Candidate Information
The company BYBLOS ART HOTEL VILLA AMISTÀ SRL (VAT number 02895770234), headquartered in Corrubbio di Negarine VR at via Cedrare 78, as the DATA CONTROLLER of personal data, pursuant to Articles 4, 7, and 24 of EU Regulation 2016/679 of 27 April 2016 regarding the protection of individuals with regard to the processing of personal data (hereinafter, "Regulation"), informs you, pursuant to Articles 13 and 14 of the Regulation, that it is the controller of your data and that it will be processed manually and/or with the support of computer or telematic means.
1. DATA ORIGIN
The Data Controller will process the data of resumes voluntarily submitted via upload in the "Work with us" section of the website www.byblosarthotel.com, via email, submitted manually, or through recruiting companies (publications on portals, etc.).
2. URPOSES OF PROCESSING
a. Evaluate current or future potential applications within the company;
b. Summon the candidate for an interview for selection purposes and/or assessment for possible hiring;
c. Conduct the interview with the summoned candidate, for selection purposes and/or assessment for possible hiring.
3. LEGAL BASIS FOR PROCESSING
a. Execution of pre-contractual measures adopted at the request of the data subject (Article 6.1.b);
b. Execution of pre-contractual measures adopted at the request of the data subject (Article 6.1.b);
c. Execution of pre-contractual measures adopted at the request of the data subject (Article 6.1.b).
The processing of special categories of personal data (Article 9, paragraph 2 of EU Regulation 2016/679), based on the Provision containing prescriptions concerning the processing of special categories of data, pursuant to Article 21, paragraph 1 of Legislative Decree 10 August 2018, n. 101 [9124510], is carried out only if necessary:
a) to fulfill or demand the fulfillment of specific obligations or to perform specific tasks provided for by EU legislation, laws, regulations, or collective agreements including company agreements, pursuant to domestic law, particularly for the purpose of establishing, managing, and terminating the employment relationship (Article 88 of EU Regulation 2016/679), as well as for the recognition of benefits or the provision of contributions, the application of legislation on social security and assistance, including supplementary assistance, or on hygiene and safety at work, as well as on tax and trade union matters;
b) even outside the cases referred to in point a), in accordance with the law and for specific and legitimate purposes, for the purposes of maintaining accounts or paying salaries, checks, bonuses, other benefits, gratuities, or ancillary benefits;
c) to pursue purposes of safeguarding the life or physical integrity of the worker or a third party;
d) to assert or defend a right, even by a third party, in court, as well as in administrative proceedings or in arbitration and conciliation procedures, in cases provided for by laws, EU regulations, regulations, or collective agreements, provided that the data are processed exclusively for such purposes and for the strictly necessary period to achieve them; the processing of personal data carried out for the purpose of protecting one's own rights in legal proceedings must relate to ongoing disputes or pre-litigation situations;
e) to fulfill obligations arising from insurance contracts aimed at covering risks related to the employer's liability in matters of health and safety at work and occupational diseases or for damages caused to third parties in the exercise of work or professional activity;
f) to ensure equal opportunities in employment;
g) to pursue specific and legitimate purposes identified by the statutes of associations, organizations, federations, or confederations representing categories of employers or by collective agreements, concerning trade union assistance to employers.
4. MANDATORY AND OPTIONAL NATURE OF DATA PROVISION AND CONSEQUENCES OF FAILURE TO PROVIDE DATA
As indicated in points 1.a, 1.b, and 1.c, the provision of data is mandatory: failure to provide it will make it impossible to satisfy the data subject's application request.
5. COMMUNICATION AND DISCLOSURE OF PERSONAL DATA FOR THE PURPOSE OF PURSUING THE PRIMARY PURPOSES OF PROCESSING
Resumes will be stored at the company's headquarters and will not be disclosed to unauthorized third parties, nor will they be disseminated. The same resumes may be evaluated by employees or collaborators of the Data Controller, appointed as data processors.
6. TRANSFER OF DATA TO NON-EU COUNTRIES
Data is not transferred outside the European territory. It is understood, however, that the Data Controller, if necessary, may have the right to move the servers hosting the data to non-EU countries. In this case, the Data Controller hereby assures that the transfer of data outside the EU will be carried out in accordance with applicable law, particularly in compliance with the provisions of Chapter V (Transfer of personal data to third countries or international organizations) of the GDPR.
7. DATA RETENTION PERIOD
Resumes considered "interesting" will be kept at the company's headquarters for a period not exceeding twelve months and will be processed in full compliance with security measures; resumes deemed irrelevant and those whose retention period exceeds the specified period, without any interview proposal being made, will be deleted, destroyed, and disposed of.
8. RIGHTS OF THE DATA SUBJECT
The data subject enjoys the following rights:
a. Right to access one's personal data.
b. Right to obtain rectification or erasure of the data or restriction of processing concerning them.
c. Right to object to processing.
d. Right to data portability.
e. Right to withdraw consent (without prejudice to cases of legal obligations fulfillment, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller).
f. Right to lodge a complaint with the supervisory authority, namely the Privacy Guarantor www.garanteprivacy.it.
9. CONTACTS
To exercise one's rights and for any information, you can contact the controller at the following address: [email protected].