(The Italian-language text of this notice is the only one that shall be considered authoritative as the original text)
The Data Controller is WIDMANN S.r.l., with registered office at Viale dell’Industria 3/C – 20038 Busto Garolfo (MI), tel. +39 0331 560001, e-mail: segreteria@widmannsrl.com (hereinafter the “Controller”), and provides the following information regarding the processing of your personal data carried out within the process of searching for, selecting and assessing professional profiles compatible with the Company’s needs and job opportunities (hereinafter the “Selection”). Hereinafter, you will be referred to as the “Candidate”.
The personal data processed are those voluntarily provided by the Candidate when submitting their curriculum vitae (and any cover letter) as part of a spontaneous application or in response to specific job advertisements published by the Controller either directly (on its website and/or corporate social networks) or indirectly (on the websites/platforms of intermediaries/employment agencies), or during introductory interviews.
The Controller may therefore process the following categories of data:
a) Common personal data, such as, by way of example: personal identification data, tax code, contact details, remuneration- related data (e.g. bonuses, insurance, commissions, etc.); data relating to education, career and role within a company (such as qualifications, previous work experience, promotions, performance, etc.); photographic image (if included in the CV), as well as personal data relating to family status (such as marital status, family composition, etc.).
b) Special categories of personal data pursuant to Article 9 GDPR, such as, by way of example: health-related data (e.g. belonging to protected categories, disability). In this regard, it is specified that, in the event of spontaneous provision of special data that are neither relevant nor indispensable in the context of the Selection and for the purposes indicated in section 2, and therefore with a view to establishing an employment relationship, such data will not be considered in any way for the purposes of the application and will be immediately deleted.
(Hereinafter, collectively, the “Personal Data”).
Personal Data are processed exclusively for the purposes and on the legal bases set out in the table below:
A.
PURPOSE
Management of the Selection and possible establishment of an employment relationship, in particular:
• administrative and organisational activities (scheduling interviews, service and selection-related communications, feedback, etc.);
• objective assessment of the Candidate’s professional and personal requirements in relation to possible inclusion in the Controller’s organisational structure with reference to any open position, or also to propose other types of job offer sconsistent with the Candidate’s educational and professional profile.
LEGAL BASIS
With regard to common data: Performance of pre- contractual measures taken at the request of the data subject.
With regard to special categories of data: Authorization of the Italian Data Protection Authority No. 1/2016 (15.12.2016) for the processing of sensitive (i.e. special) data in employment relationships (see in particular section1.4.1“Processingcarriedoutinthepreliminaryphaseprior to hiring”), declared compatible with the GDPR by the Authority’s Measure of 13.12.2018 (No. 497 Reg. Provv.).
B.
PURPOSE
To assert and defend the Controller’s rights, including through out-of-court actions and also through third parties, as well as to prevent crimes (such as fraud, identity theft, etc.).
LEGAL BASIS
Legitimate interest of the Controller
C.
PURPOSE
Compliance with legal obligations related to civil, tax and administrative provisions, EU regulations, rules, codes or procedures approved by Authorities and other competent Institutions, as well as to comply with requests from competent administrative or judicial authorities and, more generally, from public bodies in accordance with legal formalities.
LEGAL BASIS
Compliance with a legal obligation to which the Controller is subject.
Failure to provide, partial provision or inaccurate provision of Personal Data may result in the Controller being unable to consider the application within the Selection process.
In compliance with the specific purposes for which they were collected and with the principles of necessity, relevance and data minimization, Personal Data may be accessed by persons authorised by the Controller (employees and collaborators).
Furthermore, the Controller may communicate such data to the following categories of recipients:
· third-party service providers used by the Controller—appointed, where applicable, as data processors—(such as employment agencies, labor consultants, as well as companies or individuals providing legal, accounting services, etc.);
· third-party companies and professionals appointed to assert the Controller’s rights, interests or claims arising from the relationship with the Candidate;
· State Administrations, judicial or administrative authorities, public and private bodies, also following inspections and audits;
· subjects entitled to access the data by virtue of legal provisions or secondary or EU regulations.
Only the categories of recipients are indicated, as they are subject to continuous updates. To obtain the updated list of recipients, the Candidate may contact the Controller directly using the contact details provided in section 9.
For the purposes described above and in particular for the evaluation of your profile, your data will not be transferred abroad.
Personal Data will be temporarily stored in the Controller’s databases and processed using both manual and electronic tools exclusively by authorised and duly instructed persons.
7.1. Personal Data will be retained by the Controller for the time strictly necessary to achieve the purposes for which they were collected; specifically, the Controller will retain:
· Personal Data at least for the entire duration of the Selection and, after its conclusion, for a further period of 12 months;
· Personal Data whose processing is necessary in relation to legal obligations, for the period required by law;
and in any case, for the purposes referred to in section 2, letter B, for a maximum period equal to the applicable limitation period for relevant actions plus an additional prudential period of six months, in order to ensure the Controller’s right of defence with reference to possible future judicial or administrative disputes.
7.2. In all cases, once the respective retention periods have elapsed, all personal data will be deleted or anonymized, except where an employment relationship is established as a result of the Selection. In any case, the indicated periods may be extended where necessary in relation to specific purposes (e.g. labor law, administrative or accounting purposes) or the existence of particular circumstances (such as pending judicial or administrative disputes, pending obligations related to termination of the relationship), or where retention for a longer period is required by competent authorities or by applicable law.
8.1. The Candidate has the right:
• to object at any time, on grounds relating to his/her particular situation, to the processing of his/her data for the purposes indicated in section 2, letter B;
• where he/she believes that the processing of his/her personal data is carried out in violation of data protection regulations, to lodge a complaint pursuant to Article 77 GDPR with the national supervisory authority of the EU Member State in which he/she has habitual residence or place of work or where the alleged infringement occurred (if this State is Italy, the authority is the Italian Data Protection Authority), or to bring an action before the competent judicial authorities (Article 79 GDPR).
8.2. Furthermore, the Candidate may at any time and free of charge exercise, where applicable, the following rights vis-à-vis the Controller:
a) Right of access, to obtain confirmation as to whether or not personal data concerning him/her are being processed and, where that is the case, access to the Personal Data;
b) Right to rectification, to obtain the rectification/integration of inaccurate/incomplete personal data;
c) Right to erasure, to obtain, in the cases provided for by law, the deletion of personal data processed;
d) Right to restriction of processing, to obtain, in the cases provided for by law, the restriction (i.e. marking of stored personal data with the aim of limiting their processing in the future);
e) Right to data portability: where the conditions set out in Article 20(1)(a) and (b) GDPR apply—namely that the processing is based on consent or on a contract and is carried out by automated means and limited to data provided by the data subject—this right allows the Candidate to receive the personal data concerning him/her in a structured, commonly used and machine-readable format and to transmit such data to another data controller.
To exercise all rights, the data subject may submit a specific request by contacting the Controller as follows:
· by post to WIDMANN S.r.l., Viale dell’Industria 3/C – 20038 Busto Garolfo (MI);
· by sending an e-mail to segreteria@widmannsrl.com.