Dear Applicant,
Thank you for your interest in our company. When introducing yourself, please do not disclose any special category personal data listed under Article 9 of the GDPR, i.e. those that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data or biometric data processed solely to identify a human being, data concerning health or data concerning a person’s sex life or sexual orientation.
We would like to inform you that we will immediately delete any special category personal data, if they are listed in your CV, or in any other documentation that you send us.
CANDIDATE PRIVACY POLICY
In accordance with Article 13 of EU regulation 2016/679 (hereinafter for brevity “GDPR”)
EURODIES ITALIA SRL ensures protection and confidentiality for the processing of personal data provided by candidates
Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and the Council
During the recruitment process, it is important for us to inform you how we collect and use personal data. We would like to assure you that processing of personal data is subject of great attention by EURODIES ITALIA SRL, which will also be called the “Company” hereafter.
The collection of personal data, during the candidate’s recruitment process for the purpose of employment within our company, is carried out in compliance with:
- the European Regulation 679/16 (“GDPR”)
- the Legislative Decree no. 196/2003 (i.e. the so-called “Privacy Code” – as amended by Legislative Decree no. 101/2018)
- the dictates of the Provisions of the Guarantor
- the legal provisions in force in the territory in which the Company operates
EURODIES ITALIA SRL is committed to protect the privacy and rights of the data subject and, according to the principles of the aforementioned regulations, the processing of the data provided will be based on the principles of fairness, lawfulness and transparency.
To whom this policy is addressed
This policy is for all candidates applying for a job at EURODIES ITALIA SRL
Who is the Controller and which category data are processed
The controller of your personal data is EURODIES ITALIA SRL, CF/P.IVA 00578730012, located in Avigliana (TO), in Viale dei Mareschi, 25, D. +39 011 9572962, mail privacy@eurodiesitalia.com. The “Company” determines which personal data are collected and how they are used.
The personal data that EURODIES ITALIA SRL may acquire will be provided directly by the data subjects or acquired from companies the Data Controller use for recruitment purposes. These data may include, for example:
From CV screening:
- Personal and identifying data (such as name and surname, address, telephone, fax, e-mail, identity document, links to presentations and/or social accounts, etc.
- Curricular data
- Data linked to images (ex. your resume picture)
From your job interview:
- Economic data concerning the data subject (ex. Annual Gross Salary)
- Data concerning the belonging to protected categories
The processing will, theoretically, only concern the data subject’s common information; special category personal data, as defined by article 9 of the GDPR, may be requested and communicated only if their knowledge is functional and necessary for the data subject to enter into a work contract, with particular reference to the possible belonging of the data subject to the protected categories.
Purposes and lawfulness of processing
EURODIES ITALIA SRL, as data Controller of the data provided, processes candidate personal information in view of possible employment at the Company and solely for the purpose of recruitment, selection process management and candidate assessment, or for the purpose of carrying out the obligations imposed by the EU law, regulations and legislation.
The lawful grounds for processing personal data are set out in:
- Article 6, letter b) of the GDRP: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Article 6, letter f) of the GDRP: the legitimate interests pursued by the controller to assess the candidate’s fit for a specific job;
- Article 9.2, letter a) of the GDPR, concerning the data relating to the belonging to protected categories as data pertaining to the health status of a data subject.
Consent to the processing is not necessary since the data, subject to the processing, including the data sent in the same way as the data pertaining the belonging to the protected categories, are contained in the CVs submitted freely by the candidates, for the purpose of entering into a work or collaboration contract.
Where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, it will inform the data subject before processing it, so that the data subject can withdraw their consent to the processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Disclosure of personal data is optional. Consent to the processing of personal information present in the curricula is not due, as set out by Art.111-bis Privacy Code, since the CVs are submitted spontaneously by the candidates.
With regard to the data subsequently and possibly requested by the Data Controller, their failure to communicate makes it impossible to proceed with the selection and hiring assessment or impossible to start the collaboration and, subsequently, to possible employment with the Company.
Storage modalities
Data protection
EURODIES ITALIA SRL is committed to:
- guarantee the correctness and timely updating of the data processed and of any amendments or additions requested by the data subject
- ensure security measures for adequate data protection
- inform the data subject of any personal data breach as set out by the GDPR
- minimize the use of personal data, so as to exclude processing in cases where it is sufficient to use anonymous data
- ensure that all personal data are processed in a lawful, fair and transparent manner, as well as in accordance with the provisions of the law.
The data are processed by employees, collaborators within their respective roles and in accordance with the instructions received, solely to achieve the specific purposes indicated in this policy.
Data storage period
EURODIES ITALIA SRL stores personal information:
- for no longer than is necessary for the purposes for which the personal data are processed, except for the different regulatory and contractual provisions;
- to carry out specific regulatory or contractual obligations
- up to any request by the data subject to delete their personal data, in any case, in accordance with the current relevant regulations. The data will be kept for a period not exceeding 24 months from the collection or from the last update made by the interested party and then immediately deleted.
Communication of personal data
Personal data will not be communicated by EURODIES ITALIA SRL to third parties, unless provided for by contract or law.
Personal data can always be communicated, within this policy scope, to the following recipient categories:
- Third parties supporting EURODIES ITALIA SRL in the recruitment process
- Service companies in charge of IT systems management
- Labour consultancy companies, legal consultancy or accountants who work for EURODIES ITALIA SRL
- Competent authorities (including Courts), for the performance of their institutional functions within the limits established by laws and regulations.
The list can be requested to the Company.
Transfer of personal data outside the European Union
Personal data are stored in Italy, in the company’s own in-house servers.
Where personal data are transferred outside national territory, but always inside the European Union, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer, as set out by the Regulation. There will be no data processing outside the European Union.
Rights of data subjects
Art. 15-22 of the GDPR set out the data subject’s rights, among which:
- Right of access: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; and the envisaged period for which the personal data will be stored.
- Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (‘right to be forgotten’): As outlined by Art. 17, subsection 3 of the GDPR, the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her when the personal data are no longer necessary, if consent is withdrawn, if the personal data have been unlawfully processed, or when personal data have to be erased for compliance with a legal obligation.
- Right to object to processing: The data subject shall have the right to object at any time to processing of their personal data which have as legal basis a legitimate interest of the Controller.
- Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where the accuracy of the personal data is contested by the data subject, the processing is unlawful and/or the data subject has objected to processing.
- Right not to be subject to automated processing: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, except when the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller or is based on the data subject’s explicit consent.
- Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and have the right to transmit those data to another controller, as set out by Art. 20, subsection 1 of the GDPR (only when the processing is based on consent given by the data subject and only when the processing is carried out by automated means).
- Right to lodge a complaint with the Data Protection Authority, as well as with the jurisdictional Authorities, if it is believed that one of the previous rights have been breached (https://www.garanteprivacy.it);
All the rights listed above may be exercised at any time by sending a request via email to the address privacy@eurodiesitalia.com
Policy updates
EURODIES ITALIA SRL may update periodically its policies, including this one, in compliance with regulatory changes, legal provisions and the supervisory Authority. The company will publish future updates on the website www.eurodies.com/it highlighting the new versions with due attention and in a timely manner.
We therefore invite you to periodically consult the company website where, at the “GDPR” button on the home page, you will find updates on the processing of personal data.
Avigliana (TO), 30.05.2022
Eurodies Italia Srl