The RGPD, or General Data Protection Regulation, must be implemented by May 25, 2018. It contains rules on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

The full text of the GDPR : https://www.cnil.fr/fr/reglement-europeen-protection-donnees


EU companies currently comply with the Data Protection Directive. This European legislation on privacy and data protection dates back to 1995. As a directive, it was subject to a margin of interpretation by each EU country to take account of national specificities. As a result, privacy legislation currently varies from country to country within the EU, leading to difficult and more complex management for companies with an international presence.

The RGPD aims to harmonize practices for the collection, processing and protection of personal data within the EU, taking into account the changes imposed by the digital transformations of recent years, in particular the rise of cloud computing and social networks. With the RGPD coming into force on May 25, 2018, all European countries will have to comply with the same privacy protection rules.

The new RGPD is a regulation, as such it is a binding piece of legislation, which must be applied in its entirety within the EU.


Personal data is any information relating to an identified or identifiable natural person. The following elements, in particular, are personal data:

  • Surname and first name
  • Telephone number
  • Personal address
  • Gender and nationality
  • Bank details
  • Medical information
  • Any data concerning personal interests or orientations
  • An e-mail address based on prénom.nom@entreprise.com
  • Behavior on a website

A special category of data has been isolated: so-called sensitive data. This includes, for example, medical information, data on a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or genetic or biometric data (e.g. fingerprints).


Good news! Most of the RGPD requirements had already been covered at STILOG for several years. We have formalized, completed and adapted them where necessary. The only data we collect and store is that which you (customers, prospects, partners) freely and knowingly communicate to us: for example: your contact details in an information request form. We do not collect any “sensitive” data.

We have appointed a Data Protection Officer (DPO) to oversee our strategy and monitor our compliance with the RGPD. You can request this at any time by contacting us: +33 (0) 4 42 83 69 68 – dpo@stilog.com

We have made an exhaustive inventory of the personal data in our possession and identified: the purpose for which it is stored, how it is processed, who has access to it, how long it is kept, etc..

Transparency :

Personal data is processed lawfully, fairly and transparently. This means that we inform our customers, partners and prospects about the personal data we collect, and how we will use it.

Purpose limitation :

We only collect personal data for specific, explicit and legitimate purposes, and inform our customers, partners and prospects accordingly. For example, we may collect your contact details in order to contact you in connection with your Visual Planning implementation project, carry out satisfaction surveys, or keep you informed of the release of a new version.

Limitation of data collected :

We only collect data that is adequate, relevant and limited to what is necessary with regard to the purposes: we only ask you for information that is necessary to process these purposes.

Accuracy :

Personal data must be accurate and kept up to date: you can send us a request to modify your data at any time (+33 (0) 4 42 83 69 68 – dpo@stilog.com).

Data deletion :

You can ask us to delete your data at any time (+33 (0) 4 42 83 69 68 – dpo@stilog.com). Your data will be kept only as long as is necessary to fulfill the purpose.

Safety :

We are required to use organizational and technical security measures to protect your personal data. By way of example: the databases in which your data is stored have restricted access for a limited number of our staff, access to our premises is secured, all the data we handle (whether within the scope of the RGPD or not) is backed up regularly, etc… We have moreover, implemented a crisis management procedure that describes the measures we take to guarantee this security of your data, and the measures we will take should this security be breached.

Responsibility :

In order to assure you that all measures have been implemented to ensure that the personal data we process is done so in compliance with the principles of the RGPD, we publish this document on our website, have drafted a crisis management procedure, have updated our contractual models, and modified our contact information collection forms on our website. All this information is available to you at any time.



Stilog I.S.T.’s Human Resources Department uses the data collected when examining your application to manage the recruitment process for future employees. The legal basis for this processing is :

The legitimate interest of candidates (the search for relevant profiles, in particular through the use of websites offering job offers on the Internet to candidates, such as Pôle emploi, Indeed, APEC…) ;
Consent (for the development of a “candidate pool” type application management platform);
Contract performance (pre-contractual measures: pre-selection of candidates: sorting, recording and classifying CVs in a database; processing of information collected during telephone and face-to-face interviews, etc.).

What is the purpose of processing your data?

The purpose of the processing carried out by the Human Resources Department is to :

  • Receive, record and file CVs and cover letters sent by e-mail;
  • Manage recruitment procedures in liaison with the hierarchy of the agents to be recruited;
  • Analyze applications and evaluate candidates;
  • Respond to job applicants;
  • Complete mandatory legal formalities;
  • Complete the administrative file of successful candidates;
  • Maintain a pool of applications that have reached the end of the recruitment process.

What categories of data will be collected and processed?

In order to meet these purposes, only personal information strictly necessary to assess your suitability for the job offered or to measure your professional skills will be requested during the selection phase.To this end, we will ask you for data relating to the diplomas you have obtained, your professional experience, and your professional skills and aptitudes in relation to the position offered. The provision of this information is a precondition for the conclusion of your employment contract. Failure to provide this information will make it impossible for you to take part in the recruitment process.In the event of your application being accepted for the conclusion of a contract, we will ask you for the information and proof required to complete the compulsory formalities.

The provision of this information is a prerequisite for the conclusion of an employment contract for successful candidates. In addition, the provision of certain categories of information and supporting documents (civil status, address, residency status, etc.) is mandatory for successful candidates. Consequently, failure to provide this data will make it impossible to conclude an employment contract.

How long is your data kept?

Data concerning successful candidates will be included in their administrative file and will be kept for the applicable retention period (i.e. up to five years after the end of the employment relationship).Data concerning candidates who are not selected for an employment contract, but who have reached the final selection phase, will be kept for a period of up to two years from the last contact with the company, in order to offer them new employment opportunities, if appropriate.

Data relating to candidates who have not reached the final selection stage will be deleted without delay, as soon as the recruitment procedure for the position in question is closed.

Who will receive the data collected during the examination of your application?

Your application will be treated as confidential.The only people who have access to the personal data contained in your file are those in charge of the departments interested in your application (recruitment officers, managers, etc.). In the event of a positive outcome to the recruitment process, in order to finalize the recruitment, the Human Resources department will be required to pass on some of the information gathered to the organizations informed of your hiring (in particular unemployment insurance, health insurance, retirement, mutual insurance).

What are your rights and how can you exercise them?

You have the right to access your personal data. You also have the right to rectify and delete this data, as well as the right to object to its processing.

If you have any questions about data protection or wish to exercise your rights, please contact the Stilog I.S.T. Data Protection Officer at the following address: dpo@stilog.com.

In the event of difficulties, you can lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).

If you have any questions : Please get in touch with your usual sales contacts, or contact us: +33 (0) 4 42 83 69 68 – dpo@stilog.com

Skip to content