Politique de confidentialité des candidats (EN)

Policy updated in February 2025

This privacy policy (the "Policy") covers The Ritz Group's (as defined below) use of candidates' Personal Data (as defined in Section 2 below).

You are reading this Policy because you are applying for a job or have already applied for a job with one of the Ritz Group entities. It tells you how and why your Personal Data will be used in our recruitment process.

For the purposes hereof, the terms "Ritz Group", "we", "us" and "our" refer, together, to the companies:

  • Peach Invest France ("PIF")[1] , trading as Ritz Paris Le Comptoir,
  • Ritz Enterprise SA ("RESA")[2]
  • Ritz Brand Services ("RBS")[3] and 
  • Ritz Group Services ("RGS") [4].

If you apply to The Ritz Hotel Paris (The Ritz Hotel, Limited "TRHL"), you are not covered by this Policy.

As independent or joint data controllers, the entities of the Ritz Group guarantee the protection and security of your Personal Data. 

  1. Our privacy commitments

We undertake to use our best efforts to ensure the protection and security of your Personal Data in accordance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (the "GDPR") and the laws locally applicable to each of the Ritz Group entities, including, for France, Law No. 78-17 of January 6, 1978 on data processing, data files and individual liberties (“Informatique et Libertés”) and, for Switzerland, the Federal Data Protection Act (the "DPA") of September 25, 2020 (Status as of September 1, 2023) (together with the RGPD, the "Data Protection Laws").

 

  1. Methods of collecting Personal Data

Personal data ("Personal Data" or "Data") is defined as "any information relating to an identified or identifiable natural person". An identifiable natural person is "a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity".

As part of our recruitment procedures, we collect Personal Data by various means: either directly from you, or indirectly (for example, through recruitment sites such as HelloWork, Indeed and LinkedIn, recruitment agencies, temporary employment agencies, social networks, people who have referred you, or sources open to the public such as LinkedIn, France Travail and any other job advertising site). 

We collect Personal Data directly from you: 

  • when you apply via a job ad site by providing us with your information (including the information provided in your curriculum vitae and cover letter);
  • when you contact us by any means, including e-mail or regular mail; and
  • during an interview, its organization and follow-up.

When you voluntarily provide Personal Data, you undertake to provide accurate information that is not prejudicial to the interests or rights of third parties. 

In addition, we collect Personal Data about you from third parties, in particular from a recruitment agency or when an employee of the Ritz Group or TRHL transfers your application to us. 

 

  1. Data controller

The person responsible for processing Personal Data will be the Ritz Group entity that recruits or intends to conclude an employment contract with you.

Thus, depending on the entity to which you have sent your application, it will be :

  • Peach Invest France (‘PIF’) if you are applying to Ritz Paris Le Comptoir, 
  • Ritz Enterprise SA (‘RESA’), 
  • Ritz Brand Services (‘RBS’), or
  • Ritz Group Services (‘RGS’).

If we believe your application is relevant to a job opening at another Ritz Group entity, we may share your Personal Data with them after informing you.

As part of the management of recruitment, the entities of the Ritz Group may share candidates' Personal Data when they act in support of each other. They then act as sub-contractors, in compliance with contractual obligations and appropriate security measures guaranteeing the protection of Personal Data. 

 

  1. Personal Data collected

To meet these purposes, only personal information that is strictly necessary to assess your suitability for the job offered or to measure your professional aptitude will be requested during the selection phase. To this end, we will ask you :   

  • your identity (including your title, first name, surname and nationality) ; 
  • your contact details (including postal address, e-mail address, telephone number); and
  • Data relating to the qualifications you have obtained, your professional experience, your professional skills and aptitudes in relation to the position offered. 

We also process any data that you may have provided on your own initiative.

Failure to provide this Data will make it impossible for you to participate in the recruitment process. Exceptionally, we may collect Data considered sensitive under current legislation only where it is strictly necessary for recruitment to the post concerned.

In the event that your application is accepted for the conclusion of a contract, we will ask you for the information and supporting documents required to complete the compulsory formalities. The provision of this information is a precondition for the conclusion of an employment contract for successful candidates. In addition, the provision of certain categories of information and supporting documents (civil status, address, social security registration number, residency status, etc.) is mandatory for successful candidates. Consequently, failure to provide this Data will make it impossible to conclude an employment contract. 

