Thales | Candidate Privacy Policy

THALES INFORMATION NOTICE
RELATING TO THE PROTECTION OF PERSONAL DATA

Effective Date: June 22, 2026

THALES PRIVACY POLICY

The protection of your personal data is a priority for Thales, which ensures that your personal data is processed with complete transparency and security.
To this end, Thales has adopted Binding Corporate Rules (BCR).
The Thales BCR were approved by the French supervisory Authority (CNIL) in deliberations no. 2023-144 and no. 2023-145 dated December 21, 2023.

The BCR constitute the Thales Group's policy relating to the protection of personal data, defining the principles and procedures implemented by Thales in the context of any processing of personal data. You can access the Thales BCR by clicking here.

INFORMATION NOTICE RELATING TO THE PROTECTION OF PERSONAL DATA ON THE SITE CARRIERE THALES

The purpose of this notice is to provide you with information regarding the processing of data concerning you that are collected through the website www.careers.thalesgroup.com (hereinafter the "Career Site").

The Career Site is the online platform used by the Thales Group for recruitment. It allows candidates to explore job opportunities and submit applications. It also serves as a global talent community ("Talent Community") that enables Thales to identify and connect with potential talent worldwide.
When you apply in response to a job offer or register to join our Talent Community on the Career Site, Thales S.A., a public limited company registered in the Nanterre Trade and Companies Register under number 552 059 024, whose registered office is located at 4, rue de la Verrerie, 92190, Meudon, France, and the other companies of the Thales Group (hereinafter "Thales" or "we") are required to collect and process information about you.
When you apply in response to a job offer on the Career Site, the recruiting Thales entity acts as data controller.
In addition, as part of the general management of the Thales Group, Thales S.A. also has access to your personal data and processes them as a separate controller.
When you register to join the Talent Community on the Career Site, Thales S.A. and the other companies of the Thales Group need to collect and process your information.
In this case, Thales and the other companies of the Thales Group act as separate data controllers, i.e. Thales determines the purpose and manner of processing your personal data.

1. Is the collection of your personal data mandatory on the Thales Career Site?

The collection of personal data (in particular cookies) when you browse the Career Site and view online information is optional.
On the other hand, when you apply in response to a job offer or register on the Career Site to join our Talent Community, we must collect and process personal data about you.
All responses in the fields marked with an asterisk are mandatory. The other answers are optional and will not affect the processing of your application.

2. What is the scope of this information notice?

This notice applies to external candidates who wish to explore and/or apply for Thales job offers published on the Career Site.

3. What personal data do we collect and process?

We need to collect on the Career Site and process the following information:

Data relating to your identity such as your first and last name;
Data related to your professional experiences such as the jobs you have held and the internships completed as well as the references of your previous employers;
Data related to your skills, training, studies, certifications and diplomas obtained;
Contact data such as your email address, postal address, telephone number, country of residence;
Data related to your achievements and interests;
Data relating to your browsing on the Career Site (connection logs, IP address, technical data related to the equipment and browser used, cookies and other trackers);
Data relating to the management of contacts and technical services (timestamp and subject of requests, follow-up);
Communication between you and Thales (for example, when confirming an interview or preparing screening questions and responses regarding your application);
Information you have publicly shared on professional networking platforms, provided that you have given us your prior consent to collect such information.

Your personal data is collected from the online form for applying for a job, the account creation form you fill in, and/or the CV you upload.
For mainland Chinese job seeker, we do not collect the sensitive personal data defined by Chinese law, such as your face photo, photo of your identity card or passport, your sexual orientation, religious belief, physical disability, medical and health information, and financial account information. Please refrain from disclosing such information to us.

4. What are the purposes and legal grounds for processing your personal data?

Only the information about you that is strictly necessary for the achievement of the objectives described below is requested.

Purposes of the processing of personal data	Legal basis for processing
Management of the recruitment process
Research and identification of candidates in response to a job offer.	Pre-contractual measures and execution of the employment contract
Selection of candidates, assessment of their capacity to hold a job and measurement of their professional skills.
Constitution of the Thales Talent Community
Constitution of a Talent Community (namely, a set of profiles of potential candidates interested in job opportunities within the Thales Group) for sending job offers by email, SMS and/or via a ChatBot.	Your consent*
Communication
Sending prospecting regarding job opportunities, recruitment campaigns and Thales events by email and/or SMS	Your consent*
Authentication and technical management of the Thales Career Site
Authentication of users of the Career Site.	Thales’s legitimate interest
Management of navigation and security of the Career Site.	Thales’s legitimate interest

