Data Controller

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”), this information notice is provided, within the context of personnel selection and recruitment procedures, by Tamini Trasformatori S.r.l., with registered office in Legnano, Viale Cadorna no. 56/A – 20056 Legnano, acting as the data controller of your personal data (“Data Controller”).

Data Protection Officer

The Data Controller has appointed a Data Protection Officer (hereinafter “DPO”), who is available to provide any information regarding the processing of your personal data and the exercise of your rights as a data subject. The DPO can be contacted at following email address: dpo@tamini.it.

Categories of personal data processed

The data processed by the Data Controller may include:

1) Common data, such as, by way of example and not limited to, personal and identification data (e.g. name, surname, date of birth, address, image, gender, tax code, etc.), contact details (e.g. landline and/or mobile phone number, email address, etc.), employment and professional data (e.g. information on previous work experience), data relating to your education (e.g. qualifications obtained, training courses attended, etc.), as well as any other information contained in the curriculum vitae you submitted or in the form completed on the Data Controller’s website;

2) Special categories of data, where applicable and within the limits permitted by applicable law, pursuant to Article 9(1) GDPR, specifically data concerning your health (e.g. belonging to so-called protected categories).

The above-mentioned personal data are hereinafter collectively referred to as “personal data”. Please note that if your curriculum vitae contains special categories of data under Article 9(1) GDPR which the Data Controller is not required to process for compliance with legal obligations and which are not relevant to the pursued purposes, the Data Controller will refrain from processing such data in accordance with the provisions concerning the processing of special categories of data in employment relationships (General Authorisation no. 1/2016), attached to the measure issued pursuant to Article 21(1) of Legislative Decree no. 101/2018 and published on 5 June 2019 by the Italian Data Protection Authority. For this reason, unless strictly necessary, you are requested not to provide such information.

In any case, the Data Controller complies with Article 8 of Law no. 300/1970 (“Workers’ Statute”) and undertakes not to carry out any investigation, including through third parties, into political, religious or trade union opinions of the worker, or any other fact not relevant for assessing the candidate’s professional aptitude.

The Data Controller also guarantees compliance with Legislative Decree no. 125/1991 to ensure non-discrimination between genders during the selection process.

You may also voluntarily provide the Data Controller, within the above procedure, with personal data relating to third parties. In such cases, you act as an independent data controller, assuming all legal obligations and liabilities. In this regard, you fully indemnify the Data Controller against any claims, demands or requests for compensation arising from the unlawful processing of personal data of third parties transmitted by you in breach of applicable data protection laws. In any event, should you provide or otherwise process personal data of third parties, you hereby guarantee – assuming full responsibility – that such processing is based on an appropriate legal basis.

Source of personal data

Your personal data are generally collected directly from you, as they are provided through submission of your curriculum vitae and/or completion of the form available on the website https://www.tamini.it, as well as through any other channel available to you and during subsequent interviews and interactions with the Data Controller.

However, in certain cases, the Data Controller may also collect your personal data from third parties, including:

– companies entrusted with personnel selection activities (e.g. head-hunting firms);

– publicly available sources, such as social networks and other platforms facilitating job matching (e.g. LinkedIn profiles), newspapers, trade journals, scientific publications, or other publicly available materials.

Purposes and legal basis of the processing of personal data

Your personal data will be processed for the following purposes:

a) to assess the consistency of your profile with any open job positions and, more generally, for the management of personnel selection procedures, as well as to contact you in order to schedule and manage any interviews that may be necessary, including interactive or group interviews (“Purpose of managing your application”). The relevant legal basis for the processing lies in Articles 6(1)(b) and 9(2)(b) of the GDPR and Articles 2-sexies, paragraph 3, letter dd) and 111-bis of Legislative Decree no. 196/2003 (“Privacy Code”);

b) to comply with any legal obligations to which the Data Controller is subject (“Compliance purposes”). The relevant legal basis for the processing lies in Articles 6(1)(c) and 9(2)(b) and (g) of the GDPR and Article 2-sexies, paragraph 3, letter dd) of the Privacy Code;

c) to pursue defence purposes in judicial as well as out-of-court proceedings and in the stages preceding litigation (“Defence purposes”). The relevant legal basis for the processing lies in Articles 6(1)(f) and 9(2)(f) of the GDPR.

Data retention

Your personal data will be retained only for the time necessary to achieve the purposes for which they were collected, in compliance with the principles of data minimisation and storage limitation pursuant to Article 5(1)(c) and (e) GDPR.

In particular, for the purpose of managing your application, your personal data will be retained for a maximum period of 24 months from their provision or from your last update of your profile and/or application in the Data Controller’s database. After this period, your data will be permanently deleted.

The Data Controller may retain your data for a longer period where necessary to comply with legal obligations or to establish, exercise or defend legal claims.

Recipients of personal data

Your data may be shared with:

1. personnel authorised to process data pursuant to Article 29 GDPR and Article 2-quaterdecies of the Privacy Code;

2. entities acting as data processors pursuant to Article 28 GDPR;

3. entities, bodies or authorities acting as independent data controllers to whom disclosure is mandatory under law or by order of authorities (compliance purposes).

An updated list of data processors is available from the Data Controller and may be requested using the contact details provided above..

Transfers of personal data outside the EU

With regard to any future transfer of your personal data to third countries outside the European Economic Area (EEA) or to international organisations, the Data Controller informs you that such processing will be carried out in compliance with applicable law and in accordance with one of the mechanisms provided under Articles 44-49 GDPR, such as data subject consent, Standard Contractual Clauses approved by the European Commission, or adherence to international data transfer frameworks.

Further information is available from the Data Controller or the DPO.

Methods of processing

Your personal data may be processed using both manual and electronic or telematic means, always under appropriate technical and organisational measures to ensure their security and confidentiality, in particular to minimise risks of destruction, loss (including accidental), unauthorised access, or unlawful or non-compliant processing.

Your privacy rights

As a data subject, you may at any time exercise the following rights: