Information on data processing pursuant to Article 13 of EU Regulation 2016/679
CANDIDATES
We would like to inform you that this privacy policy is provided pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter "Regulation" or "GDPR") towards Data Subjects applying for job collaboration. The Data Controller is Neos S.p.A. with registered office in Somma Lombardo, Via della Chiesa no. 68 (hereinafter "Data Controller").
The Data Protection Officer ("DPO") can be reached at [email protected].
Categories and types of processed data
The personal data processed by the Data Controller may include:
• common data, such as personal information (e.g. first name, surname, date of birth, address, picture, gender, tax identity code, etc.), contact information (e.g. landline and/or mobile phone number, e-mail address, etc.), employment and professional data;
• through your curriculum vitae or subsequently, the Data Controller may collect "special" data as defined in Article 9 of the GDPR, i.e. data revealing racial and ethnic origin, religious beliefs, political opinions, membership to political parties, membership to trade unions, associations or organisations of a religious or philosophical nature, as well as health status (e.g. membership of so-called protected categories).
Purpose and legal basis of personal data processing
The data you provide through your CVshall be processed for the following purposes:
1) to assess the consistency of your profile in relation to open job positions and in general for the management of employee selection procedures;
2) to contact you in order to schedule interviews, using the contact details you have provided.
The legal basis for the processing of your personal data for the aforementioned purposes is Article 6.1 b), i.e. the performance of a contract to which you are a party or in order to take steps at the request of the data subject prior to entering into a contract, and Article 6.1 f) of the GDPR, i.e. the legitimate interest pursued by the Data Controller in verifying the suitability of the candidate for the specific open position.
Providing your personal data for these purposes is optional, but failure to do so would make it impossible for the Data Controller to assess your profile or to schedule interviews.
Any processing of special data may take place pursuant to Article 9, para. 2, letter b) and g) and Article 88 of the GDPR, as well as Article 2-sexies, paragraph 2), letter u) and uu) of the Italian Privacy Code.
Should your application for collaboration be accepted, your personal data shall be processed by the Data Controller in compliance with the privacy policy prepared for employees and/or collaborators.
Personal data of third parties sent to the Controller may also be processed. That being the case, you shall act as an independent data controller, assuming all the obligations and responsibilities provided for by the law. In such cases, you hereby indemnify and hold the Data Controller harmless, in the widest meaning, in respect of any and all objections, claims, requests for compensation for damage caused by processing, etc., that may be received by the Data Controller from third parties whose personal data have been processed through your unsolicited submission in violation of the applicable data protection regulations.
In any case, should you provide or otherwise process personal data of third parties, you guarantee as of now - assuming all related liability - that this particular processing is based on an appropriate legal basis that legitimates the processing of the information concerned.
Retention of personal data
The data relating to your CV shall be kept for a period of 12 months after it has been provided and may be used for future contacts and interviews. Your data shall be permanently deleted thereafter.
Recipients
Your data may be shared with:
1) parties that typically act as data processors within the meaning of Article 28 of the GDPR;
2) persons authorised to process data in compliance with Article 29 of the GDPR;
3) subjects, bodies or authorities, autonomous data controllers, to whom it is mandatory to disclose your personal data by virtue of provisions of law or orders of the authorities.
Your data may be accessible to other Group companies for the same purposes as above and/or for administrative-accounting purposes pursuant to Article 6 and Recitals 47 and 48 of the Regulation.
An up-to-date and complete list of the persons in charge can be requested from the Data Controller at the aforementioned contact details.
Data transfer outside the EU
As to the possible transfer of your Data to Third Countries, the Data Controller ensures that your personal data shall be processed by the recipients in compliance with the GDPR. In particular, transfers shall be based on an adequacy decision of the European Commission or on the Standard Contractual Clauses approved by the European Commission or on another suitable legal basis, in compliance with Recommendations 01/2020 as adopted on 10 November 2020 by the European Data Protection Board.
Your rights
You have the right to access the data concerning you at any time, pursuant to Articles 15 to 22 of the GDPR. In particular, you may request the rectification, deletion, or limitation of the processing of your data in the cases provided for by Article 18 of the GDPR, obtain the portability of the data concerning you in the cases provided for by Article 20 of the GDPR, as well as lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR (Personal Data Protection Authority).
You may submit a request to object to the processing of your data pursuant to Article 21 of the GDPR by giving evidence of the reasons justifying the objection: the Data Controller reserves the right to assess your request, which would not be accepted if there were compelling legitimate grounds for processing that override your interests, rights and freedoms.
Requests should be addressed in writing to the Data Controller or the DPO at the aforementioned contact details.