Thales Candidate Privacy Policy
Effective Date: January 1, 2023

Thales and its subsidiaries (“Thales”) are committed to protecting the privacy of all job applicants.
This privacy statement describes how we collect, store, use and protect your Personal Data in connection with the Thales recruiting processes and how we ensure the respect of data protection legislation.  Personal Data is defined as data which relates to a living individual who can be identified by that data or from other data or information which is in the possession of Thales.
Your acceptation of the following terms is necessary to continue with the online employment application process.
This e-recruitment site is operated by Thales (31 place des Corolles, 92098 La Défense Cedex, France) who is acting as data controller.
In order to handle your application, Thales is collecting personal data.

Personal data that we collect from you
We collect personal data from you in connection with your application for employment with any Thales company as part of the Thales recruitment process, which may include the following categories of sources:
  • name, address, telephone number, e-mail address, and other identification and contact information;
  • username and password;
  • work authorization status;
  • CV, résumé, cover letter, previous work experience, and education information;
  • knowledge, skills, abilities, and preferences, including learning agility, aptitude, and working style and preferences;
  • professional and other work-related licenses, permits, and certifications held;
  • referral names and contact information;
  • information relating to character and employment references;
  • any other information you elect to provide to us (e.g., employment preferences, willingness to relocate, current salary, desired salary, awards, or professional memberships);
  • website log data when you use this Website: including your IP address, the address of the web page you visited, your browser type and settings, the date and time of your access, how you used this Website;
  • information about the device you are using to access this Website which may include the type of device, the device operating system, device settings, and unique device identifiers; and
  • information that you voluntarily provide in contact forms, registration forms and surveys, including (first and last) name, email address, telephone number and preferences;
Thales may collect this information in a variety of ways, including from application forms, CVs or résumés, identity documents, third parties (such as for references or background checks, or from recruiters), or through interviews or other forms of assessment.

Categories of personal data that we collect.
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your right to know the categories of personal data that Thales has collected from candidates for employment within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.  Some personal information included in this category may overlap with other categories.
Protected classification characteristics under California or U.S. Federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Internet or other similar network activity
Browsing history, search history, information relating to your interaction with a website, application, or advertisement.
Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.
Professional or employment-related information
Current or past job history or performance evaluations.
Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

How we use your personal data.
Any Personal Data that is collected on this website will be collected and processed fairly and lawfully in accordance with data protection and privacy legislation applicable in the countries where Thales companies are established, notably the European Regulation n 2016/679 of April 27, 2016.
Personal Data will only be used by Thales for the purpose of carrying out its employment application and recruitment process. Such uses include:
  • assessing your skills, qualifications, and interests against our career opportunities and determining your suitability for employment;
  • deciding whether to offer you a job;
  • verifying your information and carrying out reference checks and/or conducting background checks (where applicable) if you are offered a job;
  • communications with you about the recruitment process and/or your job application(s), including, in appropriate cases, informing you of other potential career opportunities with Thales;
  • recommending potential career opportunities based on your skills, qualifications, and interests;
  • tracking your browsing and email actions, such as the pages you visited on our website over time and the job postings you viewed, for analytics and job recommendation purposes, and to evaluate your interest in Thales and engage with candidates based on their level of interest in Thales;
  • creating and/or submitting reports as required under any applicable laws or regulations;
  • if we offer you employment with a Thales company, we may, where requested by you, assist you with obtaining an immigration visa or work permit where required;
  • making improvements to Thales’ job application and/or recruitment process, including improving diversity, equity, and inclusion in our recruitment practices;
  • implementing and administering IT security, including authentication and authorization to access Thales’ IT systems and networks;
  • fulfilling the purpose for which you provide your Personal Data;
  • complying with applicable laws, regulations, legal processes, or enforceable governmental requests; and/or
  • proactively conducting research about your educational and professional background and skills and contacting you if we think you would be suitable for a role with a Thales company.
If you are offered and accept employment with Thales, the personal data collected during the job application and recruitment process may become part of your employment record.
Thales does not subject you to automated decision-making.  The provision of your personal data is optional. Should you decide not to provide your personal data, Thales may be unable to continue the employment application process with you.

