Privacy HR

PRIVACY POLICY - ART. 13 EUROPEAN REGULATION NR. 2016/679
(General Data Protection Regulation)


1. Data controller

The Data Controller is Automatismi Benincà S.p.a. (VAT 02054090242), in person of the legal representative pro tempore, with registered office in Sandrigo (VI) – Italy, via Capitello n. 45, www.beninca.com, hereinafter “the Holder”. The Data Controller intends to provide the data subject with complete information on the purposes and methods of processing personal data.

2. Methods of processing personal data

Personal data (eg personal data, telephone number, e-mail, etc.) are processed on computer media or in any case with the aid of computerized or automated tools in compliance with the minimum security measures and, in any case, in order to guarantee the integrity, security and confidentiality of the data.

3. Purpose of the processing

The Data Controller will process your personal data for the purposes of searching for, assessing and selecting personnel for its organization.

The legal basis for processing is Art. 6(1)(f) of the GDPR: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”. Consenting to such processing is optional, but failure to do so will result in the Data Controller being unable to assess the candidate's profile. The data subject’s consent is given by submitting his or her CV entirely voluntarily, by email, fax or in the dedicated website section.

Data is collected by means of a data subject submitting information on his or her professional experience in the form of a Curriculum Vitae (“CV”) by post, fax, e-mail, hand-delivered letter, dedicated form on the website, social networks or direct delivery during the selection and interview process.

The data subject’s submission of a CV may represent:

- a spontaneous application;
- a response to specific job adverts placed on any media, on the organization's proprietary website, or on third party websites.

Only general personal data is collected, including the photograph supporting the professional profile submitted, and this will be strictly processed within the limits relating to the obligations, tasks and purposes referred to in this art. 3. The data subject, therefore, should not disclose the special categories of personal data (‘sensitive data’) specified under Regulation 2016/679. In the event of such data being included in the CV, the Data Controller shall only process any data deemed relevant for the purpose of assessing the candidate’s professional aptitude, to the extent that the acquisition of such information is strictly indispensable for the establishment of a cooperation/employment relationship.

The Data Controller asks candidates to specify their consent to the processing of personal data in their CVs.

4. Recipients or category of recipients of personal data

The personal data you have provided, for the purposes described above, may be brought to the attention of employees and / or collaborators of the Data Controller and communicated to the following subjects:

a) Rise S.r.l., Myone S.r.l., Hi-Motions S.r.l., APROMIX RFID S.r.l., Seav S.r.l., as joint Controllers;
b) third-party companies possibly appointed by the Owner to provide for the execution of the obligations assumed by the latter for the implementation of the treatments provided for by the purposes set out in points 1) and 2) of article 3;
c) all subjects (including Public Authorities) who have the right to access data under regulatory or administrative provisions;
d) third-party companies appointed by the Data Controller for processing the data provided for in the purposes set out in points 3), 4) and 5) of article 3;
e) third-party companies that provide essential support services for processing and have direct or indirect access to your data.

All the collaborators or suppliers used by the Data Controller for the processing of your personal data have been appropriately and legally authorized and empowered on the methods and purposes of the treatments attributed to them and will act in compliance with and in accordance with this information. The personal data you have provided, for the purposes described above, may be transferred to business partners for processing data provided for the purposes set out in points 3), 4) and 5) of article 3. The personal data you provide and that are subsequently processed in relation to managing the service are not subject to disclosure. 

5. Data retention times

The Data Controller will process personal data for the time strictly necessary to fulfill the above purposes and in any case for no more than 12 months following collection for the stated purposes, after which the Data Controller or someone appointed by same will delete the CV or make the data pseudonymized.

6. Exercise of rights by the interested party

Pursuant to article 13, paragraph 2, letters b) and d), 15, 18, 19 and 21 GDPR, the interested party is informed that he has the right to:

1) Access to personal data: obtain confirmation of whether data concerning you are being processed and, in this case, access to the following information: the purposes, the categories of data, the recipients, the retention period, the right to lodge a complaint with a supervisory authority, the right to request rectification or cancellation or limitation of processing or opposition to the processing itself and the existence of an automated decision-making process;
2) Request for rectification or cancellation of the same or limitation of the processing that concerns you; “limitation” means the marking of data stored with the aim of limiting its processing in the future;
3) Opposition to processing: to oppose for reasons connected with your particular situation to the processing of data for the performance of a task of public interest or for the pursuit of a legitimate interest of the Controller;
4) Data portability: in the case of automated processing carried out on the basis of consent or in execution of a contract, to receive data concerning you in a structured format, commonly used and readable by automatic device; in particular, the data will be provided by the Data Controller in .xml format;
5). Revocation of consent to processing for marketing purposes, both direct and indirect, market research and profiling; the exercise of this right does not prejudice in any way the lawfulness of the processing carried out before the revocation;
6) Propose a claim pursuant to article 77 RGPD to the competent supervisory authority based on your habitual residence, workplace or place of violation of your rights; for Italy, the Guarantor for the protection of personal data is competent, which can be contacted via the contact details on the website https://www.garanteprivacy.it.

The aforementioned rights may be exercised by sending a specific request to the Data Controller through the contact channels indicated in article 1 of this information. Requests relating to the exercise of your rights will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and in the number of requests, this deadline may be extended by a further 2 (two) months and obtaining data portability. We inform you specifically and separately, as required by article 21 GDPR that if personal data are processed for marketing purposes, the data subject has the right to object at any time and that if the data subject objects to the processing, personal data can no longer be processed for these purposes.

The exercise of rights is not subject to any form constraint and is free. The e-mail address for the exercise of rights is privacy gdpr@beninca.com.