PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
This Policy Statement is provided in compliance with the regulations on the protection of natural persons with regard to the processing of personal data 0s laid down in Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation" or "GDPR") and Chromavis S.p.A (hereinafter referred to as "Chromavis" or "Company"), as Data Controller, wishes to inform you about the processing of your data.
The meaning of certain terms used in this Policy Statement to facilitate understanding is set out below:
- Processing: shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.
- Data: means personal Data and Particular Categories of personal Data.
- Personal Data: this is any information concerning on identified or identifiable natural person ("Data Subject"); on identifiable person is one who con be identified, directly or indirectly, with particular reference to on identifier such as a nome, on identification number, location data, on online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economie, cultura! or social identity. Chromavis processes, by way of example, the following personal Data of job applicants: nome and surname, gender, piace and date of birth, e-mail address, mobile phone, fiscal code, details of valici identification documents, address, citizenship, tax residence, protession, tamily status.
Particular Categories of Personal Data: personal Data reveal racial or ethnic origin, politica! opinions, religious or philosophical beliets, or tracie union membership, as well as genetic data, biometrie data intended to uniquely identity a natural person, data relating to health or gender lite or orientation ot the person.
Data Controller: Chromavis S.p.A. which determines the purposes and means ot the processing ot the personal Data ot the Data Subject.
- Particular Categories of Personal Data: Personal Data reveal racial or ethnic origin, politica! opinions, religious or philosophical beliets, or tracie union membership, as well as genetic data, biometrie data intended to uniquely identity a natural person, data relating to health or gender lite or orientation ot the person.
- Data Controller: Chromavis S.p.A. which determines the purposes and means ot the processing ot the Personal Data ot the Data Subject.
- Data Processor: is the natural or legai person, public authority, service or other body that processes Data on behalt ot the Data Controller.
- Data Subject: the personnel and legai representatives ot the supplier to whom the Personal Data reters.
2. Type of Data Processed
The information that con be collected and processed by the Data Controller for the purposes detailed below are Personal Data. Special Categories ot Personal Data must not be disclosed unless they are expressly requested for the purpose of selection (e.g. Data relating to belonging to protected categories).
The Data con be collected by the Data Controller both directly trom the Data Subject at the time ot the interview and trom third parties such as personnel selection companies who have communicated the Data to the Data Controller as independent Data Controllers.
Chromavis does not process Data that are not strictly necessary for the purposes indicateci below.
3. Purpose of the Storing
Ali Data are processed, in compliance with the provisions ot the law, for purposes relateci to the recruitment ot personnel at the Company. With respect to these treatments, the provision ot Personal Data is necessary to proceed with the correct classification of the job applicant profile within the company organization chart. Data processing is carried out on the basis of pre-contractual negotiations for the purpose of selection. The data and information contained in the Curriculum Vitae can be used for similar positions within the Company and within the tollowing 24 months. In the event of a dispute relateci to the recruitment activity, the Personal Data may be processed on the basis of the legitimate interest of the Data Controller in asserting its rights in court.
4. Particular Categories of Personal Data
Please do not indicate Particular Categories of Personal Data (relating to the state of health, religious beliefs and / or politica! opinions) other than those possibly provided for selective purposes and for the correct classification of the profile (e.g. belonging to protected categories).
5. Method of Processing the Personal Data
The Processing of Personal Data is carried out by means of the operations indicateci in art. 4 n. 2) GDPR, and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your Personal Data are subjected to both paper and electronic and / or automated processing.
6. Retention period for the Personal Data
Your Data will be stored for the times indicateci as it follows:
- for the coordination, selection and evaluation of your application for a potential employment relationship and also the relateci activities, your Data will be kept for a maximum period of 24 months from the date of the last interview with the Data Controller or of the sending the Curriculum Vitae in case of absence of contact with the Data Controller;
- for the management of any disputes relateci to the recruitment activity, the Data will be kept for the period strictly necessary for the pursuit of said purposes and, in any case, no later than the applicable terms (without prejudice to the data that must be kept for of law and relateci to business needs).
7. Categories of entities to which the Data may be disclosed
Within the Company, the persons who may become aware of the Data are the employees and collaborators of the Human Resources function, other staff functions and the system administrator.
Your Personal Data may be included in a corporate computer system shared among the companies of the Fareva S.A. Group, of which Chromavis is a member.
In order to carry out some of the activities related to the processing of your Personal Data, Chromavis may communicate with trusted external companies or entities appointed as Data Controllers or Managers, as appropriate.
Within the Company, the subjects who may become aware of the Data are the employees and collaborators of the Human Resources function, other staff functions as well as the system administrator.
Your Data may be entered into a corporate IT system shared between the companies of the Fareva S.A. Group, of which Chromavis is a part.
For the performance of some of the activities relateci to the processing of your Personal Data, Chromavis may make communications to trusted external companies or entities, as independent "Data Controllers", except in the case of which have been designateci by Chromavis as "Managers" of the treatments under their specific competence.
8. Transfer of Personal Data abroad
Personal Data are managed and stored in paper files and on the servers of the Data Controller and/or third companies appointed as Data Processors. The servers on which the above Personal Data are stored are locateci in ltaly and within the European Union. Personal Data are not transferred outside of the European Union.
lt is understood that the Data Controller, if necessary, shall have the right to change the location of archives and servers in ltaly and/or the European Union and/or countries outside the European Union. In such case, the Data Controller hereby warrants that the transfer of Data outside the European Union will take piace in accordance with the provisions of applicable law, concluding, if necessary, agreements that guarantee on adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
9. Rights of Data Subjects
Pursuant to the Regulation, the Data Subject has the right to access his/her own Data, in particular to obtain at any time confirmation of the existence or non-existence of such Data and to know their content, origin, geographical location, as well as to request a copy thereof. The Data Subject also has the right to verify the accuracy of the Data or request their integration, updating, rectification, limitation of the Processing, cancellation, transformation into anonymous form or blocking of Data processed in violation of the law, as well as to oppose their processing in any case. Furthermore, the Data Subject has the right to request the portability of the Data and to lodge a complaint with the Data Protection Authority, as indicateci below.
1O. Exercising of rights
In order to exercise the rights referred to in point 8, the Data Subject may contact the Data Controller by writing to:
Administrative headquarters: Via Edwin P. Hubble, 2- 26010 Offanengo (CR)
Tel: (+39) 0373 383 311
Fax: (+39) 0373 383 342
e-mail: [email protected]
The deadline for replying to the Data Subject is thirty days, which con be extended up to two months in cases of particular complexity; in such cases, the Data Controller shall at least send on interim communication to the Data Subject within the thirty-day period.
The exercise of the rights is, in principle, free of charge; the Data Controller reserves the right to ask fora contribution in the event of manifestly unfounded or excessive requests (including repetitive ones), also in the light of any indications that may be provided by the Data Protection Authority.
11. Complaints to the Data Protection Authority
The Data Subject may lodge a complaint with the ltalian Data Protection Authority, which con be contacted at the website www.qaranteprivacy.it.