1 – Introduction
The purpose of this “Personal Data Protection Policy” is to inform all data subjects (“you, your”) about how Synergie SE and its French subsidiaries (“Synergie”) collect and use Your Personal Data. This Policy also sets out Synergie’s commitments regarding compliance with the principles of European Regulation No. 2016/679 of 27 April 2016, known as the General Data Protection Regulation (GDPR).
This Policy does not apply to third-party websites that may be referenced on Synergie’s websites. Synergie has no control over such websites and accepts no liability for the manner in which they process Personal Data.
2- Data Controller and Data Protection Officer
The Data Controller is the company that determines the purposes and means of the Processing of Personal Data.
Personal Data collected on the website or in the course of our communications is processed by:
Synergie SE
A European company with a share capital of €121,810,000,
whose registered office is situated at 160 bis, rue de Paris – 92100 Boulogne-Billancourt,
With unique identification number 329 925 010 (RCS Nanterre),
Synergie acts as the Data Controller, which means that it determines how Personal Data is collected, used and protected. As Data Controller, Synergie ensures that data is processed in accordance with the GDPR and its Personal Data Protection Policy.
Synergie has appointed a Data Protection Officer (DPO), whose contact details are available in Article 10 of this Personal Data Protection Policy. The Data Protection Officer may be contacted regarding any questions relating to your Personal Data or the exercise of your rights under the GDPR.
3 – Scope
This Personal Data Protection Policy sets out the principles and guidelines applicable to the Processing of Personal Data carried out by Synergie SE and its French subsidiaries in the course of its recruitment, administrative management and temporary staffing activities.
It applies to all Processing carried out by Synergie, whether the data is collected:
- online (in particular via websites such as Synergie.fr, Synergie.com, etc.), forms or emails;
- on paper (administrative files, registration forms, contracts);
- or verbally (in-person or telephone interviews).
The Personal Data that you agree to provide, regardless of the means of collection, , is processed in accordance with this Personal Data Protection Policy and applicable legal obligations, in particular Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the amended French Data Protection Act.
4 – Data collected
4.1 General
In order to carry out its activities and provide its services, Synergie collects various categories of Personal Data depending on the profile of the data subject (website users, candidates, temporary workers, clients, prospects, suppliers and partners).
The data collected may include, but is not limited to: surname, first name, postal and email addresses, telephone numbers, login credentials, professional and financial information (bank details, status, career history, qualifications, experience), as well as technical data (IP address, cookies, connection logs).
Synergie undertakes to collect and process only the data strictly necessary for the purposes pursued and described in Article 5 below. The provision of this data remains voluntary, but certain information is essential for the proper performance of the services offered (management of applications, contracts, payroll, communication).
The ‘processing’ of Personal Data means any operation performed on Personal Data such as, , collection, use, storage, recording, transfer, adaptation, analysis, modification, disclosure, sharing and destruction of Personal Data as required by the circumstances or legal requirements.
All Personal Data collected is retained for a limited period depending on the purpose of the Processing and only for the duration provided for by applicable legislation.
4.2 Children’s data
Synergie does not intend to collect Personal Data from children under the age of 15. In the exceptional event that a minor is involved, Synergie will obtain the prior consent of the legal guardian and ensure enhanced and secure Processing of such data.
5 – Methods of collection and purposes
Personal Data may be collected directly from the Data subjects or obtained indirectly from legitimate sources (partners, recruitment platforms, public bodies).
Regardless of the method of collection, this Personal Data Protection Policy applies in full.
Personal Data is collected and processed for the purposes of Synergie’s business activities, in particular:
- the management of recruitment, careers and training;
- administrative and payroll management;
- customer and supplier relationship management;
- sales development and communication;
- management of IT tools and systems;
- the security of property, people and premises.
Synergie ensures that all Processing is based on an appropriate legal basis, specific and legitimate purposes, and limited retention periods.
The Processing operations carried out are set out below, by category of data subjects, to ensure clear and accessible information, in accordance with Articles 13 and 14 of the GDPR.
- Internet users (website visitors)
- Job applicants
- Temporary workers (staff on assignment) and permanent staff
- Clients and prospects (client companies)
- Suppliers and partners
6 – Cookies
Cookies are small text files stored on your device. They enable us to record information relating to your browsing, whether personal or not, in order to improve your experience on Synergie’s websites.
Synergie may use cookies and other similar technologies for purposes strictly necessary for the proper functioning of the website, as well as, subject to your consent, to measure traffic or personalise the content offered.
On your first visit, an information banner allows you to choose whether to accept, refuse or configure the use of non-essential cookies. No cookies that are not strictly necessary will be placed without your prior consent.
You can change your preferences or withdraw your consent at any time via the ‘Cookie Preferences’ link available at the bottom of every page.
If you choose to refuse certain cookies, some features of the website may not be available or may not work properly.
To find out more about the categories of cookies used, their purpose and how long they are stored, click here.
