Information on the processing of career data from the website
- The “DATA CONTROLLER“ Mexedia S.p.A. SB Via Affogalasino 105, 00148 Rome
- For the purposes expressed in this policy, only non-particular personal data will be processed. Any information on particular data may be processed only if it is necessary to guarantee the right of protected categories and exclusively to guarantee this right.
- Purposes of processing, data, provision, basis for lawfulness of communication to third parties and storage times, transfers outside the European Economic Area (EEA)
Any particular or common data NOT strictly necessary for the selection purposes will NOT be processed and please do not include them in the materials sent.
| A – CV acquisition for application and evaluation of the same |
| More details Activities for receiving applications and operations related to their management (verification of the professional profile according to business needs and contacts for interviews) If you do not provide your data: it will not be possible to evaluate the application |
| What data do we process? We process common personal data: candidate data such as first name, surname, date and place of birth, possibly the candidate’s tax code, residence or domicile, course of education and studies, experience and work skills acquired, It is reiterated that it is not intended to process particular data unless strictly necessary to guarantee the right of protected categories. |
| With what legal prerequisite: Contractual and pre-contractual activities (Article 6 letter b GDPR) and guarantee the exercise of a right in the field of labour law in relation to any indication of a protected category (Article 9 point 2 letter B GDPR) |
| For how long? Applications are kept for 6 months unless the interview and onboarding processes are activated. In such cases, the data shall be processed until the termination of these activities. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same. |
| B – Management of data subjects’ rights |
| More details The purpose is linked to the reception, analysis and management of requests to exercise the rights of data subjects, including interaction with the data subject and providing the appropriate answers and clarifications. The data subject shall receive a response as soon as possible and, in any case, within the legal deadline. The data subject shall receive a response, with the appropriate reasons, even if the request cannot be accepted If you do not provide the data: it will not be possible to manage requests |
| What data do we process? According to the type of request, we process all the necessary data to guarantee the correct exercise of the rights of the data subjects. |
| With what legal prerequisite: Guaranteeing the exercise of rights is a precise legal obligation Article 6 letter C GDPR |
| For how long? The data are processed for the time necessary to manage the requests and to verify the same. Storage, as a rule, is for 5 years. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same. |
- Disclosure to third parties
| Your data will not be disclosed. They will be processed with technological, IT and consulting service providers who, as a rule, operate as data processors. These parties may also include group companies that offer services to the data controller. It is understood that the data will be processed in accordance with the principle of minimisation, favouring, where possible, anonymous or anonymised data. In particular, the categories of subjects can be the following: Parties, including Group companies, who carry out/provide technical and organisational tasks/services on behalf of the data controller, including the organisational and technological support necessary for the provision of the service or the management of the activity subject to processing Firms and companies in the field of support and consulting relationships The data may also be communicated to independent third parties with particular reference to public authorities, perhaps including law enforcement authorities, when the legal conditions are met and in the exercise of their functions. |
- Transfers outside the European Economic Area (EEA)
| The data are processed in the European Union. If the transfer is necessary, the guarantee instruments provided for by the GDPR shall be used: adequacy decisions of the EU commission or the standard contractual clauses as promoted by the EU commission itself to regulate transfer relationships outside the European Economic Area and with any supplementary measures as also provided for by the EDPB indications. |
- Rights of the data subject Articles 15, 16, 17, 18, 19 20, 21 and 77 of the GDPR Rights of the data subject Articles 15, 16, 17, 18, 19, 20, 21, and 77 of the GDPR.
We inform you of the existence of the right to know the recipients of the possible communication, access to personal data, rectification, deletion and possibly complete deletion, limitation of processing, data portability and opposition at any time to the processing of personal data concerning you.
We also inform you that, if the basis of lawfulness is consent, you have the right to revoke it at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (Article 7, paragraph 3, of the GDPR).
Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the member state where you usually reside, work or in the place where the alleged violation occurred, which in Italy corresponds to the Guarantor Authority for the Protection of Personal Data, whose references can be found on www.garanteprivacy.it or you can activate your protection actions also by contacting the judicial authority. You can exercise these rights simply by contacting the data controller through the contacts indicated in this policy or on the company websites.
It is understood that the exercise of rights will be promptly assessed and guaranteed, where possible, as in certain cases, requests must be weighted in conjunction with other regulatory impositions that could limit the exercise.
It is understood that even in cases where the requests to exercise the rights cannot have been followed, the data subject shall be promptly informed of the circumstance and the reasons for it.
- Contact details of the DPO: either at the registered office of the data controller or DPO@MEXEDIA.COM
This information was prepared on _180723