Information notice on Candidates’ Personal Data Protection

1 January 2020

INTRODUCTION

COROB S.p.A., with registered office in Via dell’Agricoltura, 103 – 41038 S. Felice s/P. (MO), Italy (hereinafter, the “Company” or the “Data Controller”), as Data Controller that can be contacted at the email address privacy@corob.com, will process the personal data provided by the candidate for a job position (the “Candidate”) pursuant to Regulation (EU) 2016/679 on the protection of personal data (the “Data Protection Regulation”) and Legislative Decree 196/2003 as subsequently amended (the “Privacy Code”).

In accordance with Article 111-bis of the Privacy Code, if the Candidate has voluntarily submitted his or her curriculum vitae for the purpose of establishing an employment relationship, this information sheet is provided on the first useful contact after the sending of such curriculum vitae.

DATA CONTROLLER AND DATA SUBJECTS

The Company is the data controller with reference to personal data obtained from Candidates, data which are processed in compliance with the terms of this Information Notice and applicable regulations.

TYPES OF PERSONAL DATA SUBJECT TO PROCESSING

The Company collects the following categories of personal data:

  • first and last name;
  • curriculum vitae and cover letter;
  • contact details;
  • data on educational qualifications, languages known, work experience and extra-curricular experience, etc.
  • place and date of birth, address of residence;
  • marital status;
  • driver’s license;
  • belonging to protected categories;

The Candidate is requested not to provide any data other than those indicated above and, in any case, not to provide any health data or any other special category of personal data.

PURPOSE OF THE PROCESSING

The Company processes Candidates’ personal data for the following purposes:

  1. assessment of the Candidate’s professional profile for the purposes of establishing an employment or contractor relationship;
  2. administrative-accounting purposes, in the preparatory phase for the potential drawing up of an employment contract or contractor agreement;
  3. in order to comply with applicable national and European legislation and/or to respond to requests from public authorities;

(the purposes from point a) to c) are jointly referred to as “Assessment Purposes”)

  1. to assert and defend its rights;
  2. to carry out a potential merger, transfer of assets, transfer of business or branch of business, or any other corporate transformation, by disclosing and transferring the Candidate’s personal data to the third party/ies involved;

(the purposes of points d) and e) are jointly referred to as “Legitimate Interest Purposes”).

LEGAL GROUNDS FOR THE PROCESSING

In accordance with article 111-bis of the Privacy Code and Article 6(1)(b) of the Data Protection Regulation, the processing of Candidates’ personal data carried out for Assessment Purposes is necessary, given its vital role for the purpose of:

  • establishing whether a Candidate may be employed in the cases provided for in Section 4(a) and (b);
  • complying with the provisions of the applicable legislation as set out in Section 4(c).

Should a Candidate fail to provide the personal data necessary for the Assessment Purposes, it will not be possible for the Company to assess his/her professional profile and, consequently, to recruit him/her.

The processing of a Candidate’s personal data for the Legitimate Interest Purposes referred to in Section(4)(d) and (e) is carried out in accordance with Article 6(1)(f) of the Data Protection Regulation for the pursuit of the legitimate interest of the Company, which is equally balanced with the interest of the Candidate, as the processing of personal data is limited to what is strictly necessary for the exercise of the Company’s rights and for the performance of the required financial transactions.

Processing for the Legitimate Interest purposes is not mandatory and Candidates may object to such processing in the manner set out in Section 9 below, but if they do objects to such processing, their data may not be used for the Legitimate Interest purposes, except in the event that the Company proves the presence of compelling legitimate reasons or the exercise or defense of a right pursuant to Article 21 of the Data Protection Regulation.

PROCESSING METHODS

Candidates’ personal data may be processed using manual or computerized tools, suitable to guarantee their security, confidentiality and to prevent any unauthorized access, dissemination, changes and theft of data, by means of the adoption of appropriate technical, physical, and organizational security measures.

DISCLOSURE OF PERSONAL DATA

For the Assessment Purposes, the personal data of Candidates may be disclosed to the following categories of recipients, located within the European Union: (a) third party providers of assistance and consultancy services for the Company active in the technological, IT, accounting, administrative, legal, insurance sectors (but not limited to those); (b) companies of the group to which the Company belongs, (c) persons and authorities for whom access to the Candidates’ personal data is expressly recognized by law, regulations, or measures issued by the competent authorities.

For the Legitimate Interest purposes mentioned above, the personal data of Candidates may be transferred to the following categories of recipients, located within the European Union: (a) potential purchasers of the Company and entities resulting from the merger or any other form of transformation concerning the Company; (b) competent authorities.

Aside from the cases mentioned above, Candidates’ personal data will not be disclosed or disseminated.

The above-mentioned recipients, depending on the circumstances, will process the personal data in their capacity as data controllers, data processors or persons in charge of processing. A complete list of the data processors is available, upon request, via the methods indicated in Section 9 below.

TRANSFER OF PERSONAL DATA ABROAD

Candidates’ Personal Data will not be transferred to countries outside the European Union. If the transfer takes place to countries that do not provide adequate protection of the confidentiality of personal data, such transfer will take place in compliance with appropriate and suitable safeguards, such as standard contractual clauses on data protection, in accordance with applicable legislation and in particular Articles 44 et seq. of the Data Protection Regulation.