PRIVACY POLICY STATEMENT
%%Privacy.Policy.CompanyName%%, with registered headquarters at %%Privacy.Policy.Address%%, %%Privacy.Policy.PostCode%% %%Privacy.Policy.City%% (%%Privacy.Policy.Province%%), Tax Code and VAT no. %%Privacy.Policy.VATNo%%, as data controller (hereinafter “Controller”), informs you, pursuant to EU Regulation 679/2016 (“GDPR”) and to the legislation, including national regulations, concerning the protection of personal data currently in force (“Privacy Legislation”), that your data will be processed in the following manner and for the following purposes:
- Nature of data processed
The Controller will process your personal identification data (in particular, your name, surname, e-mail, telephone number, IP address, photograph, etc.) and any sensitive/specifically protected data (for example, the status of belonging to a protected category, etc.) – hereinafter referred to as “the Data” or “Personal Data” provided by you upon your registration to the “Careers” platform of the %%FrontOffice.Hostname%% website (hereinafter referred to as “the Site”)
- Purpose and legal grounds for data processing
-
Your Data is processed, without requiring your prior consent, for the following service-related purposes:
-
To implement the contract or fulfil pre-contractual requirements, specifically:
- to ensure your participation in the job selection for which you have submitted your application;
- to guarantee the correct implementation of the process of employee selection (e.g. the management and evaluation of applications);
- to contact you in order to invite you to a job interview;
- to contact you in order to communicate the results of the application evaluation processes;
- to ensure the fulfilment of any pre-contractual and contractual requirements necessary for the purpose of establishing an employer-employee relationship;
- to store your CV in the appropriate database, for the purpose of evaluating it in view of other future positions that may interest you, and which are a fit for your experience and professional qualifications;
-
To pursue the Controller's legitimate interests, specifically:
- to include your application in the statistical analyses that we are conducting regarding the selection process;
- to prevent or uncover fraudulent activity or abuse that may be harmful to the Site;
- to fulfil the obligations set out by any law, regulation, community standard or order by the relevant authority;
- to exercise the Controller's rights, such as the right to legal defense.
-
Exclusively on the basis of your prior consent, for other purposes, specifically:
-
For Future Selection Purposes: i.e. to store your CV in the appropriate database, for the purpose of evaluating it in view of other future positions that may interest you, and which are a fit for your experience and professional qualifications;
-
Marketing purposes, i.e. to inform you via regular mail or telephone calls, sales-related communications, e-mail, SMS, MMS, social media networks, social plugins, notifications and newsletters regarding initiatives and commercial offers from the Controller;
-
Profiling purposes, i.e. to analyze your preferences in order to propose services, initiatives and offers that match your interests and your professional credentials.
-
Communication Purposes, i.e. communicating your Personal Data to third parties (such as, for example, business partners or other third parties with which specific commercial arrangements have been concluded), whom we require to respect the appropriate levels of confidentiality and data protection;
- Modes of processing
The processing of your Data is undertaken – via electronic means – by the operations of collection, recording, updating, organization, preservation, consultation, elaboration, modification, selection, extraction, comparison, use, interlinking, blocking, erasure and destruction of the Data.
- Data retention
The Controller will process your Data for the time necessary to meet your requests and fulfil the purposes set out above, and, in any case, for a period of:
%%Privacy.Policy.DataRetentionPolicies%% |
For Marketing purposes
|
24 months
|
For Profiling purposes
|
12 months
|
- Access to data
Your Data may be accessed for the abovementioned purposes by:
- the Controller's employees and/or collaborators, in their capacity as persons responsible for processing and/or internal data processing managers and/or system administrators;
- third-party companies or other parties (e.g. website providers, suppliers, hardware and software technicians, professional firms, etc.) which perform outsourced activities on behalf of the Controller, in their capacity as external data processors.
- Data disclosure
Your Data may be communicated, even without your consent, for the purposes mentioned above, by way of example, to oversight bodies, law enforcement or judiciary institutions, which will process them, upon their own express request, acting as autonomous data controllers for institutional purposes and/or as required by law in the course of investigations and oversight activities.
Your personal data may also be disclosed, with your prior consent, to third parties (for example, independent professionals, agents, etc.), which will process them as autonomous data controllers, for the purpose of conducting activities instrumental to the purposes mentioned above. We require that all such third parties respect the appropriate levels of confidentiality and data protection.
- Data transmission and storage location
The Data will not be transferred to countries outside the EU. Personal data will be stored and managed on servers located within the European Union. It is, however, understood that the Controller shall, whenever necessary, retain the right to transfer the data outside the EU and/or change the location of the servers in the European Union and/or in non-EU countries. In such a case, to ensure an adequate level of protection of the Personal Data, the transfer of the data to non-EU countries will be undertaken on the basis of a request for consent by the interested party, and in accordance with the standards approved by the European Commission, i.e. the Controller shall adopt the Standard Contractual Clauses drawn up by the European Commission.
