PERSONAL DATA PROCESSING POLICY FOR APPLICATIONS FOR OPEN PROFESSIONAL POSITIONS

INDUSTRIE POLIECO- M.P.B. S.p.A. collects data referring to you for the execution of the relationships with their users, acquired through the company website, directly or through third parties, qualified as personal data by EU Regulation 2016/679. This legislation stipulates that those who process personal data must inform the interested party on which data are processed and the elements that qualify processing, which must always take place correctly, lawfully and transparently, protecting your confidentiality and your rights. In accordance with EU Regulation 2016/679 we, therefore, provide the following information:

DATA CONTROLLER

INDUSTRIE POLIECO – M.P.B. S.p.A. (HEREINAFTER REFERRED TO AS CONTROLLER) headquartered in Cazzago San Martino (Bs), via E. Mattei, n. 49,
The Controller can be reached at the following address:gdpr@pec.polieco.com
The Data Protection Officer (DPO) can be reached at the following address: ambrostudioservizi@pec.it

Subject of processing
1) Navigation data
The IT systems and software responsible for the website functionality collect some personal data during ordinary operations and transfer them as implied by the use of typical Internet communication protocols.
Due to its nature, this information allows identifying users/visitors (e.g. IP address, email, domain names of the computers used by users/visitors who connect to the website, etc.) through the associations and elaboration of data held by third parties.
This category includes the IP addresses or the domain names of the computers used to connect to the website, the URI addresses (Uniform Resource Identifier) of requested resources, the time of request, the method used to submit the request to the server, the response file size, the numeric code of the response status (completed, error, etc.) and other parameters relative to the user’s operating system and IT setting.
These data are used to monitor the website’s correct functioning and to collect statistical information.
Data on web contacts will be stored for no longer than seven days, except for investigations of cybercrimes against the website.
No data deriving from the web service will be shared or disclosed.
2) Data provided voluntarily by users/visitors
If the users/visitors connect to this website and send their data to access specific services, i.e. to perform email requests, by filling the dedicatedform and submitting a CV and photo for personal identification, they are aware that this entails that the Controller will acquire information on the sender and/or other personal data which will be used exclusively to answer the request, i.e. to perform staff pre-selection and selection activities.
Personal data provided by applicants will be shared with third parties only if necessary to fulfil the applicant’s request or if required by law (like in the case of billing, or possible employment after CV submission).

Method of processing
The processing of your data is performed through the operations indicated in art. 4 n. 2) GDPR and specifically: collection, recording, organisation, storage, reference, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, sharing, cancellation and destruction. Your data undergo written, electronic and/or automated processing.

The processing is performed with automated instruments (e.g. using electronic procedures and media) and/or manually (e.g. on paper) only for the time necessary to fulfil the purposes for which the data are gathered and in compliance with the current regulatory provisions.

Specific safety measures are followed to prevent data loss, illicit or improper use of data and unauthorised access, to grant access only to officers or data processors nominated in compliance with current regulatory provisions. The list of Data Processors appointed pursuant to art. 28 of EU Regulation 679/2016 is available at the Controller’s headquarters. The personal data, even in written form, will be saved on electronic media, stored and archived in POLIECO M.P.B S.p.A. Industries servers, located at their headquarters.

Purpose of processing
A) data are processed without your explicit consent (art 6 lett.b), e) GDPR), for the following Service Purposes:

  • Website management and maintenance;
  • prevention of fraud or malicious activities which could damage the Website;
  • elaboration of provided personal data and those derived from browsing the website, aimed at providing a service in line with the indications provided when using the service;
  • Data collection, storage and elaboration to perform anonymous and/or aggregated statistical analyses;
  • Exercising the Controller’s rights, for example, the right to exercise a right in court;
  • fulfilment of legal obligations and provisions by competent Authorities;
  • management of pre-selection and selection phase of applications for open professional positions;

Legal basis for processing
The legal basis of the Client’s data processing performed by the controller through the website in epigraph consists in the contract or pre-contractual agreements with the interested party, while if this is missing the legal basis can be found in the Controller’s legitimate interest in a free economic activity referred to in art. 41 Cost. With regards to marketing purposes, the legal basis is free and expressed consent in addition to the Controller’s legitimate interest.

