1.Controller of Data and DPO
2.The Information we collect
We will collect your personal details, including but not limited to your name and contact details (together with your e-mail address) and other relevant information from your Curriculum Vitae (CV). On occasion, this will also include sensitive personal information such as details of criminal convictions and ethnic origin. When we receive your details and CV electronically, this may be with a direct application through a software managed by Allibo. We will likely obtain further personal information about you during the course of our relationship with you. This information may be obtained from you directly or from third parties, such as organisations to whom we have provided your CV and who have engaged with you as part of a job application.
3.The purpose of the processing
Your data will be collected in a special archive and processed for the only purpose of selecting personnel suitable for holding open job positions or who should open at IMS S.r.l. during the course of the period referred to in the following Art. 6. This treatment may also be carried out with the support and use of electronic tools and automated methods to analyse the candidate's profile and assess the level of compliance in relation to the specific characteristics of each open position.
4.The Legal Basis for Processing your Personal Information
The legal basis of the processing of data referred to in Article 2, for the purposes referred to in Article 3, is the consent that you can release in electronic form by ticking the appropriate box located at the bottom of this statement. In the absence of your consent, IMS S.r.l. will not be able to receive the data and the curriculum you intend to submit and, consequently, insert it among the candidates for your job positions.
Under GDPR, the main grounds that we rely upon in order to process personal information of clients and candidates are the following:
a. Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
b. Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
c. Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.
5.Potential recipients of the data
Your data will be processed by individuals within IMS S.r.l. expressly authorized (agents / system administrators), as well as by external processors appointed by our company. At your simple request, we will provide you with the names and contact details of the aforementioned parties.
The processing of your data will last up to thirty-six (36) months from the date of your consent. At the end the treatment will be considered ceased and all the data in our possession will be definitively erased if we do not have a new consent from you.
7.Duties of Controller
IMS S.r.l. is responsible to inform you and the European Data Protection Supervisor (EDPS) in case of a data breach as Art. 33 within seventy – two (72) hours and to describe the nature of the personal data breach and communicate the name and contact details of the DPO where more information can be obtained. IMS S.r.l will not be responsible for a data breach of the software directly and technically managed by Allibo. Due to this, having agreed with Allibo, Alliance Software S.r.l., as provider of the service Allibo, will be the only responsible to describe the likely consequences of the personal data breach, describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
8.The rights of the data subject
As data subject you have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below in according with article 13 .2 of GDPR. We will require evidence of your identity before we are able to act on your request.
a.Right of Access (article 15 GDPR)
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
b.Right of Correction or Completion (article 16 GDPR)
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us using any of the methods in the Contact section below.
c.Right of Erasure (article 17 GDPR)
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
d.Right to object to or restrict processing (article 18 GDPR)
In certain circumstances, you have the right to object to our processing of your personal information by contacting us using any of the methods in the Contact section below. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
e.Right of Data Portability (article 20 GDPR)
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third party organisation.
The above right exists only in respect of personal information that: you have provided to us previously; and is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section below:
You can withdraw your consent at any time by lodging a compliant directly with the EDPS at the following address:
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.