GRACES.community Privacy Policy

As a data controller and/or processor of personal data, GRACES Community is committed to protecting the privacy of its customers, candidates, administrators, partners and prospects (hereinafter referred to as "Users"). This Privacy Policy applies to information and data collected by GRACES Community when the User interacts via the web and/or mobile Applications (hereinafter referred to as "Applications"), or uses GRACES Community products or services.

In accordance with best practice since the adoption of Regulation EU 2016/679 of the European Parliament and of the Council of April 27, 2016, the purpose of the Privacy Policy is to explain how GRACES Community collects, receives, uses, stores, shares, transfers and processes the User's Personal Data. It also details the options and rights that the User has regarding his or her Personal Data, including his or her rights of consultation and modification.

If the User does not agree to this Privacy Policy, the User must refrain from using GRACES Community's Applications, products and services, as well as any other sites or services that may link to this Privacy Policy.

GRACES Community updates this Privacy Policy from time to time, and encourages Users to consult it regularly. For any further information, the Visitor or User may contact the data controller at the following e-mail address: contact@graces.community or at the following postal address:

GRACES COMMUNITY

28T Grande rue,

17370 LE GRAND VILLAGE PLAGE

1. DEFINITIONS

In accordance with Article 2 Definitions of the General Data Protection Regulation, (hereinafter referred to as "GDPR"), shall mean:

Consent: from the data subject, any manifestation of free, specific, informed and unambiguous will by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her may be processed;

Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

Recipient: the natural or legal person, public authority, department or other body that receives personal data, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific investigation in accordance with Union law or the law of a Member State are not considered as recipients; the processing of such data by the public authorities in question complies with the applicable data protection rules according to the purposes of the processing;

Partner(s): Service providers, distributors, agents and representatives, including, but not limited to, credit institutions, customer support, IT service providers, marketing, research, event agencies, mailing companies and shipping agents.

Data controller: any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

Processor: the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller;

Authorized third party: a natural or legal person, a public authority, a department or a body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Processing: any operation or set of operations which may or may not be performed upon personal data or sets of personal data by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Violation: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;

2. DATA CONTROLLER

GRACES Community, SARL, with share capital of 15,000 euros, registered in the La Rochelle Trade and Companies Register under no. 884 971 672, whose head office is located at 28T Grande rue 17370 LE GRAND VILLAGE PLAGE, is responsible for data processing in the context of its sourcing activities, follow-up of candidate interviews, follow-up of recruitment processes with customers, as well as any other ancillary or related activities linked to its core business.

For further information, the User may contact the data controller at the following e-mail address: contact@graces.community and/or at the following postal address:

GRACES COMMUNITY

28T Grande rue,

17370 LE GRAND VILLAGE PLAGE

3. COLLECTION OF PERSONAL DATA

3.1 Data provided by Users on the Showcase Site

When browsing the GRACES COMMUNITY showcase site (https://graces.community), Users are asked to share information, some of which may identify them and therefore constitute personal data. GRACES Community collects personal data about Users when they fill in online forms. This is particularly the case when the User requests :

• Contact us ;
• Subscription to the GRACES Community newsletter;
• Submit an article for the Media section;
• In particular, GRACES Community may ask for the User's e-mail address, first name and surname, and telephone number. The User is also free to explore the GRACES Community Showcase Site without providing any Personal Data.

3.2 Data supplied by the User in connection with the Applications

Candidate application and/or candidacy

GRACES Community collects the data provided by the User at the time of requesting registration for GRACES Community Applications. Registration data may include data such as :

• Identification data: surname, first name, telephone number and e-mail address;
• Professional data: in particular, the type of contract sought, a description of the User's qualifications and professional experience, language level and curriculum vitae;
• Financial data: current salary level, expectations for the position;

Application messaging

As part of the application process, candidates will be required to exchange certain information with GRACES Community staff and/or the teams in charge of recruitment for the company in question, in particular in order to schedule interviews.

In general, Users control and are responsible for correcting, deleting or updating the information they process using the Solution, and are required to comply with any regulations or laws requiring notification, disclosure and/or consent prior to transferring Personal Data to GRACES Community for processing.

4. PURPOSES OF THE DATA COLLECTED

In accordance with current regulations, GRACES COMMUNITY only collects data for the purposes for which it is collected. Therefore, the User is legitimately aware of the various processes and purposes of the data collected in order to make GRACES COMMUNITY services available.

Please note that should GRACES COMMUNITY wish to use this data for other purposes or collect new personal data for these or other purposes, GRACES COMMUNITY undertakes to obtain the prior consent of the User.

