CANDIDATE NOTICE PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679 AND LEGISLATIVE DECREE 196/2003, AS AMENDED BY LEGISLATIVE DECREE 101/2018
- Introduction
Twinset S.p.A considers your privacy and the security of your personal data to be of paramount importance, which is why we collect and process them with the utmost care and attention, while taking specific technical and structural measures to guarantee complete security of the data processing.
We therefore inform you, pursuant to Article 13 of European Regulation 2016/679 ("GDPR" or "Regulation") and the Privacy Code ("Privacy Code"), as recently amended by Legislative Decree 101/2018 (jointly, the "Regulations"), that your personal data is processed in such a way as to ensure its security and confidentiality, using paper, computer and/or telematic media, as detailed in this notice.
- The Data Controller
Your personal data is processed by Twinset S.p.A (hereinafter also referred to only as "Twinset" or "Data Controller" or "Company"), with registered office at Via del Commercio, 32 - 41012 Carpi (MO), Italy, as Data Controller in accordance with the Regulation.
For any questions or information regarding the processing of your personal data, you may contact the Company at any time using the contact details below:
Data Controller
Company name: Twinset S.p.A sole shareholder company
Registered office: Via Del Commercio, 32 - 41012 Carpi (MO), Italy
Telephone: +39 (0)59 91951; Fax +39 (0)59 9195101
Email:privacy@twinset.com
- Type of Data, Purpose and Legal Basis for Processing
The personal data processed by the Company are those that you provide for a potential application and for the efficient management of the personnel selection process.
The Company may therefore collect data about you such as personal data, including name and surname, email address, home address, as well as special data if candidates are in a protected category under Law 104/1992.
Except in the case of protected categories, no special data under Article 9 GDPR or data on criminal convictions and offences under Article 10 GDPR will be processed.
Once collected, your personal data will be processed for the following purposes:
|
Purpose
|
Legal Basis
|
A
|
Carrying out research, selection, evaluation and potential recruitment of the Company's personnel.
|
The processing operations carried out for these purposes are necessary to fulfil the pre-contractual obligations of the Data Controller.
|
B
|
Special data processing where necessary for protected categories.
|
Processing carried out for these purposes is based on the candidate’s consent.
|
Your personal data are processed by specifically Authorised and Designated Company personnel pursuant to Article 4(10) of the Regulation and Article 2(14) of the Privacy Code, as amended by Legislative Decree 101/2018, who process the data under precise instructions from the Data Controller.
The personal data is collected when data subjects send information about their professional experience, in the form of a Curriculum Vitae (“CV”), to the Human Resources (HR) Department, or other Company personnel, via the website or by post, fax, email, hand-delivered letter or direct delivery during selection and interview.
The CV may be sent by the data subject for the purpose of:
(a) Submitting an unprompted application.
(b) Responding to specific recruitment and selection advertisements published in any media, on the Company’s own website or on third party websites (e.g. LinkedIn).
The personal data collected consists of identifying personal data, including the photograph accompanying the professional profile, which will be processed within the limits strictly relevant to the duties, tasks and purposes set out above.
With the exception of applications for protected categories, in the event that special categories of data are processed in the CV, the Company informs you that it will only process data relevant to the assessment of professional aptitude, to the extent that acquiring such information is strictly essential for establishing the collaboration/employment relationship.
The Company reserves the right to retain in its archives only the profiles it considers to be of interest.
In any case, for both unprompted applications and responses to specific advertisements, the data will be processed, by the person authorised to search and select personnel, in compliance with the processing purposes and methods stated in this notice.
Data recipients
Your personal data will also be transmitted to third parties we use. These parties have been adequately selected by us and offer suitable guarantees of compliance with the rules on the processing of personal data. These parties are appointed as data processors pursuant to Article 28 GDPR and are required to carry out their activities in accordance with specific instructions from the Company and under its control.
Said parties may pertain to the following categories: internet providers, companies specialising in IT services, consultancy firms. A specific and up-to-date list of these parties is available at the Data Controller’s registered office and may be viewed at the request of the data subject.
It is understood that your personal data will not be disclosed to third parties for them to use for their own promotional purposes and will not be disseminated in any way.
Your data may furthermore be supplied to Police Forces and to Judicial and Administrative Authorities, in accordance with the law, for the detection and prosecution of crime, prevention and protection from threats to public safety, as well as to enable the Company to exercise or protect a right of its own or of third parties before the competent Authorities, as well as for other reasons related to protecting the rights and freedoms of others.
