Syngenia SA is committed to respect the rights of the people whose personal data is being processed. Therefore Syngenia SA complies with data protection regulations such as the General Data Protection Regulation (“GDPR”) and national laws of the countries in which it operates.
This privacy statement explains what types of personal data, we may collect about job applicant and how it may be used.
The following definitions will help you to understand this privacy statement:
- “We”, “Our”, “Us”, refers to Syngenia SA (see our contact details below);
- “You”, “Your” refers to a candidate;
- “Personal data” refers to any information which identifies you as an individual (directly or indirectly).
This privacy statement sets out our position and commitment relating to data protection in our recruitment process. It applies to any personal data submitted via Syngenia SA’s website contact form, by email or by registering on third parties recruitment platforms.
1. GENERAL PROVISIONS
Syngenia SA, whose registered office is located at Boulevard Simon Bolivar 36, 1000 Brussels and registered in the Crossroads Bank for Enterprises under company number 0413.790.221 (hereafter “Syngenia” is committed to ensure the protection of Personal data entrusted to it, as well as to respect the rights of the people whose Personal data is being Processed for the purposes set forth in this Privacy Statement.
Personal data (as defined below) are therefore handled and protected with the utmost care, in strict accordance with the requirements imposed by the legislation on the protection of Personal data, the General Data Protection Regulation (GDPR)*.
To successfully pursue its activities in providing Technical Consultancy to clients by staffing of all functions related to the design and implementation of industrial projects, both national and international, Syngenia is recruiting candidates based on skills, experience and ability to adapt to the environment of our clients.
In this context, Syngenia needs to Process Personal data about individuals. These can include employees, customers, suppliers, subcontractors, consultants, job applicants and other people the organization has a relationship with or may need to contact**.
This Privacy Statement applies to all Personal data submitted to Syngenia via the website, by email, or by any other means.
It describes which Personal data we collect, why we do it, how long we keep it and the rights you can exercise about your Personal data as well as the principles that Syngenia applies, in its capacity as a Controller, to all Personal data that is collected and Processed in any format, whether electronically or in paper.
Through our products and services, you can also use services of other parties such as chat, third party websites, forums, Facebook, Twitter, newsgroups or apps. Syngenia has no control over the information you post there and how it is Processed, and we are not responsible for it. We advise you to read the privacy policies of these third parties carefully.
For the purposes of this Privacy Statement, the following definitions apply:
- Personal data is any information relating to natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing/Process is defined as any operation or a set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller is the natural or legal person who (either alone, jointly or together with other persons) determines the purpose(s) and means of the Processing of Personal data
2. PROCESSING PRINCIPLES
We collect or obtain personal data about you. We obtain these personal data either directly from you when you provide us with your personal data, or when you interact with us directly, for example by e-mail, telephone or letter; or from third parties, for example from data publicly available on career-oriented websites.
If possible, we will try to collect the personal data directly from a recruitment agency representing a candidate. However, it may be necessary to collect personal data from third parties for candidates we consider making a job offer to.
For personal data not obtained directly from you, Syngenia SA will provide you, on a case by case basis, with the following information:
- The data collected from third parties
- The identity and the contact details of the recruitment agency or the platform on which we found your personal data (eg. Linkedin, Actiris, Forem, Stepstone, etc);
- The contact details of their data protection officer, where applicable.
Syngenia SA save your personal data in paper files, in electronic files and in our database MySyngenia.
2.1 Personal data Syngenia collects about you
If possible, we will try to collect the Personal data directly from the person concerned. However, it may be necessary to collect Personal data from third parties in the context of future relationships (e.g. customers or candidates).
2.1.1 Information you provide us
- contact form filled out by you (website Syngenia): name, email, company, job title, phone number, and message;
- job applications (directly by mail, letter or through the website Syngenia or through recruitment company): application forms, CV, interview notes and related recruitment information;
- content of correspondence with us (by email, phone or letters);
- information relating to your use of our products or services;
- contact details of past, present and future customers, suppliers, partners or consultants
- Any other personal data relating to you that you provide to us.
