Information Privacy notice for the acquisition of CV and information about candidates (by web site or other means) pursuant to Section 13, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (hereinafter, respectively, the “Information Notice” and the “Regulation” or the “GDPR”)
In accordance with the provision set forth by the Regulation, Aegis S.r.l., having its legal offices in Milan, via Settala 10, 20124, VAT number 03516140963, certified e-mail address: email@example.com, in person of its pro tempore legal representative as controller of your personal data (hereinafter, the “Controller”), and, where applicable, Aegis UK - Recruiting & Consulting Ltd. having its legal offices in 20 Fitzroy Square W1T 6EJ - London, UK, VAT number 255 7676 63, e-mail address: firstname.lastname@example.org, in person of its pro tempore legal representative as processor of your personal data provides you with the present information notice, pursuant to Section 13, GDPR, in relation to the processing of your personal data communicated to us by you or by third parties.
Aegis S.r.l., in person of its pro tempore legal representative, having its legal offices in Milan, via Settala 10, 20124, VAT number 03516140963, certified e-mail address: email@example.com (hereinafter, the “Controller”).
Aegis S.r.l. has appointed as Data Protection Officer Mr. Antonio Virgallita, available at the following email address: firstname.lastname@example.org.
You will be free to contact the DPO for any matter related to the processing of your personal data and/or should you want to exercise your rights, as indicated and described below, sending out a written communication at the email address above.
Your personal data will be processed:
(i) without your consent (Section 6, items b, c, f, GDPR), for the following purposes:
- personnel recruitment and selection, for open or future job positions, to be included in the organization of companies or other entities for which the Controller operates, as well as anonymous sector analysis aimed at providing services for dissemination purposes;
- compliance with legal obligations, as provided for by a law (Italian or UE), collective labor agreement or other binding legal provisions (in particular, on tax, social security, health and safety at work, public order and security);
(ii) with your consent (Section 7, GDPR)
The transfer of personal data for the purposes indicated above under sec. (i) will be compulsory. Any lack of the data and/or any express refusal of consent to process such data, may cause the impossibility to the Controller to perform the selection process and to comply with obligation related to management of potential employment relationship.
With regard to the delivery of anonymous sector analysis, the data subject will have the possibility to stop receiving surveys and such communication by means of a request to be sent by email to the following email address: email@example.com.
The transfer of personal data for the purposes indicated above under sec. (ii) will be on voluntary basis; consequently you may decide to not provide any consent or to waive it in any moment. With reference to such case, the Controller will not perform, however, most of the services that normally provides to the candidates. Should the consent be provided, the Controller informs you that, pursuant to section 7, GDPR, the same consent will be deemed as valid for a period of 5 years from the moment in which it has been provided/renewed, without prejudice to all your rights set forth by the Regulation.
Pursuant to Section 4, no. 1, GDPR, with “personal data” we mean any information relating to a natural person, identified or identifiable, directly or indirectly, by reference to an identifier such as a name, an identification company number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person- that was collected by the Controller, with regard to the candidates.
In order to reach the abovementioned purposes of the data processing, pursuant to principle of “data minimization” in accordance with Section 5, no 1, items c), GDPR, there is no need for the Controller to process yours or, if necessary, your family members special categories of personal data, as defined by Sections 9 and 10, GDPR, except the only confidential data relating to the belonging or not to sheltered group. Therefore, we invite you not to send to the Controller any additional personal data, if those data are not necessary to perform the selection process; if you send such data, the Controller will have the power to remove and/or obscure them, and, in any case, not to process those data for any purposes indicated above under par. 2.
We highlight that this potential personal data processing will also take place in compliance with Section 8, Workers’ Statute (Law no. 300/1970 and further adjustments and integrations), which sets forth the obligation of the employer, for the purpose of recruitment and during the employment relationship, to avoid to conduct any investigation about employees’ political, religious or trade-unions opinion, as well as about any circumstance not relevant for the evaluation of professional skills.
The personal data you will submit to us for the purposes mentioned under par. 2, section (i) above, could be transferred to:
The updated list of processors and persons who are authorized to process personal data is available at Controller’s offices.
The processing of personal data of the Employee is realized through the operations indicated in section 4, n. 2, GDPR – whether or not by automated means – and in particular: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction of data.
Personal data will be processed and stored through traditional (form, questionnaire, etc.) or computer tools. Whichever the way, twill guaranteed data security, logical and physical, and overall data confidentiality.
Your personal data will be processed, managed and stored on servers located within EU, and may be transferred, if necessary for the performance of the activities under par. 3 above, to some countries outside EU (UK, Switzerland, USA, UAE and India).
Should it be necessary to use third party’s activities which have their seats outside EU-countries, we inform you, here and now, that:
- the Controller has arranged to appoint these subjects as data processors pursuant to Section 28, Regulation executing a specific agreement which guarantees the transfer with appropriate safeguards and in compliance with the GDPR principles and
- The transfer of your personal data to these subjects is performed in strict compliance with provisions of Section 44 et seq of the Regulation.
This ensure you that will be adopted all necessary measures to guarantee you the complete personal data protection, because the transfer will be based on standard contractual clauses or other legal basis drafted to safeguard your rights and interests.
Your personal data will not subject to dissemination.
Your personal data will be stored no later than 5 years from the date in which the Controller will receive the last update of your consent.
In compliance with the provisions under Chapter III, Section I, GDPR, you in your quality of data subject, may exercise the rights therein indicated, and in particular:
The data subject may exercise such rights by means of a request to be sent by email to the following email address: firstname.lastname@example.org
Last update: March 2021