Purposes of processing personal data using an Artificial Intelligence system without automated decision-making	Legal basis for processing
Processing through the use of an Artificial Intelligence ("AI") system when you join the Talent Community When joining our Talent Community, we process your personal data in accordance with this Privacy Notice. At Thales, we use an artificial intelligence (AI)–enabled tool to support our recruitment teams by matching your skills and job positions (job title & keywords) to current and future opportunities in Thales. The AI-enabled tool functions solely as an assistive tool and does not make any decisions. All decisions throughout our recruitment process are made exclusively by a Thales recruiter who is a natural person. A full overview of how the AI-enabled tool is used within our recruitment process is provided in our Privacy Notice. To ensure full transparency, you can choose whether or not to allow the Thales recruitment teams to use an AI-enabled tool to identify opportunities within Thales that could match with your profile. Your choice will not affect your ability to join or participate in our Talent Community.	Your consent* To ensure full transparency, you can choose whether or not to allow the Thales recruitment teams to use an AI-enabled tool to identify opportunities within Thales that could match with your profile. Your choice will not affect your ability to join or participate in our Talent Community. Please select one option: ❑ I have read the Privacy Notice and I agree to the recruiter being assisted by an AI-enabled tool in the recruitment process.* ❑ I have read the Privacy Notice and I do not agree to the recruiter being assisted by an AI-enabled tool in the recruitment process.* At Thales, we aim to keep our Talent Community connected with what’s happening across our business. You can choose to receive updates featuring job openings, our people, culture, and the work we’re doing around the world.❑ I consent to receive update messages by email.* *Please note that your choices are linked to your profile; your selection cancels and replaces any previous preference you may have expressed in earlier applications.
Processing through the use of an Artificial Intelligence ("AI") system when you apply to a position and join the Talent Community When you apply to a role with Thales, we processes your personal data in accordance with this Privacy Notice. At Thales we uses an artificial intelligence (AI)–enabled tool to support our recruitment teams by matching your skills and job positions (job title & keywords) to the requirements of the role you applied to. It also highlights alternative opportunities in Thales that match your profile. The AI-enabled tool functions solely as an assistive tool anddoes not make any decisions about your application or future opportunities. All decisions regarding your application and throughout the recruitment process are made exclusively by a Thales recruiter who is a natural person. A full overview of how the AI-enabled tool is used within our recruitment process is provided in this Privacy Notice.	To ensure full transparency, you may choose whether or not to allow the use of an AI-enabled tool during the recruitment process. Your choice will not affect your application. Please select one option: ❑ I have read the Privacy Notice and I agree to the recruiter being assisted by an AI-enabled tool in the recruitment process.* ❑ I have read the Privacy Notice and I do not agree to the recruiter being assisted by an AI-enabled tool in the recruitment process.* Our recruitment teams may also reach out to you about alternative opportunities in Thales that could match with your profile. Please indicate if you wish to be considered: ❑ I want to be considered for other Job Opportunities. * At Thales, we aim to keep our candidates connected with what’s happening across our business. You can choose to receive updates featuring our people, culture, and the work we’re doing around the world. ❑ I consent to receive update messages by email. * *Please note that your choices are linked to your profile; your selection cancels and replaces any previous preference you may have expressed in earlier applications.

*You may withdraw your consent at any time without affecting the lawfulness of processing based on that consent before its withdrawal.

5. What AI systems does Thales use for the processing of your personal data?

In more detail, here are the AI technology components used, subject to your consent to AI assistance in the recruitment:

Fit Score: it is an AI enabled matching functionality that provides recruiters (individuals) with an indication of a likely match between the applications and the position concerned (matching indicated by a color signage and a code “A”, “B”, “C” or “No-Fit”). The analysis by Fit Score takes into account a limited number of objective parameters for the position (job title years of experience, skills and location), which are determined by the recruiters according to the requirements and specifications of the position concerned. Regardless of the suitability indicated by Fit Score, recruiters review all candidate profiles, no selection and/or rejection decision is made solely on Fit Score. The system (AI) does not make any selection or rejection decisions and these outcomes are not automated.
AI Discovery: it is a potential candidate sourcing solution (in other words, a proactive and anticipatory search process for potential candidates). AI Discovery thus uses AI to identify potential candidates based on skills, experience, and job titles. IA Discovery allows Thales to find/suggest potential candidates, with the right profiles, for open positions (and this without the potential candidates having yet applied for the relevant positions). This tool only suggests compatibility between a profile and a vacant position, the recruiter retaining the final decision to contact or not a potential candidate. You are included in this search scheme if you have applied for a job in Thales or joined the Thales Talent Community within the last 2 years .

6. How long do we keep your personal data?

Subject to applicable local laws within the Thales entity in which you are applying, the information concerning you, which is collected from the Career Site, is kept for a period of two (2) years from the last contact with you in the event where you are not hired within Thales*. After this two-year period, the digital data will be securely deleted or anonymised from the system after the retention period.

* To note that, in the event where you are hired within Thales, your personal data will be kept until the expiry of a 5-year period following the termination of your employment contract (subject to specific local legislation)

7. Who are the recipients of your personal data?

Thales Group companies

The recruitment officers, human resources managers and managers of the Thales Group supervising the future hire as well as the people in charge of managing the Thales Career Site may access data concerning you.
Thales is an international group with many separate legal entities. Therefore, we may share your data with other companies of the Thales Group and their employees.
When your personal data is transferred by a Thales company established in the European Economic Area (hereinafter the "EEA") or in the United Kingdom to a Thales company established outside the EEA or the Kingdom-United, in a country that has not been recognised as providing an adequate level of protection by an adequacy decision of the European Commission or the UK, this transfer is based on the Binding Corporate Rules or "BCRs" adopted by Thales.
Thales’s BCRs ensure that your personal data is treated with the same standard of protection wherever it is processed within the Thales Group. You can access the Thales BCRs by clicking here.

