Information pursuant to art. 13 EU Regulation 2016/679 ("GDPR") for the Processing of Personal Data
1. Data Controller
We inform you that, pursuant to EU Regulation 2016/679 (hereinafter, "Regulation"), your personal data will be processed by Fabbri 1905 S.p.A., which can be reached at the e-mail address email@example.com as well as at tel. 06 80242 503-504 and fax no. 06 80242 311, as data controller (hereinafter, "Fabbri" or "Data Controller").
2. The Data Protection Officer
The Data Protection Officer (hereinafter, "DPO") can be contacted by e-mail at: firstname.lastname@example.org.
3. Types of data processed
The data processed by the Data Controller may include:
1) common data, such as, by way of example but not limited to, personal information (e.g., name, surname, date of birth, address, image, gender, tax code, etc.), contact information (e.g., landline and/or mobile phone number, e-mail address, etc.), information inferable from graphological analyses, work and professional data and any other information contained in the curriculum vitae you sent to Fabbri;
2) possibly, data belonging to the "special categories" referred to in Article 9(1) of the GDPR, i.e. data revealing racial or ethnic origin, religious beliefs, political opinions, membership of political parties, membership of trade unions, associations or organizations of a religious or philosophical nature, biometric data, genetic data, and health status (e.g. membership of so-called protected categories);
3) possibly, judicial data (such as criminal convictions and pending criminal proceedings, measures concerning the application of preventive measures, civil decisions and administrative measures entered in the judicial record).
The aforementioned personal data will hereinafter be jointly referred to, for the sake of brevity, as "personal data".
4. Purpose, legal basis and optionality of the treatment
Your personal data will be processed, without the need for your specific consent, for the following purposes̀:
(a) to assess the consistency of your profile with respect to open job positions and, in general, for the management of personnel selection procedures as well as to contact you in order to schedule interviews that may be necessary ("Purpose of managing your application") pursuant to Art. 6, par. 1, lett. b) and f) of the GDPR, 9, par. 2, lett. b) and 111-bis of Legislative Decree 196/2003 ("Privacy Code"), i.e. in execution of pre-contractual measures taken at your request and based on the legitimate interest of the Data Controller.
b) to fulfill any legal obligations to which the Controller is subject pursuant to Articles 6(1)(c) and 9(2)(b) of the GDPR as well as, where applicable, Articles 10 of the GDPR and 2-octies(3)(a) of the Privacy Code ("Compliance Purposes");
c) to satisfy possible defensive purposes on the basis of Articles 6, par. 1, lett. f) and 9, par. 2, lett. f) of the GDPR ("Purpose of legal defense").
We inform you that any processing of data belonging to the special categories referred to in Art. 9, par. 1 of the GDPR for such purposes may take place, pursuant to Art. 9, par. 2, lett. b) of the GDPR. In any case, if not strictly necessary, we ask you not to provide this type of information. In any event, Fabbri will comply with Article 8 of Law 300/1970 (the so-called "Workers' Statute"), which commits Fabbri not to carry out any investigation, not even through third parties, into the political, religious or trade union opinions of the worker, or any other fact not relevant to the assessment of the candidate's professional aptitude.
The provision of your personal data for the above purposes is optional, but if you fail to provide them, it may be impossible for the Controller to assess your profile or schedule interviews.
It is also possible that you may voluntarily provide Fabbri - as part of the above procedure - with data relating to third parties. Please note that, with respect to such cases, you are the independent data controller with all the obligations and responsibilities of the law. In this sense, you grant us the widest possible indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc.. that may be received by the owner from third parties whose personal data have been processed through your voluntary submission in violation of the rules on the protection of personal data applicable. In any case, if you provide or otherwise process personal data of third parties, you warrant as of now - assuming all related responsibilitỳ - that this particular case of processing is based on a suitable legal basis that legitimizes the processing of the information in question.
5. Recipients and transfer of personal data
Your personal data may be shared with:
individuals authorized by the Data Controller ex art. 29 GDPR by reason of the performance of their work duties (e.g. employees and system administrators, etc.);
other service providers (such as, for example, consultants, etc.) who typically act as data processors pursuant to art. 28 of the GDPR (a complete and updated list of the data processors can be requested from the Data Controller at the addresses indicated above);
subjects, entities or authorities, independent data controllers, to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities.
The Data Controller does not normally transfer your data outside the European Union. Under certain circumstances and for purposes related to electronic data storage and management, some of your data may, however, be provided to recipients who transfer it to third countries. In this case, the Company ensures that the recipient, acting as data controller, complies with the provisions of the GDPR, including the rules specifically dictated for the transfer of personal data to third countries. In particular, it ensures that transfers take place on the basis of an adequacy decision or the signature by the controller of standard data protection contractual clauses approved by the European Commission.
6. Retention of personal data
Your personal data will be kept no longer than necessary for the purposes for which they are collected, in accordance with the principle of minimization set out in Article 5(1)(c) of the GDPR. This is without prejudice to the possibilitỳ for the Controller to contact you shortly before the indicated expiration date to request an extension of this retention period. Personal data processed for the purposes referred to in point b) will be retained for as long as required by the specific obligation or applicable law.
Further information is available from the Data Controller and/or the DPO at the contacts indicated above.
7. Modalities of data processing
In relation to the indicated purposes, the processing of personal data is done through manual, computer and telematic tools with logic strictly related to the purposes and, however, in such a way as to ensure the security and confidentiality of data, in addition to compliance with specific obligations under the law.
8. Your privacy rights
You have the right to access your data at any time, in accordance with articles 15-22 GDPR. In particular, you can ask for the rectification, cancellation, limitation of the processing of data in the cases provided for by art. 18 of the GDPR, the revocation of consent, to obtain the portability of data concerning you in the cases provided for by art. 20 of the GDPR.
You may formulate a request to object to the processing of your data pursuant to art. 21 of the GDPR in which you give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted in case of the existence of compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.
Requests must be addressed in writing to the Data Controller or to the DPO at the addresses indicated above.
If you believe that the processing of your personal data carried out by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Privacy Guarantor, as provided for by art. 77 of the GDPR itself, or to take legal action (art. 79 of the GDPR).