INFORMATION PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 2016/679 (GDPR)
This information is prepared, pursuant to Articles 13 and 14 of EU REGULATION 2016/679 (GDPR), by the Data Controller in relation to the personal data provided by users of the website www.quadraresearch.it (“the Website”) when using the services available on its pages.
The data controller of personal data is Quadra Research S.r.l., with registered office in Udine, Viale Giovanni Paolo II 3, T.C./VAT NO. 02786400305. You can contact the data controller by telephone (0432.486407), fax (0432.487229), email firstname.lastname@example.org.
PURPOSE OF PROCESSING
The Controller will process the personal data provided by the Data Subjects for the following purposes:
1) to allow the data subjects to be included in the professional database that the Controller uses for its recruiting activities;
2) to respond to announcements of so-called “open positions”, i.e. announcements of job positions already present on the site. Also, in this case, the data will be entered in the Data Controller’s database for future and further recruiting activities, compatible with the data subject’s profile;
3) to assert or defend a right, also by a third party, in judicial proceedings, as well as in administrative proceedings or in arbitration and conciliation procedures;
4) in fulfilment of obligations arising from legal regulations.
LEGAL BASIS FOR PROCESSING
1. Consent to processing by the data subject: purposes 1, 2;
2. to ascertain, exercise or defend a right in court: purpose no. 3;
3. performance of a legal obligation to which the Controller is subject: purpose no. 4.
CATEGORIES OF PERSONAL DATA
In relation to the purposes set out above, the processing may concern the following categories of personal data:
– personal and contact data;
– data relating to the job position sought;
– data relating to past work experience and other information contained in the curriculum vitae.
Please note that, in view of the processing purposes illustrated above, the provision of data is compulsory and the failure to provide such data, in part or in full, may make it impossible for the Controller to provide the services requested.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Only persons authorised to process personal data and subjects who, by processing data on behalf of the Controller, have been identified as Data Processors may access the data. These subjects are also bound to secrecy and confidentiality based on specific internal regulations. In particular, your personal data may be accessed by the System Administrators who take care of the management and maintenance of the Company’s computer system: for further information, please contact the Data Controller at the addresses indicated above.
The personal data provided by the Data Subject, for purposes 1) and 2), may be brought to the attention of the following parties:
– companies looking for qualified personnel compatible with the profile of the Data Subject. The latter will be contacted and the identity of the company will be indicated to him/her; only if he/she gives his/her specific consent will the Data Controller communicate his/her data to the company;
– public and/or private individuals and/or legal entities (legal, administrative and tax consultancy firms), if the communication is necessary or functional to the proper fulfilment of contractual obligations undertaken in relation to the services provided through the Site, as well as obligations arising from the law;
– subjects (including Public Authorities) who have access to the data by virtue of regulatory or administrative measures.
Such communications of personal data are necessary because they are made on the basis of a legal or contractual obligation, or a necessary requirement for the conclusion of a contract or, finally, for the pursuit of a legitimate interest.
Personal data provided by Data Subjects are not subject to dissemination.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The transfer of personal data to a third country (non-EU) or an international organisation, shall take place in accordance with the conditions set out in Chapter V of the GDPR and in particular:
– article 45 Transfer on the basis of an adequacy decision;
– article 46 Transfer subject to adequate safeguards;
– article 47 Binding Corporate Rules.
In the event that these rules cannot be applied, the transfer will be carried out in accordance with the provisions of Article 49.
Quadra Research may use IT services based on cloud technologies: in this case, the Data Controller ensures that the processing will be carried out in compliance with the above articles.
In the event that it is necessary to transfer personal data to third countries, a specific notice will be provided.
DATA RETENTION CRITERIA
As regards the retention of the data processed under the terms indicated above, given that under the principles of necessity, relevance and non-excessiveness, the retention periods of the different types of personal data that may be processed must be identified, taking into account each of the purposes concretely pursued, please note that:
– data processed for personnel selection purposes may be stored for approximately five years;
– data processed for accounting and/or tax purposes, or contained in records and/or documents referred to in Article 2220 of the Italian Civil Code, will be retained for the period laid down by law.
RIGHTS OF THE DATA SUBJECT
The data subject has the right to request the following:
• access to personal data and information (art. 15 of the GDPR);
• rectification or erasure of the same (Articles 16 and 17 of the GDPR);
• restriction of the processing of personal data (art. 18 of the GDPR).
In addition, the Data Subject may:
• object to the processing of personal data under the conditions and within the limits set out in Article 21 of the GDPR;
• exercise the right to data portability (art. 20 GDPR).
With regard to processing operations based on consent (pursuant to Articles 6(1)(a) and 9(2)(a) of the GDPR), the Data Subject has the right to withdraw such consent at any time (without affecting the lawfulness of the processing based on the consent given prior to the revocation).
Finally, if he/she considers that the processing of his/her personal data violates the GDPR, the Data Subject has the right to lodge a complaint with a supervisory authority (Data Protection Authority or other authority that may be competent) pursuant to Article 77 et seq. of the GDPR.