications)
• Professional data (previous jobs and employers, periods without employment...);
• Personal skills (communication skills, organisational/managerial skills, digital skills...);
• Recording of images and sounds;
• Additional information that you choose to communicate to us
Thalys does not collect sensitive data, such as data revealing your race or ethnic origin, political, religious or philosophical opinions, trade union membership, health or sex life. Please be aware that if you choose to provide us with unsolicited sensitive data (for example in your CV), we will not take it into account during the recruitment process, but will store it for the period specified in section 8. How long do we keep your data?.
3. For what purposes and on what legal basis is your data processed?
The processing consists of any operation (manual or automated) on any personal data. We process your personal data for the purposes of recruitment including:
• allow you to submit your CV or application online;
• evaluate them in relation to our vacant positions;
• organise interviews (including by video and telephone)
• prepare your employment contract to offer you a job.
It is in our legitimate interest to put in place a recruitment process that allows us to select the best candidates and offer you the positions that best suit you.
4. How do we protect your data?
Thalys is committed to maintaining the confidentiality and security of your data and to implementing appropriate security measures to prevent the loss, destruction, misuse, unintentional modification or disclosure of your data:
• By updating security measures as the technology evolves, as needed
• By ensuring that your data are not accessible to unauthorised persons
• By performing periodic back-ups and storing this data on secure servers
• By deleting or anonymising your data at the end of the legal or contractual period or if Thalys does not need it any more for the for the purposes for which the personal data was collected.
5. Who is your data transferred to?
Thalys undertakes not to sell or rent your data to third parties.
A. Joint Controllers
When we work with a recruitment agency, they are jointly responsible with Thalys for processing your personal data in the context of this recruitment. You may contact both Thalys and the agency with which you are in contact to exercise your rights regarding your personal data.
B. Processors
To facilitate our recruitment process, we use specialised partners who act as processors and are related contractually to us (for example the the DigitalRecruiters software, published by the company BANKESS, to share job offers and to collect and manage applications.). They must then follow our instructions and respect the confidentiality of the data received on behalf of Thalys and may under no circumstances use them for any purpose other than the performance of services on behalf of Thalys.
Thalys ensures that these subcontractors:
• Only have data that are necessary for the performance of their tasks and,
• undertake, vis-à-vis Thalys, to treat this data in a secure and confidential manner and to use them only for the performance of their tasks.
C. Transfers abroad
In the context of recruiting, we do not transfer your data outside the European Economic Area.
6. What are your rights and how can you exercise them?
In accordance with the law, you have a right of access, a right of rectification, a right of erasure and a right to portability of your data. In certain cases, you also have the right to object to or restrict its processing.
These rights are free and can be exercised at any time.
A. General rights
• Right of access: You have the right to access the data concerning you and to receive a copy.
• Right of rectification: We take all reasonable steps to ensure that the data we hold is up-to-date and to delete data that is incorrect or no longer required for processing.
We encourage you to access your account (if applicable) from time to time to view your data to ensure it is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
• Right to erasure ("right to be forgotten"): in certain circumstances (for example when you withdraw your consent or when the processed data is no longer necessary for the purpose of the processing), you have the right to ask us to delete your data.
• Right to restrict the processing: you may request the limitation of the processing of your data, in which case your data will no longer be processed (but will be retained).
• Right to data portability: you have the right to the data you have provided being transmitted to you in a structured format, or being transmitted directly by Thalys to another controller.
• Right of opposition:
o When the processing of your data is based on a legitimate interest, you have the right to object to it at any time. However, be aware that in this case, Thalys has the right to present you with its legitimate reasons justifying the continuation of processing.
· You always have the right to object, at any time and without charge, to the processing of your data in the context of direct marketing and no exception can be opposed by Thalys. It also includes the right to object to profiling as it relates to direct marketing.
B. Who can you contact?
To exercise your rights, simply contact our DPO (data.protection@thalys.com).
When you send us, an application relating to your rights, please provide us with your full contact details (name, surname, e-mail(s), full postal address) and please attach copy of the front and back of your card to prevent abuse and to ensure the security of your data.
7. Where can you make a complaint about the processing of your data by Thalys?
If you believe that there is a violation of the privacy legislation, you have the right to lodge a complaint about the processing of your data with the Data Protection Authority, whose contact details are as follows:
Autorité de Protection des Données
Rue de la Presse 35
1000 Brussels
Tel: +32 2 274 48 00
E-mail: contact@apd-gba.be
8. How long do we keep your data?
If your application results in an employment relationship we will keep your data for the periods determined by Belgian law, and specified in our Privacy Policy for employees.
If your application is not successful, we will keep your data for a maximum period of two years after the end of the recruitment procedure, in case another position corresponding to your application becomes available.
9. How can you stay informed about changes to this Privacy Policy?
In a changing world where technologies are constantly evolving, we draw your attention to the fact that this Privacy Policy is subject to change.
We therefore invite you to regularly consult the latest online version of this Policy and we will inform you via the website or through other usual channels of communication (for example, by e-mail) of any changes to the Privacy Policy.