PRIVACY POLICY

PERSONAL DATA PROTECTION

Valtus Group (hereinafter “Valtus” or “we”) and all its subsidiary companies including but not limited to Valtus Transition and Valtus UK are interim providers and trusted partners to leading businesses around the world.

We take the privacy of our interims and clients very seriously. As such, we have adopted and implemented a data protection policy in line with current regulations.

In this respect, we comply with the European laws pertaining to the protection of personal data, and particularly the General Data Protection Regulation number 2016/679 of April 27, 2016 (also known as the GDPR).

Consult the GDPR legal content.

The purpose of this paragraph is to inform the persons concerned (hereinafter “you” or “your”) in a clear, complete and straightforward manner about how Valtus, as the controller, collects and uses the personal data pertaining to you (hereinafter “Personal Data”) and the means you have to control this use and exercise your rights relating thereto.

What does this policy cover?

This policy sets out the types of personal data that we collect and explains the following:

  • How and why we collect, store, process and use your data
  • The legal basis in which we may collect, store and process our personal data
  • How long we keep personal data for
  • When, why and with whom we share your personal data
  • Your rights and choices surrounding your personal data
  • How you may contact us

What Personal Data is collected and processed by Valtus?

Valtus adheres to the principles of data minimization. As a result, we only collect relevant, adequate information, which is limited to what is genuinely necessary in relation to the purposes for which it is processed.

Within the context of managing its staff, Valtus may be required to collect data to fulfill certain legal obligations and/or data useful for administrative tasks, work organization or social initiatives (e.g.: First and last names, date of birth, postal address, police insurance, bank data etc.).

Within the context of its business relationships with clients and prospects, Valtus must collect personal data such as first and last names, postal addresses and business details such as telephone numbers, fax and email addresses.

We may also collect personal data such as your IP address or your connection data to our services if it proves necessary to ensure proper processing of your Personal Data.

If you are an Interim Manager, please limit the information you provide to us to a strictly professional framework. We do not wish to collect data unrelated to the assignments that we may give you. In particular, please be sure not to include any sensitive information (especially relating to your religion, trade union membership or health) on your resume. This data is not relevant to our business and shall be disclosed at your own risk.

  • Title, first name, last name
  • Date of birth
  • Personal email address
  • Personal mailing address
  • Professional background, including dates, locations and job descriptions.
  • Training courses, including qualifications or certifications obtained, experience (subject to verification), etc.
  • Your previous salary levels and daily rates
  • Non-profit work, distinctions and other awards
  • Administrative information (particularly police insurance number, identification documents and bank details) required for contract purposes
  • Any other information contained in your resume that was provided by you.

Mandatory declarative Personal Data is indicated by an asterisk on the collection medium. Apart from the above, you are free to provide some, all or none of your Personal Data. However, such a decision could limit our chances of finding you a job as a manager and limiting your access to certain services offered by Valtus

Where do we collect Personal Data about you from ?

Valtus may collect your Personal Data as follows:

  • If you are a client, prospect or supplier: from your business card, via social media, by prospecting or within the framework of our agreements
  • If you are a Valtus employee: through our work relationship before, during or after you joined our company
  • If you apply for a job with Valtus: when you send us your application (by any means but especially via our website), interviews or social media discussions
  • If you are an interim manager:
    • Directly from yourself. This is information that you will provide whilst searching for an assignment. Valtus may collect your Personal Data via the form on the online portal of its website, in the context of interviews, professional meetings, partnerships, or applications made via email or mail

This is “Declarative Personal Data” you provide via forms, whether it is online on a website, as a hard copy or in response to questions asked by members of the company

    • From an agent/third party acting on your behalf e.g. an interim management company
    • Through publicly available sources such as: – Social media, such as LinkedIn – Company websites – Articles and marketing literature
    • By referencing or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer
    • Search databases such as job boards where you will have uploaded personal data

How and why we may use your personal data

We collect and use your Personal Data to conduct our business, in particular to:

