Privacy Policy

POLICY PURSUANT TO ART. 13 – 14 OF EU REGULATION N. 679/2016

FOR THE PROCESSING OF PERSONAL DATA OF JOB APPLICANTS

Senzani Brevetti S.p.A., with registered office in Viale Risorgimento 13/15, Faenza (RA), VAT no. 00082770397 (hereinafter “Data Controller”), in the person of its legal representative pro tempore, as DATA CONTROLLER, informs you pursuant to Articles 13 and 14 of EU Regulation n. 679/2016 (hereinafter “GDPR”) that the data you provide will be processed in the following ways and for the following purposes:

1.  Object of the processing

The Data Controller, for the establishment and management of ongoing relations with you, processes:

  1. Your personal, identification, and contact data (e.g. name, surname, company name, address, phone number, e-mail address, etc.);
  2. where disclosed, your health data (e.g. belonging to legally protected categories).

2. Purpose of the processing and legal basis

  1. Pursuant to Article 111-bis of Legislative Decree 196/2003, within the limits of the purposes set out in Article 6(1)(b) of the Regulation, consent to the processing of personal data in CVs is not required.
  2. Your particular personal data, which may be provided at the time of the job interview, are processed without prior express consent pursuant to the Order of the Supervisory Authority No. 146 dated 5 June 2019.

3. Nature of data provision and consequences of failure to provide data

The provision of data for the purposes referred to in sections 2.a) and 2.b) is necessary for the execution of pre-contractual measures taken upon request of the data subject himself. Without such data, it will not be possible to consider the application.

4. Access to, disclosure and transfer of data

Your data may be made accessible:

  1. To employees and collaborators of the Data Controller in their capacity as data processors and/or system administrators;
  2. To third-party companies or other entities (e.g. consultants and freelancers, including in associated form; etc.) which carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.

Your data shall not be made public.

5. Data transfer

We would like to inform you that we generally try to avoid data transfers outside the European Union. However, it is understood that the Data Controller is entitled to transfer the data to countries outside the EU, if necessary. Should that be the case, the Data Controller can ensure right away that the transfer of data outside the EU will take place in accordance with the applicable legislation, by concluding, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses set out by the European Commission and/or binding company regulations.

6. Data retention

All personal data provided will be processed in compliance with the principles of lawfulness, fairness, relevance and proportionality, only by the means, including computer and telematic means, strictly necessary to pursue the purposes described above. The personal data shall be retained for 18 months from the date of collection. In the event of a request for deletion by the data subject, data related to the legitimate interest of the Data Controller or necessary for the fulfilment of legal obligations may still be retained. Please note that the information systems used to manage the information collected are configured, from the outset, to minimise the use of personal data.

7. Rights of the data subject

Pursuant to Art. 15-22 of EU Regulation 679/2016, the interested party is given the opportunity to exercise specific rights. In particular, the interested party has the right to: a) obtain confirmation as to whether or not personal data concerning them are being processed and, if so, have access to such data; b) obtain rectification of inaccurate personal data and integration of incomplete personal data; c) obtain erasure of personal data concerning them, if this is allowed by the Regulation; d) obtain restriction of processing, in the cases envisaged by the Regulation; e) obtain communication to the recipients to whom the personal data have been transmitted of requests for rectification/deletion of personal data and restriction of processing received from the interested party, unless this proves impossible or involves a disproportionate effort; f) receive, in a structured, commonly used and machine-readable format, the personal data provided to the Data Controller, as well as the transmission of this data to another data controller, at any time, even upon termination of any relation with the Data Controller; g) object at any time, on grounds relating to their specific situation, to the processing of personal data concerning them pursuant to Art. 6(1) (e) or (f), including profiling on the basis of these provisions. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning them carried out for such purposes, including profiling to the extent that it is related to said direct marketing; h) not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way; i) lodge a complaint with a supervisory authority pursuant to Art. 77.

8. How to exercise your rights

You may exercise your rights at any time by contacting the Data Controller at the following e-mail address: info@senzani.com

9. External data controllers and processors

The updated list of external data controllers and data processors in charge is guarded at the registered office of the Data Controller.

10. Right to lodge a complaint with the Data Protection Authority

If you think that the data processing violates your rights in any way, you may lodge a complaint with the Personal Data Protection Authority, as set out in Art. 77 of the GDPR, by checking the procedure on the website www.garanteprivacy.it