The legal bases for the processing of your personal data.
In order to carry out the processing activities specified therein, Thales relies on its legitimate interest in recruitment and hiring candidates for employment and in maintaining the security of the website and which do not override your data protection interests or your fundamental rights and freedoms.  We may also rely on any consent that you may provide and we may also rely upon our need to comply with our legal obligations, such as retaining records relating to the recruitment process for periods required under applicable laws or regulations.
If you have questions about, or need further information concerning the legal basis on which we collect and use your personal data, please contact us via email at
In order to carry out the data processing activities specified above,  Thales relies on its legitimate interest in recruiting and hiring candidates for employment, complying with our legal obligations, such as retaining records relating to the recruitment process for periods required under applicable laws or regulations, and in maintaining the security of its website.We may also rely on any consent to our processing of your Personal Data that you may provide.

Who receives your personal data.
Thales takes care to ensure that your Personal Data is accessed only by those persons who need such access to perform their tasks and duties, and to third parties who have a legitimate purpose for processing or accessing it.  As such, we may share your Personal Data with the following categories of recipients:
  • Thales managers in charge of the open position you applied for and by Thales Human Resource personnel and recuriters;.
  • European employees of our processor Phenom and Workday;
  • Thales subsidiaries, affiliates, or their or our successors or assignees;
  • Thales employee who may have referred you to us to inform them about the limited, general status of the referral;
  • Thales contractors, business partners, service providers, and other third parties who require your Personal Data to carry out work relating to the job applicant and/or recruitment process on our behalf, provided such parties provide at least the same level of privacy protection as is required of Thales, (these companies are authorized to use your personal data only as necessary to provide these services to us);
  • potential buyers (and their agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case, Personal Data held by us about you will be among the assets transferred to the buyer or acquirer;
  • third parties under the following circumstances where we, in good faith: (i) believe we are compelled by applicable law or regulation, judicial request from a court of competent jurisdiction, or another legal process or government authority; (ii) find it necessary to exercise, establish or defend our legal rights; (iii) seek to enforce or apply our website Terms of Use or terms of any other agreement; (iv) seek to protect Thales’ rights or property; (v) seek to protect Thales, our customers, or the public from harm or illegal activities; (vi) seek to respond to an emergency which we believe, in good faith requires us to disclose data to prevent harm; or (vii) rely on your consent.
Please note that we do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing you with a right to opt-out or the right to decline to authorize us to engage in a sale transaction).

Movement of your personal data out of the European Economic Area.
Please note: if you are applying for a position at Thales in Australia, your personal data (including sensitive information) can be accessed by service providers of Thales or its subsidiaries performing pre-employment checks (including conducting criminal record checks where permissible by law) and immigration enquiries.
Thales being an international Group, your personal data may be transferred outside of the data protection region your country is established within (for example outside of the European Union for EU employees), notably toward Thales recruiters located in the countries where Thales is established.
The transfer of your application data outside EU is for recruitment & selection purposes only. Thales will ensure adequate security measures for the transfer and processing of applicant data to the Thales locations in the countries where Thales operates.
By agreeing to this statement, you authorize Thales to process any Personal Data recorded in the form and you recognize that, for the needs of your application, your personal data can be transferred outside the European Union, in the countries where Thales is located.

The amount of time that we keep your personal data.
Personal Data will not be stored for longer than is necessary. Unless you specifically request that we do not store your Personal Data regarding  your application, we will retain the data for a period of 24 months from your latest contact with our recruitment site (note: these retention periods may be adapted if required by your national legislation).
This is to give us the ability to match your details to any future suitable vacancies that may arise. After this 24 months period your profile details will be automatically deleted. You may request the removal of your Personal Data at any time earlier than this by notifying us in writing. If you do not wish Thales to retain your details, you will be deactivated on our system, and all of your personal details will be securely deleted.

