Pursuant to articles 13 and 14 of Regulation (EU) no. 2016/679 (hereinafter “GDPR”), Gruppo PSC S.p.A. in its capacity as Data Controller (hereinafter the “Data Controller”) provides the user of this website (hereinafter the “Data Subject”) with the following information.
1. COLLECTION METHOD
1.1. Data are collected, before the start or during a selection, by the spontaneous sending of the CV directly by the data subject through: (a) a web page made available for the Data Controller and expressly dedicated to this purpose; (b) email; (c) fax; (d) post; (e) other tools which may be made available by the Data Controller.
1.2. Data may also be collected by consulting specialized databases, within which the data subject has spontaneously filed his/her CV in order to make it available to companies potentially interested in getting in touch with him/her.
1.3. If the personal data were received following an autonomous initiative of the Data subject (spontaneous sending of his/her own CV) or collected from third parties, the information referred to in this information note is provided to the Data Subject when registering the data or before their possible communication to third parties.
2. NATURE OF PERSONAL DATA
2.1. In general, the processing will only concern data of a common nature and will be limited to those strictly relevant and functional to the pursuit of the purposes referred to in art. 3. Without prejudice to belonging to protected categories, the Data Subject is invited not to send data of a special nature to the Data Controller which is not necessary for the purposes to which this collection is preordained: nevertheless, should the data subject send such data, the Data Controller may at its discretion request the relative consent or destroy same.
2.2. In the former case, the data subject must print this information note, complete and sign the consent form shown at the bottom and send everything to Gruppo PSC SPA, Via Campo 32, 85046 Maratea (PZ), fax 0973 877158, email: email@example.com.
2.3. Pursuant to art. 9 GDPR, “special data” consists of all “personal data which may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, health-related data or those which concern the sexual life or sexual orientation of the person”.
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
3.1. The aforementioned data will be processed according to the following purposes:
– To allow the Data Controller to manage the recruitment of personnel which may become necessary or appropriate in relation to a specific professional figure during all its phases, up to the possible contract signature;
– To allow the Data Controller to create and manage an own archive consisting of data obtained during previous personnel selections or sent spontaneously by Data Subjects in order to manage any future search for competent professional figures based on the activities carried out by the Data Controller.
3.2. The processing of personal data for said purpose does not require the consent of the data subject as the processing is necessary for the execution of pre-contractual measures adopted at the request of the data subject pursuant to art. 6, letter b) of the GDPR.
4. NATURE OF DATA PROVISION AND CONSEQUENCE OF REFUSAL
The provision of personal data for the purpose referred to in art. 3.1. is optional and failure to provide this will, as a sole consequence, make it impossible for the Data Controller to manage and fulfil the requests of the data subject. Any refusal, in whole or in part, to provide such data, or any incorrect or untrue provision, will therefore make it impossible for the Data Controller to enter such data when selecting human resources, or to contact the Data Subject should the need arise to seek and hire candidates with profiles potentially compatible with that of the Data Subject.
5. PROCESSING METHOD
5.1. The processing of personal data may concern all the operations indicated in art. 4 GDPR. In any case, the limits and principles of fairness, lawfulness, purpose, quality, relevance, non-excess and transparency will be respected, as will compliance with the provisions of the GDPR regarding security measures.
5.2 The processing of common data will be carried out both manually and with the aid of IT means, including by entering and organizing them in management software and databases. The data will be stored in paper and electronic archives, in order to allow their identification and selection in aggregate form. Personal data are stored separately for each candidate.
5.3. The processing will be carried out directly by the Data Controller’s organization, as better specified in art. 6, or through third parties, service providers for the Data Controller, appointed for this purpose as Data Processors.
5.4. The acquired data will reside on servers located in Italy or on central servers located abroad.
5.5. In any case, the data will be processed with logics strictly related to the purposes indicated and with methods ensuring their security and confidentiality, through the adoption of suitable measures to prevent their alteration, cancellation, destruction, non-authorized access or processing which is either not allowed or not in accordance with the purposes of the collection, as well as to exercise the rights recognized to the Data Subject.
