Complete privacy policy for job applicants
Engraving solutions
Who are we and what do we do with your personal data?
Engraving Solutions S.r.l. with its registered offices in 55100, Lucca (LU), Via di Mugnano, 815, (hereinafter also the "Data Controller"), as Data Controller will see to the confidentiality of your personal data and guarantee its necessary protection from any event that could put it at a risk of violation.
The Data Controller applies policies and practices concerning the collection and use of personal data and the exercise of the rights recognized by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever it becomes necessary and in any case whenever regulatory and organizational changes that may affect the processing of your personal data arise.
The Data Controller has appointed a Data Protection Officer (DPO) that you can contact if you have questions about the policies and practices adopted.
The contact details of the Data Protection Officer are as follows: DPO@engravingsolutions.it.
How does the Data Controller collect and process your data?
Il Titolare raccoglie e/o riceve le informazioni che ti riguardano, quali:
- name, surname
- date and place of birth
- gender
- fiscal code
- images
- telephone number
- address
- data concerning the state of health if the interested person belongs to protected categories
Your personal information will be processed for the following purposes:
1) Personnel selection and/or starting a collaboration
Purpose | Legal basis |
|
Execution of pre-contractual activities
|
Your personal data is also collected from third parties such as, by way of example:
- IT service provider;
- agencies providing staff leasing, intermediation, personnel recruitment and selection, training and support activities for professional relocation;
- universities and schools.
Where applicable, the right to rectify data processed or collected remains unaffected.
The data collected or otherwise obtained by the Data Controller as a result of the selection process for positions available within his organization, except for those relating to health, voluntarily submitted by you, is considered necessary and failure to provide it will make it impossible for the Data Controller to carry out activities relating to the main processing:
- to evaluate your application in the process of personnel selection carried out by the Data Controller also through its suppliers (third parties/recipients);
- to manage the personnel selection process in all its phases and for the obligations resulting from it.
2) for the communication to third parties and the dissemination
Purpose | Legal basis |
Communication to third parties, such as
|
Execution of pre-contractual activities
|
The Data Controller does not transfer your personal data abroad (non-EU countries). Your personal data will not be in any way disseminated or disclosed to unspecified subjects not even identifiable as third parties.
The communication concerns the categories of data whose transmission is necessary for the performance of the activities and purposes pursued by the Data Controller in the management of personnel selection. The related processing does not require the consent of the interested party in the event that it takes place to fulfil the obligations deriving from the established relationship or if other exclusion hypothesis occurs (in particular the traceability of a legitimate interest by the Data Controller), expressly provided for or dependent on the legislation and regulations applied by the Data Controller, or even through third parties identified as data processors. Where the communication involves data
relating to the state of health, the processing operations will be carried out with all the necessary assurances including those that, if requested based on the risks identified, determine the application of pseudonymisation solutions, and / or aggregation and / or encryption of data.
3) for IT security activities
Purpose | Legal basis |
|
Access to the selection procedure
|
How, where and for how long is your data stored?
Come
The data processing is performed through paper supports or IT procedures by specially authorized internal subjects. Such internal subjects are allowed access to your personal data to the extent that it is necessary to carry out the processing activities that concern you.
The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorized to process the data, that personal data for which processing is not necessary or whose purposes are exhausted, is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out, also due to the particular nature of the data. The verification allows the Data Controller to evaluate
the strict relevance, non-excess and indispensability of data belonging to special categories with respect to the selection procedure and the relationship to be established, also with reference to the data you provide on your own initiative.
The Data Controller guarantees that the data, even after the verifications, are found to be excessive or irrelevant will not be used except for the possible retention, according to the law, of the deed or document that contains them.
Where
The data is stored in paper, computerized and software files located within the European economic border, and adequate security measures are ensured.
For how long
Personal data is retained for the time necessary to carry out the activities that concern you.
In particular:
Identifying data Curriculum data Data revealing the state of health even if spontaneously submitted |
Duration of the contractual relationship
|
Electronic data |
The duration of the storage depends on the presumed and / or detected risk and the prejudicial consequences that derive from it, without prejudice to the measures to make the data anonymous or to limit its treatment.
|
Once all the purposes that legitimize the retention of your personal data are exhausted, the Data Controller will take care of deleting it or making it anonymous.
What are your rights?
The rights that are recognized to you allow you to always have control of your data. Your rights are the following:
- access;
- correction;
- revocation of consent;
- cancellation;
- treatment limitation;
- opposition to treatment;
- portability.
In substance, at any time and as long as the processing continues, free of charge and without any special charges or formalities for your request, you can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know its origin (when the data is not obtained directly from you), the purposes and the scopes of the processing, the data of the subjects to whom it may be disclosed, the period of retention of your data or the criteria used to determine it;
- update or rectify your personal data so that it is always accurate and correct;
- withdraw consent at any time, if this constitutes the basis of the processing. In any case, the revocation of the consent does not affect the lawfulness of the treatment based on the consent before the revocation;
- delete your personal data from the databases and/or files, including backup files, of the Data Controller, if, among other things, it is no longer necessary for the purposes of the processing or if this is deemed unlawful, and provided that the conditions laid down by law are met; and in any event if the processing is not justified by another equally legitimate reason;
- restrict the processing of your personal data in some circumstances, for example if you have contested its accuracy, for the period required for the Data Controller to check its accuracy. You must also be informed, in reasonable time, of when the period of suspension has ended or the causeof the restriction of processing has ceased to exist, and therefore the restriction itself withdrawn;
- obtain your personal data, if its processing is carried out on the basis of a contract and with automated tools, in electronic format also in order to transmit it to another data controller.
The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will have to inform you of the reasons for the extension within one month of receipt of your
request.
For any further information and to send your request, write to the email address
privacy@engravingsolutions.it.
How and when can you oppose the processing of your personal data?
Per For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest, by sending your request at the email address privacy@engravingsolutions.it.
You have the right to have your personal data deleted if there is no legitimate reason overriding the one that gave rise to your request.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority, unless you reside or work in another Member State. In the latter case, or where the breach of the data protection legislation occurs in another EU country, the authority to receive and hear the complaint will be the supervisory authority established therein.
Any update of this privacy policy will be communicated to you in a timely manner and by appropriate means and you will also be informed before carrying it out and in time to give your consent if necessary.