Job applicant data protection charter


The private and confidential nature of personal data is a priority for the Marbour Group.

We fully comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).

This charter was specifically written for people wishing to apply for a job in our group and its subsidiaries.

This charter contains important information concerning:

  • Personal datas that we collect and why we collect personal datas
  • The frame of personal datas collection
  • The communication of your personal datas
  • The retention period of the personal datas collected and the way we assure their confidentiality
  • Your rights

This job applicant data protection charter applies to the Marbour Group and its subsidiaries. We thank you for reading it.


Data protection officer

Any requests or questions concerning personal data protection must be submitted to the group’s data protection officer:


Information sources

We obtain information about you when you apply for a job advertised by the Marbour Group or one of its subsidiaries.

These personal datas are transmitted to us when you send us your CV, a cover letter or a job application form that you, complete online or on paper, and during job interviews.

Sometimes we receive this information from external organisations, such as recruitment agencies, if you submit your application to them.

The personal data we collect during the recruitment process will only be used as part of the selection process.

If you choose not to provide us with certain personal information, please be informed that we may not be able to consider your application for the job posting in question.

As part of the selection process, we may ask for professional references or additional personal information in addition to the information specified above.

The company will ensure that the personal data you share with us is not subject to automated decision-making.

Information related to your personal data to an external structure of our group will only be shared if you give your explicit consent.

We inform you that your explicit consent is the legal basis for processing your personal data.


Who do we share your personal data with?

As part of the recruitment, selection and hiring process, people in a contractual relationship with our company and external parties involved in the recruitment process may be given access to your personal data. These people are required to protect the privacy of this data.

We do not share the personal data of job applicants outside the European Community or with third parties for commercial purposes.


How long do we keep your personal data?

We do not keep your personal data for any longer than the time needed to process your application.

If your application is rejected, your data is retained for 9 months.

At the end of this period, we undertake to delete all of your personal data.

In case your application is successful, the personal data contained in your application will be kept for the duration of the contract and for a period of 5 years from the date of termination of the employment contract.


Data security

Our IT security and personal data protection policies ensure that the personal data you share with us is protected.

This protection includes encryption and pseudonymization.


Your rights

You have access, rectification, objection, erasure and portability rights, and the right to limit the processing of your data.

The rights stated in this paragraph can be exercised with the company to which you applied via a written request sent to the data protection officer, accompanied by a piece of ID.

In some cases, particularly if a manifestly unfounded request is made, we may refuse to act on the request.

You will be informed of the reason for the refusal.

If any of the abovementioned rights are exercised, subsequent to the request, the data protection officer will respond to the individual as soon as possible, taking into account the complexity and number of requests and in any case within one month of receipt of the request.

This period may be extended for up to two months where necessary.

The data controller must inform the individual of any delay and the reasons related to the response within one month of receiving the request. This period may be extended for up to two months where necessary.

November 2018
Human Ressources Department