  • Connect with you to discuss business together
  • Enable you to obtain or receive information about Valtus, the services it offers or associates
  • Offer you the opportunity to partake in our satisfaction surveys, analyses and statistics in order to improve our services and better understand our clients and prospects
  • Update your data in our files and enable you to exercise your Data Protection rights (requests to access, correct, delete, portability, opposition, etc.)
  • Fulfil our pre-contractual and contractual obligations
  • Carry out the administrative management of our relations, particularly concerning contracts, orders, invoices, etc., or for any other objective imposed by the current legislation
  • Improve the client experience
  • Manage job applications for Valtus openings

If you are an Interim Manager, Valtus collects and uses your Personal Data for the purposes of its business and in particular to:

  • discuss assignments with you and list you in the Valtus managers database;
  • assess your skills, experience and professional potential before, while and after you take on a potential assignment as a Valtus manager;
  • introduce you and put you in touch with Valtus customers and/or prospects in order to obtain assignments and/or in the context of your performance of said assignments;
  • monitor our relationship in order to improve your managerial experience and the experience of our customers;
  • enable you to request, obtain or be sent information about Valtus, or about the services offered by the company or its partners;
  • enable you to subscribe to and receive subject-specific information (training, documentation, invitations, activity reports, etc.);
  • organize and invite you to special candidate events;
  • manage the administrative side of our relationship, including contracts, orders, and invoices, or for any other purpose necessary to comply with prevailing regulations;
  • update your data (update campaigns) and allow you to exercise your rights vis-à-vis Valtus (requests for rights of access, rectification, erasure, portability or objection).

We will always ask your permission (on each separate occasion) prior to sending your CV to prospective clients. If you are chosen by the client and go through to the next stage of the recruitment process, we will then collect more information from you at the interview (or equivalent) stage and onwards, in that manner.

Marketing

In addition to the uses described above, where we have your consent to do so, we may use your Data to provide you with information about our services, business updates and general market intel which we think may be of interest.

What legal basis do we have for using your information?

For prospective candidates, interim managers, referees and clients, our processing is necessary for our legitimate business interests. That is, we require this information in order to assess suitability for potential roles, to find potential candidates and to contact clients and referees. If you are shortlisted as a candidate, then this may involve processing more detailed personal data including sensitive data such as health information that you or others provide about you. In these cases we always ask for consent before undertaking such processing. In the case of a client organization, we may also store, process and use data, such as contact details, in order to fulfil programmes of work we have been engaged to undertake.

Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data are described below: As a HR business and interim management company, we introduce candidates to clients. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process. In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements. Such historical information will be kept in line with the restrictions set out within this policy. To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. To deliver our ancillary services we need to contact candidates on a regular basis, through various routes such as email, phone and other relevant notifications.

How long do we keep your personal data for?

We retain your information as follows:

  • Candidate Data: Two years from the last point of contact, unless the candidate states that they do not wish to be contacted, in which case, this information is deleted (unnecessary and outdated data will be deleted before this)
  • Interim Manager data: Two years from the last point of contact, unless the interim manager states that they do not wish to be contacted, in which case, this information is deleted (unnecessary and outdated data will be deleted before this) and unless a specific consent was given about a particular retention period.
  • Client contact details: Two years from the end of the service contract from the last point of contact, subject to us having had no further contact with them during this time (unnecessary and outdated data will be deleted before this)

Who has access to your Personal Data & Where we store and process your data

Your personal data is confidential and only the employees of Valtus for whom access to such is necessary for their work can access it, without prejudice to their possible transmission to those responsible for a control or inspection mission in accordance with the applicable regulations.

The right to access Personal Data is granted by Valtus according to the employees’ functions and is modified if and when those functions change. Valtus employees are bound by confidentiality obligations with respect to your Personal Data.

Your personal data may be shared with any client organization initiating a search for personnel. Publicly available data may be shared with any client organization instructing us on a search. Please note, personal data will not be shared with any client unless we have been given explicit consent.

