Personal data and recruitment

EMPLOYEE DATA PROTECTION POLICY

Scope of Application

Oney Bank (hereinafter referred to as “Oney”) attaches the utmost importance to the protection of your personal data.

Any operation involving your personal data is carried out in compliance with the regulations in force, in particular European Regulation 2016/679 on the protection of personal data and the French Data Protection Act 78-17 of 06/01/1978.

Oney acts in complete transparency, and the purpose of this data protection policy is to inform you as an employee:

  • of how Oney collects, uses, shares, protects and processes your personal data;
  • of your rights relating to personal data and how you can exercise them.

I. The collection of your personal data

Oney only collects information that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Oney acts as data controller and, as such, is responsible for the personal data it processes.

Personal data is any information which can be used, directly or indirectly, to identify a natural person, such as, for example, the contact details of employees, their bank details, etc.

Oney may collect your personal data through the employee information form or any associated document or additional letter that you communicate to Oney or through other sources, such as details given during interviews, data generated by your work (e.g. clocking in/out) and data generated by Oney (e.g. pay slips).

II. Purposes for which your data may need to be processed

Personal data will only be processed or used to the extent that this is necessary for:

  • Administrative management of personnelstaff
    • Managing employees’ professional files;
    • Managing internal directories and organisational charts;
    • Managing individual allocations of supplies, equipment, vehicles and payment cards;
    • Creating statistical reports or lists of employees to meet administrative management needs;
    • Managing company elections;
    • Managing meetings of staff representative bodies.;
  • Provision of IT tools to staff:
    • Monitoring and maintenance of IT equipment;
    • Management of computer directories to define permissions for access to applications and networks;
    • The implementation of systems designed to ensure the security and proper functioning of computer applications and networks;
    • Management of work emails;
    • Oney’s internal virtual private networks enabling the dissemination or collection of personnel management data (intranet).;
  • Work organisation:
    • Management of work calendars;
    • Management of staff tasks.;
  • Career and mobility management:
    • Staff career appraisals,
    • Management of internal professional skills;
    • Validation of acquired work experience (VAE);
    • Career simulation;
    • Management of career mobility.
  • Staff training:
    • Monitoring of training requests and training carried out;
    • Organisation of training sessions;
    • Assessment of knowledge and training.

III. Who will receive your personal data?

The information collected is intended for the Human Resources Department and, where applicable, the relevant employees and managers in Oney Group entities for which access is required. Oney may communicate your personal data to subcontractors or agents entrusted with carrying out any services that fall within the scope of achieving the purposes defined above. These trusted parties are contractually bound to respect the confidentiality and security of the data to which they have access and to use it exclusively in the context of the services entrusted to them.

Oney employees authorised to access personal data in line with their job and their assignment are bound by confidentiality obligations.

Finally, information about you may be communicated to any person or any public or private entity, including administrations, when this request is provided for by law.

IV. Transfer of personal data outside the european union

For the purposes of the objectives specified above, Oney may communicate information about you to other Group entities. Some of these entities may be located outside the European Union and outside the countries recognised by the European Union as having laws that guarantee adequate protection of personal data (notably Oney Russia and Oney Ukraine). In accordance with current regulations, Oney has taken the necessary measures to ensure that personal information transferred in this way is protected in terms of its security, integrity and confidentiality. All data transfers are carried out in accordance with the regulations in force, and are covered by the standard contractual clauses established by the European Commission, as listed on the CNIL website: https://www.cnil.fr/fr/les-clauses-contractuelles-types-de-la-commision-europeenne.
Where necessary, Oney will provide you with the appropriate specific information, in accordance with the regulations in force.

V. How long do we keep your data?

Your data is kept by Oney for the duration required in light of the purposes for which it has been collected and processed, as described above.

At the end of your contractual relationship with Oney, your personal data will be kept for the legal retention periods applicable to Oney (five or ten years in the event of an occupational accident).

VI. Your rights

Under the applicable regulations, you can exercise the rights defined below, free of charge and at any time, with Oney, by post or electronically, at the following addresses: “Oney – service Ressources Humaines – CS 60006 – 59895 Lille Cedex 9” / “donneespersonnellesrh@oney.fr”.

  • the right of access: you can obtain a copy of all data about you processed by Oney, as well as details of the purposes/nature of the processing operations carried out on your data;
  • the right to rectification: you have the right to obtain rectification of inaccurate data about you and/or to have incomplete data completed;
  • the right of erasure (right to be forgotten): you have the right to get data about you erased when (i) this data is no longer necessary in relation to the purposes for which it was collected, (ii) you are exercising your right to object to the processing in question, or (iii) the personal data has been unlawfully processed. However, this right does not apply when the storage of your data is necessary for Oney to comply with a legal obligation or for the exercise of legal rights;
  • the right to restriction of processing: you can restrict the processing of your data if you dispute the accuracy of said data, for a period enabling Oney to carry out adequate checks. The same applies when Oney no longer needs the data but it is still necessary for you to defend a legal claim, or when you are exercising your right to object, pending verification of your request by Oney. When such a restriction is put in place, the data can only be processed with your consent or for the defence of legal claims;
  • the right to data portability: you have the right to data portability in certain specific circumstances, when (i) you have provided Oney with your personal data, (ii) the processing requires your consent or is needed to perform a contract with you and (iii ) the process is automated;
  • the right to object: you can ask Oney, on grounds relating to your particular situation, to stop its processing of your personal data in pursuit of its legitimate interests. Oney will then stop this processing unless it can show compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.
  • the right to withdraw consent: when we have relied on your consent as the legal basis for processing, you can withdraw your consent at any time. The withdrawal does not invalidate processing on the basis of consent that occurred before said withdrawal
  • the right to define general and specific directives to define the way in which you intend the above rights to be exercised after your death.

You also have the right to lodge a complaint with the French supervisory authority or that of the country in which you usually reside if you consider that Oney has processed your data in violation of the provisions of the European Regulation on the protection of personal data. In France, the supervisory authority responsible for compliance with data protection obligations is the National Commission for Data Protection (CNIL).

VII. Data protection officer

For further information, you can contact the Oney Data Protection Officer at the following postal address: ONEY – DELEGUE A LA PROTECTION DES DONNEES – CS 60006 – 59895 LILLE CEDEX 9, or via email at dpd@oney.fr.