Version: 2.0 — Update date: February 11, 2025.‍

Candidate Data Protection Policy

Polaria Technologies is committed to protecting the privacy of its candidates and to ensuring the security of their personal data, in accordance with the General Data Protection Regulation (RGPD) and applicable French legislation. This policy explains how Polaria Technologies collects, uses, maintains, and protects the personal data of candidates as part of its recruitment processes.

1. Responsible for the treatment

The person responsible for processing candidate data is POLARIA TECHNOLOGIES, a company registered with SIREN 849 997 945, whose head office is located at 15 rue des Halles, 75001 Paris. As such, Polaria Technologies determines the purposes and means of processing personal data collected in the context of recruitment.

2. Personal data collected

In the context of recruitment, Polaria Technologies may collect and process various categories of personal data concerning candidates, in particular:

-Identification and contact data: name, first name, postal address, email address, telephone number, etc.
-Application documents: curriculum vitae (CV), cover letter, portfolio or personal work if applicable.
-Evaluation elements: results of possible technical or psychometric tests, notes taken during interviews, video recordings of interviews and automatic transcripts of these interviews (if applicable).
-Other data related to recruitment: salary expectations, availability, professional references, and in general any information provided by the candidate as part of his application.

Polaria Technologies ensures that it only collects data that is relevant and necessary for the purposes set out below.

3. Purposes of the treatment

Candidates' personal data is collected and used for the following purposes:

-Recruitment management: process and monitor applications, organize interviews, communicate with candidates throughout the recruitment process.
-Assessment of skills and qualifications: assess the adequacy of the candidate's profile with the proposed position, through the analysis of the CV, the results of any tests and interviews carried out.
-Establishment of a CV library (pool of candidates): with the consent of the candidate, keep the applications received in order to constitute a talent pool in order to subsequently offer other professional opportunities that may correspond to their profile.
-Improvement of the recruitment process: analyze recruitment data in an aggregated manner (for example, response rate, duration of the process, etc.) in order to optimize our recruitment methods and the candidate experience.

Each treatment carried out on candidate data pursues a specific, legitimate and explicitly determined purpose. The data will not be further processed in a manner that is incompatible with these initial purposes.

4. Legal basis for processing

Polaria Technologies processes candidate data only when there is an appropriate legal basis for doing so. Depending on the situation, the processing of candidate data is based on:

-Candidate consent — For example, the candidate agrees to provide information in their application and may consent to their data being kept for future opportunities (CV library). This consent may be withdrawn at any time, without retroactive effect, by contacting Polaria Technologies.

-The legitimate interest of the company — Polaria Technologies may have a legitimate interest in processing certain candidate data, in particular to improve its recruitment process, build a pool of talented candidates, or ensure the security and effective organization of interviews. In any case, this legitimate interest only exists if it does not disproportionately affect the rights and freedoms of candidates.

-The execution of pre-contractual measures — This basis applies when the processing is necessary to take measures at the request of the candidate before the possible conclusion of an employment contract. For example, the examination of the CV and the results of interviews for a job is part of pre-contractual measures.

Polaria Technologies always makes sure to identify a valid legal basis before processing candidate data. If there is no legal basis for processing, the data will not be processed.

5. Access to data

Access to the personal data of candidates is strictly limited to authorized persons and entities who need it as part of the recruitment process:

-The Human Resources and Recruitment Department at Polaria Technologies, responsible for receiving applications, pre-selecting and coordinating recruitment.
-The line and operational managers concerned with recruitment, i.e. managers or members of the team in which the position is to be filled, in order to assess the application in relation to the needs of the position.
-Technical service providers or specialized software publishers involved in the recruitment process, such as providers of applicant management solutions (ATS) or online assessment tools. These service providers act as subcontractors on behalf of Polaria Technologies and are contractually required to respect confidentiality, data security and GDPR regulations.

Apart from these recipients, no application data is communicated to third parties without the applicant's authorization, except under legal or regulatory obligations. Each person or entity having access to the data is subject to an obligation of confidentiality and can only process the data in accordance with the purposes mentioned.

