Thales Candidate Privacy Policy
Effective Date: November 15, 2024

PERSONAL DATA PROTECTION policy

The protection of your personal data is a priority for Thales, which ensures that your personal data is processed with complete transparency and security.
To this end, Thales has adopted Binding Corporate Rules (BCR).
The Thales BCR were approved by the French supervisory Authority (CNIL) in deliberations no. 2023-144 and no. 2023-145 dated December 21, 2023.
The BCR constitute the Thales Group's policy relating to the protection of personal data, defining the principles and procedures implemented by Thales in the context of any processing of personal data. You can access the Thales BCR by clicking here.  

 THALES CAREER WEBSITE PRIVACY NOTICE

The purpose of this notice is to provide you with information about the processing of your personal data collected via the www.careers.thalesgroup.com website (hereinafter referred to as the "Career Site").
When you apply in response to a job offer or register to join the talent community on the Career Site, Thales S.A., a public limited company registered with the Nanterre Trade and Companies Registry under number 552 059 024, whose registered office is located at 4, rue de la Verrerie, 92190, Meudon, France (hereinafter "Thales" or "we") collects and processes information about you.
In this case, Thales acts as the data controller, i.e. Thales determines the purpose and manner of processing your personal data.

Is the collection of your personal data mandatory on the Thales Career Site?

The collection of personal data (including cookies) when you browse the Career Site and consult online information is optional.
On the other hand, when you apply in response to a job offer or register on the Career Site to join our talent community, we need to collect and process personal data about you.
All fields marked with an asterisk are mandatory. Other answers are optional and will not affect the processing of your request.

What personal data do we collect and process?


We collect and process the following information on the Career Site:
  • Data relating to your identity, such as your first and last names;
  • Details of your professional experience, such as jobs held and internships completed, as well as references from previous employers;
  • Information about your training, studies, certifications and diplomas;
  • Contact details such as email address, telephone number, country of residence;
  • Information about your achievements and interests ;
  • Data relating to your browsing on the Career Site (connection logs, IP address, technical data relating to the equipment and browser used, cookies and other tracers);
  • Data relating to the management of contacts and technical services (timestamping and purpose of requests, follow-up).
Your personal data is collected from the online form you use to apply for a job, from the account creation form you fill in and/or from the CV you upload.

What are the purposes and legal basis for processing your personal data?

We will only ask you for information that is strictly necessary to achieve the objectives described below.

Purposes of processing
personal data		Legal basis for processing
Managing the recruitment process
  • Searching for and identifying candidates in response to a job offer.
  • Pre-contractual measures and performance of the employment contract
  • Selecting candidates, assessing their suitability for a job and measuring their professional skills.
Building the Thales talent community
  • Creation of a talent community to send job offers by e-mail, SMS and/or via a virtual assistant (chatbot).
  • Your consent*
Communication
  • Prospecting for job opportunities, recruitment campaigns and Thales events by e-mail, SMS and/or virtual assistant (chatbot).
  • Your consent*
Authentication and technical management of the Thales Career Site
  • Authentication of Career Site users
  • Legitimate interest of Thales
  • Managing navigation and security on the Career Site
  • Legitimate interest of Thales
  *You may withdraw your consent at any time without affecting the lawfulness of the processing operations based on that consent prior to its withdrawal.

How long do we keep your personal data?

The information concerning you that is collected from the Career Site is kept for a period of two (2) years from the date of its collection, unless you withdraw your consent in advance.

 Who receives your personal data?

  • Thales Group companies

Access to your personal data may be granted to recruitment officers, human resources managers and Thales Group managers supervising the future employee, as well as to persons in charge of managing the Thales Career Site.
Thales is an international group with many separate legal entities. As a result, we may share your data with other Thales Group companies and their employees.
Where your personal data is transferred by a Thales company established in the European Economic Area (hereinafter "the EEA") or in the United Kingdom to a Thales company established outside the EEA or the United Kingdom, in a country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission or the United Kingdom, this transfer is based on the Binding Corporate Rules or "BCR" adopted by Thales. 
Thanks to the Thales BCR, wherever your personal data is processed within the Thales Group, it benefits from the same standard of protection. You can access the Thales BCR by clicking here.  
  • Thales' external suppliers and service providers
Thales uses external suppliers and service providers to host and maintain the Career Site or to assist Thales in the recruitment process.
When Thales uses a third party to process personal data on its behalf, Thales ensures that the third party complies with Thales' instructions and implements appropriate protection measures.
When your personal data is transferred by a Thales company established in the EEA to a third company established outside the EEA, in a country that has not been recognized as offering an adequate level of protection by an adequacy decision of the European Commission, Thales relies on the European Union's Standard Contractual Clauses as adopted by the European Commission (hereinafter the "SCC") or any other appropriate guarantee.
You can obtain a copy of the SCC signed by Thales by sending your request to dataprotection.hr@thalesgroup.com.
Where your personal data is transferred by a Thales company established in the UK to a third party company established outside the UK, in a country which has not been recognised as offering an adequate level of protection by a UK adequacy decision, Thales relies on the International Data Transfer Agreement (IDTA) or the Addendum to the SCC issued by the Information Commissioner's Office.
  • Public, governmental and/or judicial authorities
Thales may be required to disclose your data to public, governmental and/or judicial authorities by law or in the context of litigation, legal proceedings or any other request from such an authority. In such cases, we will ensure that only strictly necessary data is disclosed.

