Policy for candidates

What is the purpose of our Privacy Policy?

The confidentiality of the personal data of candidates applying for a position at Lattice Medical represents, for us, a guarantee of professionalism and trust.

As such, our Personal Data Privacy Policy specifically demonstrates our commitment to ensuring that the rules applicable to the protection of personal data — and, in particular, those set out in the General Data Protection Regulation (“GDPR”) — are respected within Lattice Medical.

In particular, our Privacy Policy aims to inform you about how and why we process your personal data when you apply for a position at Lattice Medical.

Who does our Privacy Policy apply to?

This Privacy Policy applies to you, as a candidate for a position at Lattice Medical, throughout the entire recruitment process (e.g., applying for a job offer, submitting a spontaneous application, being recruited through an external agency, etc.), regardless of the duration or nature of the proposed contract (e.g., employee, temporary worker, intern, etc.).

Why do we process your personal data and on what legal basis?

As a recruiter, we necessarily process your data in order to manage recruitment activities (e.g., interviews, processing applications, salary negotiations, etc.), any travel that may occur as part of the recruitment process, and the security of our premises.

Processing is carried out based on our discussions with you during the recruitment process and on our legitimate interest in recruiting and selecting candidates.

How did we obtain your personal data?

Your data is collected directly from you through your application and your CV. We are committed to processing your data solely for the reasons described above.

However, we may also obtain your personal data indirectly from recruitment agencies, provided that you have given your prior consent to those agencies.

What personal data do we process, and for how long?

  • Any personal and professional identification data provided in your CV and cover letter (e.g., name, surname, date of birth, nationality, etc.) is retained for the duration of the recruitment process and for a maximum of 2 years after your application.

  • Any contact details provided in your CV and cover letter (e.g., email address, phone number, LinkedIn profile, etc.) are retained for the duration of the recruitment process and for a maximum of 2 years after your application.

  • Any personal and professional background data provided in your CV and cover letter (e.g., degrees, hobbies, certificates, age, marital status, driver’s license, etc.) are retained for the duration of the recruitment process and for a maximum of 2 years after your application.

  • Any economic and financial data (e.g., salaries, bonuses, etc.) provided during interviews is retained for the duration of the recruitment process and for a maximum of 2 years after your application.

  • Any specific data (e.g., residence permit, etc.) provided as part of the recruitment process is retained until the end of the employment relationship if hired, and deleted after the recruitment process if not.

  • Any relevant and required special data (e.g., disability status) provided in your CV and cover letter is retained for the duration of the recruitment process and deleted at the end of it.

  • Any identification document (e.g., passport or ID card) provided during the recruitment process is deleted after the recruitment decision (whether hired or not).

  • If you applied via our website, connection data (e.g., IP address and logs) is retained for a maximum period of 12 months.

After the applicable retention periods expire, your personal data is permanently deleted and can no longer be retrieved. At most, we may retain anonymized data for statistical purposes.

If you are hired, the data collected during the recruitment process is automatically transferred to your employee file and becomes subject to the Employee Data Privacy Policy.

Please note that in the event of a legal dispute, we are required to retain all personal data concerning you for the entire duration of the case, even after the above retention periods have expired.

What rights do you have to control the use of your personal data?

Applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data:

  • Right of access and copy of your personal data, provided this request does not conflict with trade secrets, confidentiality, or the secrecy of correspondence.

  • Right to rectification of personal data that is inaccurate, outdated, or incomplete.

  • Right to object to the processing of your personal data for direct marketing purposes, as well as processing based on our legitimate interests unless compelling legitimate grounds override your interests, rights, and freedoms.

  • Right to erasure (“right to be forgotten”) of your personal data that is not essential to the proper operation of our services.

  • Right to restriction of processing, which allows you to temporarily freeze the use of your data in case of a dispute over the legitimacy of processing.

  • Right to data portability, which allows you to recover part of your personal data to store or transfer it easily from one information system to another.

  • Right to define instructions regarding the fate of your data after your death, either directly or through a trusted third party or heir.

To ensure your request is processed, it must be submitted directly by you or your authorized representative at the following address: rgpd@lattice-medical.com.

Requests cannot originate from anyone other than you or your representative. We may therefore request proof of identity if there is any doubt about the requester’s identity, as well as documentation proving representation.

We will respond to your request as soon as possible, within a maximum of one month from receipt. If the request is technically complex or if we receive a large number of requests at the same time, this period may be extended to three months.

Please note that we may refuse to process any excessive or unfounded requests, particularly those of a repetitive nature.

Who can access your personal data?

Your personal data is processed by our teams and technical service providers solely for the purpose of operating our recruitment process.

Can your personal data be transferred outside the European Union?

The personal data processed for recruitment purposes is exclusively hosted within the European Union.

How do we protect your personal data?

We implement all necessary technical and organizational measures to ensure the daily security of your data and, in particular, to protect against any risk of destruction, loss, alteration, or unauthorized disclosure (e.g., secure access, antivirus software, etc.).

Who can you contact for more information?

Our Data Protection Officer (DPO) is available to explain in greater detail how we process your data and to answer any related questions at the following address: rgpd@lattice-medical.com.

How can you contact the CNIL?

You may contact the Commission nationale de l’informatique et des libertés (CNIL) at any time using the following details:
Service des plaintes de la CNIL, 3 Place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, France
Telephone: +33 (0)1 53 73 22 22

Can the Privacy Policy be modified?

We may modify our Privacy Policy at any time to comply with new legal requirements or to reflect any new processing activities that we may implement in the future.

Certified compliant by Dipeeo®

In order to offer you the best possible experience, please let us know if you are a healthcare professional.

Your response will enable us to offer you relevant content tailored to your needs.

Are you a healthcare professional?

Yes, I am a healthcare professional No, I'm not a healthcare professional