Information notice for candidates
pursuant to art. 13 of EU Regulation 2016/679
We inform you
that this privacy notice is provided pursuant to art. 13 of the EU Regulation 2016/679 (hereinafter "Regulation" or "GDPR")
towards subjects who apply for work collaboration. The Data Controller is BTO
Spa (hereinafter "Controller")
with registered office in Via delle Asole 4, 20122 - Milan.
The Controller can be reached at the
following mail address: firstname.lastname@example.org.
Categories and types of data
Data processed by the Controller may
include: common data, such as personal information (e.g. name, surname, date of
birth, address, image, sex, marital status, fiscal number, etc.), contact
information (e.g. landline/mobile telephone number, e-mail address, etc.), work
and professional data (data related to the level of education, data related to
previous professional experiences, feedbacks related to the interview).
Except for the
belonging to protected categories, the
provision of other particular types of personal data, as defined in art. 9 GDPR, is
not required. Pursuant to art. 9 GDPR, “Special categories of personal
data” are considered: data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, or trade union membership, and
(…) genetic data, biometric data for the purpose of uniquely identifying a
natural person, data concerning health or data concerning a natural person's
sex life or sexual orientation.”. However, in case you send anyway data of this
nature, the Controller will destroy them and will not take your profile into
consideration for the application purpose.
Personal data indicated above are hereafter
referred to as "Personal Data"
Purpose and legal basis of Personal Data processing
Personal Data you provide by sending the
curriculum or at a later time will be processed for the following purposes:
to evaluate the compatibility
of profiles in relation to the open positions and in general to manage
selection procedures for collaborators (including sharing profiles with the
client for each project);
to contact you, using contact
details you have provided, in order to schedule necessary interviews.
The legal basis of the Personal Data processing
for the purposes indicated above are the articles 6.1.a); 6.1.b) and 6.1.f) of
GDPR, that is the legitimate interest of the Controller to verify the
suitability of the candidate to hold the specific open position.
The provision of
Personal Data for these purposes is optional, but in its absence, the
Controller would be unable to evaluate profiles or to schedule interviews.
If your application is accepted, your Personal
Data will be processed by the Controller according to the privacy information notice
prepared for employees and/or collaborators.
Personal Data retention
Your data will be kept for a period of 18
months from the date of their provision and may be used for contacts or
possible future interviews and stored in electronic archives, also in order to
allow the identification and selection in aggregate form. In particular, data
will be stored on the management system Allibo HR Software provided by Alliance
Software S.r.l.. Data will be definitively deleted from the system upon
expiration, unless express consent of the data subject to the extension of the
retention period of the same duration, upon request of the Controller.
Your Personal Data may be shared with:
subjects that typically act as
data processors pursuant to art. 28 of GDPR;
persons authorized by
Controller to process personal data in accordance with art. 29 of GDPR;
subjects, institutions or
authorities, autonomous data controllers, to whom the Controller is obliged to
communicate your Personal Data in accordance with the provisions of law or authorities’
Data may be accessible to subsidiaries or associate
companies for the same purposes described above and/or for administrative and
accounting purposes pursuant to art. 6 and to recitals 47 and 48 of the
The complete and updated list of processors
is available at the Controller at the address indicated above.
Data transfer outside EU
As far as the possible transfer of Personal
Data outside the European Union is concerned, the Company informs that the
processing will be carried out according to one of the methods allowed by the
law in force, such as the consent of the subject involved.
You have the right to access your data at any
time, pursuant to articles 15-22 GDPR. In particular, you can request the
rectification, deletion, limitation of data processing in the cases provided
for by art. 18 of the GDPR, the withdrawal of consent, to obtain the
portability of your data in the cases provided for by art. 20 of the GDPR, as
well as lodging a complaint to the competent supervisory authority pursuant to
art. 77 of the GDPR (Guarantor for the protection of Personal Data), according
to the procedures indicated on the website of the Guarantor accessible at: www.garanteprivacy.it.
You can formulate a request of opposition
to the processing of your data pursuant to ex article 21 of the GDPR giving
evidence of the reasons justifying the opposition: the Controller reserves its
right to evaluate your request, that would not be accepted in case of
legitimate reasons cogent to proceed with the processing that prevail over his
interests, rights and liberties.
Requests must be sent writing to the Controller
or at the DPO at the address mentioned above.