We will not process any special data category except if we are obliged to do so under applicable legislation. Syngenia SA only collects sensitive personal data (eg.: your health data or an extract of your criminal record) to the extent that it is necessary to meet its legal obligations, For other cases related special data, we will always request your explicit consent.
2.1.2 Information we may automatically collect if you visit our website
- technical information, including IP address, login information, browser type and version
Finally, information collected on our site may be stored and processed into anonymous statistics or log files for internal use, such as traffic and profile analysis.
2.2 Lawful basis and purposes of the Processing
The GDPR lists a limited number of lawful bases on which a Controller can rely to Process Personal data:
- the consent of the data subject,
- the performance of a contract between the data subject and the Controller,
- a legal obligation to which the Syngenia is subject to ensure compliance with local employment, social security laws and regulations,
- the vital interest of a natural person,
- the performance of a task carried out in the public interest,
- the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
The lawful basis on which Syngenia relies to collect and Process your Personal data will vary depending on the Personal data itself and the specific purpose for which Syngenia collects it.
2.2.1 In general
We may have to Process all categories of Personal data to comply with applicable legal or regulatory requirements.
We also may have to Process Personal data on the basis of our legitimate interests, to:
- identify you and give you access to our buildings/parking if you visit our premises;
- organize meetings and video conferences if you take part to such meetings;
- keep the IT infrastructure safe by filtering the Internet traffic (if you connect to our network);
- verify whether Syngenia’s ethics and embargo rules are respected;
- follow up on Ethics Whistleblowing, avoid and solve ethic incidents;
- comply with relevant industry standards and our policies, and for litigation or defense of claims.
2.2.2 Customers’ and prospects’ (employees’ and representatives’) personal data
On the basis of our legitimate interest, we may use the Personal data:
- for the performance of the contract(s) between your company with Syngenia (delivery and invoicing of our products and services);
- in order to take steps at your request prior to entering into a contract with your company;
- for the execution and analysis of market surveys and marketing strategies;
- to further inform you about our products and services that are in line with our already existing relationship and for some specific marketing;
- to prevent risks of fraud and corruption (a.o. registration of the gifts received by and offered to clients and prospects).
2.2.3 Suppliers’ and partners’ (employees’ and representatives’) personal data
We Process your Personal data to conclude and execute our agreements and manage our relationships (contractual basis) or the contractual relationship between Syngenia and your employer (legitimate interest), and amongst others to:
- give you access to our premises;
- control the staff working on the premises;
- provide training;
- prevent risks of fraud and corruption (a.o. registration of the gifts received by and offered to suppliers’ and partners’ employees and representatives).
We can Process your data as part of our commercial offers to (potential) customers
2.2.4 Investors’ and shareholders’ data
We use your Personal data in order to manage our relationship and our obligations to you. We maintain contact details for external communications and to respond to your queries.
2.2.5 Job applicants’ or sourced candidates’ data
Your personal data are collected, processed, used and stored for the execution of the delivery of HR services, i.e. recruitment and selection procedures and further employment or outplacement. We process your personal data in order to take steps at the request of the applicant prior to entering into a contract or when it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for Syngenia SA.
More specifically, your personal data are processed for the purposes of:
- asses your profile and skills to fit the job offers. In order to assess your suitability for any position for which you may apply at Syngenia SA including associate positions and also any business support or services role;
- ensure an effective communication with you and/or our clients in the accomplishment of our recruitment missions including, making you specific job offers and taking steps at the request of the applicant prior to entering into a contract;
- accompany you throughout the all recruitment process
- keep you informed of our new or other existing job offers by identifying services you may be interested in;
- process and respond to requests, enquiries or complaints received from you;
- establish, exercise or defend a legal claim and proceeding against Syngenia SA and its staff; respond to requests from the Belgian Data Protection Authority, where appropriate.
