Date of last modification: 23/12/2025

 

This privacy policy defines and informs you of the way in which SERMETA uses and protects the information that you transmit to us when you use the Site accessible from the following URL: https://sermeta.com.

 

This privacy policy supplements the legal notices that users may consult by clicking on the « Mentions légales » section.

 

This privacy policy may be modified or supplemented at any time by SERMETA, in particular in order to comply with any legislative, regulatory, case law or technological developments. In such a case, the date of its update will be clearly identified at the top of this policy. These modifications are binding on the User as soon as they are put online. It is therefore recommended that the User regularly consult this privacy and cookie policy in order to be aware of any possible changes.

 

Access implies full and unreserved acceptance by the User of this Privacy Policy and the Cookie Policy.

 

The User acknowledges having read the information below and authorizes SERMETA to collect and process, in accordance with what is specified in the Privacy Policy, the personal data that they communicate on the Site as part of their application request.

 

The Privacy Policy applies to all pages hosted on the Site and to the records of this Site.

 

It does not apply to pages hosted by third parties to which the Publisher SERMETA may redirect and whose privacy policies may differ. The Publisher SERMETA cannot therefore be held responsible for any data processed on these sites or by them.

In accordance with the provisions of Article 5 of European Regulation 2016/679 (hereinafter “GDPR”) and Articles 6 and 36 of the French Data Protection Act of 6 January 1978 as amended by the Act of 6 August 2004 relating to information technology (hereinafter “Data Protection Act”), the collection and processing of Users’ data comply with the following principles:

• Lawful, fair and transparent data: data may only be collected and processed with the consent of the User who owns the data. Each time personal data is collected, the User will be informed that their data is being collected and for what reasons;
• Specified, explicit and legitimate purposes: data collection and processing are carried out to meet one or more objectives determined in this privacy policy;
• Adequate, relevant and limited data: only the data necessary for the proper execution of the objectives pursued by the site is collected;
• Limited data retention: data is kept for a limited period, of which the User is informed;
• Accurate data and, where necessary, kept up to date: the data collected and processed will be kept up to date. All reasonable measures will be implemented to ensure that inaccurate data is deleted or corrected as quickly as possible;
• Integrity and confidentiality of collected and processed data: the data controller undertakes to guarantee appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

 

In order to be lawful, and in accordance with the requirements of Article 6 of the GDPR, the collection and processing of personal data may only take place if at least one of the following conditions is met:

• The User has expressly consented to the processing;

• The processing is necessary for the performance of a contract to which the data subject is a party;
• The processing is necessary to comply with a legal obligation incumbent on the data controller;
• The processing is necessary to protect the vital interests of the data subject or another natural person;
• The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
• The processing is necessary for the purposes of the legitimate and private interests pursued by the data controller or by a third party, unless the interests and fundamental rights of the data subject prevail over those of the data controller.

In general, you may browse the Website using a browser without providing any personal information about yourself. You are in no way obliged to transmit such information.

However, if you refuse, you may not be able to benefit from certain information or services that you have requested.

 

Article 2.1 – Contact form
There is a contact form for each of the following cases:

• “Request the catalogue” form;
• Application form “Apply”

 

Depending on the User’s choice, they may be required to provide:

• Last name
• First name
• Email
• File to be attached for a spontaneous application: the CV
• Any other document they deem necessary to communicate to the company SERMETA as part of an application submission.

 

Article 2.2 – Server log files

When the User accesses the Site, the servers consulted automatically record certain data, such as:

• The IP address assigned to the User (during their connection);
• The date and time of access to the Site and other traffic-related data;
• Page consultation time;
• Location data;
• Pages concuslted;
• Browser type used;
• Platform and/or operating system used.

 

This information is retained solely for statistical purposes, audience measurement, improvement and operation of the Site.
The IP address is stored anonymously solely within the framework of Article 3 of Decree No. 2011-219 of 25 February 2011 relating to the retention and use of data allowing the identification of any person who has contributed to the creation of online content. Its retention period is 1 year.

The Site Publisher may process your Personal Information:

 

Data relating to an application: “Apply” / spontaneous application

• • The data is used to respond to your application requests and to manage them for a period of 2 years from the date of collection, the last contact arising from the application, or any request for unsubscription. They are sent via an automated system and processed by our recruitment department.

CVs are temporarily uploaded to Vercel Blob (Hosting in France – Paris region) for the duration of processing and forwarding to SERMETA’s recruitment services. Files are automatically deleted after sending, preventing any permanent storage on Vercel’s side.

 

Data generated by cookies:

• Data related to your browsing is used to optimize the operation of our website and measure traffic and is retained for a maximum of 13 months.

 

Data generated by server log files:

• This data related to navigation on the website is used to detect malfunctions, cyberattacks and fraudulent attempts and is retained for a maximum of 13 months.

