Personal Data Protection

1. Website Presentation

The website www.nimsuisse.ch is owned and operated by NIMSuisse SA (hereinafter referred to as “the Owner” or “the Publisher”). The Owner’s contact details are as follows:

NIMSuisse SA
Bd Georges-Favon 19
CH-1204 Geneva
IDE CHE-414.549.688
contact@nimsuisse.ch

Hosting:

The website is hosted by Infomaniak (hereinafter referred to as “the Host”). The Host’s contact details are as follows:

Infomaniak Network SA
Rue Eugène Marziano 25
CH-1227 Les Acacias (GE)
IDE CHE-103.167.648

 

2. General Information

NIMSuisse SA is the Data Controller.

NIMSuisse SA is a subsidiary of the Menway Group, headquartered in France at:
11 rue Pierre Simon de Laplace, 57070 Metz – France

The Menway Group has implemented appropriate technical and organizational measures for many years to ensure the protection of personal data processed in the context of its professional activities. This includes data related to job applicants, unsolicited applications, and all data processed in the provision of consulting or career management services.

As early as 2010, the Menway Group appointed a Data Protection Correspondent (CIL) to ensure compliance with French data protection laws.

In May 2018, the Group designated a Data Protection Officer (DPO), in accordance with the General Data Protection Regulation (GDPR).

The Menway Group and its affiliates are committed to complying with all applicable personal data protection laws, especially Regulation (EU) 2016/679 and the French Digital Republic Act (Law No. 2016-1321 of October 7, 2016).

In accordance with Regulation (EU) 2016/679 (GDPR) and the new Swiss Federal Act on Data Protection (nFADP), effective as of September 1, 2023, the Data Controller places high importance on protecting the privacy and data of users of its services and website by implementing a strict privacy policy in line with current legislation.

This privacy notice explains the types of data that may be collected through our website or applications, how they may be used, and your rights regarding this data.

The Data Controller may amend this privacy notice at any time. You will be informed of any changes through publication of the updated and dated version on our website.

 

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, photo, postal/email address, phone number, IP address, etc.).

  • Processing: Any operation performed on personal data (e.g., collection, storage, use, transmission, deletion).

  • Purpose: The main objective of the data processing.

  • Recipient: A person or entity authorized to access personal data due to their functions.

  • Data Controller: The person or organization that determines the purposes and means of processing.

  • Processor: An entity processing data on behalf of the Data Controller.

  • Cookies: Small text files stored on your device to improve your browsing experience and site performance.

 

4. Purposes of Data Processing

The Data Controller ensures all data processing is based on explicit, legitimate, and specific purposes.

PurposeCategories of DataLegal BasisSource of DataRecipients
Application for interim management assignments or unsolicited applicationsTitle *, Phone *, Area of expertise *, Position *, Skills, Languages, Salary *, Current situation *, Part-time interest, Company type *, Size of managed entity *, Team size *, Annual budget, Location *, Postal code *, City *, Expatriate experience, Mobility, Interim experience *, CV *, Other documents (cover letter, English CV, etc.)Contract performance or pre-contractual measures (Art. 6-1.b GDPR; Art. 31.2.a nFADP) – Legitimate interest (Art. 6-1.f GDPR; Art. 31.2.b nFADP) – Consent (Art. 6-1.a GDPR; Art. 31.2.a nFADP)Directly from user (form, email, phone, interview) OR from CV databases or professional networks (e.g. LinkedIn)Internal support services, potential clients for relevant opportunities
Contact form inquiries (to request candidates or information)Name, First name, Job title, Company, Phone, Work emailConsent (Art. 6-1.a GDPR; Art. 31.2.a nFADP)Directly from userInternal support services

Personal data is retained for 2 years.

However, data may be kept beyond this period for evidentiary purposes or to comply with legal obligations. Once data is no longer necessary for the intended purpose or beyond the legal retention period, it is deleted.

 

6. Data Security

Menway Group ensures personal data is secured through both physical and logical protection measures, including:

  • Employee awareness and a binding IT charter.

  • Access control and monitoring on equipment used for data processing.

  • Restriction of data access to authorized personnel only.

  • Confidentiality obligations for employees, clients, and subcontractors.

  • Secure technical infrastructures (workstations, networks, servers), backups, and disaster recovery plans.

  • Incident response procedures in case of data breaches.

  • An IT strategy committee ensuring “privacy by design” for all new digital projects.

 

7. Data Transfers

Data may be shared within the Menway Group and with processors acting on behalf of the Data Controller for service delivery and site optimization.

No data is transferred outside the European Union unless required for legal or public interest reasons, or in connection with legal proceedings.

Personal data may be involved in corporate restructuring or asset transfers.

Data collected (via website forms, Inasoft’s candidate portal, CV databases, social media) is hosted on Menway Group servers in France.

INASOFT, the provider of our recruitment solution “Admen,” is located at:
2507 avenue de l’Europe, 69140 Rillieux-la-Pape – France

 

8. Data Subject Rights

Under GDPR and the Swiss nFADP (Article 32), you have the right to:

  • Access, Rectification, Erasure (Art. 15–17 GDPR)

  • Data Portability (Art. 20 GDPR)

  • Restriction of Processing (Art. 18 GDPR)

  • Object to Processing (Art. 21 GDPR) — especially for direct marketing

  • Withdraw Consent — at any time

  • Be Informed of Changes to your data (Art. 19 GDPR)

  • Post-Mortem Directives — instruct how your data should be handled after your death (Art. 40.II French Data Law)

To exercise your rights, contact: dpo@nimsuisse.ch

You may also file a complaint with your local supervisory authority:

In Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, CH – 3003 Bern

In France:
CNIL – Commission nationale de l’informatique et des libertés
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: +33 (0)1 53 73 22 22

 

9. Privacy Policy Updates

The Data Controller may update this Privacy Policy at any time in response to changes in legislation or regulations.
The date of the latest update will be indicated below.