Aller au contenu principal Sélectionner la langue

Privacy notice for recruitment candidates under articles 13 and 14 of the gdpr

(Regulation (eu) 2016/679)

About us

Ferretti SpA, with registered office at Via Irma Bandiera 62, 47841 Cattolica (RN), Italy (Data Controller), is responsible in its capacity as data controller for keeping your personal data confidential and protecting it from any potential data breach.
The Data Controller has appointed a Data Protection Officer (DPO), whom you can contact with any queries about our data protection policies and practices (email dpo@ferrettigroup.com).

The types of personal data we process

Your personal data is processed mainly through your registering on the Data Controller’s job application portal. The Data Controller collects and processes personal data about you, such as your portal login details (username and password), basic personal details (forename, surname, date and place of birth, gender, residence, tax code), contact details (email, telephone number), details of your current and previous positions and employment conditions, your training, educational qualifications, professional skills and teamwork abilities, a photograph, and any other details you include in your CV (Data).
There are some special categories of data that the Data Controller is permitted to process only when one of the conditions under GDPR Article 9.2 applies. Specifically, that means Data about your health or protected-category status that may be in your CV or any other documentation sent to Ferretti Group companies (Special Categories of Data). If those circumstances or conditions do not apply, any Special Categories of Data will be disregarded and immediately deleted.
We obtain the Data either directly from you or via third parties. (For example, basic personal details, contact details and information about your application may be obtained from social media, recruitment companies and/or databases.)
The Data and Special Categories of Data are collectively termed Personal Data.

For what purposes does the Data Controller collect and process your Personal Data?

A)

For candidate search and selection and all other related or supporting purposes, including for future recruitments, mainly through the Data Controller’s portal, accessed via username and password credentials.
Lawful basis: to enact pre-contractual measures adopted at your request under GDPR Article 6.1(b).
How long we keep your Data: throughout the recruitment process and for up to 2 years after your last application, subject to your right to have your Data deleted and/or your account deactivated at any time.

B)

To disclose the Data to Ferretti Group companies for search and selection purposes in connection with ongoing or future applications at Ferretti Group.
Lawful basis: the Data Controller’s legitimate interest under GDPR Article 6.1(f).
How long we keep your Data: for up to 2 years, unless you object.

C)

To disclose the Data to Ferretti Group companies outside the European Union (EU) for search and selection purposes in connection with ongoing or future applications at Ferretti Group.
Lawful basis: your consent under GDPR Article 6.1(a).
How long we keep your Data: for up to 2 years or until you withdraw your consent.

D)

To fulfil obligations or exercise rights under national or EU employment, social-security or social-protection law, under collective employment contracts, or under rulings from competent authorities or supervisory bodies. This includes, for example, processing Data for the purpose of ensuring equal opportunities for jobseekers with disabilities, as required by law.
Lawful basis: to meet the Data Controller’s legal obligations.
We shall process the Special Categories of Data to pursue your or the Data Controller’s obligations and rights under employment, social-security and social-protection law, in accordance with GDPR Article 9.2(b).
How long we keep your Data: throughout the recruitment process and for up to 2 years after your last application, subject to your right to have your Data deleted and/or your account deactivated at any time.

E)

To verify the accuracy of the Data provided, using publicly available information (including professional social-media accounts, databases and online registers).
For example, the processing may be limited to the professional information needed for the sole purpose of assessing the specific risks in the type of work that candidates would have to do. This processing would be performed as unintrusively as possible, taking all necessary steps to balance the employer’s legitimate interest and candidates’ fundamental freedoms.
Lawful basis: the Data Controller’s legitimate interest under GDPR Article 6.1(f) in assessing applications fully and properly.
How long we keep your Data: throughout the recruitment process and for up to 2 years after your last application, subject to your right to object.

F)

To establish, exercise or defend the Data Controller’s rights in case of complaints and/or judicial and/or out-of-court settlements, where necessary.
Lawful basis: the Data Controller’s legitimate interest under GDPR Article 6.1(f).
We shall process Special Categories of Data under GDPR Article 9.2(f).
How long we keep your Data: throughout the complaint process and/or the judicial and/or out-of-court procedures until the legal safeguards and/or remedies have been exhausted.

After that, the Data will be destroyed or anonymised, in line with our technical procedures for data deletion and backup.

Providing your Data

You are obliged to provide your Personal Data for recruitment search and selection purposes and for compliance with equal opportunities legislation protecting jobseekers with disabilities. If you do not provide your Personal Data, then Ferretti Group will be unable to process your application or consider you for the position in which you were interested.

You are not obliged to provide your Data for purpose C). If you do not provide your Personal Data, then the recruitment process in Europe is not affected, but your Data cannot be sent to Ferretti Group companies outside the EEA, so you will not be considered for any positions at those companies.

Who can receive your Data

Personal Data may be sent to independent data controllers and/or processed by processors appointed under GDPR Article 28 for purposes that may include compliance with legal obligations. These processors may include, for example, providers of website operation/maintenance or candidate assessment/selection/recruitment services.

Authorised processors

Personal Data may be processed by employees of the company bodies responsible for the above purposes, who have been expressly authorised and suitably trained to process Data under GDPR Article 29 and Article 2-quaterdecies of Legislative Decree no. 196/03, as amended by Legislative Decree no. 101/2018.

Sending Personal Data to non-EU countries

The Data Controller does not transfer Personal Data to countries outside the EU, unless you have consented to apply to Group companies outside Europe (e.g. in America). The Data may then also be sent to countries without an adequacy decision under GDPR Article 45.3 or adequate safeguards under GDPR Article 46; therefore your consent is requested under GDPR Article 49.

If you apply to a Group company outside Europe, your Personal Data must be sent there in order for your application to be considered.

Your rights – complaining to the supervisory authority

You may ask the Data Controller for access to your Personal Data, to correct or delete it, to add to it if incomplete, to restrict processing of it in the circumstances set out in GDPR Article 18, and to object to processing in the Data Controller’s legitimate interest.

The right to restrict processing means temporarily restricting the Data processing to retention only, in the following cases under GDPR Article 18:

 

a) if you dispute the accuracy of your Personal Data, to provide time for the Data Controller to check it for accuracy;

 

b) if the processing is unlawful and you object to your Data being deleted but request that its use be restricted;

 

c) if the Data Controller no longer needs the Data, but you still need it to establish, exercise or defend your legal rights;

 

d) if you have objected to processing under GDPR Article 21.1, pending verification of whether the Data Controller’s legitimate grounds override your own.

Where processing is automated and based on consent or a contract, you may also exercise your right to data portability – i.e. to receive your Personal Data in a structured, commonly used, machine-readable format – and, if technically feasible, to send it to another data controller without hindrance.

You are free to withdraw your consent at any time.

You may exercise all your rights by writing to dpo@ferrettigroup.com.

You may complain to the data protection authority at any time and use any other legal safeguard open to you.