Article 4.1 – Sharing your personal data with third-party companies

Only “SERMETA” is the recipient of your Personal Information. This information is never transmitted to a third party, notwithstanding subcontractors used by SERMETA, such as accountants, website hosting providers, emailing companies, and software publishers. Neither the Site Publisher nor any of its subcontractors commercializes the personal data of visitors and Users.

 

Article 4.2 – Cross-border data flows
No data is transferred outside the European Union.

 

Article 4.3 – Sharing with authorities
We may be required to disclose your personal data to administrative or judicial authorities when such disclosure is necessary for the identification, arrest or prosecution of any individual likely to harm our rights, those of another user or a third party.

The Publisher “SERMETA” has implemented appropriate organizational and technical measures to ensure a level of security appropriate to the risk and to ensure that the servers hosting the processed personal data prevent, as far as possible:

• Unauthorized access or modification of this data;
• Improper use or disclosure of this data;
• Illegal destruction or accidental loss of this data.

 

Organizational and technical measures:

• Employees of the Publisher “SERMETA” who have access to this data are subject to a strict confidentiality obligation. However, the Publisher cannot be held liable in the event of misuse of this data by a third party despite the security measures adopted.
• The “SERMETA” Site has an SSL (“Secure Socket Layer”) certificate to ensure that information and data transfers through the Site are secure. An SSL certificate aims to secure data exchanged between the user and the site.
• The web server on which data is collected and hosted is secured in accordance with recognized and constantly updated IT standards.
• Devices processing data have up-to-date antivirus software, complex password access, and firewalls.

 

Users undertake not to commit any acts that may be contrary to this Privacy Policy or, more generally, to the law.

Hosting is provided by:

 

Information systems and IP addresses collected and processed are hosted in PARIS, FRANCE, by the company VERBER Inc on its French storage platform:

• Serverless functions: Paris (cdg1, France)
• Temporary Blob storage (CV, supporting documents) : Paris (cdg1, France)

Head office : VERBER Inc. 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

 

Vercel legal guarantees:

• EU-US Data Privacy Framework (DPF) certification
• Data Processing Addendum (DPA) including EU Standard Contractual Clauses (SCC)
• Compliance with Article 28 of the GDPR

As part of audience measurement, the collected data is processed by the Google Analytics web analytics platform.

Article 7.1 – Data controller
The data controller undertakes to protect the collected personal data and can be contacted at the following email address: rgpd@sermeta.com.
The data controller is responsible for determining the purposes and means used to process personal data.

 

Article 7.2 – Obligations of the data controller

The data controller undertakes to protect collected personal data, not to transmit it to third parties without informing the user, and to respect the purposes for which the data was collected. They are required to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

 

In addition, the data controller undertakes to notify the user in the event of rectification or deletion of data, unless this entails disproportionate formalities, costs or procedures.

In the event of a personal data breach likely to result in a high risk to the user’s rights, the data controller undertakes to inform the User as soon as possible, in accordance with Article 34 of the GDPR.

In accordance with regulations concerning the processing of personal data, the User has the rights listed below.

In order for the data controller to respond to their request, the User must provide: first name, last name, email address, accompanied by a copy of their identity card or passport.

The data controller must respond to the user within a maximum of 30 (thirty) days.

 

Article 8.1 – Right of access, rectification and erasure

The User may view, update, modify or request deletion of data concerning them by sending an email to the address indicated above, specifying the subject of the request.

 

Article 8.2 – Right to data portability

This right does not apply insofar as no data is stored directly on the Site.

 

Article 8.3 – Right to restriction and objection

The User has the right to request restriction of or object to the processing of their data when one of the conditions referred to in Article 18 of the GDPR applies.

To request restriction or object to the processing, the User must send a request by email to the address indicated above.

 

Article 8.4 – Right not to be subject to a decision based solely on automated processing

In accordance with Article 22 of Regulation 2016/679, the User has the right not to be subject to a decision based solely on automated processing if the decision produces legal effects concerning them or significantly affects them in a similar way.

 

Article 8.5 – Right to determine the fate of data after death

Users are reminded that they may organize what happens to their collected and processed data in the event of death, in accordance with Article 40 of the Data Protection Act.

 

Article 8.6 – Right to lodge a complaint with the competent supervisory authority

If you believe that the data controller is not complying with its obligations regarding your Personal Information, you may lodge a complaint or request with the competent authority.

In France, the competent authority is the CNIL, which can be contacted online at:
https://www.cnil.fr/fr/plaintes/internet or by post at:

Commission Nationale de l’Informatique et des Libertés
Complaints Department
3 Place de Fontenoy – TSA 80715
75334 PARIS CEDEX 07

In accordance with Article 8 of the GDPR and the Data Protection Act, only minors aged 15 or over may consent alone to the processing of their personal data.

When the child is under 15 years old, consent must be given jointly by the minor and the holder(s) of parental authority.

If the User is a minor under 15, the agreement of a legal representative is required before personal data can be collected and processed.