Recipients
In some cases, the data may be accessed by processors and officers involved in the Website’s company organisation (administration, commercial marketing and legal staff, system administrators). Furthermore, the Controller may make use of external subjects (like technical service providers, transporters, hosting providers, cloud services, IT companies, communication companies) which can be appointed as external Processors. The updated list of Processors is always available upon request from the Data Controller, contacting the address indicated above.

Data transfer
The data controller uses servers located in Italy for the services provided by the website, and therefore under Reg. 2016/679/EU and to be considered suitable, as it falls within the EU territory.
The data processed by the Controller will never be disclosed.

Data processing place
The processing related to the web services of this website take place at the Controller’s headquarters and is only handled by the technical staff of the Office in charge of processing. The personal data provided by the users who submit requests for service, performance or information are only used to perform the required service or performance, or to provide the required information; they are shared with third parties only if necessary to this end, and therefore limited to the required services and performances. The data may be disclosed to the Company’s internal staff, collaborators, correspondents and officers; to administrative, commercial, fiscal and contributory advisors as well as informatics and telematics; to banking and financial institutions, in addition to subjects in charge of protecting the Company’s legal, administrative and extrajudicial interests and for debt collection; to those in charge of shipment of documents and for corporate control.
Time and place of data storage
The processing related to the web services provided by this website take place at the company’s headquarters and is only handled by company staff i.e external staff in charge of maintenance and update. No data are shared or disclosed. The data are processed for the time needed to perform the service required by the User, no less than 5 years in case of curriculum vitae, and then destroyed with safe means of destruction, such as paper shredders for paper and wiping for electronic data.

Voluntary or obligatory provision of data
Except as specified for automatically obtained navigation data, users/visitors are free to provide or withhold their data. Failure to provide data might render the provision of the required services completely impossible. If emails are sent voluntarily, explicitly to addresses given on this site, the sender’s address, which is required to respond to service and/or information requests, is automatically acquired, as are any other personal data which may be included in the communication.
Rights of data subjects
As data subjects, under the GDPR, you always have the right to obtain confirmation on the existence of the data and to know its contents and origin, verify its exactness or request its integration, update, or correction. To exercise his rights, the User can refer to the Data Controller.

Concerning the processing of the aforementioned data, you also have the right to obtain the following from the Controller:
1. confirmation as to whether or not your data are being processed, the communication thereof in readable form and knowledge of its origin, in addition to the logic on which the processing is based;
2. deletion of your data within a suitable period, the transformation in anonymous form or blocking of data processed in violation of the law;
3. data updating and, if interested, integration of said data;
4. certification that the operations described at points 2) and 3) have been notified to the persons to whom the data have been shared, as long as it is possible and does not entail disproportionate efforts.
5. Furthermore, you have the right to correct or delete the data regarding you or the limitation of processing.
6. You have the right to withdraw consent related to voluntary processing not connected to the performance of the contract signed with the Controller.
7. You also have the right to oppose the processing of personal data regarding You for legitimate reasons, even if they are relevant for collection, or to request its portability and to exercise the right to oblivion. The user has the right to lodge a complaint with the supervising authorities, without prejudice to any other administrative or legal action. He/she may, therefore, contact the personal data protection Authority.
Automated decision processes
No automated decision-making processes are performed on the collected aggregated data unless they are aimed at improving website management.

Minors
This Website and the Controller’s Services are not intended for people under 18 years of age and the Controller does not intentionally collect information regarding minors. In case information regarding minors is involuntarily collected, the Controller will immediately delete them upon the user’s request.

This document is published on the company website and constitutes the privacy policy of this website and may be subjected to updates.