Recruitment Privacy Notice

Last updated: 28 December 2025

1) Who we are (data controller)

VAir SAS, a company registered in France, with registered office at 16 rue Jacques Tati, 91080 Évry-Courcouronnes, France (“we”, “us”), is the data controller for the processing described in this notice.

Contact: privacy@vair.dev

2) What this notice covers

This notice applies to personal data we process when you apply to a role on our website using the “Apply via email” option, and throughout the recruitment process.

3) Personal data we process

Depending on what you send and the stage of recruitment, we may process:

  • Identification and contact details: name, email address, phone number, location.
  • Application content: CV/resume, cover letter, portfolio links, and any information you include in emails/attachments.
  • Recruitment process information we create: interview scheduling information, interview notes, evaluation notes, and our communications with you.

Important: Please avoid including “sensitive” information in your application (e.g., health data, political opinions, union membership) unless it is strictly necessary (for example, to request an accommodation).

4) Why we process your data (purposes)

We process candidate data to:

  • Receive and manage applications;
  • Communicate with candidates and schedule interviews;
  • Assess suitability for the role;
  • Maintain appropriate records of the recruitment process.

We process your personal data on one or more of the following legal bases:

  • Steps prior to entering into a contract (GDPR Art. 6(1)(b)) — to review your application and manage the recruitment process; and/or
  • Legitimate interests (GDPR Art. 6(1)(f)) — to run an efficient, fair, and secure recruitment process and maintain limited records where necessary (e.g., to handle questions or protect the company in case of disputes).

6) Who has access to your data (recipients)

Your data may be accessed by:

  • Internal recipients: only people involved in recruitment and hiring decisions for the role (e.g., founders, hiring manager, interviewers), on a need-to-know basis.
  • Service providers: our email hosting/provider and any IT providers involved in operating and securing our systems (acting as processors when applicable).

7) Where your data is processed (EEA only)

We store and process candidate data within the European Economic Area (EEA) and do not transfer it outside the EEA.

8) How long we keep your data (retention)

We do not keep recruitment data indefinitely: retention is defined according to the purpose.

  • If you are hired: relevant information will be transferred to your personnel file and kept according to applicable HR retention rules.
  • If you are not hired: we keep your application data for 12 months after the end of the recruitment process, then delete it.

We may keep limited information for longer in restricted access only where necessary (for example, to establish, exercise, or defend legal claims), and we will delete it once it is no longer needed for that purpose.

No talent pool: We do not keep unsuccessful applications for future opportunities unless we implement a separate process and inform you accordingly.

9) Your rights

Under the GDPR, you have rights including:

  • Access to your data,
  • Rectification (correction),
  • Erasure (deletion) in certain cases,
  • Restriction of processing in certain cases,
  • Objection to processing based on legitimate interests,
  • Data portability where applicable.

To exercise your rights, contact privacy@vair.dev and tell us what you’re requesting. We may need to verify your identity.

You also have the right to lodge a complaint with the CNIL (the French supervisory authority).

10) Is providing data mandatory?

You are not legally required to provide your data, but we need sufficient information to evaluate your application (typically a CV and contact details). If you do not provide the necessary information, we may be unable to process your application.

11) Automated decision-making

We do not use automated decision-making or profiling within the meaning of GDPR Article 22 in our recruitment process.

12) Security

We implement appropriate technical and organisational measures designed to protect candidate data (e.g., access controls and account security measures). Access to candidate data is restricted to authorised persons involved in recruitment.

13) Changes to this notice

We may update this notice from time to time. The latest version is published on our website.