Candidate privacy notice
INFORMATION FOR CANDIDATES PURSUANT TO ARTICLE 13 OF EU REGULATION 679/2016
We inform you that the current privacy policy is provided pursuant to article 13 of EU Regulation 2016/679 (hereinafter referred to as “Regulation” or “GDPR”) for those who apply for an employment. ANNAMARIA CAMMILLI GIOIELLI SRL with registered office in Bagno a Ripoli (FI), Via del Fornaccio, 46, e-mail [email protected] in the person of its pro tempore legal representative, tax code and VAT id. no. 02004840480 (hereinafter referred to as “Data Controller”).
a. DATA CATEGORIES AND TYPES UNDERGOING PROCESSING
PERSONAL DATA PROCESSED BY THE DATA CONTROLLER MAY INCLUDE:
- Common data, such as personal information (e.g. name, surname, place and date of birth, address, physical appearance, sex, civil status, tax code, etc…), contact information (e.g. telephone number, mobile number, e-mail address etc.), professional and business data.
- Through your resume or subsequently, the Data Controller may collect “special categories of personal data” as defined in Article 9 of GDPR, able to reveal racial or ethnic origin, religious beliefs, political opinions, the membership of political parties, trade unions or religious and philosophical organization, as well as the state of health (e.g. the belonging to the so-called protected categories).
b. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
All the data that you will provide through your resume or subsequently will be processed for the following purposes:
- To evaluate the consistency of your profile with our open positions and more in general for the management of the procedures for the selection of the employees.
- To contact you for a job interview using your contact data.
The legal basis of the personal data processing for the purposes stated above, are the Articles 6.1.a), 6.1.b), 6.1.f) of GDPR, that is the legitimate interest of the Data Controller to verify the suitability of the applicant to cover the open position. The provision of your personal data for these purposes is optional. However, a failure to provide the information would result in the impossibility for the Data Controller to examine your profile or to set up job interviews. If your collaboration request is accepted, your personal data will be processed by the Data Controller pursuing the privacy policy designed for the employees and collaborators.
Any processing of the special categories of personal data shall be possible in accordance with Article 9.2.a) of the Regulation and only with your explicit prior consent and in accordance with the applicable existing authorizations regarding the protection of Personal data. For this reason, if not strictly necessary, we ask you not to provide these information; otherwise, if you choose to provide these data, you will be asked to provide an explicit consent in accordance with the current legislation regarding the protection of Personal Data. If you fail to provide the consent to the processing of the special categories of personal data, those data, even if provided, could not be considered with regards to the application.
It is also possible that the Data Processor may receive and process data of third parties. In this case you will be solely and exclusively liable for the provision of such data, assuming all legal obligations and responsibilities. In this regard you fully indemnify the Company against any complaint, claim, request for damage etc…that is to be received to the Data Controller from third parties whose personal data have been processed through spontaneous transmission in violation of the applicable rules on the protection of personal data. In any case, if you provide or otherwise process personal data of third parties, you ensure and you take whole responsibility that this particular processing assumption relies on an appropriate legal basis that legitimates the processing of the information concerned.
3. STORAGE OF PERSONAL DATA
Your data will be stored for a period of 36 months after receiving them and they may be potentially used for future contacts and interviews. At the end of this period your data will be definitively removed.
c. RECIPIENTS
YOUR DATA MAY BE SHARED WITH:
- Subjects who typically act as data processors pursuant to Article 28 of GDPR;
- Persons authorized to process personal data pursuant to Article 29 of GDPR.
- Subjects, institutions or authorities, acting as independent data controllers, to which is compulsory to communicate your personal data pursuant to legal provisions or orders by the authorities.
Data may be available to other companies of the Group for the same purposes mentioned above and/or for administrative and accounting reasons in accordance with Article 6 and with the recitals 47 and 48 of the Regulation.
The full and updated list of all data supervisors is available on the Data Controller website and it can be requested to the Data Controller by contacting the addresses indicated above.
d. TRANSFER OF PERSONAL DATA IN NON-EU COUNTRIES
As regards the possibility to transfer data in third countries, the Data Controller assures that the processing will take place according to the current law, e.g the consent of the person involved, the adoption of standard clauses approved by the European Commission and the selection of subjects joining international programs for the free circulations of data (EU-USA Privacy Shield) or operating in countries that are considered to be safe by the European Commission. More information are available on request at the contacts mentioned above.
e. THE DATA CONTROLLER DOES NOT TRANSFER DATA BEYOND THE EUROPEAN ECONOMIC AREA
f. YOUR RIGHTS
You have the right to access to your data at any time according Articles 15-22 GDPR. In particular you may ask for rectification, removal or restriction of data processing in the cases as referred to in Article 18 GDPR. You may also ask for the withdrawal of the consent, to obtain portability of data relating to you according to Article 20 GDPR, as well as reclaim to the competent control authority former in accordance with Article 77 of GDPR (Guarantor for the Protection of Personal Data). You can make an objection request regarding your data processing pursuant former Article 21 GDPR in which you highlight the reasons that justify the objection. The Data Controller reserves the right to evaluate your instance. Your instance will not be accepted in case of mandatory legitimate reasons to proceed to the data processing that override your interests, rights and freedoms.
The requests must be addressed in writing to the Data Controller.