We may also conduct checks to verify the information that you have provided and where we do this, we may share your information with the client.

Our certifying bodies may also be required to process certain Personal Data strictly necessary for the realization of the services we entrust to them (computer maintenance, postal and electronic mailing, logistics and restoration, verification of compliance with our certified procedures, etc.)

Regarding to Valtus UK, in order for us to store your information securely, your data is stored in our CRM system which can also be accessed by the managing company of this database. The CRM system we currently utilize is RDP ProNet, woned by Access Partnersip, whos privacy policy can be found within the following link https://www.theaccessgroup.com/recruitment-software/privacy-and-legal/

Regarding Valtus France, the Personal Data communicated via our website (Valtus.fr) transits through the servers of a partner specialized in recruitment technologies, located in the Netherlands, with which Valtus has signed a contract guaranteeing the rights of people concerned about their Personal Data. The data is then stored on servers, located in France, dedicated specifically to Valtus.

In all cases of transfer of your Personal Data to third parties, Valtus ensures that the Personal Data transmitted continues to benefit from a level of protection equivalent to that set up by Valtus and requests contractual commitments so that your Personal Data is exclusively processed for the purposes you have previously accepted, with the necessary confidentiality and security.

The data that we collect from you may/will be transferred to, and stored at, a destination outside the European Economic Area (”EEA”). It may be transferred to third parties outside of the EEA for the purpose of our recruitment services. It may/will also be processed by staff operating outside the EEA who works for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. OR We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What security measures have been implemented?

Valtus ensures the security of your Personal Data with reinforced protection through both physical and IT security measures.

Despite these reasonable steps to protect your personal data, no transmission or storage technology is foolproof. Therefore, in accordance with the applicable European regulations, in the event of a proven infringement of Personal Data likely to lead to a high risk to the rights and freedoms of the persons concerned, Valtus will communicate this violation to the competent supervisory authority and, where required, to the persons concerned (individually or generally as appropriate).

It is also up to you to exercise caution to prevent unauthorized access to your personal data and terminals (computer, smartphone, tablet, etc.).

In addition, the Valtus website may offer links to third-party websites that may be of interest to you. Valtus has no control over the content of these third-party websites or their protection policies regarding the data they may collect. Valtus consequently declines all responsibility for the processing by these third parties of your Personal Data, not subject to this policy. It is your responsibility to learn about the privacy policies of these third parties.

Regarding Valtus UK, we will use technical and organizational measures to safeguard your personal data, for example:

  • Our internal systems are secured from the Internet by the use of a CheckPoint perimeter
  • This system is locked down to a high degree
  • Additionally, our internal systems are all password protected, using complex passwords
  • Desktop security is provided to us through the use of Trend OfficeScan software
  • We also utilise MessageLabs security, meaning that all emails must first pass through
  • MessageLabs anti-spam filters before entering the network
  • We protect internal data by regular nightly backups, and each server is imaged on a regular
    basis.

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.

Use of cookies

We may obtain information about your online movements and use of the internet. We do this by placing a ‘cookie’, which is a small file, on your computer’s hard disk. Cookies can be used for several reasons, including to recognise you when you visit this website and to store your personal preferences.

The vast majority of web browsers accept cookies. However, you can change your browser settings so that cookies are not accepted. If you do this you may lose some of the functionality of the website.

For further information about cookies and how to disable them please visit www.aboutcookies.org

What are your rights regarding your Personal Data?

Through this policy, Valtus strives to provide you with clear, precise information about the conditions under which your Personal Data is handled (in compliance with you right to be informed).

You also have the following rights:

The right to access, rectify or delete your Personal Data:

You have the right to access all the Personal Data concerning you that Valtus has on file as well as the confirmation that your Personal Data is or is not processed, and the conditions thereof.

You also have the right to obtain from Valtus, as soon as possible (and by default, within 30 days), the rectification of your personal data.

