Privacy – Careers

PERSONAL DATA PROCESSING NOTICE

PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679 – CANDIDATES

TEMPCO S.R.L.
with registered office in 1 via Lavoratori Autobianchi – 20832 Desio, Tel. +39 0362 300830 / Fax +39 0362 300253 – info@tempco.it – Share capital € 10,400.00 = f.p. – Tax code and VAT No. 03026390967 – MB Economic and Administrative Index – no. 1625214, pursuant to articles 4, par. 1, point c) and art. 24 of EU Regulation 2016/679 (hereinafter GDPR) is the Data Controller (hereinafter the Controller) and, in fulfilment of the obligations under art. 13 GDPR, provides this Information Notice to detail the purposes and methods of personal data processing with regard to the employment relationships established between the Controller and Employees.

Please note that:

• processing (pursuant to art. 4, par. 1, no. 2) of the GDPR) means ‘any operation or set of operations which is performed with or without the use of automated processes on personal data or on sets of personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise any other form of making available, comparison or interconnection, limitation, cancellation or destruction;’
• personal data (pursuant to art. 4, par. 1, no. 1) of the GDPR) means ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’
• genetic data (pursuant to art. 4, par. 1, no. 13) and art. 9 of the GDPR) means ‘the personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question’;
• biometric data (pursuant to art. 4, par. 1, no. 14) and art. 9 of the GDPR) means ‘the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data’;
• data concerning health (pursuant to art. 4, par. 1, no. 15) and art. 9 of the GDPR) means ‘the personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status’;
• special categories of personal data (pursuant to art. 9 of the GDPR) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and/or a natural person’s sex life or sexual orientation.

1. Data Controller and contact data

The Data Controller under art. 24 of the GDPR, namely the party who decides the processing purposes and methods, is

TEMPCO S.R.L.
registered office: 1 via Lavoratori Autobianchi – 20832 Desio
Tel. +39 0362 300830 / Fax +39 0362 300253
info@tempco.it

2. Data Processing Purposes

The purposes of the processing, pursuant to articles 4 and 9 of the GDPR, of personal data provided by submission of a curriculum vitae, the compilation of information sheets, aptitude tests and the sending of passport photos, are detailed below:

1. recruitment and selection of personnel to establish an employment or collaboration relationship;
2. transmission to third parties to establish an employment or collaboration relationship.

3. Legal basis of processing

The legal basis of processing under art. 6, par. 1, point a) of the GDPR, is consent.

4. Nature of the provision of personal data

For the purposes referred to in art. 2 of this Notice the provision of personal data pursuant to articles 4 and 9 of the GDPR is necessary and is optional and your refusal implies the objective impossibility for the Data Controller to select and recruit personnel.

5. Data processing methods

The personal data processed for the purposes referred to in art. 2 of this Notice will be processed using hard copies and/or information systems by employees expressly designated and authorised by the Data Controller to process personal data, and/or through third parties, according to a logics strictly connected to the purposes set out in this document. Data are stored in electronic files and, as a second-line option, in hard copy, in order to ensure data security and confidentiality. The personal data is processed in compliance with the principles underlying the GDPR.

6. Personal data recipients

Data Recipient, pursuant to art. 4, par. 1, no. 9) of the GDPR, means ‘a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. … public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing’.

It should be noted that, in relation to the aforementioned purposes, candidate data may be disclosed to recipients collaborating with the Data Controller or for the fulfilment of legal obligations. These recipients are strictly bound by a duty of confidentiality regarding any information that may be disclosed. Their categories are reported below.

• Authorities, public administrations as well as supervisory and control bodies for their institutional purposes.
• Associated companies, subjects, consultants, consultant agencies, professional offices collaborating with the Controller to achieve the aforesaid purposes and fulfil legal obligations.
• Subjects providing services to manage the Data Controller’s information system.
• Professionals qualified to examine and resolve any legal and contractual issues.
• Banks or similar organisations.
• Health care bodies.

7. Data processing location and possible data transfer outside the EU

Data is processed in a Member State of the European Union (EU) or a Member State of the European Economic Area (EEA).

However, data processing may involve the transfer of data to a non-EU or non-EEA country. In this case, the Data Controller shall henceforth ensure that transfer, if necessary, will be carried out only under the specific conditions set out in articles 44 et seq. of the GDPR.

8. Data dissemination and disclosure

Your personal data will not be disseminated or transferred.

Disclosing personal data to third parties other than the Data Controller and Data Processors – inside or outside the organisational structure of the Data Controller – identified and appointed pursuant to articles 24 and 28 of the GDPR is foreseen where necessary.

In any case, processing by third parties will be carried out in compliance with the principles of lawfulness, fairness, proportionality and need as well as the current laws.

9. Storage time

Data will be stored in compliance with the principle of proportionality and, in any case, for the period necessary to achieve the purposes referred to in art. 2 of this Notice and in any case no later than one year from receipt of the curriculum vitae.

10. Data security

The Data Controller shall adopt the appropriate technical and organisational data protection measures in order to prevent data from being lost or used unlawfully and improperly, and any unauthorised access.

11. Data Subject’s rights

Notice is hereby given that, pursuant to art. 13, par. 2, point b) of the GDPR, in relation to processing of the personal data referred to herein and in order to ensure fair, transparent processing, the following rights may be exercised:

11.1. Right to information and access (pursuant to art. 15 of the GDPR): in order to obtain information from the Data Controller on whether your personal data is being processed or not; on access to your personal data and to details on the purposes of processing; on the recipients or categories of recipients data are transmitted to.

11.2. Right to rectification (pursuant to art. 16 of the GDPR), Right to erasure (pursuant to art. 17 of the GDPR) and Right to restriction of processing (pursuant to art. 18 of the GDPR): in order to ask the Data Controller to rectify, erase your personal data and restrict processing.

11.3. Right to data portability (pursuant to art. 20 of the GDPR): in order to gain access to your personal data, which was provided to the Controller, in a structured, commonly used and machine-readable format and you are entitled to transmit said data to another Data Controller, provided that this operation is technically feasible.

11.4. Right to object (pursuant to art. 21 of the GDPR): in order to object to the processing of your data.

To exercise the rights referred to in the aforementioned art. 13, par. 2, points b) and e) of the GDPR, please write to

TEMPCO S.R.L.
registered office: 1 via Lavoratori Autobianchi – 20832 Desio
Tel. +39 0362 300830 / Fax +39 0362 300253
info@tempco.it

12. Right to lodge a complaint or appeal

Pursuant to art. 13, par. 2, point d) of GDPR and art. 140 bis of (It.) Legislative Decree no. 196/2003 bis, as amended by (It.) Legislative Decree no. 101/2018, furthermore, it should be noted that if data processing is deemed to infringe the European Regulation provisions or the Code concerning the protection of personal data, a complaint may be lodged to the Privacy Authority pursuant to art. 77 of GDPR or, alternatively, an appeal to the Judicial Authorities.

13. Consent and right to revoke consent

Pursuant to articles 6 and 7 of the GDPR, consent to the processing of personal data is necessary for the purpose referred to in art. 2 of this Notice.

Consent can be revoked, at any time and without giving any reasons, by forwarding a notice of revocation to the following address:

TEMPCO S.R.L.
registered office: 1 via Lavoratori Autobianchi – 20832 Desio
Tel. +39 0362 300830 / Fax +39 0362 300253
info@tempco.it

Revoking your consent will not affect the lawfulness of processing based on consent prior to revocation.