Privacy Policy

Personal Data Protection Policy

1. Introduction

Mersen Corporate Services SAS (hereinafter “Mersen”) is committed to safeguarding privacy and personal data, and encourages anyone about whom or from whom personal data is collected or requested (hereinafter “Data Subjects”) to carefully read and familiarize themselves with the terms of this personal data protection policy.

Headquartered in France and handling data that concerns residents of the European Union, Mersen also complies with the fundamental principles of the revised version of the French data protection law of January 6, 1978 and European Regulation no. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

This privacy policy seeks to protect personal data and applies to all Mersen Group entity and subsidiary employees responsible for the management of personal data, from its collection and processing to its use, distribution, transfer and storage (hereinafter “Data Controllers”). This policy guarantees a high level of personal data protection in all countries.

The purpose of this policy is to provide an overview of the way in which Mersen operates with a broad spectrum of Data Subjects (customers, external service providers, prospective clients, etc.). Accordingly, not all provisions may apply to you.

Mersen Corporate Services SAS has a Data Protection Officer (DPO), who can be contacted by post or by email:

• Mersen, Trinity Tower - 1 bis place de la Défense -92400 Courbevoie - France
• data-protection@mersen.com

Mersen collects and processes personal data to the extent that:

• the data is needed for the performance of a contract to which the Data Subject is party or is needed to complete the steps to be taken before a contract can be signed;
• the data is required for compliance with the regulatory obligations to which Mersen is subject;
• the data was collected with the Data Subject’s consent;
• the data was collected in Mersen’s legitimate interests (notably in order to promote Mersen and analyze website traffic).

When the processing of personal data requires a Data Subject’s consent, Mersen obtains that consent through a specific procedure.

2. Personal data collection

The categories of data collected depend on the purposes for which the data is processed. When your data is collected by Mersen via a form or questionnaire, any mandatory information required to perform a related service is indicated by an asterisk.

Generally speaking, the categories of data collected by Mersen are as follows: identifying data (first and last names, contact details, nationality, etc.), data about your interests, email address, data about your professional life, payment information and data about job candidates’ qualifications and experience.

Most data is collected by Mersen directly from Data Subjects. However, your data may also be transferred to Mersen by its commercial partners and notably by recruitment and temp agencies.

3. Personal data processing

We process personal data for the following purposes:

• to enable Mersen to respond to website user requests, in particular regarding job applications;
• to develop content and improve the Mersen website and provide any technical support to users;
• to conduct business development and marketing operations;
• to generate marketing statistics;
• to manage contractual relationships with Data Subjects and/or the company that employs them;
• to manage recruitment;
• to contact Data Subjects regarding Mersen products or services;
• to analyze Data Subject information in order to develop new products or services and improve existing ones.

The table below summarizes the main purposes for which Mersen processes personal data and the legal basis for that processing:

Clarifications regarding the personal data management policy for job applications (solicited and unsolicited):

Data Subjects are informed that job applications can only be processed if all the questions preceded by an asterisk are duly answered. Candidates who fail to answer all the mandatory questions may compromise their application. All other answers are optional and have no effect on their application. Candidates are free to decide whether or not to answer a given question.

In accordance with the French Labor Code (Code du travail), candidates are duly informed that Mersen’s recruitment procedure is as follows:

• applications are made to Mersen using the online form in the careers section of the website;
• they are reviewed by the HR department of the recruiting entity within one week of being sent;
• candidates who do not receive a reply from Mersen within three weeks should assume that their application has not been successful;
• the HR department may contact candidates by any means of communication indicated (telephone or email);
• personal data, CVs and cover letters are processed electronically and stored for six months as of their receipt or from the last communication with candidates;
• the data provided is processed confidentially.

4. Access to personal data

Within the limits of their respective responsibilities, access to personal data is reserved for:

• persons responsible for marketing, sales, customer relations and business development, administrative services, the website, IT and logistics and recruitment, as well as their line managers;
• departments responsible for oversight (statutory auditors, departments responsible for internal control procedures, etc.);
• persons responsible for negotiating and managing contracts and companies involved in the management of contracts (e.g. receivables collection agencies, etc.);
• Mersen subcontractors (e.g. external IT maintenance, hosting and routing service providers) for the purposes outlined in this policy. Service providers acting on Mersen’s instructions are required to take appropriate measures to protect your personal data.