2.2.6 Consultants’ data
We Process your Personal data on a contractual basis for recruiting, managing or terminating your consultancy employment at Syngenia. On the basis of our legitimate interest, we can Process your Personal data:
- as part of our commercial offers to (potential) customers;
- to give you access to our premises;
- to control the staff working on the premises;
- to provide training;
- to manage phone services;
- to prevent risks of fraud and corruption (a.o. registration of the gifts received by and offered to consultants).
In any case, Syngenia only Processes Personal data in a way that is compatible with the purposes for which the Personal data was collected or which is authorized by law or with the prior consent of the data subject
Syngenia takes all appropriate steps to ensure that Personal data are accurate, up to date and reliable for the purposes intended. Please note that you are also partly responsible for the accuracy of your Personal data. If certain information changes, we invite you to notify us as soon as possible.
2.4 How do we protect your personal data?
We use a variety of technical and organizational measures necessary to protect your personal data from destruction, loss, alteration, unauthorized access or processing, including physical, electronic and managerial measures to ensure the security, accuracy and currency of your personal data. These measures include:
- education and training of the staff concerned so that they are informed of our obligations regarding the protection of personal data processing;
- administrative and technical controls to restrict access to personal data;
- technological security measures, including firewalls, encryption, antivirus software and pseudonymization of your personal data.
These security measures are regularly reviewed and adapted to ensure an adequate level of protection of your personal data.
2.5 Retention period
Your Personal data is kept in our information systems only for as long as is necessary for the purposes for which it was collected (as described above). It will be deleted once it is no longer needed by us and once all requirements at law have been met.
We will retain and use your Personal data for as long as reasonably necessary to perform our agreements or to consider tenders, to comply with our legal obligations (such as accounting and tax obligations) and to resolve disputes or enforce our agreements. Therefore, your Personal data will be held during the duration of our contractual relationship and up to 10 years thereafter.
Application forms (CV’s), interview notes and references of unsuccessful internal and external candidates are kept for a period of four weeks following the last interview (or two years if you gave your consent in this regard).
In all cases Personal data may be kept for a longer period of time where there is a legal or regulatory reason to do so, or a shorter period where the individual objects to the Processing of their Personal data and there is no longer a legitimate purpose to retain it.
3. INTERNATIONAL DATA TRANSFERS
Apart from exceptional and very limited situations, Syngenia stores all Personal data on servers that are located within the European Union. In limited cases, Syngenia may transfer your Personal data to other countries, outside of the European Economic Area. In such case, Syngenia will take appropriate or suitable measures to ensure that your Personal data is exclusively Processed in accordance with this Privacy Statement and the applicable laws and that adequate levels of protection have been implemented in order to safeguard your Personal data. These arrangements can include Binding Corporate Rules for transfers within the ENGIE Group, the European Commission’s standard contractual clauses or approved certification mechanisms or other measures to provide an adequate level of data protection under applicable law. If you wish to obtain a copy of the safeguards Syngenia has in place, please use the contact details described below.
4. DISCLOSURE OF PERSONAL DATA
Syngenia does not share your Personal data with third parties, unless:
- with our legal successors and other affiliated companies within the ENGIE and Syngenia group, for the same purposes as specified in this Privacy Statement;
- with subcontractors and third parties for the purpose of the performance of a contract that we hold with them or that we hold with you;
- with third parties service providers who perform services on our behalf to help us with our business activities. These service providers are limited to only using your Personal data as instructed to carry out their tasks;
- permitted or required by applicable law or regulatory requirements;
- with law enforcement authorities or other government officials;
- with other third parties with your consent
In principle, Syngenia will not share, transfer or otherwise distribute your personal data. However, please note that some of the recipients of your personal data, including our IT service providers, may be located in countries outside the European Economic Area whose laws do not always provide an equivalent level of protection for your data.