GRACES Community collects the data of its Users for the following purposes:

Identification and personal data

Purpose:

• To supply and set up the Applications database (create a user account, apply for a job, etc.);
• To promote its products, services and other offers;

Legal basis: Consent of the person concerned

Account usage data

Purpose:

• To communicate with the User regarding GRACES Community services (e.g. transactional emails, notifications regarding billing or updates to the general terms and conditions of use and/or sale, etc.);
• To provide assistance: in particular to resolve technical problems (bugs and breakdowns);
• To investigate a technical incident ;
• To meet legal requirements (in particular in the event of a judicial inquiry or control);

Legal basis: Execution of contractual measures

Geolocation data

Purpose:

- Storage of the connection IP address, mainly for security reasons;

Legal basis: Execution of contractual measures

Navigation data

Purpose:

- To improve and develop GRACES Community products: on how the User interacts on the Applications;

Legal basis: Execution of contractual measures

Statistics

Purpose:

- To evaluate trends in the use of certain GRACES Community services or products;

Legal basis: Legitimate interests of GRACES COMMUNITY

In general, GRACES COMMUNITY undertakes to process the personal data of its Users in compliance with the regulations in force.

5. RECIPIENTS OF COLLECTED DATA

Data transferred to third parties

GRACES Community uses third-party service providers to operate its Applications, products and services. These service providers notably provide services relating to data hosting, application development and marketing. GRACES Community may therefore share the User's Personal Data with them in order to provide the User with information, products or services.

Data transferred to Partners

GRACES Community transfers to its trusted Partners only the Data they need to perform their services, and requires that they do not use the transferred Data for any other purpose. These partners will only act in accordance with GRACES Community's instructions and will be contractually bound to ensure a level of security and confidentiality of the Data identical to that implemented by GRACES Community and to comply with the applicable regulations on the protection of personal data.

Data transferred to public authorities and/or bodies

In accordance with the regulations in force, Data may be transmitted to the competent authorities upon request, and in particular to public bodies, judicial auxiliaries, legal officers and bodies responsible for debt recovery, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offences committed on the Internet.

6. DATA TRANSFER

Some of the third parties described in this Privacy Policy, who provide GRACES Community with contracted services, may be based in other countries which may not have privacy and data protection laws equivalent to those of the country in which the User resides. GRACES Community undertakes always to transfer data to Partners or service providers established in countries benefiting from an adequacy decision or having equivalent guarantees in place (in particular standard contractual clauses or binding rules).

7. DATA RETENTION PERIODS

The length of time GRACES Community retains the data it collects about the User depends on the type of data, and how it is collected and stored. GRACES Community retains Personal Data that the User provides to GRACES Community when there is a legitimate business need to do so (for example, to comply with legal obligations, resolve disputes and enforce agreements). If GRACES Community has no legitimate business need to process the User's Personal Data, the company will delete or anonymize such Data or, if this is not possible, store it securely and isolate it from further use until deletion is possible.

At the User's request, GRACES Community will delete such Data in advance, in accordance with the terms of the "How to access and control your personal data" section below.

Personal data processed by GRACES Community will not be kept beyond the period strictly necessary for the purposes pursued as set out in the Policy and in accordance with the Regulations and applicable laws.

For data relating to user management, data is kept for five years in an archive once the candidate has been recruited via GRACES Community services, or for 2 years after the candidate's last connection.

Data is deleted when the retention periods expire. Nevertheless, Data may be archived for longer periods for the purposes of investigating, recording and prosecuting criminal offences, with the sole aim of making Data available to the judicial authorities where necessary.

8. DATA SECURITY

In accordance with current regulations, GRACES Community takes all appropriate technical and organizational measures to prevent unauthorized access to or modification, disclosure, loss or destruction of its Users' data. For their part, Users must maintain the confidentiality of their identifiers in order to prevent unauthorized use of their account in accordance with the General Terms of Use.

In the event of a Data Breach, GRACES Community undertakes to take all appropriate measures to remedy the Breach as soon as possible and, where applicable, to inform the persons concerned of the impact and consequences of the said breach.

9. REQUESTS TO EXERCISE RIGHTS

In accordance with current regulations on the protection of personal data, Users benefit from a number of rights relating to their Data, namely :

- A right of access and information: the right to be informed in a concise, transparent, intelligible and easily accessible manner of how Data is processed. Users also have the right to obtain (i) confirmation that Data concerning them is being processed and, where appropriate (ii) access to such Data and to obtain a copy thereof.

- A right of rectification: the right to obtain rectification of inaccurate Data concerning them. They also have the right to complete incomplete Data concerning them, by providing an additional declaration. In the event of exercising this right, GRACES Community undertakes to communicate any rectification to all recipients of the Data.

- A right to erasure: in certain cases, the right to obtain the erasure of Data. However, this is not an absolute right and GRACES Community may, for legal or legitimate reasons, retain such Data.

- A right to restrict processing: in certain cases, the right to restrict processing of Data.

- A right to Data portability: the right to receive the Data that the User has provided to GRACES Community, in a structured, commonly used and machine-readable format, for personal use or for transmission to a third party. This right only applies when the processing of Data is based on consent, on a contract or is carried out by automated means.

- A right to object to processing: the right to object at any time to the processing of Data for processing based on legitimate interest, a mission of public interest and those for commercial prospecting purposes. This is not an absolute right, and GRACES Community may for legal or legitimate reasons refuse the opposition request.

- The right to withdraw consent at any time: Users may withdraw their consent to the processing of their Data where the processing is based on consent. Withdrawal of consent does not compromise the lawfulness of processing based on consent carried out prior to such withdrawal.

