Candidate Information Pursuant to Article 13 of the 2016/679 EU Regulation
This information is given to candidate who would like to work VisMederi S.r.l.
Dear Candidate,
Pursuant to Article 13 of the EU 2016/679 Regulation (hereinafter called GDPR) laying down provisions for the protection of individuals with regard to the processing of personal data, we hereby inform you that your personal data will be processed in compliance with the aforementioned law and confidentiality obligations to which VisMederi Srl is bound. The processing of your data will take place according to principles of correctness, lawfulness and transparency.
Data Controller
The Data Controller is VisMederi S.r.l. (hereinafter referred to as “Data Controller”), in person of its legal representative pro tempore Dott. Duccio Meiattini, with registered and operative office in Strada del Petriccio e Belriguardo n. 35, 53100 Siena, Italy. The Owner can be contacted through:
– Registered letter addressed to VisMederi S.r.l., Strada del Petriccio e Belriguardo n.35, 53100, Siena (SI), Italy
– E-mail at the following address privacy@vismederi.com
Types of Data Object of Processing
The Data Controller may collect and process personal information from you when you apply for a role at VisMederi S.r.l., including but not limited to:
- Name and other personal information such as gender, date and place of birth;
- Contact information, such as address, telephone number, and e-mail address;
- Past employment history (including previous employers, job titles, or positions) and references in order to evaluate potential employees for employment;
- Other academic, professional, training and salary-related information, such as academic degrees and professional qualifications;
- Your CV/résumé (which may include details of any memberships or interests constituting Sensitive Personal Information (as that term is defined herein));
- Any other information you voluntarily provide throughout the process, including through interviews or other forms of assessment,
hereinafter and collectively called “Personal Data”.
As a general rule, during the recruitment process, the Data Controller tries not to collect or process any “Sensitive Personal Information” unless authorized by law or where necessary to comply with applicable laws. Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation.
It is also possible that will be processed Personal Data of third parties submitted by you to the Data Controller (for example, contact details of previous employers). With respect to these assumptions, you are the independent data controller, assuming all the obligations and responsibilities. In this case, you release Data Controller from liability with respect to any dispute, claim, request for compensation for damage from treatment, etc. of third parties whose personal data have been processed through your spontaneous submission in violation of the privacy rules. In any case, if you provide or otherwise process Personal Data of third parties, you guarantee from now – assuming all related liability – that this particular hypothesis of treatment is based on an appropriate legal basis that legitimizes the processing of the information in question.
Purpose, Legal Basis and Optional Nature of Processing
Your Personal Data will be processed for the following purposes:
a)recruiting;
b)assessing your skills;
c)carrying out reference checks (where applicable);
The legal bases of the processing for that purposes are the articles 6.1.a); 6.1.b); 6.1.f) of GDPR.
The information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee.
Processing Methods
In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of data, in addition to compliance with specific obligations sanctioned by law.
Data Retention
Personal Data will be retained in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Information Privacy Policy, or as otherwise required by applicable law. Generally this means Personal Data will be kept for the duration of the application process plus a reasonable period of time of 12 months after confirmation that your application was unsuccessful. You will be provided with the opportunity to opt out of VisMederi S.r.l.’s policy of retaining your information.
Recipients of Personal Data
Personal Data may be shared with the following:
– Natural persons authorized by VisMederi S.r.l. to the processing of personal data pursuant to art. 29 of the GDPR for the performance of their job duties (e.g. employees and system administrators, etc.);
– Service providers (such as consultants, certification bodies, etc.) who typically act as controllers pursuant to art. 28 of the GDPR;
– Subjects, bodies or authorities to whom it is mandatory to communicate your Personal Data under the provisions of law or orders of the Authorities.
The complete and updated list of data recipients can be requested to the Data Controller at the above-mentioned contacts.
Extra EU Data Transfer
Regarding the possible transfer of Data to Third Countries, the Data Controller informs that the processing will be carried out according to one of the modalities permitted by the law in force, such as: the agreement of the affected party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to have more information, upon request, from the Data Controller at the above-mentioned contacts.
Your Privacy Rights Pursuant to art. 15 and Following of GDPR
You have the right to ask the Data Controller, at any time, to access your Personal Data, to rectify or cancel them or to oppose their processing. You have the right to request the limitation of treatment in the cases provided for by Article 18 of the GDPR, as well as to obtain, in a structured format, in common use and readable by automatic devices, the data concerning it, in the cases provided for by Article 20 of the GDPR.
At any time, you may revoke the already given consent pursuant to art. 7 of the GDPR, without prejudice to the lawfulness of the processing carried out before the withdrawal of consent.
You can make a request for opposition to the processing of your data pursuant to Article 21 of the GDPR.
Requests must be sent to the Data Controller in writing at the addresses indicated above.
In any case, you are always entitled to submit a complaint to the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 of the GDPR, if you think that the processing of your data is contrary to the legislation in force.
You are entitled to withdraw your consent for processing for the purpose of the recruitment exercise at any time. However, if you withdraw your consent or if you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
The Data Controller
VisMederi S.r.l.