Privacy policy

Purpose and scope of the Policy

Coexya attaches the utmost importance and care to the protection of privacy and Personal Data, as well as to compliance with the provisions of applicable Legislation.

Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data (hereinafter referred to as the ‘GDPR’) states that Personal Data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter referred to as the ‘Policy’) aims to provide you with simple, clear information on the Processing of your Personal Data, in the context of your browsing and operations on our website.


Data Controller

In the context of your activity on the website, we collect and use personal data relating to you, an individual (hereinafter referred to as the ‘Data Subject’).

For all Processing, Coexya Group (hereinafter referred to as ‘Coexya’), a simplified company limited by shares registered in the Lyon Trade and Companies Register under number 881 592 265 and whose registered office is located at 9 avenue Charles de Gaulle, 69370 Saint-Didier-au-Mont-d’Or (France), determines the means and purposes of the Processing. Therefore, we act as a Data Controller, within the meaning of the Regulation on Personal Data, and in particular the GDPR.


What Personal Data do we collect and how?

When using our website, you may be asked to provide us with certain information about yourself, some of which may identify you (‘Personal Data’). This is the case when you browse our website or when you fill in online forms.

The Personal Data collected about you are:

  • Identifying data: this includes any information that would allow us to identify you, such as your title, surname, first name, telephone number or e-mail address. We may also collect your LinkedIn profile address, the link to your website.
  • Professional data: We collect your CV, your preferred city to apply to, the type of contract you want.
  • Connection data: We collect your IP address for statistical purposes.
  • Documents of different nature such as the message left through our application form.
  • Browsing information: when you browse our website, you interact with it. As a result, some browsing information is collected.
  • Data collected from Third Parties: Personal Data that you have agreed to share with us or on publicly available social networks and/or that we may collect from other publicly available databases.


Why do we collect your Personal Data and how?

We collect your Personal Data for specific purposes and on various legal grounds.

Based on your consent, your Data is processed for the following purposes:

  • Management of cookies requiring your consent.

In the context of Coexya’s legitimate interests, your Data is processed for the following purposes:

  • Management of applications in the context of recruitment procedures following the publication of an advertisement,
  • Management of applications following the sending of an unsolicited application,
  • Establishment of statistics to improve products and services.

In the context of the legal and regulatory obligations to which Coexya is subject, your Data is processed for the following purposes

  • Combating Fraud;
  • Combating money laundering and the financing of terrorism.


Do we share your Personal Data?

Your Data are intended for use by employees of Coexya’s Human Resources Department who are authorised to respond to your request, depending on the purpose of the collection and within the limits of their respective remits.

They may be transmitted for certain tasks related to the purposes, and within the limits of their respective missions and authorisations, to duly authorised public authorities (judicial, supervisory, etc.), in the context of our legal and regulatory obligations.

We do not sell your Data.


Are your Personal Data transferred to Third Countries?

Coexya endeavours to keep Personal Data in France, or at least within the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our Website may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.

In the event of such a Transfer, we ensure that it is made:

  • To a country providing an adequate level of protection, i.e. a level of protection equivalent to that required by European Regulations;
  • Within the framework of standard contractual clauses;
  • Within the framework of internal company rules.


How long do we keep your Personal Data?

We will only retain your Personal Data for as long as is necessary to fulfil the purpose for which we hold the Data and to meet your needs or our legal obligations.

The retention periods for your Data are as follows:

Purpose Retention period
Management of cookies requiring your consent 3 years
Management of applications in the context of recruitment procedures following the publication of an advertisement, 3 years
Management of applications following the sending of an unsolicited application 3 years
Establishment of statistics to improve products and services 3 years
Combating Fraud 3 years
Combating money laundering and the financing of terrorism 3 years


How do we ensure the security of your Personal Data?

Coexya is committed to protecting the Personal Data that we collect, or that we process, against loss, destruction, alteration, unauthorised access or disclosure.

We, therefore, implement all appropriate technical and organisational measures, depending on the nature of the Data and the risks that its Processing entails. These measures must preserve the security and confidentiality of your Personal Data. They may include practices such as limited access to Personal Data by persons authorised by virtue of their position, pseudonymisation or encryption.

In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, back-up, software, etc.) are regularly reviewed and updated as necessary.


What are your rights?

The GDPR provides Data Subjects with rights that they are entitled to exercise. Thus, the following are provided for:

  1. Right to information: the right to have clear, precise and complete information on the use of Personal Data by Coexya.
  2. Right of access: the right to obtain a copy of the Personal Data that the Data Controller holds on the applicant.
  3. Right to rectification: the right to have Personal Data rectified if it is inaccurate or obsolete and/or completed if it is incomplete.
  4. Right to erasure/right to be forgotten: the right, under certain conditions, to have the Data erased or deleted, unless Coexya has a legitimate interest in retaining it.
  5. Right to object: the right to object to the Processing of Personal Data by Coexya for reasons relating to the particular circumstances of the applicant (subject to conditions).
  6. Right to withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.
  7. Right to restriction of processing: the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended.
  8. Right to Data portability: the right to request that Personal Data be transmitted in a reusable format for use in another database.
  9. Right not to be subject to a decision based solely on automated processing: the right for the applicant to refuse fully automated decision making and/or to exercise the additional safeguards offered in this respect.
  10. Right to define post-mortem directives: the right of the applicant to define directives concerning the fate of Personal Data after his/her death.

Additional rights may be granted to Data Subjects by Local Regulations.

To exercise your rights, you may contact the Data Protection Officer (DPO) by email at or by writing to:

Coexya Group
Coexya DPO
9 avenue Charles de Gaulle
69771 Saint-Didier-au-Mont-D’or cedex

When you send us a request to exercise a right, you are asked to specify, as far as possible, the scope of the request, the type of right exercised, the Personal Data Processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, in case of reasonable doubt, you may be asked to prove your identity.

You also have the right to complain to the Commission Nationale de l’Informatique et des Libertés [French National Commission for Computing and Civil Liberties] (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, about the way in which Coexya collects and processes your data.


Updates to this Policy

This Policy may be regularly updated to take into account changes in regulations pertaining to Personal Data.

Date of last update: 23/03/2022.