Shipfix's Candidate Privacy Policy

Introduction

Shipfix Technologies S.A.S. and its affiliates (together, “ Shipfix ”, “ we ”, “ us ”, or “ our ”) respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how and why Shipfix processes personal data and is provided pursuant to the European Union General Data Protection Regulation (or GDPR) and other applicable privacy laws. Reading it will help you understand your privacy rights and choices.

This privacy notice is intended for every person who applies to a job offer or an internship published at Shipfix or whose profile has been sent to Shipfix by a third party or is available to the public with your consent (the "Candidates", "You").

This Privacy Policy may change from time to time so we suggest you visit this page regularly.

About Shipfix

Shipfix provides an Internet-based subscription service for the maritime and trade industries that offers businesses subscribing to the services (“Subscribers”) collaborative tools to structure trading information, improve email management, obtain valuable insights on the market and counter-parties, and identify new business opportunities (“Services”).

Controller

Shipfix Technologies S.A.S. and Shipfix LTD are responsible for how your personal data is handled as joint controllers. You can find our contact information in the “Contact Us” section below.  Additionally, we have appointed a Data Protection Officer (“DPO”). To contact our DPO, please email privacy@shipfix.com.

Personal Data We Collect

We have provided below an overview of the information we collect when you interact with our Services or the Site, and examples of how we use the specific types of information.

  1. Identification and contact data:Your name, surname, birthdate, birth place, age, email address, address, phone number as well as any identification data contained on your resume.
    Why ?
    1. To assess, manage and follow up on your application
    2. To finalise the hiring process if we offer you a position
  2. Data relating to your personal life: The ones you provide us in your CV or cover letter such as your marital status or your hobbies. Any websites showcasing your work (examples: Github, Twitter, Portfolio)
    Why?
    1. To assess, manage and follow up on your application
    2. To assess your abilities and qualifications for the position for which you applied or for which your application was submitted to us
  3. Data relating to your professional life: Your professional background (resume, education, skills, work experience, functions performed, LinkedIn profile, contact details for references you have permission to provide us, languages spoken, copy of your highest diploma, etc.)
    Why?
    1. To assess your abilities and qualifications for the position for which you applied or for which your application was submitted to us
    2. To check your references;
    3. To assess your availability
  4. Economic data: Your remuneration (previous/current position and expectations), your bank details (if we owe you traveling expenses when agreed in advance)
    Why?
    1. Assess your salary expectations
    2. If we need to reimburse traveling expenses
  5. Data related to criminal convictions and offences: In some situation, subject to, and in accordance with local regulations, we may ask for your criminal records
    Why?
    1. To ensure you are fit for the responsibilities we would give you if we were hiring you
  6. Internet Data: When you submit an application through our careers page, we collect technical information sent to us by the device you use to submit your application, such as your computer IP address, device identifiers, and how you came to our website
    Why?
    1. To improve our recruitment processes and understand how you found us
  7. Touchpoint data: Our notes, feedback, and assessments following interviews with you or calls with your references. Copies of communications with you
    Why?
    1. To track your application, reply to your questions and communicate with you throughout the recruitment process

Source of Your Personal Data:

  1. You: We rely on you to give us this personal data via our career site or when you contact us directly
  2. Others: We may also obtain your personal data from other sources that we consider relevant professionally, such as:
    1. A public LinkedIn profile, profile on other professional social networks, or publicly available sources that we consider relevant to your professional online presence (e.g. blogs, conference videos etc)
    2. Any people referring you such as Shipfix employee or other external person known to Shipfix 
    3. References we check in the recruiting process (via EveryCheck) and only upon prior approval 
    4. Headhunters and recruitment agencies who support our recruitment efforts and forward a candidate profile to us

What's the purpose and legal basis of processing these data?

  1. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract:
    1. To process your application
    2. To make informed decisions on your application and assess your suitability for the role, or for other roles available at the time you apply
    3. To coordinate and facilitate your application process
    4. To communicate with you about your application, its stage in the application process, and the roles and events that we believe may interest you
    5. To check that the information you give us access to is true and accurate, and to check your references
  2. Processing is necessary for compliance with a legal obligation to which Shipfix as Controller, or a third party, is subject:
    1. In case of litigation, in aggregated form, to create and submit reports on our recruitment practices as required by applicable laws or regulations
  3. Necessary for the purposes of the legitimate interests pursued by Shipfix as the controller or by a third party
    1. To build up a CV library so we can compare all potential candidates and keep a record of you for our future job openings
    2. To perform data analytics and reporting, to monitor, test, and improve the effectiveness of our recruiting processes and tools
    3. To ensure the probity of the employees recruited
    4. To carry out recruitment-related statistics;
    5. To carry out audits, pre-litigation and litigation (administrative control, recovery procedures, legal actions)
  4. Based on your consent
    1. When you applied directly to a job offer or sent us a spontaneous application or when you have expressly agreed for a third-party to transfer your personal data to Shipfix. 

