Information Job applicants
Who are we and what do we do with your personal data?
Officine Maccaferri S.p.a., with registered office in via John Fitzgerald Kennedy, 10, 40069 Zola Predosa, Bologna, hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.
For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.
The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. The contact details of the Data Protection Officer are as follows: dpo.hq@maccaferri.com
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as:
- name, surname,
- tax code,
- place and date of birth
- email,
- telephone number,
- address
- curricular data
- IT data
- potentially, special categories of personal data concerning health (if the person is included in protected categories)
Your personal information will be processed for:
- personnel selection and/or starting a collaboration
Purposes
|
Legal Bases
|
- the search for candidates for the positions requested by the Data Controller;
- the collection of applications and curricula, which can be done by using two types of sources: personnel recruitment ads through recruitment agencies, temp agencies, universities, web site
- the examination of the curricula received for an initial screening;
- the organisation of selective interviews;
- the inclusion of the most suitable candidate in the organisational context of the Data Controller.
|
Carrying out pre-contractual activities
Fulfillment of specific obligations
Execution of specific tasks deriving from laws, regulations or collective agreements, including corporate ones, in particular for the purposes of establishing the employment relationship and/or the collaboration relationship
|
Your personal data is also collected from third parties such as, for example:
- IT providers;
- private individuals who carry out staff leasing, intermediation, personnel recruitment and selection, training and support activities for professional relocation;
- universities;
- Social networks, lists and public registers and professional registers.
Where applicable, the right to rectify data issued or collected by the Data Controller remains unaffected.
The data collected or otherwise obtained by the Data Controller following the established selection procedure for positions available within its organization, except for those related to the state of health, spontaneously released by you, must be considered necessary and failure to provide the data implies the impossibility for the Data Controller to follow up the activities aimed at:.
- evaluate your application in the process of selection of personnel followed by the Data Controller also through its suppliers (third parties/recipients);
- to manage the process of selecting candidates at all stages and the follow-up.
- communication to third parties and recipients
Purposes
|
Legal Bases
|
Communication to the following third parties:
- Information consultants and IT support
|
- for activities leading to termination of the employment/collaboration
- legitimate interest of the Data Controller or of third parties and recipients
- for compliance with legal obligations (reserve for groups protected by equality legislation)
|
The Data Controller does not transfer your personal data abroad (non-EU countries). Your personal data will not in any way be disclosed to indeterminate subjects and not identifiable even as third parties.
The communication concerns the categories of data whose transmission is necessary for the performance of the activities and purposes pursued by the Data Controller in managing the selection procedure. The relative treatment does not require the consent of the interested party in the event that the treatment happens in order to fulfill the obligations deriving from the relationship established or in the case of other cases of exclusion (in particular the traceability of a legitimate interest by the Data Controller), expressly provided for or dependent on the legislation and regulations applied by the Data Controller, or even through third parties identified as data processors. Where the communication involves data concerning the state of health, the related processing operations shall take place with all the necessary guarantees including those which, if required on the basis of the risks detected, determine the application of pseudonymisation solutions, and/or aggregation and/or data encryption.
- IT security purposes
Purposes
|
Legal Bases
|
- control and monitoring of the services displayed on the network and on the platforms belonging to the Data Controller and made available to you for the sending of resumes and/or for access to open work/collaboration positions (e.g. forms published on the "People & Career" page)
- implementation of procedures for the detection and notification of personal data breaches (data Breach)
|
- for activities leading to termination of the employment/collaboration
- legitimate interest
- for compliance with legal obligations (detection and notification of personal data breaches)
|
How, where and for how long is your data retained?
How
Data processing is carried out on paper or through IT procedures by internal subjects authorised and trained for this purpose. They are granted access to your personal data to the extent and within the limits required for carrying out the processing activities that concern you. Your data, especially those belonging to special categories, is processed separately from other data also by means of pseudonymisation or aggregation methods that do not allow you to be easily identified.
The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorised to process the data, that personal data for which processing is not necessary is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out.
Where
The data is retained on paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured.
How long
Personal data processed by the Data Controller is retained for the time necessary to carry out the activities related to the selection of the applicant and in any case no later than 24 months from its collection except for the possible establishment of the employment and/or collaboration relationship. This is without prejudice to the cases in which the rights depending on the processing in place should be asserted in court, in which case your data, only that necessary for these purposes, will be processed for the time necessary to pursue them.
This is without prejudice to your right to oppose at any time the processing based on legitimate interest for reasons related to your particular situation.
What are your rights?
In substance, at any time and as long as the processing continues, free of charge and without any special charges or formalities for your request, you can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know its origin (when the data is not obtained directly from you), the purposes of the processing, the data of the subjects to whom it is communicated, the period of retention of your data or the criteria used to determine it;
- update or rectify your personal data so that it is always accurate and correct;
- erase your personal data from the databases and/or files, including backup files, of the Data Controller, if, among other things, it is no longer necessary for the purposes of the processing or if this is deemed unlawful, and provided that the conditions laid down by law are met; and in any event if the processing is not justified by another equally legitimate reason;
- restrict the processing of your personal data in some circumstances, for example if you have contested its accuracy, for the period required for the Data Controller to check its accuracy. You must also be informed, in reasonable time, of when the period of suspension has ended or the cause of the restriction of processing has ceased to exist, and therefore the restriction itself withdrawn;
- obtain your personal data, if received or processed by the Data Controller with your consent and/or if its processing is carried out on the basis of a contract and with automated tools, in electronic format also in order to transmit it to another data controller.
The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will have to inform you of the reasons for the extension within one month of receipt of your request.
For any further information and to send your request, please contact the Data Controller at info.hq@maccaferri.com
How and when can you oppose the processing of your personal data?
For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest, by sending your request to the Data Controller at the address info.hq@maccaferri.com
You have the right to have your personal data erased if there is no legitimate reason overriding the one that gave rise to your request.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.
Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.