 

  1. Use of your Personal Data - Purposes and legal basis of collection

The processing carried out by the human resources department is intended to: 

  • To manage the recruitment process and, in particular, to communicate with you about the recruitment process, to assess your suitability for the position offered and to measure your professional skills. The processing of your Personal Data is based on your consent, i.e. your wish to apply for a position with the Group, or on a legitimate interest, e.g. to assess your suitability for the position offered and to measure your professional skills;

  • Comply with compulsory formalities: in this case, the processing of your Data is necessary to comply with our legal obligations (for example, to comply with our health and safety obligations or to verify the existence of a work permit for a foreign candidate); and 

  • To fill the administrative file of successful candidates: in this case, the processing of your Data is necessary to take steps prior to the conclusion of your employment contract, or any other similar agreement with us, including in particular any pre-contractual measures taken at your request.

If you agree, the information you provide may be kept by the Group entity concerned in order to contact you again if a job offer matches your profile (CV database). Processing will then be based on your consent.

If we need to use your Personal Data for a reason other than those mentioned above, we will inform you and explain the legal basis that allows us to do so.

 

  1. Use and transmission of Personal Data

  1. Retention period of Personal Data

The Data is retained for the duration necessary to complete the recruitment process. Data concerning selected candidates will be incorporated into their administrative file and archived for the applicable retention period, up to five (5) years after the end of the employment relationship.

At the end of the recruitment process, the Data concerning unsuccessful candidates will be retained for three (3) months to allow them to obtain explanations regarding the reasons for this decision.

The Data concerning candidates may be retained in an intermediate archive for evidentiary purposes, particularly to protect against potential discrimination claims, for a period of five (5) years from the closure of the recruitment process.

Subject to obtaining their consent, the Data of unsuccessful candidates will be retained exclusively for inclusion in a CV database and to offer them new job opportunities, if applicable, for a period of two (2) years from the last contact with the candidate.

 

  1. Recipients of your Personal Data 

Your file is treated as confidential. Only the parties designated below have access to it, for the following reasons:

  • Employees of the Ritz Group entity who need access to your Personal Data and are authorized to process it for the aforementioned purposes, and who commit to maintaining confidentiality (for example, the HR department and the head of the department involved in the recruitment). Your Data may be transferred to another entity of the Ritz Group if your profile matches its needs. Additionally, in the context of managing any potential dispute related to the recruitment process, the RGS entity, which provides legal support to other Ritz Group entities, may access your Personal Data for this purpose.

  • Third parties acting on behalf of the Ritz Group or the relevant entity, according to our prior instructions outlined in a binding contract compliant with Data Protection Laws, including:
  • Fed Legal (recruitment agencies)
  • Staffmatch (temporary staffing agency)
  • LinkedIn Recruiter (online recruitment solution)
  • Monday (recruitment tracking software);

  • Authorities and/or competent organizations that need to be informed of your hiring (such as unemployment insurance, health insurance, pension, and mutual insurance) or third parties, in accordance with legal obligations or in the context of a legal procedure.

When we share your Personal Data with third parties acting as data processors (under GDPR), we take the appropriate and necessary measures to ensure that our processors handle your Personal Data in compliance with Data Protection Laws.

 

  1. Recipients outside the European Economic Area 

Your Personal Data is hosted on servers located in the European Economic Area ("EEA"). 

Your Personal Data may be processed outside the EEA, including via remote access. We undertake not to carry out any transfer of such Data outside the EEA without implementing the appropriate safeguards required by Data Protection Laws, in particular through the use of adequacy decisions issued by the European Commission, Standard Contractual Clauses (”SCC”) or the adoption of additional measures to ensure the protection and confidentiality of your Personal Data.

You can obtain further information on transfers and the safeguards implemented in this respect, as well as a copy of the STCs or other safeguards implemented in connection with transfers, by contacting us by e-mail at the postal addresses given in the introduction to this document, or by e-mail at dpo@ritzgroupservices.com.

 

  1. Protection of your Personal Data: security and confidentiality

Your file and your Data are treated confidentially and will be accessible only if necessary, and only by the persons referred to above in article 5.b. "Recipients of your Personal Data".

We implement organizational and technical (software and physical) security measures to protect your Personal Data against alteration, destruction and unauthorized access.

In particular, we apply these measures to ensure the protection of your Personal Data, both when it is stored and when it is transmitted, in order to prevent unauthorized access by third parties and to reduce the risk of accidental loss.

