Applicant privacy policy

This policy is also available in French

How useful is this Policy?

The confidentiality of the personal data of applicants topositions published by CCH Consulting is a priority for us.

The Privacy Policy specifically reflects our commitment to enforce compliance with applicable data protection rules and, in particular, those of the General Data Protection Regulation (« GDPR »).

This Policy applies only to the processing that we carry out ourselves and not to the processing that may be carried out by our clients who wish to recruit and with whom we may put you in contact, or by recruitment sites in order to to assist us in the selection of candidates.

If you would like more information about the processing of our clients, we invite you to contact them directly.

Who is this Policy for?

The Privacy Policy is addressed to you, during the recruitment process (e.g. application to an offer, unsolicited application, etc.) for a job that we published at the request of one of our clients, regardless of the duration or nature of the proposed contract (e.g. salaried position, temporary worker, trainee, etc.).

Why do we process your data and on what basis?

As a recruitment agency, we necessarily need to process your data in order to manage recruitment (e.g. interviews, processing of applications, salary negotiations, etc.), any travel that may take place in the context of such recruitment and security of our premises.

Processing is carried out on the basis of discussions we have with you during the recruitment process, and our contractual obligation to evaluate and select candidates.

We undertake to process your data only for the purposes and on the grounds set out above.

What data do we process and for how long?

We have summarized below the categories of personal data that we collect directly from you or through external recruiters, and their respective retention periods.

  • Personal, professional and contact information (e.g. last name, first name, date of birth, nationality, email address, telephone number, etc.) retained for the duration of the recruitment process.
  • Personal and professional data (e.g., degrees, certificates, age, marital status, driver’s license, etc.) for the duration of the recruitment process.
  • Economic and financial data (e.g., salaries, bonuses, etc.) throughout the recruitment process.

More generally, we will keep your CV for a maximum of 2 years after your application, unless you give us an instruction to the contrary at

Upon expiration of the retention periods summarized above, we delete all of your personal data to ensure your privacy for future years.

The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.

On the other hand, if hired, your data collected during the recruitment process is automatically transferred to your personal file and becomes subject to your employer’s Employee Privacy Policy.

In addition, in the event of litigation, we are also obliged to retain all of your data for the duration of the processing of the case, even after the expiration of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control how we use your data.

  • The right to request access and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
  • Right to rectify personal data that are incorrect, outdated or incomplete.
  • Right to request deletion (« right to be forgotten ») of your personal data that is not essential for the proper functioning of our services.
  • Right to limitation of your personal data which allows you to photograph the use of your data in case of dispute about the legitimacy of a processing.
  • Right to give instructions on what to do with your data in the event of your death either through you, a trusted third party or an estate.

In order for a request to be processed, it must be made directly by you at Any request that is not made in this way cannot be processed.

Requests cannot be made by anyone other than you, and we may ask you for proof of identity if there is any doubt about the identity of the requester.

Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

Who can access your data?

We will only share your information with those who are properly authorized to use it to provide our services to you. These are primarily our human resources staff, the team recruiting a candidate, and our security staff.


How do we protect your data?

We implement all technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g.: secure passwords, data encryption, secure servers, training, access control, antivirus, etc.).

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted in European soil. In addition, we make every effort to hire only service providers who host your data within the European Union.

Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer (« DPO ») is always available to explain in more detail how we process your data and to answer your questions on the subject at

How can you contact the CNIL?

You may at any time contact the French data protection supervisory authority (the « Commission nationale de l’informatique et des libertés » or « CNIL ») at the following address CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by phone at

Can the policy be changed?

We may change our cookie policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any changes to this policy.

Compliance certified by Dipeeo ®