1. Data Controller
The Data Controller of the data collected on the Site, pursuant to EU Regulation no. 679/2016 – General Data Protection Regulation – (the “Regulation”) is HR Capital S.r.l (the “Company”), with registered office in Galleria San Babila, 4/B Milan, Tel. +39 02 365 930 1, fax +39 02 365 930 00, email: info@hrcapital, PEC: email@example.com
2. Data Protection Officer
The Data Protection Officer (“DPO”) can be contacted:
– by email at firstname.lastname@example.org; or
– by ordinary mail at Data Protection Officer, c/o HR Capital S.r.l, Galleria San Babila, 4/B, 20122 Milan.
3. Purpose and legal basis of the processing carried out on the Site
The Site collects and processes personal data for the following purposes:
- Request for services: the personal data voluntarily provided by the user through the completion of the form in the “Contacts” section (name, surname, email address and additional information indicated therein) are processed by the Company to meet the user’s requests.
- Personnel search and selection: the personal data provided directly by the user in the “Work with Us” section (name, surname, date of birth, sex, email address and telephone number, role and curriculum vitae) are processed by the Company to evaluate the application submitted.
- Subscription of daily newsletter: the personal data voluntarily entered by the user in the “Subscribe to the Newsletter” section of the HOME PAGE are processed by the Company to automatically send the daily newsletter, through the Salesforce platform.
The legal basis of the processing of the user’s personal data is:
- for the purposes referred to in point 3(a) above, in the legitimate interest of the Company to meet the user’s requests for services;
- for the purposes referred to in point 3(b) above, on the specific consent given by the user and in the legitimate interest of the Company to evaluate the application within the process of personnel recruitment;
- for the purposes referred to point 3(c) and 3(d) above, on the specific consent given by the user.
4. Categories of recipients of personal data
The Company communicates the personal data of users of the Site only to the extent permitted by law and in accordance with what is described below. In particular, the user’s personal data may be processed or known by:
- employees of the Company, who operate as people authorised to process data and in this sense are instructed by the Company;
- companies that provide the Company with specific technical and organisational services connected to the Site, in their capacity as Data Processors pursuant to article 28 of Regulation;
- police or judicial authorities, in accordance with the law and upon formal request by them, or if there are well-founded reasons to believe that the communication of such data is reasonably necessary to: (a) investigate, prevent or take action against suspected illegal activities or to assist the state supervisory and control authorities; (b) defend itself against any claims or allegations by third parties, or protect the security of its website and the Company; or (c) exercise or protect the rights, property or safety of the Company, its customers, employees or any other person.
Personal data will not be disclosed and will not be transferred outside the European Union.
5. Methods of processing personal data and retention period
Personal data provided by the user during navigation of the Site will be kept for a period not exceeding 12 months. Personal data processed to provide a service will be kept for the time strictly necessary to provide the requested service to the user. The data collected following the submission of the application by the user will be kept for the period of time necessary to evaluate said application. The data collected for sending the newsletter will be kept in line with the user’s interest in receiving them.
6. Compulsory or optional nature of data provision
7. Rights of the user
The user has the right to:
- access personal data concerning them and to obtain confirmation of the existence of such data, their communication in intelligible form, and their integration;
- request the updating, rectification or, where relevant, integration of personal data;
- limit the processing that concerns them, cancel, transform into anonymous form or block personal data processed in violation of the law, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
- oppose, in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
- obtain the transmission of data concerning them to another data controller (so-called right to data portability).
If the processing is based on consent, pursuant to article 7, paragraph 3 of the Regulation, the user may withdraw the consent given at any time, without prejudice to the lawfulness of the processing carried out before withdrawal.
The rights listed above may be exercised by contacting the DPO at the email address email@example.com.
8. Right to lodge a complaint
Pursuant to article 77 of the Regulation, the user has the right to lodge a complaint with the National Supervisory Body (for Italy, the Data Protection Authority: www.garanteprivacy.it ).
9. Final clause