DATA PROTECTION STATEMENT – PRIVACY POLICY FOR APPLICANTS

Reference Standard:
Legislative Decree no. 196 of 30 June 2003, amended by Legislative Decree no. 101 of 10 August 2018, Code regarding personal data protection (hereafter “Data Protection Code”);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR). 

***

We wish to inform you that, following your registration on our recruiting platform and sending of your CV, in order to evaluate the possibility to transform your candidacy into a business relationship, our Company collects and processes your personal data (as “data subject”) and, possibly, personal data of your family members, which will be processed in compliance with current legislation on personal data processing.
According to the GDPR, personal data means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR defines at art. 9 the “special categories of personal data”, revealing for example racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning a natural person’s sex life or sexual orientation, or data suitable to reveal, for example, a general state of health (absence due to illness, maternity, accident or mandatory introduction into employment), qualification (or non-qualification) for a certain job.
Data processing means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

1- Data Controller and Data Protection Officer
The Data Controller is MultiOne S.r.l. (VAT no. 03971430248), with registered office Grumolo delle Abbadesse (VI) 36040, via Palù n. 6/8, email privacy@multione-csf.com
The updated list of Data Protection Officers, where appointed, can be provided on request.
Where a Data Protection Officer is appointed (pursuant to art. 37 of GDPR), its contact details will be published on the web-site.

2- Purposes and methods of data processing.
Your personal data are directly collected through our recruiting platform, with aim to create your own professional profile and transfer your CV spontaneously or to submit an application for a specific research.
Furthermore, your personal data are collected to evaluate your application, to contact you for a possible job interview and to carry out whatever activity is considered necessary for the achievement of candidates selection or the establishment of a business relationship with the Company, in accordance with the principles of equal treatment for men and women, which means not discriminating between them, pursuant to Legislative Decree no. 198/2006 (Equal opportunities Code), amended by Legislative Decree no. 5/2010 and law no. 183/2010.
The Data Controller will process personal data to perform pre-contractual activities or to take steps, at the request of the data subject, and strictly linked to the establishment of a possible business relationship or a co-operation with the Company; therefore the consent of the data subject will not be required.
It is hereby confirmed that the Company does not require, in the fields of registration and creation of your professional profile, any personal data belonging to special categories of personal data, pursuant to art. 9 of GDPR; therefore, in the event your CV indicates such personal data, the Company will proceed to cancel your CV.
Such data are processed in compliance with current legislation on personal data processing.

On this purpose, the data processing is performed by officers specifically appointed and educated on data protection, according to Article 2-quaterdecies of Privacy Code and Articles 8 and 29 of GDPR, as well as by external entities (for example, recruiting agencies, employment consultants for preparing pay slips, etc), who can take the status or be designated in writing as data controllers; in any case, data will be treated through manual, computerised and telematic tools, in such a way as to ensure security and confidentiality, in full compliance with regulations in force.

Your personal data shall not be transferred outside the EU.

3- Nature of data provision and legal basis of processing
For the above described purposes, the provision of personal data is needed, otherwise it shall be impossible to establish a business relationship with the data subject.

The legal basis of the processing is, therefore, the evaluation of the possibility to create a business relationship where the data subject is party or to take steps at the request of the data subject prior (pursuant to Art. 6, comma 1, lett. b) of GDPR).

4- Recipients
For the above described purposes and within the strictly relevant limits, your personal data shall be communicated, in Italy, or anyway within the EU, to third parties belonging to the following categories:

(i) subjects involved in the recruiting activity aimed at the stipulation of a business relationship, duly appointed and instructed according the law in writing by the Data Controller, pursuant to the procedure provided for job descriptions;
(ii) external consultants acting to perform the above activities, if they are not appointed in writing as data protection officers.
Subjects belonging to categories to whom data may be communicated, who do not fall within the categories of “Data Controller” or “Data Protection Officers”, will use the data as “Autonomous processing controllers”, pursuant to the GDPR, as they are not involved in the original processing carried out at the Company.
Your personal data will no be disclosed.

5- Data subject rights
At any time, the data subject shall exercise the rights pursuant to Art. 15 and following of GDPR to access, correct, update, stop, cancel, restrict the data processing, according to Art. 2–undecies of Privacy Code and Art. 12 of GDPR.
In the event of missed prompt reply or inappropriate answer by the Company, if you want to exercise your rights as above described or if you believe a violation of the Privacy Code and/or GDPR exists, you may appeal the Data Protection Authority via web: www.gpdp.it – www.garanteprivacy.it, Email: garante@gpdp.it, Fax: (+39) 06.69677.3785, Phone: (+39) 06.69677.1.

6- Security measures
Each data processing occurs through the adoption of technical and organisational measures, guaranteeing a security level which is appropriate to the risk, pursuant to Art. 5 and following and Art. 32 and following of GDPR, as well as any measure taken by the Data Protection Authority.
Furthermore, it is confirmed, the adoption of measures to prevent unauthorized access, theft, publication, modification or destruction of data of the subject.

7- Data retention period
According to Art. 5 lett. e) of GDPR, personal data processed will be stored for as long as required for the purposes above described, and in any case, for no longer than 12 months.

The Data Controller
MultiOne S.r.l.