6. Data retention period

Polaria Technologies keeps the personal data of candidates for 2 years from the date of the last interaction or the end of the recruitment process related to the application. This retention period allows the company, subject to the candidate's consent when required, to contact the candidate again for possible future opportunities corresponding to his profile.

After 2 years, candidate data is either securely deleted, or anonymized, or archived in accordance with legal obligations. In certain specific cases, Polaria Technologies may be required to keep certain information longer to comply with specific legal obligations or in the event of litigation (for example, legal action related to recruitment); in this case, only data that is strictly necessary will be retained for the period required by law.

If the candidate is recruited by Polaria Technologies, his application data may be integrated into his employee file and kept for the duration of his employment contract, or even longer depending on the legal obligations applicable to personnel data (this point will then be the subject of the company's personnel data protection policy).

7. Candidates' rights

In accordance with the RGPD and the Data Protection Act, each candidate has the following rights concerning his personal data:

-Right of access: you have the right to obtain confirmation whether or not Polaria Technologies is processing personal data concerning you, and if applicable, to access all of this data as well as to information relating to the treatment (purposes, categories of data, categories of data, recipients, storage period, etc.). This right allows you to receive a copy of your personal data being processed.
-Right to rectification: you can request the correction or updating of personal data concerning you if they are inaccurate or incomplete. Polaria Technologies is committed to correcting erroneous information as soon as possible.
-Right to erasure (right to be forgotten): in certain circumstances, you can request the deletion of your personal data, for example if they are no longer necessary for the purposes for which they were collected, or if you withdraw your consent (when the processing was based on it). Polaria Technologies will then delete your data, unless their retention is required by a legal obligation or for the exercise or defense of legal rights.
-Right to object: you have the right to object at any time, for reasons relating to your particular situation, to your personal data being processed based on the legitimate interest of Polaria Technologies. You can also oppose the processing of your data for prospecting purposes or, if necessary, withdraw your consent when the processing is based on it (for example, oppose the keeping of your profile in the company's CV library).
-Right to data portability: when applicable, you may request to receive the personal data you have provided to Polaria Technologies in a structured, commonly used and machine-readable format, in order to be able to transmit them to another organization. This right only applies to data that you have provided yourself, processed automatically and based on your consent or on the execution of pre-contractual measures.
-Right to the limitation of treatment: you can request the limitation (freezing) of the processing of your data in certain cases provided for by the regulations. For example, if there is a dispute about the accuracy of your data or if you have exercised your right to object, you can ask Polaria Technologies to temporarily suspend the use of your data while it considers your request. When the limitation is granted, Polaria Technologies will only process your data with your consent or for legitimate reasons specified by law.

These rights may be exercised under the conditions and limits provided for by the regulations. For example, the right to erasure cannot apply if the law requires the company to keep certain data, and the right to object may be refused if Polaria Technologies demonstrates legitimate and compelling reasons for continuing the processing that prevail over your interests and rights.

8. Data security

Polaria Technologies implements appropriate technical and organizational measures in order to ensure the security and confidentiality of candidate personal data, and to protect them against unauthorized access, disclosure, alteration, or unlawful destruction. These measures include, among others:

-Security of IT infrastructures: storage of application data on secure servers located preferably within the European Union, use of firewalls, antivirus/antimalware protection systems and regular backup mechanisms to prevent the loss or accidental alteration of information.
-Strict access control: access to data reserved only for employees and collaborators of Polaria Technologies who need it as part of their functions (“need to know” principle). Each user with access to the data is subject to strong authentication and an obligation of confidentiality. External service providers (recruitment software publishers, cloud services, etc.) are also required to implement robust security measures and to respect strict data protection commitments, materialized by contractual agreements.
-Secure transfers: when necessary, exchanges of personal data (for example, transmission of a CV to a manager or use of an online test service) are carried out securely (encrypted protocols, password-protected accesses, etc.) in order to avoid any interception or data leak.
-Awareness and supervision: Polaria Technologies makes its teams involved in recruitment aware of good data protection practices (RGPD training, IT charter, etc.). In addition, the company has internal procedures to quickly detect and manage any security incident or personal data breach, including notification to the authorities and the persons concerned when required by law.

