Pursuant to art. 13 of EU Regulation 2016/679 ("GDPR") Cerved Group S.p.A., with registered office at San Donato Milanese (MI), 20097, in via dell’Unione Europea, 6A/6B (“Company”) informs you about the process of your personal data (“Data”) as Data Controller.
For communications or requests, the Company can be reached by e-mail at cerved@cerved.com.
Data controller and Data Protection Officer
Pursuant to Article 4 of the GDPR, the Company is the controller of the Data collected for the selection of candidates for employment and/or professional collaboration and indicated in the application for employment and/or provided in any subsequent interviews with Company representatives.
The Company has appointed a Data Protection Officer ("DPO"), who can be reached by e-mail at dpo@cerved.com.
Categories and types of data being processed
Data processed by the Company may include:
- common data sent by filling in the online format of the "Work with us" section;
- through the collection of its curriculum vitae;
- any special categories of personal data pursuant to Article 9 of the GDPR, i.e. relating to your state of health, by selecting the field relating to membership of protected categories ref. law 68/99 in the application form.
Purpose and legal basis of the processing of personal data
In compliance with current legislation on data protection the Data will be processed by the Company for the following purposes:
- management of the selection procedures for collaborators and personnel;
- creation of contacts for the planning of any and all necessary interviews, using the contact data provided by you;
- to evaluate the consistency of your profile with the open job positions and in general for the management of the selection procedures for collaborators;
- management of a possible and future relationship of collaboration and/or work with the Company;
- management of applications from persons belonging to protected categories;
- management of the legal obligations deriving from the specific regulations of the sector to which the Company is subject due to the activity carried out.
The legal basis of the processing for purposes 1,2,3 and 4 is Article 6(1)(b) of the GDPR.
The provision of the Data with an asterisk (*) in the online form “Work with us” is mandatory and failure to provide such data will prevent the Company from sending your application, which will therefore be unable to take it into consideration.
The provision of data without an asterisk (*) is optional, but failure to provide it and your refusal to do so will make it impossible for the Company to consider your application, schedule interviews and/or assess your profile.
The legal basis for processing for the protected categories referred to in point 5 above is your consent. It should be noted that such consent shall be deemed to have been given if you click in the section relating to membership of the protected categories ref. law 68/99 in the online application form.
The provision of data for the above purposes is optional, but failure to provide such data will not allow the Company to make an assessment consistent with your profile.
Finally, the legal basis legitimising the processing of your data for the purpose referred to in point 6 above is Article 6 letter c) of the GDPR.
The provision of Data for the above purposes is mandatory and failure to provide such Data will not allow the Company to proceed with the evaluation of your application.
If your application is accepted, the Data will be processed by the Company in accordance with the privacy policy prepared for collaborators and/or employees that will be submitted to you.
Furthermore, it is possible that the Data of third parties sent by you to the Company may be processed. With respect to this hypothesis, you would be the autonomous data controller, assuming the obligations and responsibilities of the law. In this sense, you hereby grant the widest indemnity with respect to any dispute, claim and/or request for compensation for damages for processing that may be received by the Company from third parties whose Data have been processed by you in violation of applicable data protection regulations. If you process personal data of third parties, you guarantee from now on, assuming all related responsibilities, that this particular processing hypothesis is based on a suitable legal basis, legitimizing the processing of such information.
Data processing methods
The Data will be processed by means of filing on automated, paper, computerized, manual and/or telematic instruments and/or supports, with related logics for the purposes of processing and in compliance with current legislation and specific Company instructions, guaranteeing the confidentiality and security of the Data, as well as compliance with the specific obligations laid down by law.
Scope of communication and disclosure of Data and recipients and transfer of Data
The Data will be processed by authorized personnel in accordance with article 29 of the Regulation.
In addition, for the above mentioned purposes, the Data may be communicated in Italy and abroad, within the EU, to other companies of the Cerved Group and to third parties appointed as data processors pursuant to article 28 of the Regulation, like IT providers.
The data may be accessible to other companies of the Cerved Group for the same purposes as above and/or for administrative-accounting purposes pursuant to art. 6, paragraph 1, letter f) and recitals 47 and 48 of the Regulation.
If necessary, the Data will be accessible to authorities, entities and/or autonomous data controllers, to whom it is mandatory to communicate your Data pursuant to legal provisions or orders of the authorities.
The Data will not be diffused.
Transfer of data outside the EU
Regarding the possible transfer of Data to Third Countries, the Data Controller discloses that the processing will take place according to one of the methods permitted by the law in force, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data or operating in countries considered secure by the European Commission. It is possible to have more information, upon request, from the Data Controller at the above contacts.
Storage of Data
The Data will be stored on paper and/or computer media only for the time necessary for the purposes for which they have been collected, in compliance with the principles of limitation of storage and minimization set forth in article 5, paragraph 1, letters c) and e) of the Regulation, and will be usable for any future contacts and interviews.
The Data will be stored in order to comply with regulatory obligations and pursue the above mentioned purposes, in compliance with the principles of indispensability, non-surplus and pertinence; then, the Data will be destroyed.
Upon request, you may obtain further information from the DPO and/or the Company at the above mentioned contacts.
Your rights
You have the right to access your data at any time, pursuant to arts. 15 to 22 of the Regulation. In particular, you may request access (Article 15 of the Regulation), correction (Article 16 of the Regulation), deletion (Article 17 of the Regulation), limitation of processing of the data in the cases provided for by art.18 of the Regulation, to obtain the portability of data concerning you in the cases provided for by art.20 of the Regulation, as well as making a complaint to the competent supervisory authority (Data Protection Authority).You also have the right to withdraw your consent at any time, pursuant to Article 7 of the Regulation; it is specified that the withdrawal of consent does not prejudice in any case the lawfulness of the treatment based on the consent prior to the revocation.
You can make a request for opposition to the processing of your data pursuant to art. 21 of the Regulation in which to give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted if there are legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.
Requests should be addressed in writing to the DPO or to the Company at the addresses indicated above.