Data protection -
GDPR legal notices

The Socotec Group undertakes to ensure that personal data processing carried out for the purpose of its business activities complies with European regulation no. 2016/679, known as the General Data Protection Regulation (GDPR), and French data protection law.

The term, personal data (hereafter ‘Personal Data’) means any information relating to an identified or identifiable natural person. A person is ‘identifiable’ when he or she can be identified, whether directly or indirectly, in particular by reference to an identification number or one or more factors that are specific to him or her.

The Personal Data that is collected may include, in particular but not limited to, surnames and first names, national identification numbers, postal address, E-mail address, telephone numbers, work-related data, a copy of the employment contract, pay slips, healthcare card (‘carte vitale’) or a certificate from the Local sickness insurance fund (‘CPAM’), financial data (bank account identification document, tax assessment, etc.), IP address and any other Personal Data that could prove to be relevant for the purposes described hereafter. However, only Personal Data that is strictly necessary for the purposes of the processing operation in question is collected.

01. Who collects personal data?

The Controller is Socotec Groupe, located at 5, place des Frères Montgolfier – Guyancourt – 78182 St-Quentin-en-Yvelines Cedex – France.

02. Who is this Policy for?

The purpose of this ‘Personal Data Protection Policy’ is to inform all natural persons concerned (‘You, Your’) of how the Socotec Group collects and uses Your Personal Data and of the means at Your disposal to control such use. This policy does not apply to the third-party websites that may be mentioned on the Socotec Group's website.

This Policy is intended for:

  • applicants who submit an unsolicited application or respond to a published advert;
  • applicants with regard to the creation and use of the applicant space on the Socotec website;
  • individuals who wish to subscribe to the Newsletter;
  • individuals who wish to contact the Socotec Group through the dedicated contact form;
  • all Users of the website ( who log on to and browse the said website.

03. Which are the data collection methods involved?

The Socotec Group collects Personal Data online (including via E-mail), through paper-based sources and orally (during an interview or a telephone call) and this Policy applies regardless of the collection or processing method.

The Personal Data that You agree to communicate to us, regardless of the collection method (online, through paper-based sources or orally during an interview or a telephone call), is subject to the provisions of this Policy.

Why is your data collected?

The Socotec Group uses Your Personal Data to undertake its assignments and to run its business. You will find a list of the reasons for which your Personal Data is collected and the corresponding legal grounds below.

GDPR socotec data uses


05. To whom is your data sent?

Your Personal Data may be sent to, depending on its purpose, to the business unit concerned, where it may be stored. IT data is stored remotely by the hosting service provider OVH.

Data used to connect to the Website and the messages sent through the ‘Contact’ form are sent to our web agency, which manages our website facilities. It does not receive clear data or have access to the content of the said messages, which ensures that their content remains confidential.

The website may contain hypertext links to other websites, which provide additional qualified information. The Socotec Group cannot be held liable for content that it does not publish; the User acknowledges that this website and third-party or partner services are entirely independent from one another. Any redirection offered to a third-party site is not tantamount to a recommendation and the Socotec Group is in no way liable for the editorial content offered on the sites in question.

As all Personal Data is confidential, access to this data is restricted to Socotec Group employees for the fulfilment of their work and to any authorised third party in compliance with the applicable regulation.

06. Is your data sent outside of the European Union?

No data is sent outside of the European Union.

07. What are your rights?

Under articles 14 to 22 of regulation 2016/679 of 27 April 2016, any natural person using the service may exercise the following rights:

  • right of access: you may request a copy of the data that personally pertains to you;
  • right to rectification: you may modify any inaccurate data that pertains to you;
  • right to object: you may object to our processing of your data under the terms and conditions of article 21 of the GDPR;
  • right to erasure: you may ask us to erase data that pertains to you under the terms and conditions of article 17 of the GDPR;
  • right to object to profiling;
  • right to restriction of processing.

We do not carry out any profiling for our activities.

Furthermore, when you consent to the processing of your personal data, you have the right to withdraw your consent at any time.

Finally, when a personal data breach that could pose a high risk to your rights and freedoms is detected, you will be informed of the breach as quickly as possible.

08. How to exercise your rights

These rights may be exercised either directly by contacting the Socotec Group, which collected the data, or by sending an E-mail. 

The Socotec Group's contact details can be found in the legal notices section on the Socotec Group website.

Proof of identity must be sent with the request.

The Socotec Groupe shall respond to the request within one (1) month of receipt of the request. In certain cases, due to the complexity of the request or the number of requests, this period of time may be extended to two months.

To contact Socotec’s Data Protection Officer:

If you do not receive an answer or if you receive an unsatisfactory answer, you may contact the Data Protection Authority, namely, the ‘CNIL’:

09. What happens to your data in the event of your death?

You may provide instructions on the storage, erasure and communication of your personal data following your death, in accordance with article 85 of law 78-17 of 6 January 1978.

These advance instructions may be general or specific in nature and sent to the following address:

10. Does the website use cookies?

Cookies are text files that are stored and used to record personal and non-personal data regarding Your browsing of the Socotec Group’s website.

We may use them or other forms of technology that can collect or store Personal Data in order to improve the services provided to You.

You will be notified of this the first time that You receive a cookie by a banner that appears at the bottom of the page and You will be able to decide whether to accept or reject it. If you carry on using the website in knowledge of the aforementioned information, You expressly accept that the Socotec Group may use browsing cookies.

GDPR cookies uses


11. Review of the Personal Data Protection Policy

This Personal Data Protection Policy applies as from 3 January 2020 and is regularly updated in accordance with the needs of the company and legal requirements.