14,204 offers · 61,304 programmes
NewTry our apprentice salary calculator
Privacy charter

Privacy charter.

How superalternance collects, uses and protects your personal data in strict compliance with the GDPR and French law.

Last updated: 22 May 2026.

Preamble

This privacy charter describes how superalternance (published by Dim Solution, 73 Rue Victor Hugo, 77340 Pontault-Combault, France) collects, processes, retains and protects the personal data of people who use the platform: work-study candidates, parents, recruiters and training centres (CFAs).

We strictly apply Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978, as amended. Our activity is based in France (Île-de-France) and all our processing operations are designed to comply with these two frameworks.

Data controller

The data controller, as defined by article 4 of the GDPR, is:

  • Dim Solution — publisher of superalternance.com
  • 73 Rue Victor Hugo, 77340 Pontault-Combault, France
  • SIRET: 824 358 741 00018
  • Data Protection Officer (DPO) contact: dpo@superalternance.com

Data collected

We strictly limit the data we collect to what is necessary for each of our purposes. We distinguish between two main categories of users.

Candidate accounts (apprentices, work-study students, parents)

  • Identification: first name, last name, email address, hashed password.
  • Contact details: phone number (optional), city or postal code used to sort results.
  • Professional profile: uploaded CV, education level, diploma being prepared, target role, preferred sector.
  • Platform activity: applications sent, saved offers and programmes, email alerts, recent search history.
  • Communications: exchanges via the contact form and messages sent to recruiters / CFAs.

Professional accounts (recruiters, CFAs, schools)

  • Organisation identity: company name, SIRET, website, business sector, postal address.
  • Point of contact: first name, last name, role, professional email, phone.
  • Publications: work-study offers published, training programme listings, descriptions and internal contact details shown to candidates.
  • Anonymous statistics: number of views, applications received, aggregated conversion rates.

Technical data (all visitors)

  • Truncated IP address, browser type, language, anonymised page views.
  • Cookies strictly necessary for the site to function and, subject to your consent, audience-measurement cookies.

Purposes of processing

Your data is used only for the following purposes:

  • Account management: creation, authentication, password recovery, deletion on request.
  • Matching candidates, recruiters and CFAs: forwarding applications, putting the parties in contact with each other.
  • Publishing offers and training programme listings, moderation, fighting fraudulent listings.
  • Personalising search results (geographic proximity, role, diploma).
  • Aggregated anonymous statistics on platform usage, for the purposes of continuous improvement.
  • Combating fraud and the creation of fake accounts.
  • Compliance with legal obligations (accounting, response to judicial requisitions).

Legal bases

In accordance with article 6 of the GDPR, each processing operation relies on one of the following legal bases:

  • Performance of the contract: account management, applications, publication of offers and programmes.
  • Legitimate interest: fighting fraud, securing the service, aggregated usage statistics.
  • Consent: non-strictly-necessary cookies, email alerts, optional marketing communications.
  • Legal obligation: retention of invoices and accounting records, responses to competent authorities.

Recipients of the data

Your data is never sold. It is communicated only to strictly identified and authorised recipients:

  • Recruiters and CFAs, only when you explicitly apply to an offer or a programme published on the platform. No transmission occurs without this active step on your part.
  • Technical providers acting on our behalf (host in France/EU, transactional email provider, anti-spam solution). These providers are bound by GDPR contractual clauses that strictly govern their processing.
  • Public authorities and judicial officers, only on duly justified legal request (police, gendarmerie, prosecutor's office, CNIL).

Retention period

Data is retained for the period strictly necessary for each purpose, then archived or deleted:

  • Active accounts: for the entire lifetime of the account.
  • Inactive accounts: 3 years after the last login, then deletion or anonymisation.
  • Applications sent via the platform: 2 years from the date sent.
  • Technical connection logs: 12 months maximum (legally recommended duration).
  • Accounting records and invoices: 10 years (French commercial code obligation).
  • Exchanges with the DPO or customer service: 3 years after the end of the exchange.

Transfers outside the EU

All data collected by superalternance is hosted in France and within the European Union. No systematic transfer of personal data to a country outside the EU takes place during the normal operation of the platform.

Should an occasional transfer be necessary (involvement of a subcontractor or partner located outside the EU), it would be governed by the standard contractual clauses adopted by the European Commission and subject to a prior impact assessment.

Security

We implement technical and organisational measures appropriate to the risk, in accordance with article 32 of the GDPR:

  • Encryption of all exchanges via HTTPS / TLS 1.3.
  • Passwords stored in salted hashed form (never in clear text).
  • Strict access control to databases, logging of administrator access.
  • Encrypted backups in France/EU, on state-of-the-art infrastructure.
  • Regular security audits and penetration tests on exposed components.
  • Ongoing policy of updating software dependencies.

Your GDPR rights

In accordance with articles 15 to 22 of the GDPR, you have, at any time, the following rights over your personal data:

  • Right of access: obtain a copy of the data concerning you.
  • Right to rectification: correct any inaccurate or incomplete data.
  • Right to erasure (the "right to be forgotten") under the conditions set out in the GDPR.
  • Right to portability: retrieve your data in a structured, commonly used format.
  • Right to restriction of processing, in the cases provided for by law.
  • Right to object: object to processing based on legitimate interest.
  • Right to withdraw your consent at any time, for processing that relies on it.
  • Right to set instructions concerning the fate of your data after your death.

Cookies & trackers

superalternance uses cookies strictly necessary for the site to function (session, display preferences, memorising filters). Audience-measurement cookies or any third-party trackers are only set after your explicit consent, expressed via the information banner.

You can change your choices at any time via the "Manage my cookies" button located in the footer of every page of the site.

Complaint to the CNIL

If, after contacting us, you consider that your rights are not respected, you may file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French supervisory authority for data protection:

  • CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • Online form: https://www.cnil.fr/fr/plaintes

Changes to the charter

This charter may evolve to take account of legal, regulatory or technical developments. Any substantial change will be announced on the home page and / or by email to users with an account. The date of the last update appears at the top of this document.

Contact

For any question relating to this charter or your personal data, you may contact our Data Protection Officer at dpo@superalternance.com or use the contact form.

The French version is authoritative. Read the full French version.

Privacy charter — Personal data protection | superalternance · superalternance