We also have procedures in place to deal with any potential breach of Data security. We will notify you and any relevant supervisory authority of any suspected breach of security of Personal Data where we are required to do so under Data Protection Laws.

 

  1. Individuals' rights regarding the Personal Data collected

In accordance with Data Protection Laws, you may at any time request access to, rectification, deletion and portability of your Personal Data, ask to restrict its processing or object to it. Where processing is based on your consent, you may withdraw it at any time. 

Your rights are summarized below:

  • Right to information (Articles 13 and 14 of the GDPR): you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data and about your rights.

  • Right of access (Article 15 of the GDPR): you have the right to obtain a copy of your Personal Data that we process and other information (similar to that provided in this Policy) about how we use it

  • Right of rectification (Article 16 of the GDPR): you can ask us to rectify any errors in your Personal Data or to complete them.

  • Right to be forgotten (Article 17 of the GDPR): you can ask us to delete your Personal Data, in certain situations. The right to erasure (or the "right to be forgotten"), is not absolute and is subject to specific conditions. We may retain your Personal Data to the extent permitted by Data Protection Laws, in particular where processing remains necessary to comply with a legal obligation to which we are subject for the establishment, exercise or defense of legal claims. 

  • Right to limit processing (Article 18 of the GDPR): you can ask us to limit the processing of your Personal Data, in certain circumstances, for example if you dispute the accuracy of that Data. This allows you to ask us to suspend the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for its processing.

  • Right to portability (Article 20 of the GDPR): you have the right to request to receive the Personal Data you have provided to us, in a structured, commonly used and machine-readable format and/or to transmit this Data to a third party, if the Data is subject to automated processing or if the processing is based on the legal basis of consent or contract performance. 

  • Right to object to processing (Article 21 of the GDPR): you may object to us processing your Personal Data at any time during the processing of your Personal Data if the processing is based on the legal basis of legitimate interest. 

     

  • Right to directives after your death (article 85 of the French Data Protection Act « Loi Informatiques et Libertés »): you can give directives concerning the conservation, deletion and communication of your Personal Data after your death.

Where the processing of your Personal Data is based on your consent, you may decide to withdraw it at any time. If your consent is withdrawn, this will not affect the processing of your Personal Data based on other legal grounds, in accordance with Data Protection Laws

If you have any questions about the protection of your Data or if you wish to exercise your rights, you can contact the team in charge of the protection of personal data at the Ritz Group at the following address: 

dpo@ritzgroupservices.com

or

Ritz Group 

Data protection team

3 rue La Boétie, 75008 Paris, France

 

Please note that exercising any of the above rights requires you to specify the right you wish to exercise. You may also be asked to provide certain additional information (for example, a copy of a valid form of identification, such as an identity card or passport) to enable us to verify your identity. This is to ensure that your request is processed securely and to protect you against fraudulent attempts by third parties.

In the event of difficulties, you also have the right to lodge a complaint with a data protection authority, either :

  • For candidates who have applied to RESA: the Swiss Federal Data Protection and Information Commissioner (FDPIC), located at Feldeggweg 1, 3003 Bern, Switzerland.

  • For candidates who have applied to another Ritz Group entity: the Commission Nationale de l'Informatique et des Libertés (CNIL), located at 3 Place de Fontenoy TSA 80715, 75334 Paris Cedex 07, France.) For further information, please visit www.cnil.fr. 

     

  1. Policy update 

We may modify and update this Policy from time to time. When we make changes to this Policy, we will change the update date at the beginning of the Policy to indicate when such changes have come into effect. We advise you to consult our Policy regularly.

If we wish to use your Personal Data in a manner different from that stated in the Policy applicable at the time of collection of such Data, or if we change this Policy in any material way, we will notify you. 

 

[1] Simplified joint stock company with capital of 1,000 euros, headquartered at 3 rue La Boétie, 75008 Paris, France, registered in the Paris Trade and Companies Register under number 894 335 199.

[2] Company incorporated under Swiss law, with registered office at rue du Rhône 42, 1204 Geneva, Switzerland, registered in the Commercial Register of the Canton of Geneva under number CHE-100.374.228.

[3] Simplified joint-stock company and a capital of 1,000 euros, headquartered at 3 rue La Boétie, 75008 Paris, France, registered with the Paris Trade and Companies Register under number 912 390 994.

[4] Simplified joint stock company with share capital of 1,000 euros, headquartered at 3 rue La Boétie, 75008 Paris, registered with the Paris Trade and Companies Registry under number 893 395 459.