Data Protection Policy of the Foreign Legion Recruitment Group (GRLE)

Last update: February 2021

PURPOSE OF THE DOCUMENT:

This policy aims to inform you about the categories of personal data we may collect or hold about you, how we use them, with whom we share them, how we protect them, and the rights you have over your personal data. When browsing the website www.legion-recrute.fr and in the context of its use, the GRLE collects, processes and shares personal data concerning you in compliance with current regulations and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter, "the GDPR") as well as applicable French laws on the matter.

What is the role of the Foreign Legion Recruitment Group (GRLE)?

The GRLE (Fort de Nogent, Boulevard du 25 août 1944, 94125 Fontenay-Sous-Bois CEDEX) has the status of data controller, meaning it decides on the implementation of personal data processing and their purpose.

Terms to know

Personal Data (or Personal Information) is any information relating to an identified or identifiable person, i.e., allowing direct identification (e.g., first and last name) or indirect identification (e.g., cookies). Personal data processing is any operation or set of operations (automated or not) applied to data or sets of personal data, such as: collection, recording, organization, storage, transmission of data (non-exhaustive list). The data controller determines the purposes (the objectives of the processing) and the means of processing. The processor processes personal data on behalf of the data controller and under its instructions.

What personal data processing do we carry out from the website?

The GRLE collects and processes Personal Data concerning you, for the following purposes:

• Contact request via the online contact form
  Legal basis: Performance of pre‑contractual measures (Article 6(1)(b) GDPR).
• Analysis of your browsing on the site through the use of cookies (profiling)
  Legal basis: Prior consent (Article 6(1)(a) GDPR).
• Delivery of personalised information on the website www.legion-recrute.fr
  Legal basis: Prior consent (Article 6(1)(a) GDPR).
• Management of the security and proper functioning of the website (legitimate interest: security of the website and services)
  Legal basis: Pursuit of legitimate interests carried out with due regard for the rights of the website user (Article 6(1)(f) GDPR).
• Measurement of website audience (legitimate interest: development of the website)
  Legal basis: Pursuit of legitimate interests carried out with due regard for the rights of the website user (Article 6(1)(f) GDPR).

PROCESSING PURPOSELEGAL BASIS

Contact request via the online contact formExecution of pre-contractual measures [article 6-1(b) of the GDPR]

Analysis of your browsing on the site via cookie placement (profiling)

Distribution of personalized information on the website www.legion-recrute.fr

Prior consent [article 6-1(a) of the GDPR]

Security management and proper functioning of the site (legitimate interest: Site and service security)

Measurement of site audience (legitimate interest: site development)

Pursuit of legitimate interests exercised in respect of the rights of the site user [article 6-1(f) of the GDPR]

What categories of Personal Data are collected and processed?

The GRLE respects the principle of data minimization and processes exclusively Personal Data that are necessary for the achievement of the purposes set out above.

The Personal Data concerning you collected and processed by the GRLE are:

• For contact requests: identification data (gender, last name, first name, age, contact details), nationality and level of education;
• Browsing data (logs, browser type, IP address, etc.);
• Public data available on a social network if the person used it to arrive at the landing page.

Who are the recipients of your Personal Data?

Some of your Personal Data are communicated by the GRLE to its partners and processors for the achievement of the above purposes.

Processors:

The list of GRLE processors who carry out processing is accessible at the bottom of the page. We transmit to our processors only the data they need to perform the service they provide us, and your data are not used for other purposes. Our processors act on our instructions and are required to ensure a level of security and confidentiality of your data identical to ours (art 32 GDPR).

Authorities / public bodies:

In accordance with current regulations, the Data may be transmitted to competent authorities upon request and in particular to public bodies, auxiliaries of justice, ministerial officers, bodies responsible for debt collection, exclusively to comply with legal obligations, as well as in the case of investigating perpetrators of offenses committed on the internet.

For your information, your data are not subject to transfer outside the European Union.

What security for your Personal Data?

The GRLE ensures the security and confidentiality of your Personal Data which are hosted on its servers and in compliance with security measures specific to the defense sector. Any technical and organizational measure is implemented to prevent unauthorized access, unauthorized modification, unauthorized disclosure, loss or destruction of your data.

What retention period for your Personal Data?

• For contact requests, your Personal Data are kept for a maximum period of two years from the last contact with you.
• For security and proper functioning of the site, connection data on the site or its services are kept for one year.
• Cookies used for browsing analysis and sending personalized communications on the site are kept for thirteen months.
• For sending information by email, your email address is kept until withdrawal of your consent. An unsubscribe link appears at the bottom of each email you receive from us.

When the retention periods come to an end, your Data are erased or anonymized so as to be able to use them without infringing your rights. Nevertheless, your Data may be archived beyond the planned periods for the purposes of research, investigation and prosecution of criminal offenses for the sole purpose of allowing, as needed, the provision of your Data to the judicial authority. Archiving implies that your Data will no longer be accessible online but will be extracted and stored on an autonomous and secure medium.

What are your rights?

You have the following rights:

• right of access, rectification and erasure of your data under the conditions provided for in Articles 15 to 17 of the GDPR;
• right to limitation of the processing of this data under the conditions provided for in Article 18 of the GDPR;
• right to data portability in accordance with the conditions provided for in Article 20 of the GDPR;
• right to object to data processing in accordance with Article 21 of the GDPR;
• right to withdraw your consent at any time (e.g. receipt of information by email);
• right to define directives allowing access to your data in the event of death under the conditions provided for in Article 85 of Law No. 78-17 of 6 January 1978 as amended;
• right to lodge a complaint with a supervisory authority (for France: National Commission for Information Technology and Civil Liberties (https://www.cnil.fr/fr/plaintes).

Requests concerning these rights may be sent by mail: Légion Étrangère – Webmaster - Quartier Viénot - B.P. 21 355 - 13784 AUBAGNE CEDEX

To be able to respond to your request to exercise one of the above-mentioned rights, you must communicate to the GRLE in your electronic mail:

• the subject of the request (right concerned),
• and proof of your identity (and/or that of the proxy you may have designated in case of representation) in the event that your email does not allow the GRLE to identify you.

Update of the data protection policy

We reserve the right to make any changes to this document. Please consult this page from time to time to learn about any new information that may be modified or added.