6. SCOPE FOR ACCESSING DATA
6.1. Within the organizational structure of the Data Controller, the subjects expressly authorized to process data may have access to personal data, within the limits and according to the methods set out in their respective tasks, and exclusively for pursuing the purposes referred to in art. 3.
6.2. In particular, the Legal Representative, the Legal and Corporate Affairs Office, the Personnel Office and, in general, the personnel in charge of the search, selection and management of staff will be able to access the data of the Data Subject.
6.3. With particular reference to the activity related to software and hardware maintenance and assistance, any Data Processor appointed for this purpose by the Data Controller may have access to the data covered by this information note.
7. RECIPIENTS OR CATEGORIES OF RECIPIENTS
7.1. Personal data may be made accessible, brought to the knowledge of or communicated to the following subjects, who will be appointed, as appropriate, as Data Processors or persons authorized to their processing:
– Group companies to which the Data Controller belongs (parent companies, subsidiaries, associates), employees and/or collaborators in any capacity of the Data Controller and/or of group companies to which the Data Controller belongs;
– Freelancers, for acquiring opinions on the correct methods of application of labor law legislation, with reference to the management of personnel search and selection;
– Private or public companies, bodies or professionals who carry out consultancy and/or evaluation activities as part of the personnel selection process;
– Private or public companies, bodies or professionals for the purpose of any preparatory training activities for the establishment of the employment relationship;
– Public or private subjects, natural or legal persons to whom the Data Controller is required to transmit personal data by virtue of legal or contractual obligations;
7.2. In any case, personal data will not be disseminated.
7.3. Where required by law, the consent of the Data Subject will be required only for communicating personal data to the subjects identified in point 7.1. above and not also for the independent processing of same carried out by the Data Controller.
8. RIGHTS OF THE DATA SUBJECTS
8.1. Pursuant to articles 15 and following of EU Reg. 16/679, the Data Subject may exercise specific rights, in particular: the right of information and access to the personal data (art. 15), the right to the rectification and updating of the personal data (art. 16), the right to the erasure of the personal data (art. 17), the right to the restriction of the processing (art. 18), the right to data portability (art. 20), the right to object to the processing (art. 21) including for marketing purposes.
By way of example, the Data Subject may therefore:
– obtain confirmation that personal data concerning him or her is being processed;
– should any processing be in progress, obtain access to the personal data and to the information concerning the processing and request a copy of the personal data;
– obtain the rectification of inaccurate personal data and the integration of incomplete personal data;
– obtain, should there be one of the conditions provided for by art. 17 of the GDPR, the erasure of any personal data concerning him/her;
– obtain, in the cases provided for by art. 18 of the GDPR, restriction to the processing;
– receive personal data concerning him/her in a structured format, commonly used and readable by an automatic device and request their transmission to another data controller, if technically feasible;
– object at any time to the processing of his/her personal data carried out for the pursuit of a legitimate interest of the Data Controller. In the event of an objection, his/her personal data will no longer be processed, provided that there are no legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of a right in court.
8.2. The exercise of the aforementioned rights is free of charge and can be carried out without particular formalities, by contacting the company via email at firstname.lastname@example.org or by ordinary post.
9. PROCESSING DURATION
9.1. The personal data voluntarily provided by the data subject will be processed by the Data Controller for a period of 18 months. At the end of the processing, the Data Controller will send a communication to verify that the data subject does not intend to extend the processing and to update his/her data. In the absence of an explicit response from the data subject, the processing will be considered terminated and all information held by the Data Controller will be definitively deleted.
9.2. The data subject may however, at any time, request the Data Controller to cease the processing concerning his/her personal data.
10. RIGHT TO LODGE A COMPLAINT TO THE ITALIAN AUTHORITY FOR THE PROTECTION OF PERSONAL DATA
Every data subject may lodge a complaint with the Italian Data Protection Authority should he/she believe that the rights he/she holds under the GDPR have been violated, in the manner indicated on the Italian Data Protection Authority’s website accessible at the address: www.garanteprivacy.com.
11. DATA CONTROLLER
The Data Controller is Gruppo PSC S.p.A. with registered office in Maratea (PZ), Via Campo 32, in the person of its pro tempore legal representative, who can be contacted by ordinary mail or by email at email@example.com, by telephone at no 06/72630488 or by fax at no 06/72671393.