7 – Combating automated abuse (reCAPTCHA)
We use Google reCAPTCHA to protect our website against abuse and fraudulent activity (including automated attempts to fill in forms). This technology helps distinguish human actions from suspicious automated behaviour.
reCAPTCHA collects certain information (such as IP address, mouse movements, time spent on the page, etc.) to assess whether the user is human. This data is processed in accordance with Google’s privacy policy and terms of service.
The use of reCAPTCHA is intended solely to enhance the security of our website, in accordance with Article 6(1)(f) of the GDPR (legitimate interest).
Any cookies or trackers that may be placed are strictly limited to this security purpose.
The information collected by reCAPTCHA may be transferred to and processed by Google LLC in the United States. These transfers are based on the standard contractual clauses approved by the European Commission, which guarantee an adequate level of protection for personal data.
8 – Links to websites not managed by Synergie
Synergie’s websites may offer you hyperlinks leading to other websites. The links from our Site to these sites are considered to provide additional relevant information. Under no circumstances can Synergie be held liable for the content of these websites, which it does not publish, and the User acknowledges that these third-party or partner websites and services are entirely independent of Synergie. The proposed redirection to a third-party website does not constitute a recommendation, and Synergie is in no way responsible for the editorial content provided on the websites in question.
9 – Data Transfer
Your Personal Data may be collected and processed by Synergie in the context of your relationship with us, whether you are a job applicant, supplier, partner or simply a visitor to our websites.
Synergie limits the collection of Personal Data to what is strictly necessary for the purposes pursued (data minimisation principle) and implements appropriate security measures to protect your information against unauthorised access, disclosure, alteration or destruction.
As a general principle, Your personal data is hosted and processed within the European Economic Area (EEA). Where transfers to countries outside the EEA are necessary, these are based on appropriate safeguards to ensure a level of protection equivalent to that provided by the GDPR, in particular:
- the standard contractual clauses (SCCs) provided for in Article 46 of the GDPR, governing transfers to third parties outside the EEA,
- or the Binding Corporate Rules (BCR) provided for in Article 47 of the GDPR, used by corporate groups for regular internal transfers, subject to prior approval by a competent supervisory authority.br>
Synergie may also transfer your Personal Data to third parties, such as:
- technical or IT service providers necessary for the hosting, operation or maintenance of our services,
- authorities or legal bodies where required by law.
If Synergie becomes aware that a third party is using or disclosing your Personal Data in a manner that does not comply with this policy or applicable legislation, Synergie will take all reasonable steps to prevent or put an end to such use or disclosure.
By submitting your information or interacting with our services, whether through an application, a supplier form, a response to a tender or browsing our websites, you agree that your Personal Data may be collected and transferred in accordance with the mechanisms described above, with the necessary safeguards to protect your rights and freedoms.
10 – Right of access, rectification, portability and erasure
Synergie has put in place appropriate Personal Data protection measures to ensure that Personal Data is used in accordance with the purposes set out above and to ensure its accuracy and that it is kept up to date.
You may, at any time, exercise with Synergie the rights provided for by the applicable data protection regulations (in particular Regulation (EU) 2016/679 – GDPR and the French Data Protection Act), subject to the conditions set out under applicable data protection laws.
Certain rights, such as the right to object, do not apply to Processing necessary for the performance of the contract or to comply with a legal obligation. This simply means that such Processing is essential for the management of our relationship or the fulfilment of our legal obligations.
Depending on the legal basis for the Processing in question (consent, contract, legitimate interest, legal obligation, etc.), you may exercise all or some of the following rights:
- Right of access : to obtain confirmation that your Personal Data is being processed and, where applicable, to receive a copy of it along with information relating to such processing;
- Right to rectification : to request the updating or correction of inaccurate, incomplete or obsolete Personal Data;
Right to erasure : to request the deletion of your Personal Data where one of the grounds provided for by the regulations applies (e.g. withdrawal of consent or data that is no longer necessary);
- Right to restriction of Processing : to request the temporary suspension of the Processing of your Personal Data, in particular whilst your request for rectification or objection is being considered;
- Right to object : to object at any time, on grounds relating to your particular situation, to the Processing of your Personal Data based on Synergie’s legitimate interest, as well as to the receipt of marketing communications;
- Right to data portability : where Processing is based on your consent or a contract and is carried out using automated means, to request that the Personal Data you have provided be supplied to you in a structured, commonly used and machine-readable format, or to have it transmitted to another data controller;
- Withdrawal of consent : where Processing is based on your consent, you may withdraw it at any time, without this affecting the lawfulness of Processing carried out prior to such withdrawal;
- Right to determine the fate of your data after your death : You may set out instructions regarding the retention, erasure or disclosure of your Personal Data after your death. These instructions may be registered with a trusted third party certified by the CNIL or directly with Synergie, which will carry out the final wishes brought to its attention;
- Right to lodge a complaint : You may lodge a complaint with the competent supervisory authority, in France the Commission Nationale de l’Informatique et des Libertés (CNIL) – www.cnil.fr
You may exercise your rights of access, rectification, portability or erasure:
- via the online form
- or by sending a letter to Synergie’s Data Protection Officer (DPO):
Data Protection Officer
Synergie
160 bis Rue de Paris,
92100 Boulogne-Billancourt
Your request must enable us to identify you and, if necessary, you may be asked to provide a copy of an identity document.