- Mandatory or optional provision of data
Without prejudice to the data subject’s freedom to provide the personal data or not, any failure to provide the data will result in the Company being unable to consider the data subject's application as part of any personnel selection and evaluation procedure.
- Transfer of data outside the EU
Some of the parties referred to in paragraph 5 may be located in countries that are not part of the European Union but which nonetheless have an adequate level of data protection, as established by the European Commission.
Your personal data will only be transferred to persons resident or located in countries outside of the European Union which do not ensure an adequate level of protection with your consent or subject to the conclusion between the Company and said persons of specific agreements containing appropriate clauses to guarantee the protection of your personal data (so-called “standard contract clauses”), which must also be approved by the European Commission, or if the transfer is necessary in order to conclude and execute a contract between you and the Company or in order to manage your requests.
- Data Retention
In accordance with the principles of proportionality and necessity, the data will not be retained any longer than is necessary to achieve the aforestated purposes.
In particular, personal data processed for purposes related to the selection of personnel will be retained for 24 (twenty-four) months after collection, including for the purpose of managing and processing requests from the competent authorities, managing any judicial and/or extrajudicial litigation, and managing and responding to any claims for damages.
At the end of this period, your data will be definitively erased by the Company or, in any case, irreversibly anonymised.
- Your Rights
We inform you that you are entitled to exercise the following rights in relation to the personal data covered by this notice, as provided for and guaranteed by the Regulation:
- Right of access and rectification (Articles 15 and 16 of the Regulation): you have the right to access your personal data and request its rectification, modification or completion. At your request, we will provide a copy of the personal data concerning you that is in our possession.
- Right to erasure of the data (Article 17 of the Regulation): in the cases provided for by the laws in force you may request the erasure of your personal data. Having received and examined your request, if found to be legitimate, we will cease processing and erase your personal data.
- Right to restriction of processing (Article 18 of the Regulation): you have the right to request a restriction of the processing of your personal data in cases of unlawful processing or if the accuracy of the personal data is contested by the data subject.
- Right to data portability (Article 20 of the Regulation): in the cases provided for by the aforementioned article, you have the right to request and obtain your personal data from the Data Controller in order to transmit them to another Data Controller.
- Right to object to the processing (Article 21 of the Regulation): you have the right to stop or prevent the use of your personal data at any time for a legitimate interest, explaining the reasons for your request; before accepting your explanation, the Company will assess the reasons of your request.
- Right to lodge a complaint (Article 77 of the Regulation): you have the right to lodge a complaint with the competent Data Protection Authority if you believe that your rights in relation to the processing of your personal data have been, or are being, infringed.
You may exercise your rights at any time in relation to the specific processing of your personal data by the Company.
Without prejudice to the above, we would like to remind you that the aforementioned rights may be exercised by whosoever has a personal interest, or who acts on your behalf, in the capacity as your representative, or for justifiable reasons of family protection, pursuant to art. 2-terdecies of Italian Legislative Decree 101/2018.
These rights can be exercised by sending an email to privacy@TWINSET.com or by letter addressed to: Via Del Commercio 32 - 41012 Carpi (MO), Italy.
Further information on the rights of data subjects may be obtained from the Data Controller by requesting a copy of the unabridged extract of the articles referred to above.
- Technical security Measures
In compliance with Articles 5 and 32 GDPR, the Company has adopted appropriate security measures to protect the confidentiality, integrity, completeness and availability of the personal data of data subjects. Accordingly, specific technical, logistical and organisational measures have been adopted for paper-based and IT documents, in order to prevent damage, losses - whether accidental or otherwise - alterations and/or the improper and unauthorised use of said data, as well as to ensure our ability to restore promptly the availability of and access to personal data following adverse physical or technical events (e.g. data breaches). Twinset also periodically tests, checks and assesses the effectiveness of the above security measures, in order to ensure that the security of data processing is improved continuously.
- Amendments to this notice
With respect to the above, the continuous evolution of our activities and the Regulations may lead to changes in how your personal data is processed. This privacy notice may therefore be subject to change over time if necessary due to the introduction of new data protection laws.
It is recommended therefore that you check the content of this notice from time to time. Where possible, we will seek to promptly inform you of any changes made and the relative consequences.
You can in any case obtain an up-to-date version of the privacy notice from the Data Controller at any time.
This notice was last updated on 07.03.2024
The undersigned declares that he/she has received the full notice in accordance with article 13 of the Regulation and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.