PURSUANT TO THE PRIVACY REGULATION
Pursuant to and by effect of the Italian and European regulations concerning personal data protection [by which is meant Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free circulation of said data (GDPR), (Italian) Legislative Decree no. 196/2003, and any other personal data protection regulation applicable in Italy, including provisions of the Italian Data Protection Authority], hereinafter referred to, for brevity, as the “Privacy Regulation”, the company Savino Del Bene S.p.A., with registered office in Scandicci (FI) – Italy, via del Botteghino 24/26, in its status of Data Controller, hereby informs candidates on the purposes and methods of the personal data collection, the scope of its communication and the nature of the data conferral.
The personal information concerning you will be processed for:
1) selection of personnel and/or the start of a collaboration
Your personal data (more specifically: name, surname, place and date of birth, address, e-mail address, telephone number, curriculum data, computer data, e.g. IP address and data deriving from the use of online forms on the Data Controller’s website, data revealing your health status, even if communicated through the curriculum), collected through the form present in the link https://www.savinodelbene.com/career/spontaneous-application/, is processed to complete the activities associated with the management of the personnel selection process by the Data Controller, such as:
- the search for candidates for open positions of the Data Controller;
- the collection of applications and curricula;
- the examination of the curricula received for an initial screening;
- the organisation of selection interviews;
- the insertion in the Data Controller’s organisational context of the candidate deemed most suitable;
- the fulfilment of specific obligations and the performance of specific duties deriving from the laws, regulations or collective agreements, in particular for the purpose of establishing the employment and/or collaboration relationship, and for identifying the concessions applicable to the contractual relationship with subjects belonging to protected categories.
Your data may be collected also at third parties such as, for example purposes:
- IT service providers.
The data collected, or nonetheless obtained by the Data Controller during the course of the selection procedure for open positions within its organisation, except for that relative to the health status, spontaneously provided by you, must be regarded as necessary and its non-conferral shall prevent the Data Controller from carrying out the activities aimed at:
– assessing your application during the personnel selection process arranged by the Data Controller;
– managing the selection process of candidates throughout all phases and the resulting fulfilments.
2) communication to third parties and recipients
Your data will not be communicated to third parties/recipients for their autonomous aims, unless:
- you authorise them to do so;
- this is necessary for fulfilling obligations deriving from laws governing the matter (e.g. for defending your rights, etc.);
- the communication is made to companies of the group to which the Data Controller belongs for administrative purposes; private subjects that perform staff leasing, personnel recruitment and selection, training and outplacement activities; universities and schools and information services and IT assistance companies.
The personal data that the Data Controller processes for these aims includes, among others: name, surname, tax number, place and date of birth, address, e-mail address, telephone number, curriculum data, computer data, e.g. IP address and data deriving from the use of online forms on the Data Controller’s website, data revealing your health status, even if communicated through the curriculum.
3) IT security purposes
The Data Controller processes, also by means of its suppliers (third parties and/or recipients) your personal data, including computer data (e.g. logical accesses) or traffic data collected or obtained through the services available on the website (e.g. “Join us”) in a strictly necessary and proportional measure for guaranteeing the security of a network or server connected to it and its ability to withstand a given security-related incident, unforeseen events or unlawful or malicious deeds that undermine the authenticity, integrity and confidentiality of the personal data stored or transmitted.
For these aims, the Data Controller applies procedures for managing personal data breaches, in accordance with the legal obligations bearing on it.
4) sharing of personal data with companies of the Savino Del Bene Group for autonomous selection purposes
The processing of your personal data, subject to your specific consent, in particular your name, surname, tax number, place and date of birth, address, e-mail address, telephone number, curriculum data, information on your health status, if communicated by you through the curriculum, may be shared with companies of the Savino Del Bene Group for autonomous selection purposes.
- processed in a lawful, fair and transparent manner;
- collected for the determined, explicit and legitimate purposes specified below and subsequently processed in a manner compatible with these purposes;
- adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- accurate and updated if necessary. In this regard, Savino Del Bene S.p.A. undertakes to take all appropriate measures to ensure the prompt correction and/or erasure of inaccurate data for the purposes for which it is processed;
- stored in a form that allows the data subject to be identified for no longer than necessary to achieve the purposes for which it is processed;
- processed in such a way as to ensure adequate security of personal data, including protection, by means of appropriate technical and organisational measures, against unauthorised or unlawful processing and against accidental loss, destruction or damage.
