Who are we and what do we do with your personal data?
Porta Medicea S.r.l., hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.
For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.
The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. The contact details of the Data Protection Officer are as follows: email@example.com
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as: name, surname, tax code, place and date of birth, physical and electronic address, land line and/or mobile phone number, curriculum data; and also data relating to your state of health if communicated by you also through the curriculum vitae or if the position for which you are applying is reserved for protected categories. They are used by the Data Controller to check the requirements for your employment and/or for starting your collaboration with the Data Controller. The communication of your personal data is mainly to third parties and/or recipients whose activities are necessary for carrying out activities relating to personnel selection. Any communication that does not comply with these purposes will be subject to your consent.
The Data Controller does not transfer your personal data abroad. Your personal data will not be in any way disseminated or disclosed to unspecified subjects not even identifiable as third parties.
Your personal information will be processed for:
Your personal data is processed in order to carry out the activities resulting from the management of personnel selection carried out by the Data Controller, such as:
Your personal data is also collected from third parties such as, for example:
The personal data that the Data Controller processes for the above purpose is, among others:
Where applicable, the right to rectify data issued or collected by the Data Controller remains unaffected.
Your data will not be disclosed to third parties/recipients for their own purposes unless:
The personal data that the Data Controller processes for this purpose is, among others:
and, where necessary and with all the necessary assurances, including those recalling the need for pseudonymisation, aggregation and/or encryption of data, those
The Data Controller processes, also through its suppliers (third parties and/or recipients), your personal data, including IT (e.g. logical access) to the extent strictly necessary and proportionate to ensure the security and capacity of a network or its servers to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of retained or transmitted personal data.
For these purposes, the Data Controller envisages procedures for the management of personal data breach in compliance with the legal obligations to which it is subject.
What happens if you do not provide your data?
The data collected or otherwise obtained by the Data Controller is considered necessary and failure to provide it will make it impossible for the Data Controller to carry out the activities relating to the main processing, i.e. to:
– evaluate your application in the process of personnel selection carried out by the Data Controller also through its suppliers (third parties/recipients);
– manage the personnel selection process in all its stages;
– for the obligations resulting from it.
The intention of the Data Controller was to carry out certain processing operations in accordance with certain legitimate interests that do not affect your right to confidentiality, such as those that:
How and for how long is your data retained?
Your personal data is processed by both electronic and manual means and tools made available to subjects acting under the authority of the Data Controller authorised and trained for this purpose. The paper and, above all, electronic files where your data is stored and retained are protected by effective and adequate security measures to counter the risks of violation considered by the Data Controller. The Data Controller checks regularly and constantly the measures adopted, especially for electronic and telematic tools, as a guarantee for the confidentiality of personal data processed, filed, stored and retained by them, especially if belonging to special categories.
Personal data is retained for the time necessary to carry out the activities related to the selection of the applicant and in any case no later than 24 months from its collection except for the possible establishment of the employment and/or collaboration relationship.
Computer files are located within the EU (and EEA) borders and are not intended to be connected to or interact with databases located abroad.
Data processing is carried out on paper or through IT procedures by internal subjects authorised and trained for this purpose. They are granted access to your personal data to the extent and within the limits required for carrying out the processing activities that concern you. Your data, especially those belonging to special categories, is processed separately from other data also by means of pseudonymisation or aggregation methods that do not allow you to be easily identified.
The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorised to process data, that personal data for which processing is not necessary is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out.
The data is retained on paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured.
Personal data processed by the Data Controller is retained for the time necessary to carry out the activities related to the selection of the applicant and in any case no later than 24 months from its collection except for the possible establishment of the employment and/or collaboration relationship. This is without prejudice to the cases in which the rights depending on the processing in place should be asserted in court, in which case your data, only that necessary for these purposes, will be processed for the time necessary to pursue them.
This is without prejudice to your right to oppose at any time the processing based on legitimate interest for reasons related to your particular situation.
What are your rights?
In substance, at any time and as long as the processing continues, free of charge and without any special charges or formalities for your request, you can:
The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will have to inform you of the reasons for the extension within one month of receipt of your request.
For any further information and to send your request, please contact the Data Controller at firstname.lastname@example.org.
How and when can you oppose the processing of your personal data?
For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest, by sending your request to the Data Controller at the address email@example.com.
You have the right to have your personal data erased if there is no legitimate reason overriding the one that gave rise to your request.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.
Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.