Thales’s external suppliers and service providers

Thales uses external suppliers and service providers in charge of hosting and maintaining the Career Site or who assist Thales during the recruitment process.
When your personal data is transferred by a Thales company established in the EEA to a third-party company established outside the EEA, in a country that has not been recognised as offering an adequate level of protection by an adequacy decision of the European Commission, Thales relies on the EU Standard Contractual Clauses as adopted by the European Commission ("SCCs") or any other appropriate safeguards.
You can obtain a copy of the SCCs signed by Thales by sending your request to the email address dataprotection.hr@thalesgroup.com.
When your personal data is transferred by a Thales company established in the UK to a third-party company established outside of the UK, in a country that has not been recognised as offering an adequate level of protection by an adequacy decision of the Kingdom-Uni, Thales relies on the International Data Transfer Agreement (IDTA) or the Addendum to the SCCs published by the Information Commissioner’s Office.

Public, governmental and/or judicial authorities

Thales may be required to disclose your data to public, governmental and/or judicial authorities by law or in connection with a dispute, legal proceeding or any other request from such authority. In this case, we make sure to only communicate the strictly necessary data.

It is also specified that Thales never sells your personal data to third parties.

8. What security measures are implemented to protect your data?

Thales undertakes to implement the necessary technical, organisational and contractual security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
However, due to the public nature and unsecured nature of the internet, Thales cannot be responsible for the security of personal data transmissions over the internet.

In addition, the Thales Career Site may contain links to third-party websites. Thales makes no representation or warranty, express or implied, as to such third-party sites. The publishers and operators of third-party websites may collect, use or transfer personal data under different terms and conditions than those of Thales which you are entitled to consult.

9. What are your rights regarding your personal data?

You have the right to access your personal data.
You can also request the rectification or erasure of your personal data.
You also have the possibility to withdraw our consent or object to the processing of your personal data and request the limitation of said processing (including the right to request cessation of the collection, processing, or use of your personal data), if applicable.
Finally, you can request the communication of your personal data in a structured and standard format.
For any request to exercise your rights or in case of a complaint, please send your request to dataprotection.hr@thalesgroup.com
You can also contact the Data Protection Officer of the Thales Group at dataprotection@thalesgroup.com.
In any case, you have the right to lodge a complaint with the competent data protection authority.

Update of the notice for the Thales Career Site

This notice of the Career Site is regularly updated to take into account, in particular, technological innovations and legislative and regulatory developments.

Date of the last revision of this notice: June, 22 2026

Link to the Thales cookie policy

Please note that Thales uses cookies when you browse the Career Site. To learn more about the cookies used by Thales click here.

ADDITIONAL NOTICE - CALIFORNIA, USA

Effective Date: November 15, 2024

This supplement to the privacy notice on the Thales career website, www.careers.thalesgroup.com, (hereinafter referred to as the "Career Site") and it applies to all persons from the State of California in the United States of America and should be read in conjunction with that notice.
The California Consumer Privacy Act (CCPA) provides residents of the State of California in the United States of America with specific rights regarding their personal data. Residents of the State of California includes (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is “domiciled” in the State of California who is outside of the State for a temporary or transitory purpose. Domicile is the place where an individual has his or her true, fixed, permanent home and principal establishment and where that person intends to return to if they are absent.

This section describes the CCPA rights that are available to employees who are California residents, and it explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable request, we will disclose to you:

the categories of personal data we collected about you;
the categories of sources for the personal data we collected about you;
our business or commercial purpose for collecting or selling your personal data;
the categories of third parties with whom we share that personal data;
the specific pieces of personal data we collected about you (also called a data portability request);
if we sold or disclosed your personal data for a business purpose, two separate lists disclosing.
- sales, identifying the personal data categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
debug products to identify and repair errors that impair existing intended functionality;
exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law;
comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
comply with a legal obligation;
make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising California, U.S.A. Access, Data Portability, and Deletion Rights

To exercise the California, U.S.A. access, data portability, and deletion rights described above, please submit a verifiable request to us via telephone or email as follows:

Via email: 1stpointhrus@thalesgroup.com
Via toll free telephone: 844-504-7271, (Monday to Friday between 8:30 AM and 7:00 PM Eastern time.)

Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal data.

You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. We will only use personal data provided in a verifiable request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will acknowledge requests within ten (10) days of receipt and we will endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal data Sales Opt-Out Rights

You have the right to direct us to not sell your personal data at any time. However, as we do not sell (as defined in the CCPA) your personal data (and will not sell it without providing you with a right to opt-out or the right to decline to authorize us to engage in a sale transaction) there is presently nothing to opt-out of.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

Contact Information

To ask questions or comment about this Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights, please contact us via email at dataprotection@thalesgroup.com.

THALES INFORMATION NOTICE RELATING TO THE PROTECTION OF PERSONAL DATA