Synergie, in accordance with the Applicable Regulations, will respond to your request within one month. In the case of a complex request, this period may be extended by a further two months. The complexity of the request is assessed based on the amount of information and/or actions required regarding the Personal Data in question. In the latter case, Synergie will inform you of the reasons for this extension within one month.
11 – Security and recipients of data
Synergie implements all appropriate technical and organisational measures to ensure a level of security appropriate to the risk and to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in accordance with Article 32 of the GDPR. To this end, Synergie protects data by encrypting it during transmission, clearly separating different systems, assigning specific identifiers to each user and implementing enhanced access controls, such as two-factor authentication.
Synergie applies the principles of ‘Privacy by design’ and ‘Privacy by default’ to all its data Processing activities, by integrating data protection from the design stage of tools and by limiting data collection to what is strictly necessary. This approach is reflected in the systematic respect for the protection of Personal Data from the design stage of projects, through a clear and secure organisation of data, and through the protection of the IT systems and environments used.
Access to Personal Data is strictly limited to Synergie employees and service providers who are duly authorised to access it by virtue of their roles and are subject to a contractual confidentiality obligation. Such access is subject to periodic review, is based on a restriction and a strict limitation of rights, and is supplemented by a secure workstation management system, as well as the implementation of anti-malware solutions.
When Synergie engages service providers or subcontractors, they are selected on the basis of their compliance with the GDPR and act in accordance with Synergie’s documented instructions. In this context, Synergie ensures rigorous selection and management of third parties, including verification of the security measures they implement to guarantee a high level of security. Personal Data is also stored on servers located in France, ensuring a level of protection consistent with regulatory requirements.
Personal Data may also be disclosed, where required by law, to the relevant administrative or judicial authorities.
Synergie regularly monitors the effectiveness of its security measures and updates its practices to take account of technological developments and identified risks. To this end, Synergie relies on a system that automatically logs all data-related actions and events, enabling the rapid detection of any unusual or suspicious activity. This system is monitored continuously, 24 hours a day, 7 days a week, by a specialist security team. Synergie also carries out regular checks to identify potential security breaches and conducts penetration tests, sometimes inviting external experts to attempt to breach its systems (a ‘Bug Bounty’ programme), in order to address vulnerabilities before they can be exploited.
Regular data backups are also carried out to ensure the availability and integrity of the data.
All these measures help to ensure robust and appropriate protection of Personal Data, in accordance with legal obligations and the requirements of the GDPR.
12 – Security of Personal Data and incident management
Synergie implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
To prevent any loss, alteration, destruction, disclosure or unauthorised access, whether accidental or unlawful, Synergie implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks. These measures include, in particular, the securing of information systems, access management, the encryption or pseudonymisation of certain data, as well as the use of qualified IT service providers offering sufficient guarantees of compliance with the GDPR.
In the event of a security incident likely to pose a risk to the rights and freedoms of individuals, Synergie will make the notifications required by Articles 33 and 34 of the GDPR to the CNIL and, where applicable, to the data subjects concerned.
Synergie also recommends that you adopt good security practices, in particular by choosing strong passwords and ensuring that you do not disclose your login credentials to third parties.
If you suspect unauthorised use or unlawful access to your Personal Data, you may inform the Data Protection Officer (DPO) using the contact details provided in Article 10 above. This information will enable Synergie to take the necessary measures to secure the data and, where applicable, make the required notifications.
13 – Terms used
In this Personal Data Protection Policy, certain terms relating to the protection of Personal Data are written with an initial capital letter, indicating that they are defined in this section.
Personal Data
Any information that allows a natural person to be identified directly or indirectly, such as their name, telephone number, address, date of birth or photograph.
European Economic Area (EEA)
The European Union, as well as Norway, Iceland and Liechtenstein.
Personal Data Protection Policy
This Policy.
Applicable Regulations
The laws and regulations governing the protection of personal data, in particular the General Data Protection Regulation (GDPR) ( , European Regulation 2016/679) and the French Law No. 78-17 of 6 January 1978, known as the ‘Data Protection Act’, which govern the collection, use and protection of Personal Data.
Data Controller
The person or organisation that decides why and how personal data is collected and used.
The Data Controller must be identifiable and contactable. In practice, this is the company or its legal representative, with their contact details (address, email, telephone number).
GDPR
The General Data Protection Regulation (EU 2016/679), which sets out the rules on the Processing of personal data for individuals located in the European Union, or where Processing takes place on European soil.
Processing of Personal Data
Any action carried out on Personal Data, such as its collection, use, storage, sharing or deletion.
14 – Contact
If you have any questions regarding this Personal Data Protection Policy, please contact Synergie’s Data Protection Officer (DPO) (see Article 10 above).
15 – Revision of the Personal Data Protection Policy
This Personal Data Protection Policy may be updated in line with Synergie’s needs and circumstances or if required by law.
In the event of any inconsistencies between different versions of this Personal Data Protection Policy, the most recent version shall prevail.
Date of last update: February 2026