Disclosure for recruitment candidates with regards to personal data processing pursuant to art.s 13 and 14 of EU regulation no. 2016/679

Pursuant to the Art.s 13 and 14 of EU Regulation No. 2016/679 (hereinafter, “GDPR”), We inform you that the processing of personal data provided by you (hereinafter “Data”) shall be carried out through methods and procedures aimed at ensuring that the processing of Data itself is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular attention to confidentiality and security, personal identity and the right to personal data protection.

1.     Controller and data processing subject

Data Controller: N&TS GROUP Networks & Transactional Systems Group S.p.A., with operative headquarters located in Milanofiori Strada 4 Palazzo A5 – 20057 Assago (MI) Italia.

Contact info: Phone no. +39 02 822765.1 – E-mail legal@netsgroup.com

DPO: Frareg S.r.l. – Viale Jenner 38 – 20158 Milano (MI) Italia.

Contact info: Phone no. +39 02 69010030 – E-mail dpo@frareg.com

The Data processed by N&TS GROUP Networks & Transactional Systems Group S.p.A. (hereinafter “N&TS GROUP”) as Data Controller, are voluntarily provided by the candidate on the occasion of the submission of their curriculum vitae, on the occasion of contact via social networks and the company’s website, and/or during the evaluation interviews carried out by N&TS GROUP or acquired through consultation of personnel selection companies, labour administration companies, social networks, or public recruiting portals (linkedin, infojobs, monster, etc.) and refer to:

  • Identification data: name, last name, address, place and date of birth, gender, ID number, Fiscal Code;
  • Contact details: telephone number, e-mail address, CEM;
  • Information related to the candidate’s educational path;
  • Information related to the candidate’s professional path;
  • Information related to remuneration;
  • Specific categories of data: the Data Processing Subject’s belonging to protected categories.

2.     Purpose and legal processing basis

The data subject to processing is collected and used exclusively for the assessment of the candidate’s suitability for a job position.

The legal basis of the processing in relation to this purpose is represented by art. 6, paragraph 1, letter f) of the GDPR (“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”).

3.     Nature of the provision of data and consequences of refusal to respond

The provision of data for the purposes referred to in point 2 is not subject to consent and is mandatory. In their absence, it will not be possible to proceed with the assessment process for the aforementioned job position.

4.     Processing methods

The Data you provide will be processed through the following methods:

  • collection of Data from the data subject, through the submitting of a spontaneous application;
  • collection of Data from the data subject, through contact via selection announcements or the company’s website or social networks;
  • data collection via the person concerned during the evaluation interview;
  • Data collection through consultation of personnel selection companies, employment administration companies, social networks, or public recruitment portals (linkedn, infojob, monster, etc.).

The Data processing shall be carried out by means of suitable tools to guarantee its confidentiality, integrity, and availability.

The processing is carried out on paper and through information and/or automated systems.

5.     Data Retention Timeframe

The Data processed will be stored for a period of time appropriate for the performance of the evaluation activities and any recruitment and in any case not exceeding a one-year period.

6.     Processing recipients

To the extent relevant for the previously indicated processing purposes, the Data may be communicated and/or made accessible to:

  • Training institutions and personnel selection companies;
  • Labour, tax, and legal consultants;
  • Training funding bodies;
  • Personnel administration companies;
  • Managers of websites and web portals for the searching and selection of personnel.

7.     Data transfer

The management and storage of Data will take place within the European Union under the responsibility of the Data Controller and/or third parties appointed and duly designated as Data Processors.

Data may be transferred to third countries in compliance with the provisions of Chapter V of the GDPR.

8.     Rights of the data subject

According to the provisions of the GDPR, the data subject has the following rights in relation to the Data Controller:

  • to obtain confirmation that personal data concerning them are being processed or not and, if so, obtain access to such personal data (Right of access Art. 15 GDPR);
  • to obtain the rectification of inaccurate personal data concerning them without undue delay (Right of rectification Art. 16 GDPR);
  • to obtain the cancellation of personal data concerning them without undue delay and the Data Controller is obliged to delete personal data without undue delay, if certain conditions are met (Right to be forgotten Art. 17 GDPR);
  • to obtain restriction of processing in certain cases (right to restriction of processing Art. 18 GDPR);
  • to receive in a structured, commonly used and machine-readable format the provided personal data concerning them and has the right to transmit such data to another Data Controller, without hindrance by the Data Controller to whom they have provided such data, in certain cases (Right to data portability Art. 20 GDPR);
  • to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them (Right of opposition Art. 21 GDPR);
  • to receive, without undue delay, communication of the personal data breach suffered by the Data Controller (Art. 34 GDPR);
  • to revoke their express consent at any time (Conditions for consent Art. 7 GDPR).

Where applicable, the data subject may exercise the above rights, including via simple e-mail to the Data Controller. The Data Controller reserves the right to verify the identity of the data subject before taking action on the basis of their request.

The interested party also has the right to submit a complaint to the Guarantor Authority, through the contact methods defined by it.

9.     Changes to the Policy

The Data Controller reserves the right to change this Information periodically. In the event of substantial changes, the Data Controller will also communicate the changes by e-mail.

Latest update dated: 07-09-2023