Articles 13 and 14 of the European Regulation No. 679/2016
Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018
1. Data Controller
The Data Controller is Ravaservice srl, located at Viale della Repubblica, 4– 35010 Limena (PD), Tax Code and VAT No. 04961130285 (hereinafter referred to as “Controller”).
Notice for Applicants “Work with Us”
This notice is provided to those who send their curriculum vitae to the Data Controller via its website following a personnel search, a spontaneous application, a response to a job advertisement, or during a job interview.
For any other information on the processing of personal data during navigation, it is suggested to read the privacy policy available on the website.
2. Category of Personal Data Processed
Data voluntarily provided by the user, including:
– Common personal data (such as personal details; contact information; education and professional experience; other data typically contained in a curriculum vitae)
– Exceptionally, special data (Art. 9 GDPR)
– Exceptionally, criminal data (Art. 10 GDPR)
The data collected by the Controller through the submission of curriculum vitae, professional profile evaluation interviews, or third-party referrals such as name, surname, place and date of birth, tax code, phone number, postal address, educational qualifications, and other elements of personal identification, submitted in relation to potential job openings or spontaneous applications, fall within the category of “personal data” as defined by Article 4, paragraphs 1 and 15 of the GDPR and will be processed exclusively to assess the skills and professional abilities of the candidates, in relation to the open position and for which a selection process is ongoing or for future staffing needs of the company.
Except for job positions reserved for protected categories, it is unnecessary to include in the curriculum vitae any special data (i.e., data revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, religious, philosophical, political, or trade union associations, as well as data suitable for revealing health status and sexual life).
3. Purpose and Legal Basis of Processing
The personal data of those who send their curriculum vitae spontaneously or following a personnel search are processed, in the ways and forms prescribed by the GDPR:
– For recruitment and personnel selection purposes or to propose other job offers consistent with the candidate’s professional profile (legal basis: pre-contractual obligations);
– To comply with specific legal obligations or to perform specific tasks required by laws, regulations, or EU legislation (legal basis: legal obligation).
The collection and processing of data are carried out to enable the Controller to conduct research, selection, and evaluation of personnel. Processing for this purpose does not require the data subject’s consent, as it is necessary for the execution of pre-contractual measures adopted at the request of the data subject (Art. 6, paragraph 1, letter B of the GDPR), except for the processing of special categories of personal data, which, if provided, may be processed by the Controller only with explicit consent. Data will be processed by personnel authorized under Article 29 of the GDPR. Data processing for these purposes will be carried out by electronic and manual means, based on logical criteria compatible with and functional to the purposes for which the data were collected, in compliance with confidentiality and security rules provided by law and company regulations.
4. Mandatory Provision of Data
The provision of personal data for the indicated purposes is optional and voluntary.
However, it is necessary to complete the specific functionality on the site to correctly send the application to participate in potential personnel selection processes. To send the application correctly, the candidate must consent to the processing; otherwise, the candidate cannot submit their data for selection purposes.
In any case, even where the data subject has given consent to authorize the Controller to pursue all the purposes mentioned above, they will remain free to revoke it at any time.
Specifically and separately, as required by Art. 21 of the Regulation, the data subject is informed of the right to object at any time to the processing of personal data concerning them for the purposes indicated above, and that, if the data subject objects to the processing, the personal data can no longer be processed for such purposes.
5. Recipients of Personal Data
The personal data processed will not be disseminated but may be communicated to specifically identified subjects, such as the Controller’s personnel specifically authorized to process data. Based on the roles and job functions performed, personnel are authorized to process data within their competences and in accordance with the instructions given by the Controller. Such data may be communicated to entities entitled to access them by law, regulations, and normative provisions.
Specifically, data may be used by third parties or companies performing instrumental activities on behalf of the Controller, such as:
– External consultants for recruitment, selection, and evaluation of personnel;
– Entities expressly recognized by law, regulations, or decisions issued by competent authorities;
The above recipients, depending on the case, will process the data as controllers, processors, or persons in charge/authorized to process. Outside the above cases, data will not be disseminated in any way.
6. Data Retention Methods
Data processing is carried out using manual, electronic, and IT tools, with methods strictly related to the purposes for which the data are processed and in compliance with the provisions of Art. 32 GDPR on security measures.
7. Data Retention Period
Personal data are retained for the period necessary to achieve the specific purposes for which they are processed and, in any case, for no longer than 6 months from the receipt of the curriculum vitae, after which they will be automatically deleted, and no copies will be kept.
Exclusions to the above terms include cases where it is necessary to retain data for a longer period to defend or enforce a right or to comply with legal obligations or orders from authorities.
8. Transfer of Personal Data
The Controller does not transfer personal data to third countries or international organizations.
9. Data Subject’s Rights
Each data subject has the right of access, rectification, deletion (oblivion), restriction, notification in case of rectification, deletion or restriction, portability, opposition, and not to be subject to an automated individual decision, including profiling, under Articles 15 to 22 of the GDPR. These rights can be exercised in the forms and terms provided for in Art. 12 GDPR, by sending a written communication to the Controller (see point 10).
The Controller will respond appropriately as soon as possible upon receipt of the request.
10. Right to Withdraw Consent (Exercising Rights)
It is possible to withdraw consent, where provided, at any time and/or exercise one’s rights by sending:
– A registered letter with return receipt to the Controller with an express request
– An email to the address amministrazione@ravaservice.com
11. Complaints
Each data subject has the right to lodge a complaint under Articles 77 et seq. of the GDPR with a supervisory authority, identified in Italy as the Data Protection Authority. The forms, methods, and terms for lodging complaints are provided and governed by current national legislation. Complaints are without prejudice to administrative and judicial actions, which in Italy can be lodged alternatively with the same Authority or the competent Court.
12. Controller, Authorized/Charged, and Data Processors
Below, we provide some information that you need to be aware of, not only to comply with legal obligations but also because transparency and fairness towards data subjects are fundamental parts of our business.
Data Controller: The Data Controller of your personal data is Ravaservice srl, responsible for the legitimate and correct use of your personal data and can be contacted for any information or request at the following contact details: phone +39 (0)49 711167, email: amministrazione@ravaservice.com.
Authorized/Charged Personnel: The updated list of personnel authorized/charged with data processing is kept at the Controller’s headquarters.
Data Processors: For brevity, the detailed list of these figures is available at our headquarters.
Last update: 05/2024