The Data may be transferred to countries outside the EU. In such a case, to ensure an adequate level of protection of the Personal Data, the transfer of the data to non-EU countries will be undertaken on the basis of a request for consent by the interested party, and in accordance with the standards approved by the European Commission, i.e. the Controller shall adopt the Standard Contractual Clauses drawn up by the European Commission.
- Data submission
The provision of the Data is mandatory to enable the Controller to process your data for Service Purposes as described under A.1. and A.2. If you choose not to provide the Data, we cannot process your requests and provide our services to you.
- The provision of the Data is optional for Future Selection Purposes.
- The provision of the Data is optional for Marketing Purposes.
- The provision of the Data is optional for Profiling Purposes.
- The provision of the Data is optional for Communication Purposes, and if you decide not to provide the Data, you will not be able to receive our commercial communications.
- Rights of interested parties
As an interested party, the Controller informs you that, with the exception of cases when legal limitations apply, you have the right to:
- obtain confirmation of the existence or non-existence of your Personal Data, even if not yet recorded, and have such data be made available to you in an intelligible form;
- receive and, where applicable, obtain a copy of information regarding: a) the origin and type of the Personal Data; b) the logic involved, in case of processing using electronic tools; c) the purposes and modes of processing; d) identifying information of the Data Controller and managers; e) the subjects or categories of subjects to whom the Personal Data may be communicated or who may come into contact with it, particularly if these are recipients located in third countries or international organizations; f) when possible, the data retention period or the criteria used to determine that period; g) the existence of an automated decision-making process, and, if this is the case, the logic involved, its significance and the consequences envisaged for the person concerned; h) the existence of adequate safeguards in the event of the transfer of the Data to a non-EU country or to an international organization;
- obtain, without undue delay, the updating and correction of inaccurate Data or, if you so require, the completion of incomplete Data;
- obtain the erasure, blocking or transformation into anonymous form, whenever possible, of Data in the following cases: a) it was processed unlawfully; b) it is no longer required for the purposes for which it was collected or subsequently processed; c) in case of the withdrawal of the consent on which the processing is based, and if there is no other legal basis for it; d) in the event you have objected to the processing and there is no prevailing legitimate justification for its continuance; e) if required to comply with a legal obligation; f) in the case of Data pertaining to minors. The Controller may refuse to erase the Data only in the following cases: a) the exercise of the right to freedom of expression and information; b) compliance with a legal obligation, the performance of a task carried out in the public interest or the exercise of public powers; c) public health reasons; d) archiving in the public interest, for scientific or historical research, or for statistical purposes; e) the exercise of a right in connection with a legal claim;
- have limits applied to the processing in the following cases: a) a dispute concerning the accuracy of the Personal Data; b) illegal processing by the Controller to prevent erasure; c) exercise of a right in connection with a legal claim; d) pending the verification whether the Controller's legitimate grounds take precedence over those of the interested party;
- receive, in the event that the processing is being carried out by automatic means, without impediment and in a structured, commonly used and readable format, the Personal Data relating to you, in order to transfer it to another Controller or – if technically feasible – to obtain the direct transmission of the Data from the Controller to another Controller;
- object, in whole or in part: a) on legitimate grounds, to the processing of your Personal Data, even if it is relevant for the purposes for which it is being collected; b) to the processing of your Personal Data for purposes of sending advertising or direct sales materials, or for carrying out market research or commercial communications, through automated calling systems not involving an operator, via e-mail and/or through traditional marketing channels via phone and/or mail;
- submit a complaint to the Data Protection Authority.
In the above cases, whenever necessary, the Controller will advise any third parties with whom your Personal Data has been shared regarding any exercise of rights by you, except in specific cases (i.e. when this proves impossible, or involves an effort that would be manifestly disproportionate to the right protected).
- Procedures for the exercise of the rights
You may exercise these rights at any time by:
- sending a register letter with delivery confirmation to the Controller's address;
- sending an e-mail to %%Privacy.Policy.EmailPrivacy%%;
- calling the telephone number %%Privacy.Policy.PhonePrivacy%%;
- Data Controller and Data Processor
The Data Controller is %%Privacy.Policy.CompanyName%%
The internal data processing manager is:
- %%Privacy.Policy.ResponsabileInterno%%
The External Data Processor for the "Careers" platform is ALTAMIRA S.R.L., with registered headquarters at 1 Via G. Marradi, 20123 Milan.
The designated Data Protection Officer is:
- %%Privacy.Policy.DPO%%
- Address and telephone no.: %%Privacy.Policy.DPOAddress%%, %%Privacy.Policy.DPOPhone%%
The list of internal and outsourced External Data Processors, as well as that of system administrators, is available at the registered headquarters of the Controller at %%Privacy.Policy.Address%%, %%Privacy.Policy.PostCode%% %%Privacy.Policy.City%% (%%Privacy.Policy.Province%%).
%%Privacy.Policy.CompanyName%%