This Privacy Policy aims to explain, in a clear and understandable way, how we collect, use, store, and protect the personal data of users of our website. It also details the rights available to data subjects, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

1. Data Controller

Your personal data is processed under the responsibility of:

AS International Group
179 avenue Charles de Gaulle
92200 Neuilly-sur-Seine
France
Paris Trade and Companies Register (RCS): 421 255 829
Contact: dpo@asinter-group.com

We determine the purposes and means of the processing carried out via our website.

2. Data We Collect

We only collect the data necessary for the provision of our services.

2.1 Data provided directly by the user

Contact form

When you fill out our contact form, we collect the following information:

• Last name
• First name
• Email address
• Phone number (if provided)
• Content of your message

This data allows us to respond to your requests.

Applications (job offers or unsolicited applications)

When you apply for a job offer or submit an unsolicited application, we collect:

• First and last name
• Email address and phone number
• CV/résumé and application documents
• Information exchanged as part of the recruitment process

Candidate area

When creating and using your personal account, through our authentication provider Clerk, we collect:

• Login credentials
• Information related to your applications
• Processing history and statuses

2.2 Data collected automatically

Browsing data

We use Vercel Analytics, a strictly anonymous tool that measures website traffic and performance.
No personal data is collected.
No advertising cookies or individual identifiers are created.

Technical data

Certain technical information (browser type, pages viewed, display performance) may be recorded, but under no circumstances does it allow us to identify you.

2.3 Data resulting from automated processing (AI)

As part of recruitment, artificial intelligence modules may analyze:

• Skills mentioned in CVs/résumés
• The suitability of a profile for a job offer
• Summaries of certain content

These processes are described in more detail in Section 6.

3. Purposes of Processing

We use your personal data only for the following purposes:

• Responding to your requests submitted via the website forms
• Reviewing and processing your applications
• Enabling the creation and use of your candidate account
• Ensuring application tracking and communication with candidates
• Carrying out automated analyses to support recruitment, always with human oversight
• Improving the quality and performance of our website

We never sell your data and never share it with third parties for commercial prospecting purposes.

4. Legal Bases for Processing

Depending on the case, your data is processed on the following legal bases:

• Performance of pre-contractual measures: processing applications
• Legitimate interest: management of the candidate area, recruitment follow-up, website security
• Consent: submission of a form or voluntary sending of documents
• Legal obligations: retention of information to comply with regulatory obligations

5. Recipients of the Data

Your personal data is accessible only to:

• Our Recruitment Department
• Our Sales Department, when the request requires it
• Our IT Department, for strictly technical reasons

No other department or partner receives your data, except for our duly regulated technical processors (see Section 7).

The agency that developed our website has no access to production data.

6. Use of Artificial Intelligence in Recruitment

We use automated analysis tools to facilitate CV/résumé processing and help pre-select candidates.
This operation complies with GDPR requirements, in particular Article 22.

6.1 Automated CV analysis (OCR)

Documents (CVs/résumés) are analyzed by Tiny-IDP, a European provider based in Spain.

Processing is carried out:

• On servers located in Europe
• Without any durable storage
• With automatic deletion of files within a few seconds
• Without logging personal information

6.2 Pre-screening and generative AI

The data sent to AI models via OpenRouter is strictly anonymized beforehand.
No identifying information (last name, first name, email, phone number, address, online identifiers) is transmitted.

6.3 Mandatory human intervention

Recruitment decisions are never based exclusively on automated processing.
Candidates may request a human review, and a recruiter systematically reviews the AI results before any decision is made.

7. Processors and Technical Services Used

We only work with GDPR-compliant providers, including the following:

• Convex (application hosting) – EU servers
• Clerk (authentication) – GDPR compliance, SCCs and DPF
• Storyblok (CMS) – hosting in Germany
• Tiny-IDP (CV OCR) – instant processing, no storage
• OpenRouter (AI) – receives anonymized data only
• HelloWork (job postings) – services hosted in Europe
• Make.com (automation) – no personal data transmitted
• Vercel Analytics (anonymous statistics) – no personal data
• Bunny.net (content delivery) is used as a content delivery network (CDN) to optimize the display of images, videos, and files, including CVs/résumés

Each processor acts in accordance with a contractual framework or Data Processing Agreement (DPA) made available.

8. Cookies and Trackers

Our website uses only technical cookies necessary for its operation.

We do not use:

• Any advertising cookies
• Any individual tracking cookies
• Any identifier enabling a user to be tracked

The statistics provided by Vercel Analytics are anonymous and do not allow us to identify you.

9. Data Retention Periods

We retain your data only for the period strictly necessary for the purposes pursued.

• Contact form: 12 months
• Application data: maximum 12 months after the last interaction
• Candidate area: automatic deletion of the account and all associated data after 12 months of inactivity
• AI analysis results stored in our database: maximum 12 months
• Application logs containing personal data: deleted within 90 days
• Anonymized logs: retained for 12 months
• Documents analyzed by Tiny-IDP: deleted within a few seconds
• Data sent to OpenRouter: strictly anonymized (no personal retention possible)
• Files distributed via Bunny.net: retained only temporarily in memory and automatically deleted as soon as the corresponding application data is deleted

10. Data Security

We implement technical and organizational measures designed to protect your data:

• Encryption of data in transit and at rest
• Segmentation of environments
• Strict access control
• Secure audits and logging
• Systematic anonymization of data sent to AI modules
• Processors compliant with GDPR, SOC 2, or ISO 27001 as applicable

11. Your Rights

In accordance with the GDPR, you have the following rights:

• Right of access to your data
• Right to rectification
• Right to erasure
• Right to object
• Right to restriction of processing
• Right to data portability
• Right to withdraw your consent at any time
• Right to lodge a complaint with the CNIL

You may exercise your rights at: dpo@asinter-group.com

12. Changes to the Policy

This policy may be amended to reflect regulatory or technical developments.
Any substantial change will be clearly announced on the website.

13. Contact

For any questions relating to this policy or to your personal data, you may contact us at: dpo@asinter-group.com