How do we Share Personal Data?
We share your personal data with third parties in the following situations:

  1. Shipfix employees: our recruitment process is distributed between many different Shipfix employees. Your application will be shared with them transparently. They will always be duly informed by Shipfix of the confidentiality of the personal data communicated to them in this context, and we'll always make sure the right contractual measures are in place to protect you.
  2. Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with service providers, including hosting and other information technology services; email communication software providers and email newsletter providers; database and sales/customer relationship management services; payment service providers; and web analytics services (for more details on the third parties that place cookies through the Site, please see the “Cookies” section below). Pursuant to our instructions, these parties will access, process or store personal data in the course of performing their duties to us.
  3. Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

Data Retention

We keep personal data for as long as reasonably necessary for the purpose described in this Privacy Policy, while we have legitimate business need to do. so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By default, we retain your personal data for up to 2 years after our last contact unless you objects before that time. 30 days prior to this 2 year window, you may be asked for your consent to extend this retention period for an addition 360 days.

In application of the RGPD, it is possible that your data may be kept by us until the time limit for legal action has been reached. In this case, only the persons in charge of litigations at Shipfix will have access to it. At the end of these periods, your data is either deleted or irreversibly anonymised.

Your Rights

The GDPR grants European data subjects the following rights:

  • Access. You can request a copy of the personal data that we maintain about you. If you require additional copies, we may need to charge a reasonable fee.
  • Deletion and Correction. You can ask us to delete or correct the personal data that we hold about you.
  • Objection. You may have the right to object to how we use your personal data.
  • Restrict Processing. You may ask us to suspend our processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Data Portability. If required to do so, we will give you your personal data in a structured, commonly used, and machine-readable format.
  • Withdraw Consent: Where we rely on your consent to process personal data about you, you have the right to later withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy.
  • Right to decide the fate of your data after death: the right to impose the fate that you wish to reserve your Personal Data in the event of death.

To exercise these rights, please email our DPO at privacy@shipfix.com. You also have the right to submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL) sending a letter to the following mailing address:

CNIL
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07

You may also submit a complaint to then CNIL here.

You may also contact the Information Commissioner’s Office (ICO) in the United Kingdom. You can find details about how to do this on the ICO’s website at https://ico.org.uk/concerns/.

Data Transfers

In connection with the operation of our Services, your personal data will be transferred to Shipfix LTD in the United Kingdom, pursuant to the European Commission’s adequacy decision for transfers of personal data to the United Kingdom (Commission Implementing Decision of 28 June 2021).  We also rely on service providers that process personal data on our behalf in the United States.  The United States may have data protection laws less stringent than or otherwise different from the laws in effect in Europe. We have taken measures to protect the confidentiality and security of your personal data, and your rights as a data subject.

Security

We have implemented physical, technical, and administrative security measures designed to protect the confidentiality of personal data we process both online and offline from loss, misuse, and unauthorised access, disclosure, alteration or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or e-mail. Please keep this in mind when disclosing any personal data to Shipfix via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.

Links to Other Sites

The Site may contain links to other websites not operated or controlled by Shipfix, including social media services (“ Third Party Sites ”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

Cookies

We and our partners use cookies to operate and administer our Site, make it easier for you to use the Site during future visits, and gather usage data on our Site. For more information about the cookies used on our Site, please refer to our Cookie Policy , which forms part of this Privacy Policy.

Changes to The Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Site. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Site or the Services after the effective date of any modified Privacy Policy indicates your acknowledgment of the modified Privacy Policy.

Contact Us

If you have any questions about our Privacy Policy, please feel free to contact our DPO at privacy@shipfix.com, or send a letter to the following mailing address:

SHIPFIX TECHNOLOGIES S.A.S.
112 Avenue de Paris - CS 60002
94306 Vincennes Cedex
France


Last updated 19 July 2021