CATEGORIES OF DATA
The processing activities carried out by the Data Controller for the above purposes are necessary for managing the selection process. The processing carried out by the Data Controller relates to the performance of pre-contractual activities and the fulfilment of specific obligations of the law, regulations and collective agreements for the purpose of establishing the employment and/or collaboration relationship. For purpose 4) sharing of personal data with companies of the Savino Del Bene Group for autonomous selection purposes, the legal base is your consent.
The data will be processed through hard copy supports or computerised procedures by duly authorised internal subjects. These subjects are allowed to access your personal data in so far as and within the limits that this is necessary for conducting the processing activities concerning you.
The Data Controller periodically verifies: the instruments used to process your data and the applicable security measures, which are constantly updated; through subjects authorised to process the data, that no personal data for which processing is unnecessary or the purposes thereof no longer apply is collected, processed, archived or stored; that the data is stored with the guarantee of its integrity and authenticity and its use for the purposes of the processing activities actually carried out, also on account of the specific nature of said data. The checks allow the Data Controller to assess the strict relevance, non-exceedance and indispensability of data belonging to special categories in relation to the selection procedure and the relationship to be established, also with reference to data you provide on your own initiative.
The Data Controller guarantees that any data deemed to be redundant or irrelevant, also as a result of inspections, will not be used except when the deed or document containing it must be stored pursuant to the law.
DATA TRANSFERRAL ABROAD
The data is stored in hard copy, computerised and electronic archives located within the European Economic Area, and is protected by specific security measures. To fulfil the above-mentioned purposes, the personal data may be transferred to companies of the Group located abroad.
These transfers will be made under the following guarantees:
- arrangement of standard contractual clauses aimed at ensuring adequate guarantees, also with regard to the rights of data subjects concerning the transfer of their personal data to non-EU countries.
- adequacy decision of the European Commission pursuant to Art. 45 of Regulation (EU) 2016/679.
You may request the list of non-EEA countries by sending an e-mail to email@example.com
Your personal data will be stored for the time required to complete the activities concerning you.
data provided spontaneously revealing the health status
Duration of the selection procedure for maximum 24 months.
Without prejudice to:
– limitation of processing and other guarantees applicable to data belonging to special categories;
– the erasure of personal data collected through curricula sent spontaneously or when there is no open position;
– the Data Controller’s interest to retain the data, including that provided spontaneously, for the time required to assess the application also for future employment/collaboration relationships;
– the establishment of an employment/collaboration relationship.
Except in case of a dispute that implies an extension of the aforementioned terms, for the time required to fulfil the relative purposes.
Computer data (credentials for accessing systems and the Web and/or IP addresses)
The duration of the data storage depends on the presumed and/or identified risk and on the detrimental effects resulting thereof, without prejudice to any measures for anonymising it or for limiting its processing.
At all events, the data must be stored (with effect from the date on which the danger or data breach becomes known or is identified) for the time required to notify the breach to the Italian Data Protection Agency through the procedures implemented by the Data Controller and for remedying the situation.
Once all the purposes that legitimised the storage of your personal data cease to exist, the Data Controller must erase the data or anonymise it.
RIGHTS OF THE DATA SUBJECT
The data subject may enforce the following rights against the Data Controller:
1) right to obtain confirmation as to whether or not personal data concerning him or her are being processed;
2) right of access to personal data and to the following information (purposes for which personal data is processed, data categories, data recipients, the storage period, etc.);
3) right to request the rectification or limitation of the data processing;
4) right to obtain the erasure of the personal data on justified grounds;
5) the right to submit claims to the supervisory authority.
In order to allow you to exercise the rights pursuant to the Privacy Regulation, the Data Controller makes available the following address: firstname.lastname@example.org.
DATA CONTROLLER AND DATA PROCESSORS
The Data Controller is Savino Del Bene S.p.A, with headquarters in Scandicci (FI) – Italy, Via del Botteghino 24/26.
The updated list of the Data Processors is available at the company’s offices.
NATURE OF THE DATA CONFERRAL
Data is conferred freely and voluntarily, however, failure to confer your data shall imply the impossibility of verifying the conditions for your hiring and/or the start of the collaboration and, hence, the possible establishment of the relationship with the Data Controller.
PROVISION OF CONSENT
If you have read the disclosure and have understood its contents, the Data Controller asks you to consent to the sharing of your personal data with companies of the Savino Del Bene Group for autonomous selection purposes.