MILAN/FLORENCE - Privacy Policy Recruitment
Information pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
Istituto Marangoni S.r.l. wishes to inform you about the processing of your personal data (hereinafter, "Data") collected through the recruitment platforms, in order to guarantee respect for your rights and fundamental freedoms as a data subject (hereinafter, "Data Subject"), with particular reference to the confidentiality and security with which the Data is processed.
The data controller is Istituto Marangoni S.r.l. – Via Meravigli, 7, 20123 Milan (MI), e-mail address: privacy@istitutomarangoni.com (hereinafter referred to as the "Data Controller" or simply the "Controller").
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following e-mail address:dpo@istitutomarangoni.com .
The Data Controller processes the following categories of Data:
a) personal details, identification details and contact details (such as, by way of example and without limitation, name, surname, residential address, e-mail address);
b) education and work experience;
c) certificates and diplomas, work references;
d) any other information that may be necessary to complete the selection process.
The Data Controller processes the Data for the following purposes:
a) to collect, evaluate and manage your application;
b) to manage any recruitment;
c) to inform you of new job opportunities.
For purposes a) and b) described above, the processing of Data is carried out on the following legal basis:
- Execution of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) of the GDPR).
For the purposes described in point c) above, the processing of Data is carried out on the following legal basis:
- Your consent, which can be revoked at any time in the manner indicated in point 10 below.
For purposes a) and b) referred to in point 4) above, the Data Controller processes the Data for a maximum period of twelve (12) months from the time of collection.
After this period, the Data will be deleted or anonymised.
For purpose c) referred to in point 4) above, the Data Controller processes the Data until your consent is revoked in the manner indicated in paragraph 11 below.
The Data Controller processes the Data using IT tools (collecting applications directly through the recruitment platforms used or indirectly through any recruitment agencies specifically appointed for this purpose) exclusively by personnel authorised to carry out collection, use, recording, consultation, storage, deletion, extraction, communication and restriction operations.
Only persons authorised by the Data Controller may access the Data, and exclusively for the purposes indicated in the previous paragraph 4.
The Data may also be processed by external recruitment agencies specifically appointed by the Data Controller and acting as autonomous Data Controllers.
The Data may also be processed, on behalf of the Data Controller, by companies specifically appointed as external Data Processors, as well as by any sub-suppliers appointed by the external Data Processors to enable the provision of the service offered.
The Data is stored on servers located within the European Economic Area (EEA) and is not transferred outside of it. If, for technical and/or operational reasons, it is necessary to use entities located outside the EEA, the processing of the Data will be regulated in accordance with the provisions of the GDPR: therefore, all necessary precautions will be taken to ensure the protection of the Data, in accordance with Articles 46 et seq. of the GDPR.
The provision of Data is optional, however, failure to provide it will not allow the Data Controller to follow up on your application or to keep you updated on new job offers.
In accordance with the provisions of the GDPR, in relation to the processing in question, the Data Controller guarantees the exercise of the following rights to the Data Subject:
- Withdrawal of consent [Art. 7, para. 3, of the EU Regulation] (right to withdraw consent given. Note: withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal);
- Right of access [Art. 15 of the GDPR] (right to obtain confirmation of the existence or otherwise of the Data Subject's Data and a copy thereof in an intelligible form);
- Right to rectification [Art. 16 of the GDPR] (right to obtain from the Data Controller the rectification of inaccurate Data concerning the Data Subject without undue delay);
- Right to erasure [Art. 17 of the GDPR] (right to erasure of the Data Subject's data).
Note: if it is impossible to proceed with the erasure of the Data as indicated above, the Data Controller will inform the Data Subjects of the reasons why it is impossible to do so;
- Right to restriction of processing [Art. 18 of the GDPR] (right to obtain restriction of processing, for example, in the event of a dispute over the accuracy of the Data or in the event of unlawful processing);
- Right to data portability [Art. 20 of the EU Regulation] (right to receive personal data concerning him/her provided to Istituto Marangoni S.r.l. in a structured, commonly used and machine-readable format and right to transmit those data to another Data Controller without hindrance from Istituto Marangoni S.r.l. where the processing is based on consent and is carried out by automated means);
- Right not to be subject to automated decision-making [Art. 22 of the GDPR] (right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects the Data Subject).
The above rights may be exercised in writing by sending an email todpo@istitutomarangoni.com orprivacy@istitutomarangoni.com .
Further information regarding the processing of Data may be requested at any time using the same contact details. It should also be noted that the exercise of one's rights must not prejudice and/or infringe the rights and freedoms of others.
The Data Controller undertakes to respond to requests within one (1) month, except in the case of particularly complex requests, for which a maximum of three (3) months may be required. In any case, the Data Controller will explain the reason for the delay within one (1) month of the request.
The outcome of the request will be provided in writing (at the request of the Data Subject) or in electronic format (and, in this case, free of charge). The Data Controller specifies that the Data Subject may be asked to contribute to the costs if their requests are manifestly unfounded, excessive or repetitive: in this regard, the Data Controller will keep track of the requests.
The Data Controller, in accordance with Article 19 of the GDPR, undertakes to inform the recipients to whom the Data Subject's Data has been disclosed of any corrections, deletions or restrictions on processing requested by the Data Subject, where possible.
The Data Subject also has the right to object, at any time, to the processing of their Data based on legitimate interest (Article 6, paragraph 1, letter f) of the GDPR), by contacting the email addresses described in the previous paragraph.
If the Data Subject believes that their rights have been compromised or infringed, or that the processing of Data is contrary to the legislation in force, they have the right to lodge a complaint with the Data Protection Authority in accordance with the procedures indicated at the following web address: https://www.garanteprivacy.it/diritti/come-agire-per-tutelare-i-tuoi-dati-personali/reclamo.
This policy is subject to change. Any substantial changes will be communicated by e-mail or through our institutional website.