If we transfer your personal data to other countries, outside of the European Economic Area, Syngenia SA will take measures to ensure that your personal data is exclusively processed in accordance with this Privacy Statement and that adequate levels of protection have been implemented in order to safeguard your personal data. These arrangements can include Binding Corporate Rules for transfers within the ENGIE Group, standard contractual clauses or approved certification mechanisms
5. YOUR RIGHTS
As a data subject, you are granted different rights in connection with your Personal data. However, Syngenia can take reasonable steps to verify your identity before proceeding with your request. Your rights are the following:
- Right to be informed – Syngenia is transparent by providing you any information relating to the Processing of your Personal data via this privacy statement or specific information notices at the time of collection.
- Right to access – You have the right to request access to and receive details on the Personal data Syngenia holds about you and to obtain a copy thereof. We may require proof of identity before fulfilling such requests.
- Right to rectification – If the Personal data that Syngenia holds about you is inaccurate or incomplete, you have the right to ask us to update or rectify it.
- Right to be forgotten – You have the right to request Syngenia SA to erase all your personal data. We will delete your personal data without undue delay if we do not have any legal reason or legitimate purpose to continue to process it.
- Right to restrict Processing – In some specific cases, you have the right to ask Syngenia to restrict how we Process your Personal data (e.g. when you contest the accuracy of the Personal data, for a period enabling the Controller to verify the accuracy of the Personal data). This means Syngenia is permitted to store the data but not further Process it.
- Right to data portability – This right only applies to Personal data that you have provided to Syngenia, based on your consent or for the performance of a contract and when the Processing is carried out by automated means. Syngenia will provide your Personal data in a structured, commonly used and machine-readable format to be able to transmit it to another Controller, or have it directly transmitted by Syngenia if technically feasible.
- Right to object to the processing– You have the right to object to the Processing of your Personal data, on grounds relating to your particular situation, if the Processing is based on the legitimate interest of Syngenia or on public interest. Syngenia will discontinue the Processing of your Personal data, unless we can demonstrate compelling legitimate grounds for the Processing which override your interests or rights, or for the establishment, exercise or defence of legal claims.
- Right to object to profiling – You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data based on profiling. The purpose of profiling is to collect information about an individual in order to analyze his characteristics and behaviors in order to place him in a certain category and/or to predict or evaluate some of his characteristics such as the ability to perform a task, his interests, etc.
- Right to withdraw consent – Where your consent was required for the collection or use of your Personal data, you have the right to withdraw your consent at any time. For example, you may choose to stop receiving our newsletter by following the unsubscribe instructions included in the emails. However, this withdrawal does not affect any Processing operations previously carried out on the basis of your consent.
- Right to lodge a complaint – You have the right to lodge a complaint with the supervisory authority (in Belgium: the Data Protection Authority) if you consider that the Processing of your Personal data infringes this Privacy Statement or the GDPR.
For more information, please contact your local data protection authority (contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here).
You can exercise your rights by sending a request by email to firstname.lastname@example.org or by post to:
c/o Legal – GDPR
Boulevard Simon Bolivar 36
Syngenia will provide you with information about the action taken on the request without undue delay and in any event within one month after receipt of the request unless the applicable data protection law would allow for an extension of such period.
6. CHANGES TO THE PRIVACY STATEMENT
Syngenia may amend this Privacy Statement from time to time to reflect new legal or regulatory obligations, or in response to new data Processing activities. Any such changes will be posted on the Syngenia website and will be effective from the time they are communicated, or, if required, when we have obtained your consent. We advise you to check back frequently to see any updates or changes. This Privacy Statement was last reviewed on November, 2019
For questions regarding this Privacy Statement or the processing of employees’ Personal data, you can contact the Data Privacy Manager (DPM) or send an email to: email@example.com.
Bld Simon Bolivar 36
1000 Brussels – Belgium
- +32 2 773 82 11
- +32 2 773 96 60
(*) Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
(**) Employees of Syngenia can consult the Privacy Statement to Employees on the Privacy page of the Syngenia intranet