Finally, subject to the exceptions provided by the applicable law (e.g. conservation necessary to comply with a legal obligation), you have the right to request that Valtus delete, as soon as possible, all your Personal Data, in the following cases:

  • Your Personal Data is no longer necessary in view of the purposes for which they were collected or otherwise processed;
  • You wish to withdraw your consent on which the processing of your Personal Data was based and there is no other basis for processing it
  • You consider and can establish that your Personal Data has been the subject of illicit processing;
  • Your Personal Data must be deleted under a legal obligation.
The right to object to the processing of your Personal Data:

When the processing of your Personal Data is necessary for the performance of a public service mission or under the exercise of the public authority in which Valtus has a vested interest, or because of the legitimate interests of Valtus or a third party, you have the right to object to the treatment of any Personal Data related to your particular situation.

If your personal data is processed for prospecting purposes, you have the right, whatever the legal basis of this treatment, at any time and free of charge, to oppose this processing, including profiling to the extent that it is linked to such prospection, whether it is an initial or later processing.

The right to limit the processing of your Personal Data

The applicable regulations provide that this right may be invoked in certain cases, particularly the following:

  • When you challenge the accuracy of your personal data
  • When you consider and can establish that the processing of your Personal Data is illicit but that rather than deleting your Personal Data, you prefer its processing be limited
  • When Valtus does not need your Personal Data but you need it to assert, exercise or defend your rights in legal proceedings
  • When you oppose the processing of your Personal Data that is founded on the interests of the person processing it, during the verification process as to whether the legitimacy of the motives for the processing prevail over those of the person concerned.
The right to the portability of your personal data

When the treatment is based on your consent or contract, this right to portability allows you to receive the raw Personal Data that you have provided to Valtus in a structured, commonly used format, and to transmit such data to another controller without Valtus impeding it. When technically possible, you can request that this Personal Data be forwarded directly to another processing manager by Valtus.

The data concerned with portability is limited to the raw data that you have transmitted to us, excluding data resulting from work done by Valtus.

The right to withdraw consent to the processing of your Personal Data

When Valtus processes your Personal Data on the basis of your consent, you can withdraw it at any time by sending a request to Valtus (see below “How to exercise my rights?”). On the other hand, and in accordance with the applicable law, the withdrawal of your consent is only valid for the future and cannot therefore call into question the legality of the processing done before that withdrawal or on another basis such as for example the execution of a contract.

The right to submit a claim to a supervisory authority regarding your Personal Data

If, despite Valtus’ efforts, you believe that your rights have not been respected, you can make a claim with a supervisory authority. A list of the supervisory authorities is available on the European Commission’s website.

The right to decide the fate of your Personal Data after your death

Finally, you have the right to determine the fate of your Personal Data postmortem by adopting general or special guidelines. Valtus is committed to complying with these guidelines. In the absence of directives, Valtus recognizes your heirs’ ability to exercise certain rights, in particular the right to oppose and/or delete and/or close the deceased’s account and to oppose the processing of his/her data.

How do you exercise your rights?

You can exercise your privacy rights by sending us your request, along with a copy of any identity documents as follows:

by email to: dpo@valtusgroup.com

Valtus is committed to responding to you as soon as possible, and in any event, within one month of receipt of your request.

If necessary, this period may be extended by two months, given the complexity and the number of requests addressed to Valtus. In this case, you will be informed of this extension and the reasons for the postponement.

If your request is submitted electronically, the information will also be provided to you electronically wherever possible, unless you expressly request that it be done otherwise.

If we do not follow up on your request, we will inform you of the reasons for our inaction and you will have the possibility of making a claim with a supervisory authority and/or by seeking a judicial remedy.

For the purposes of traceability and proof of deletion of your data, we will retain your deletion request, the effective date of deletion and the date of the reply sent by Valtus for a period of five (5) years from the deletion of the data.

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version

Applicable law and competent courts

This policy is subject to French law. In the event of a dispute, and in the event that an amicable agreement cannot be reached, the competent courts shall be those of the jurisdiction of the Paris Court of Appeals, notwithstanding multiple defendants or third-party proceedings.