If certain third parties are located in countries where local regulations do not provide the same level of protection as EU member states, Mersen will ensure that transfers are carried out in accordance with French regulations (e.g. by implementing the contractual clauses adopted by the European Commission). For more information and to request copies of the relevant documents, please contact Mersen’s DPO.

5. Social media

All users (hereinafter “Users”) are informed that the website may also provide access to features from social networks, forums, chatrooms, blogs (in particular Facebook profile pages, Twitter accounts and LinkedIn accounts) and other services on which Users may display personal information. All information published or communicated by Users through these services is deemed to be in the public domain.

The website uses “Social Share Privacy” to allow Users to share content, should they wish to do so, through social media or email or by adding pages to their list of favorites.

Mersen’s posts on its social media pages are managed by the Group’s Communication department from Monday to Friday between 9am and 6pm CET.

The department also moderates any comments to posts after they have been posted.

The following comments are systematically deleted:

• aggressive comments;
• illegal or illicit comments, or any statement that goes against the rules of Internet good practice;
• any comment that does not comply with the rules of the sites on which the pages are hosted;
• comments written in texting language or capital letters;
• abusive comments, spam, trolling or promotional content (advertising, classified ads, etc.);
• private conversations that bear no relation to the matters dealt with on Mersen’s pages;
• comments containing personal contact details.

Users can contact Mersen directly:

• By post: Mersen Corporate Services SAS, Direction de la Communication, Trinity Tower - 1 bis place de la Défense - 92400 Courbevoie - France
• By email: webmaster.groupe@mersen.com

Any comments regarding moderation can also be made via private messaging or email.

Content posted by Users does not necessarily reflect Mersen’s point of view. Users are solely responsible for their own posts, including comments, photos and links. Mersen cannot under any circumstances be held responsible for such comments or their consequences.

6. Personal data storage

Personal data is stored by Mersen in accordance with personal data protection regulations and the storage periods imposed by law. Generally speaking:

• data relating to contract management is stored for the duration of the contract plus the remainder of the storage period imposed by law;
• job candidate data is kept for six months.

7. Child protection

Mersen does not knowingly collect personal data from any individual under the age of 18. The website does not seek to target minors.

8. Preferences management

Users can manage their preferences regarding data sharing when they connect to the website concerned by updating their account settings.

9. Rights regarding personal data

Regarding your personal data, you have the right to:

• access your personal data;
• correct your personal data when it is incomplete, incorrect or out of date;
• request that the processing of your personal data be restricted if (i) you contest the accuracy of the personal data, for a period enabling Mersen to verify the accuracy of said data; (ii) you consider that your personal data is being unlawfully processed by Mersen and you want to restrict the use of said personal data rather than request its erasure; (iii) Mersen no longer needs the personal data for the abovementioned purposes but said data is required for the establishment, exercise or defense of legal claims; and (iv) you exercise your right to object pending the verification of whether Mersen’s legitimate grounds override yours;
• object to the processing of your personal data at any time, on grounds relating to your particular situation;
• object to the processing of your personal data for business development purposes, without providing a reason;
• request that your personal data be deleted;
• withdraw your prior consent to the processing of your personal information at any time;
• decide ahead of time what should become of your personal data in the event of your death;
• obtain a copy of your personal data and transmit said data to a third party in a structured, commonly used and machine-readable format (data portability);
• not be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affecting you.

To exercise your rights or to make a claim, please contact Mersen’s Communication department:

• By post: Mersen Corporate Services SAS, Direction de la Communication, Trinity Tower - 1 bis place de la Défense - 92400 Courbevoie - France
• By email: data-protection@mersen.com

Data Subjects can also file a claim with the French data protection authority (Commission Nationale de l’Informatique et des Libertés – CNIL). Further information is available on the CNIL’s website at: https://www.cnil.fr/en.

10. Changes to the policy

In the event of a change to this personal data protection policy, Mersen will publish the revised version marked with the date of the revision.

The current version of the personal data protection policy was last updated on 30/06/2020.

11. Contact

Should you have any comments or questions regarding the personal data protection policy or the processing of personal data, please contact Mersen:

• By post: Mersen Corporate Services SAS, Direction de la Communication, Trinity Tower - 1 bis place de la Défense - 92400 Courbevoie - France
• By email: webmaster.groupe@mersen.com or data-protection@mersen.com