Data protection notice for candidates

1. Data Controller, Data Processors and Data Protection Officer.

The Data Controller is Vemer S.p.A. Tax Code and VAT No. 01041410257, with registered office in Via Camp Lonc 16, Villapaiera Feltre (BL), 32032 - Italy, e-mail info@vemer.it (hereinafter, the “Data Controller” or the “Company”). The updated list of Data Processors, where designated, can be provided at the request of the Data Subject. In the event that a Data Protection Officer is appointed (pursuant to Article 37 of Regulation (EU) 2016/679 - hereinafter referred to as the “Privacy Regulation”), the identification data of the Data Protection Officer will be disclosed by publication of the same, supplementing this Policy.

2. Purposes and methods of processing.

Your personal data are provided directly by you by registering in the “work with us” platform in order to allow you to create your professional profile and to transmit your CV spontaneously or for the purpose of applying for specific ongoing job openings.
Furthermore, your personal data are processed in order to evaluate your candidature, to contact you for a possible interview of a professional nature and to carry out any further activity necessary for the completion of selection operations aimed at possible recruitment or any possible collaboration relationship with the Company, in compliance with the principle of equality between female and male candidates, which imposes the prohibition of discrimination between the two sexes pursuant to Legislative Decree No. 198/2006 (Code of Equal Opportunities between Men and Women), as amended.
In this case, the Data Controller will process your personal data in order to implement the pre-contractual measures taken at your request and aimed at the possible establishment of a working relationship or collaboration. Your consent is therefore not required.
Please note that, in the fields of registration and creation of the professional profile, the Company does not require the provision of personal data relating to the special categories of data referred to in Article 9 of the Privacy Regulation. Therefore, in the event of any indication, even in your CV, of such personal data, we will delete your CV.
If your CV contains a photo of you, that image may not be extracted from the document (hard copy, electronic or digitally scanned) for other uses (e.g. for inclusion in the personal/candidate management programme) in the absence of a specific disclaimer.
The processing of such personal data shall be carried out in compliance with the methods and limits defined by the relevant legislation in force by persons specifically designated, authorised and instructed to process such data pursuant to Article 2-quaterdecies of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018) and Article 29 of the Privacy Regulation, as well as by external parties (e.g. personnel selection companies, external consultants for the processing of salary and contribution data, etc.), which may take on the status of autonomous Data Controllers or be designated in writing as Data Processors. In any case, processing shall be carried out by means of manual, computerised and telematic tools, with logics strictly related to the purposes for the processing of personal data and anyway in such a way as to ensure the confidentiality and security of personal data and in full and absolute compliance with the relevant legislation in force.

Your data will be stored by the Data Controller for the period of time strictly necessary in relation to the purpose expressed above, without prejudice to the need to store them for a longer period in compliance with the regulations, including accounting regulations, in force.

Your data will be processed in Italy and, in any case, within the EU.

3. Compulsory or optional nature of providing data, consequences of refusal and legal basis for processing.

With reference to the purposes described above, the provision of personal data is obligatory, as without it the possibility of establishing a working relationship with the Data Subject can not arise. The legal basis of the processing is, therefore, the verification of the possibility of establishing an employment relationship to which the Data Subject is party and at his/her request (pursuant to Article 6(1)(b) of the Privacy Regulation).

4. To whom and in what content we may pass on the Data Subject’s personal data.

In relation to the purposes of the processing indicated above, and to the extent strictly relevant to those purposes, your personal data will or may be disclosed in Italy, or in any case within the EU to:
(i) all parties in any capacity involved in the recruiting activity for the purpose of entering into an employment relationship, appointed and instructed in writing in accordance with the law by the Data Controller in the manner provided for in the Company’s job descriptions;
(ii) external consultants called upon to perform the aforementioned activity, unless they are designated in writing as Data Processors.

The above-mentioned subjects, to whom your personal data will or may be communicated (insofar as they are not designated in writing as Data Processors), will process your personal data as Data Controllers in accordance with current legislation, in full autonomy, being unrelated to the processing carried out by the Data Controller. A detailed and constantly updated list of these parties, with an indication of their respective locations, is at all times available at the Data Controller’s head office.

Your personal data are not subject to dissemination.

5. The rights of the Data Subject.

Articles 15 et seq. of the Privacy Regulation grant the Data Subject the right to obtain, in the manner and within the limits established by Article 2-undecies of the Privacy Code and Article 12 of the Privacy Regulation:

• confirmation of whether or not personal data relating to them exist, even if they have not yet been stored, and communication thereof in an intelligible form;
• an indication of the origin of the personal data, the purposes and methods of processing, the logic applied in the event of processing carried out with the aid of electronic instruments, the identification details of the Data Controller;
• the updating, rectification, integration, erasure, anonymisation or blocking of data processed in breach of the law - including data whose storage is not necessary in relation to the purposes for which the data are collected or subsequently processed -, the certification that such operations have been brought to the attention, including as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the right protected.

The Data Subject also has the right:

• to revoke consent (where given) to the processing of personal data at any time (without prejudice to the lawfulness of the processing based on the consent given before revocation);
• to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
• to object, in whole or in part, to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
• to lodge a complaint with the Italian Data Protection Authority in the cases provided for in the Privacy Regulation, by addressing it directly to Garante per la protezione dei dati personali: Website www.garanteprivacy.it - E-mail: protocollo@gpdp.it - Telephone switchboard: (+39) 06.69677.1;
• the portability of personal data within the limits of Article 20 of the Privacy Regulation.

The complete form for exercising rights can be found at the link with instructions on how to complete it and send it to the Data Controller.

6. Security measures.

All processing is carried out through the adoption of appropriate technical and organisational measures to guarantee a level of security appropriate to the risk in compliance with the procedures set out in Articles 5 et seq. and 32 et seq. of the Privacy Regulation, as well as with the relevant provisions of the Italian Data Protection Authority.
In this regard, we confirm, inter alia, the adoption of appropriate security measures to prevent unauthorised access, theft, disclosure, modification or destruction of the Data Subject’s data.

7. Duration of Data Processing

In accordance with Article 5 letter e) of the Privacy Regulation, the personal data processed will be kept for the time strictly necessary in relation to the aforementioned purposes and, in any case, for a period not exceeding 24 months.