This Policy covers how we collect and process your personal data during our recruitment process, your job application, the review of your application and / or your potential recruitment. The data controller is the Groupe Rocher Company that deals with your application ("the Company”).

The Company is committed to doing its best to process all personal data in accordance with the applicable data protection legislation. This includes the Regulation (EU) 2016/679 on the protection of individuals, and relates to the processing of personal data and the free movement of such data. It supersedes the Directive 95/46 / EC (General Data Protection Regulation) (the "RGPD") and Law No. 78- 17 of 6 January 1978 relating to information technology, data files and civil liberties (the "Data Protection Laws”).

The purpose of this policy is to explain what personal data we collect about you and how we use it as part of our recruitment process (the "Policy").

1. Who is responsible for processing your personal data and who can you contact?

"The Company", "we", "us" or "our" means the data controller.

For any request concerning the processing of your personal data you can contact the Company's Data Protection Officer by email at or by post to the address that appears at the bottom of this document. Ensure you address it to the Company's Data Protection Officer, and include a copy of a personal identity document.

2. What personal data do we collect?

During the application process and the possible interview that may follow, we collect, process and hold the following personal data about you:

The information you give us:

personal information such as: name, first name, date and place of birth, e-mail address, postal address, other contact details including mobile phone numbers, employment history and qualifications (university and professional), gender, nationality and information about you right to work in the country that you have applied to work in (work permit), your civil and marital status; and other information you provide in support of your application, including (among others) the information contained in your CV and / or your e-mail application, as well as the reasons for your application to the Company.

Information we obtain from other sources:

The same information as detailed above from your recruitment agency, from our Company or other Companies in the Yves Rocher Group Company, when you apply directly to them, or as part of an internal mobility procedure;

The information we collect from the preselection process, background checks and / or references that we may perform or request as part of the application or recruitment process.

We do not collect special categories of sensitive personal data, unless you provide them in your CV or the position requires the communication of information relating to a medical condition or disability that you may have.

3. How do we use your personal data?

The Company collects your personal data, for the following purposes: 
- to examine your application and assess your skills, abilities and suitability for the job; 
- if necessary, to communicate with you on the recruitment process; 
- to carry out checks and controls on the information that you communicate to us, either directly ourselves or through authorised third parties; 
- if necessary, to check your criminal record if it is required for the job; 
- to keep records of your recruitment process; 
- to perform statistical studies; 
- to meet the legal and regulatory obligations of the Company; 
- for the establishment, exercise or defence of the Company’s rights.

4. The lawfulness of data processing

The Company processes your personal data in accordance with Data Protection Laws.
The data will only be collected and processed by the Company if it appropriate, relevant and legal to do so.
As such the Company only processes your personal data if it is necessary prior to entering into a contract, based on our legitimate interest, or our legal or regulatory obligations.

5. With whom do we share your data?

The personal data we collect is strictly limited to the data that is necessary and essential for the purposes stated above, and when it is intended for the relevant departments of the Company, its affiliated companies, and our potential service providers and subcontractors.

Within the Company and the Companies in the Group Rocher Company:

When personal data is disclosed within the Company or to other Companies in the Groupe Rocher Company, we take all the necessary steps to ensure that this personal data is only accessible to employees who explicitly need it.

Where applicable, we share your personal data with the following recipients:
- authorised personnel within the Company, in particular the employees in charge of recruitment;
- authorised personnel of any entity controlled by the Company in accordance with Article L. 233-3 of the French Commercial Code.

Outside the Company:

In the context of our business activity or for the fulfilment of the purposes mentioned above, we may share your data with the following third parties, subcontractors or authorised agents:

IT service providers, for the purpose of hosting data and documents related to your application or for the maintenance of or improvements to the computer system;
Recruitment companies;
Law enforcement officials, legal or administrative authorities or other authorised third parties in response to a request for information from a competent authority, and if the Company considers that the communication of such information is lawful, required by a law, an applicable regulation or in the context of legal proceedings;
our legal advisers and / or lawyers;
in the case of a restructuring, sale or merger and acquisition (including a reorganisation), we may transfer your personal data to a third party involved in the proceedings (for example, a buyer or his advisors) in accordance with Data Protection Laws.

Personal data that we have collected may be transferred outside of the European Economic Area to the United States of America for hosting purposes. The sub-contractor hosting the data is a company that adheres to the "Privacy Shield" which guarantees a sufficient level of protection for the transfer of personal data to the United States of America.

You can obtain further information about these safeguards by contacting the Company or its Data Protection Officer, whose contact details are given below.

6. How long is your data kept?

In the event of a negative response to your application, we will inform you of our wish to keep your personal data.

Unless you request its erasure, your personal data will be kept by the Company for a period of two (2) years from the time we were last in contact.

Beyond this period, your data will be erased regularly unless it is necessary to keep it longer (i) to ensure we comply with legal, accounting, and tax retention requirements (ii) to retain evidence during the applicable limitation periods, (iii) for the exercise of the Company’s rights in the event of litigation or legal action, during the entire period of the proceedings or the investigation.

7. Do I have to communicate my data?

If you do not provide the information we need to review your application (proof of qualifications, employment history…), we may not be able to process your application effectively.

8. What are your rights?

In accordance with the applicable data protection legislation, you have the right to access, rectify and erase your personal data, to object to or to limit the processing of your personal data, to your data portability and to set guidelines on the treatment of your personal data after your death.

Your rights and their meanings:

The right of access: You have the right to obtain a copy of your personal data.

The right of rectification: You have the right to obtain the rectification of your personal data if it is inaccurate or incomplete.

The right of erasure (the "right to be forgotten"): You have the right to obtain the erasure of your personal data. However, the right of erasure (or the "right to be forgotten") is not without limit and is subject to specific conditions. We may retain your personal data to the extent permitted by applicable laws, and in particular where the processing of such personal data is necessary to respect a legal obligation or for the establishment, exercise or defence of legal claims.

The right to restrict processing: You have the right to obtain the restriction of processing your personal data in certain circumstances (for example when we no longer need your personal data but the data is required for the establishment, exercise or defence of legal claims).

The right to data portability: You have the right, under certain circumstances, to receive the personal data that you provided us with, in a structured, commonly used and machine-readable format and then forward that data to another controller.

Right to object: You have the right to object to certain types of processing (for example, when the processing is based on our legitimate interests).

The right to withdraw consent: You have the right, at any time, to withdraw your consent to us processing your personal data.

The right to set guidelines on the treatment of your personal data after your death: You can set guidelines for the retention, erasure, and disclosure of your personal data after your death. These guidelines can be general or specific. The general guidelines should be registered with a trusted third party. The specific directives should be addressed to the Company.

Please send us any request relating to your personal data rights:
- by email to
- by post to the following address: Plant Biology Laboratory Yves Rocher - Delegate to Data Protection 7 chemin de Bretagne - 92444 Issy Les Moulineaux

We will respond to your request as soon as possible and always within the deadlines provided by the applicable data protection legislation. Please note that we may retain your personal data for certain purposes when required or permitted by law.

You will find more information about your rights on the CNIL website:

You also have the right to file a complaint with the National Commission for Computing and liberties: CNIL - 3 Place Fontenoy - TSA 80715 - 75334 Paris - Cedex 07 or the data protection regulator of the country in which you live.