Your personal data rights.
In accordance with the relevant data protection regulations (such as the General Data Protection Regulation in the EU) you have the right to access your personal data at any time and the right to correct any inaccurate or incomplete personal data.
You also have the right to request from Thales to correct or erase your personal data as well as the right to ask for the restriction of processing, to object to the processing or ask for data portability.
You can exercise these rights, by sending your request to the contact address or number corresponding to your country/area indicated here under:
We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.
Should you feel the need to lodge a complaint or escalate any issues regarding Thales’ handling of your request, please refer to your competent supervisory authority.

California, U.S.A. rights.
The California Consumer Privacy Act (CCPA) provides residents of the State of California in the United States of America with specific rights regarding their personal data.  Residents of the State of California includes (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is “domiciled” in the State of California who is outside of the State for a temporary or transitory purpose.  Domicile is the place where an individual has his true, fixed, permanent home and principal establishment and where that person intends to return to if they are absent.
This section describes the CCPA rights that are available to California residents and it explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable request, we will disclose to you:
  • the categories of personal data we collected about you;
  • the categories of sources for the personal data we collected about you;
  • our business or commercial purpose for collecting or selling your personal data;
  • the categories of third parties with whom we share that personal data.
  • the specific pieces of personal data information we collected about you (also called a data portability request).
  • although we do not sell (as defined in the CCPA) your personal data (and will not sell it without providing you with a right to opt-out or the right to decline to authorize us to engage in a sale transaction), if that ever changes we will disclose the personal data categories that each category of recipient purchased and the business purpose of the transaction.
Deletion Request Rights
You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
  • complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with U.S. federal law, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • debug products to identify and repair errors that impair existing intended functionality;
  • exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law.
  • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the data’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
  • comply with a legal obligation;
  • make other internal and lawful uses of your personal data that are compatible with the context in which you provided it;
Exercising California, U.S.A. Access, Data Portability, and Deletion Rights
To exercise the California, U.S.A. access, data portability, and deletion rights described above, please submit a verifiable request to us via telephone or email as follows:
Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal information.
You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.  We will only use personal data provided in a verifiable request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will acknowledge requests within ten (10) days of receipt and we will endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out Rights
You have the right to direct us to not sell your personal data at any time. However, we do not sell (as defined in the CCPA) your personal data (and will not sell it without providing you with a right to opt-out or the right to decline to authorize us to engage in a sale transaction).
We will not discriminate against you for exercising any of your CCPA rights.

Security of personal data
Thales confirms that it has appropriate technical and organisational security measures in place to prevent unauthorised or unlawful processing of data, accidental loss of or destruction/damage to Personal Data.
All data submitted in Phenom and Workday are encrypted in the database within secured data center.
In the event that you are provided with a user id and/or password at any time by Thales, you are responsible for maintaining the confidentiality of that user id and/or password. You agree to immediately notify Thales of any unauthorised use of your user id and/or password.
Any breach of the above conditions may result in legal action being taken against the individual concerned.

Your Account Information is password-protected for your own privacy and security. Data transmissions are protected by industry-standard SSL-encryption. Thales may amend this policy, however if any substantial changes in the way we use your personally identifiable information are made, we will notify you by posting a prominent announcement on our pages.
By agreeing to this statement you agree to Thales processing and storing your information and Personal Data for the purposes set out above.
We inform you that you have the right to withdraw your consent at any time by sending an email to the contact address mentioned above. This will not affect the lawfulness of the processing based on consent before its withdrawal.
If you do not want your information included on our recruitment database, please decline. You have the ability to send your application file by post to the following address: Thales, Human Resources Direction, 31 place des Corolles 92098 La Défense Cedex, France.

I have read and understood the conditions regarding the protection of my personal data by Thales and give my specific and informed consent:
  • to the processing of all my data supplied within my applications for the purpose of recruitment, including through external organisations where these are used by Thales in the recruitment process.
  • to the transfer of my personal data outside the European Union, in the countries where Thales is located, for recruitment and selection purposes.