The Site Publisher reserves the right to verify by any means that the User is over 15 years old or has obtained the consent of a legal representative.

Upon your first connection to the Publisher’s website, you are informed by a banner that information relating to your browsing may be recorded in files known as “cookies”. Our cookie usage policy allows you to better understand the measures we implement regarding browsing on our website. In particular, it informs you about all the cookies present on our website, their purpose, and provides instructions on how to configure them.

 

Article 10.1 – General information on cookies present on the Publisher’s website

The publisher of this website may place a cookie on the hard drive of your device (computer, tablet, mobile phone, etc.) in order to guarantee smooth and optimal browsing on our website.

“Cookies” (or connection tracers) are small text files of limited size that allow us to recognize your computer, tablet, or mobile device in order to personalize the services we offer you.

 

The information collected through cookies does not in any way allow us to personally identify you. They are used exclusively for our own needs in order to improve the interactivity and performance of our website and to provide you with content tailored to your interests. None of this information is shared with third parties unless the Publisher has obtained your prior consent or unless disclosure of this information is required by law, by court order, or by any authorized administrative or judicial authority.

To better inform you about the information identified by cookies, you will find below a list of the different types of cookies that may be used on the Publisher’s website, their name, their purpose, and their retention period.

 

Article 10.2 – Configuration of your cookie preferences

You may accept or refuse the placement of cookies at any time.

When you first connect to the Publisher’s website, a banner briefly presenting information relating to the use of cookies appears. This banner informs you that by continuing to browse the Publisher’s website (for example, by loading a new page or clicking on various elements of the site), you accept the placement of cookies on your device.

For any questions or additional requests for information relating to this cookie policy, please contact us via the email address identified above.

Depending on the type of cookie concerned, obtaining your consent for the placement and reading of cookies on your device may be mandatory.

 

Cookies exempt from consent

In accordance with the recommendations of the French Data Protection Authority (CNIL), certain cookies are exempt from the requirement to obtain your prior consent insofar as they are strictly necessary for the operation of the website or are intended solely to enable or facilitate electronic communication. These include session identifier cookies, authentication cookies, load-balancing session cookies, as well as cookies used to personalize your interface. These cookies are fully subject to this policy insofar as they are issued and managed by the Publisher of the website.

 

List of cookies requiring prior consent

This requirement concerns cookies issued by third parties that are described as “persistent,” insofar as they remain on your device until they are deleted or reach their expiration date. As such cookies are issued by third parties, their use and placement are subject to their own privacy policies, links to which are provided below. This category of cookies includes audience measurement cookies, advertising cookies (which the Publisher does not use), social media sharing cookies (notably YouTube and LinkedIn), as well as cookies from external content (notably YouTube videos).

Audience measurement cookies generate statistics relating to traffic and the use of various elements of the website (such as content/pages you have visited). These data contribute to improving the usability of the Publisher’s website.

 

An audience measurement tool is used on this website:

• Google Analytics, whose privacy policy is available (in English only) at the following link: Terms of Service | Google Analytics – Google

 

Social media sharing cookies are issued and managed by the publisher of the relevant social network. Subject to your consent, these cookies allow you to easily share part of the content published on the Publisher’s website, in particular via an application “share” button depending on the relevant social network. Four types of social media sharing cookies are present on the Publisher’s website:

 

You can consult the cookie policies by clicking on the following links:

• LinkedIn: https://www.linkedin.com/legal/cookie/fr
• YouTube: https://support.google.com/youtube/answer as well as the complete cookie policy at the following link: https://www.google.fr/intl/fr/policies/technologies/cookies/

 

You have various tools for configuring cookies

Most Internet browsers are configured by default to allow the placement of cookies. Your browser gives you the option to modify these standard settings so that all cookies are systematically rejected or only some cookies are accepted or refused depending on their issuer.

 

WARNING: We draw your attention to the fact that refusing the placement of cookies on your device may nevertheless impair your user experience and your access to certain services or features of this website. Where applicable, the Publisher of the website declines all responsibility for any consequences related to the degradation of your browsing conditions resulting from your choice to refuse, delete, or block cookies necessary for the operation of the website. Such consequences shall not constitute damage and you shall not be entitled to any compensation as a result.

 

Your browser also allows you to delete existing cookies on your device or to be notified when new cookies are likely to be placed on your device.

 

These settings do not affect your browsing but cause you to lose all the benefits provided by the cookie.

 

Please review below the tools available to you so that you can configure the cookies placed on your device.

 

Configuring your Internet browser:

 

Each Internet browser offers its own cookie management settings. To find out how to change your cookie preferences, you will find below links to the necessary help resources to access your browser’s menu for this purpose:

• Chrome: https://support.google.com
• Firefox: https://support.mozilla.org
• Opera: http://help.opera.com
• Apple: https://www.apple.com
• Edge: https://privacy.microsoft.com

 

For further information regarding cookie management tools, you may consult the CNIL website: https://www.cnil.fr/fr/cookies