Thales will never sell your personal data to third parties.

 What security measures are in place to protect your data?


Thales undertakes to implement the technical, organizational and contractual security measures necessary to protect your personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access.
However, due to the public and unsecured nature of the Internet, Thales cannot be responsible for the security of personal data transmissions over the Internet.
In addition, the Thales Career Site may contain links to third party web sites. Thales makes no representations or warranties, express or implied, with respect to such third-party sites. The publishers and operators of third-party websites may collect, use or transfer personal data under terms and conditions different from those of Thales, which you should consult.

What are your rights concerning your personal data?


You have the right to access your personal data.
You may also request the correction or deletion of your personal data.
You also have the possibility of withdrawing your consent or objecting to the processing of your personal data and of requesting the restriction of such processing, where applicable.
Finally, you can request that your personal data be provided in a structured, standard format.
To exercise your rights or make a complaint, please send your request to dataprotection.hr@thalesgroup.com.
You may also contact the Thales Group Data Protection Officer at dataprotection@thalesgroup.com.
In all cases, you have the right to lodge a complaint with the competent data protection authority.

Update of the Thales Career Site notice
This Career Site notice is updated regularly to take into account technological innovations and legislative and regulatory changes. 

Date of last revision of this notice: July 2024

Link to Thales Cookie Policy

Please note that Thales uses cookies when you browse the Careers Site. To learn more about the cookies used by Thales click here.

ADDITIONAL NOTICE - CALIFORNIA, USA

Effective Date: November 15, 2024

This supplement to the privacy notice on the Thales career website, www.careers.thalesgroup.com, (hereinafter referred to as the "Career Site") and it applies to all persons from the State of California in the United States of America and should be read in conjunction with that notice.
The California Consumer Privacy Act (CCPA) provides residents of the State of California in the United States of America with specific rights regarding their personal data.  Residents of the State of California includes (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is “domiciled” in the State of California who is outside of the State for a temporary or transitory purpose.  Domicile is the place where an individual has his or her true, fixed, permanent home and principal establishment and where that person intends to return to if they are absent.

This section describes the CCPA rights that are available to employees who are California residents, and it explains how to exercise those rights.

Access to Specific Information and Data Portability Rights


You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable request, we will disclose to you:

  • the categories of personal data we collected about you;
  • the categories of sources for the personal data we collected about you;
  • our business or commercial purpose for collecting or selling your personal data;
  • the categories of third parties with whom we share that personal data;
  • the specific pieces of personal data we collected about you (also called a data portability request);
  • if we sold or disclosed your personal data for a business purpose, two separate lists disclosing.
    - sales, identifying the personal data categories that each category of recipient purchased; and 
    disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • debug products to identify and repair errors that impair existing intended functionality;
  • exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law;
  • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
  • comply with a legal obligation;
  • make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising California, U.S.A. Access, Data Portability, and Deletion Rights


To exercise the California, U.S.A. access, data portability, and deletion rights described above, please submit a verifiable request to us via telephone or email as follows:


Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal data.

You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.  We will only use personal data provided in a verifiable request to verify the requestor’s identity or authority to make the request.

Response Timing and Format


We will acknowledge requests within ten (10) days of receipt and we will endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal data Sales Opt-Out Rights

You have the right to direct us to not sell your personal data at any time. However, as we do not sell (as defined in the CCPA) your personal data (and will not sell it without providing you with a right to opt-out or the right to decline to authorize us to engage in a sale transaction) there is presently nothing to opt-out of.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

Contact Information

To ask questions or comment about this Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights, please contact us via email at dataprotection@thalesgroup.com.
Career Site Cookie Settings
Personal Information