- The right to lodge a complaint with a supervisory authority: the right to contact the data protection authority to lodge a complaint about personal data protection practices.

- The right to give instructions concerning the fate of data after death: the right to give instructions concerning the use of Data after your death.

10. CONDITIONS FOR EXERCISING RIGHTS

In accordance with current regulations, it is the responsibility of the person concerned (i.e. the User) wishing to access his/her personal data to contact GRACES Community.

The User may also give a mandate to a person of his/her choice to exercise his/her right of access. In this case, the person chosen must present a letter specifying the purpose of the mandate (exercise of the right of access), the identity of the principal (identity of the applicant who is exercising his right of access to his personal data) and of the proxy (his identity). They must provide proof of their identity and that of the applicant.

In the case of minors and those who are unable to attend school, the parents, guardians or legal guardians are responsible for taking the necessary steps.

The User may exercise his rights by sending any complaint by e-mail to the following address contact@graces.community or by post to the following address :

GRACES COMMUNITY

28T Grande rue,

17370 LE GRAND VILLAGE PLAGE

Please note that the company may require proof of identity in order to exercise these rights.

The GRACES COMMUNITY teams undertake to respond as quickly as possible to a request for right of access, within a maximum period of one month. However, this deadline may be extended by two months, "in view of the complexity and number of requests". Under these conditions, GRACES COMMUNITY will inform the User within one month of receipt of the request.

11. GENERAL PROVISIONS

On the sale of data

GRACES Community undertakes never to sell a Customer's Personal Data to third parties without prior written authorization.

Children's data

GRACES Community's Websites, products and services are not directed to children under the age of 16, and GRACES Community does not knowingly or intentionally collect Personal Information from children under the age of 16. If the User believes that GRACES Community has collected Personal Information from a child under the age of 16, the User may contact GRACES Community to have such information deleted.

***

COOKIE MANAGEMENT POLICY

This Cookie Policy explains how GRACES Community and its subsidiaries use cookies and similar technologies to identify Users when they visit the Showcase Site or the Web and/or Mobile Applications. It explains what these technologies are and why GRACES Community uses them, as well as Users' rights to control their use by GRACES Community.

What is a cookie?

A cookie is a small file containing a string of characters that is sent to a User's computer when he or she visits a website. When the User returns to the site, the cookie enables the site to recognize the User's browser. Cookies can store User preferences and other information.

They allow the User to save time or inform the web server that he/she is returning to consult a specific page.

Cookies set by the website owner (in this case, GRACES Community) are referred to as "master cookies". Cookies set by third parties other than the site owner are referred to as "third-party cookies". These enable the provision of third-party functions or features on or through the website (for example, advertising, interactive content and analytics). The parties who set these third-party cookies may recognize a User's computer when he or she visits the website in question and when he or she visits certain other sites.

Why are cookies used?

Internal and third-party cookies are used for several purposes. Some cookies are necessary for the operation of web pages for technical reasons. These are known as "essential" or "strictly necessary" cookies. Other cookies are also used to track and target Users' interests in order to improve their experience on GRACES Community's Websites and Subscription Service. For example, GRACES Community keeps track of which Websites and pages Users visit within GRACES Community in order to determine which part of the GRACES Community Website or solution is most popular or used. This data is used within the GRACES Community website and solution to offer promotions and personalized content to Users whose behavior indicates that they are interested in a specific area. Third parties use cookies on GRACES Community websites for advertising, analytical and other purposes. A more detailed description is provided below.

What cookies does GRACES Community use?

Authentication cookies

These cookies (including local storage and similar technologies) tell us when you are logged in, enabling us to show you relevant data and features such as account information, clickstream history and correct your account settings.

Security and site integrity cookies

We use these cookies to support or enable security features to help GRACES COMMUNITY stay completely safe. For example, they enable us to remember when you have logged into a secure area of the Services and to help us protect your account from access by anyone other than you.

Site features and services

These cookies have a functionality that helps us provide products and services. For example, they help you log in by pre-filling fields. We may also use cookies and similar technologies to help us provide you and others with social modules (Linkedin) and other personalized content and data, such as making suggestions to you and others.

How can I control the use of cookies?

Users have the right to accept or reject cookies. They can exercise their cookie preferences by clicking on the appropriate opt-out links below.

They may also set or modify the parameters of their web browser to accept or reject cookies. If they reject cookies, they can still use the Site, but certain features and parts of the Site may not be accessible. As the means of refusing cookies via web browser options vary from one browser to another, GRACES Community advises its Users to consult their browser's help section for further information.

How often is the Cookie Policy updated?

This Cookie Policy may be modified from time to time to reflect, for example, changes in the cookies used or for other operational, legal or regulatory reasons. To inform Users of significant changes to the Cookie Policy before they become effective, GRACES Community will publish them on this page, and post a more prominent notice on its Site or send them an e-mail notification. Users should therefore regularly consult this Cookie Policy to keep informed of GRACES Community's use of cookies and related technologies.

The date indicated at the top of this Cookie Policy is the date of its last update.

Where can I get more information?

If Users have any questions about the use of cookies or other technologies, they can send an e-mail to the following address: contact@graces.community.