Through these measures, Polaria Technologies ensures that it maintains a level of security adapted to the risks presented by the treatments, in accordance with article 32 of the RGPD. However, in the event of a personal data breach, the company undertakes to take all necessary actions to limit the impact and to inform the competent authorities as well as the candidates concerned, under the conditions provided for by the regulations.

9. Procedure for exercising your rights

If you have any questions about this policy or to exercise your rights as described above, you may contact the data protection department at Polaria Technologies. Please send your request by specifying the purpose of your request (for example “Request for access to candidate personal data”) and by justifying your identity (in order to avoid any unauthorized access to your data) via one of the following means:

-By email: dpo (at) polaria (dot) ai
-By post: POLARIA TECHNOLOGIES — Data Protection Department, 15 rue des Halles, 75001 Paris, France.

Polaria Technologies is committed to responding to your requests to exercise your rights as soon as possible and in any event within one month of receiving the request, in accordance with regulations. This period may be extended by two months taking into account the complexity and number of requests, but in this case, you will be informed of the delay and the reasons for this extension. The exercise of your rights is free of charge (except for obvious abuse where reasonable fees may be charged according to regulations).

Please note that some requests may be refused or partially met if they do not meet legal requirements (for example, a request for deletion cannot be accepted if the retention of certain data is required by law). In case of reasonable doubt as to the identity of the applicant, Polaria Technologies may request additional information necessary to confirm the identity.

If you consider, after contacting Polaria Technologies, that your rights are not respected, you have the option of filing a complaint with the competent supervisory authority. In France, the supervisory authority is the CNIL (Commission Nationale de l'Informatique et des Libertés).

10. Use of automated recruitment tools or artificial intelligence

In order to optimize its recruitment process, Polaria Technologies can use specialized computer tools, including artificial intelligence (AI) solutions, to assist its HR teams. For example, these tools can help automate certain stages of application processing or provide analytics that facilitate decision-making:

-Polaria Technologies can use application management software (ATS) to sort and filter resumes based on predefined objective criteria (required skills, experience, relevant keywords, etc.). This type of tool makes it possible to process a large volume of applications more efficiently and to ensure that no application is forgotten.

-Deferred video interview or videoconference tools can be offered, with recording the interview and automatic transcription of the exchanges. These recordings and transcripts are used exclusively to assess candidates fairly and can be analyzed using software features (for example, to identify language or technical skills through the candidate's responses).

-Polaria Technologies may also use automated online tests (technical tests, scenarios, personality questionnaires) whose correction is partly automated. The results of these tests are then reviewed by the recruiters.

The sole purpose of using these technologies is to assist the recruiter and improve the candidate experience. Polaria Technologies ensures that human intervention remains central to the selection process: the final decisions to hire or not retain a candidate are always taken by humans (HR team and managers), and not by an algorithm or artificial intelligence alone. No decision that produces legal or significant effects for the candidate is taken exclusively automatically, without human intervention, in accordance with article 22 of the GDPR.

In addition, Polaria Technologies ensures that these tools respect the principles of the GDPR (transparency, relevance of the analyzed data, security, etc.). If a candidate believes that an automated tool has negatively influenced the evaluation of their application, they have the right to report it and request additional human intervention, to express their point of view, or to challenge the decision resulting from the automated process. The company will remain attentive to such requests in order to ensure a fair and non-discriminatory recruitment process.

11. Policy updates

This candidate data protection policy may change to reflect changes in Polaria Technologies' recruitment practices or to comply with legal and regulatory changes. In the event of a material change affecting the way in which we process candidate data, Polaria Technologies will notify the candidates concerned (for example, via an update on its career site or by any other appropriate means) and obtain their consent when required by law.

It is recommended that you regularly review this policy when interacting with our recruitment process in order to stay informed of the latest ways to protect your personal data.