• Processing personal data privacy notice

PROCESSING PERSONAL DATA PRIVACY NOTICE

PURSUANT TO ARTICLES 12, 13 AND, WHEN NEEDED, 14 OF THE GDPR (REG. EU 679/2016)

“CANDIDATES FOR A POSITION”

4EVER YOUR FRIENDS SRLU, (hereinafter the Company) with registered office in Follonica (GR) Via del Fonditore no. 790/B pursuant to articles 4, paragraph 1, letter. c) and 24 of EU Regulation no. 2016/679 (hereinafter simply the “GDPR”) is the Data Controller of the personal data (hereinafter the “Controller”).
In compliance with the obligations set forth in art. 13 of the GDPR, the Data Controller provides this Notice which details the purposes and means of the processing of the personal data you have supplied by sending the curriculum vitae using the online form, filling in information sheets, taking aptitude tests and providing passport photos connected to the recruitment and selection of personnel aimed at establishing an employment or collaborative relationship with the Company.

It should be noted that:

– processing (pursuant to art. 4, paragraph 1, no. 2) of the GDPR) means ‘any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organisation, structuring, storage/retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, the comparison or interconnection, limitation, cancellation or destruction’;

– personal data (pursuant to art. 4, paragraph 1, no. 1) of the GDPR) means ‘any information concerning an identified or identifiable natural person (‘data subject’); an identifiable person is an individual who can be identified, directly or indirectly, through particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more factors specific to his/her physical, physiological, genetic, psychic, economic, cultural or social identity’;

– genetic data (pursuant to art. 4, paragraph 1, no. 13) of the GDPR) means ‘personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that natural person, and that result, in particular, from the analysis of a biological sample of the natural person in question’;

– biometric data (pursuant to art. 4, paragraph 1, no. 14) of the GDPR) means ‘personal data obtained from a specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person that allow or confirm the unquestionable identification of such person, for example facial image or fingerprint data’;

– health data (pursuant to Article 4, paragraph 1, no. 15) of the GDPR) means ‘personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information relating to his/her state of health’.

– personal data relating to criminal convictions and offences (pursuant to art. 10 of the GDPR).

1. Data Controller and contact details

The company 4EVER YOUR FRIEND S.R.L.U., based in FOLLONICA (GR) – 58022, VIA DEL FONDITORE, 790B (VAT no.: 01414280535) EMAIL: INFO@YFGROUP.IT, P.E.C. (certified email address) : YOURFRIENDS@CGN.LEGALMAIL.IT Tel.: 0566- 56701, (hereinafter, the “Company”) informs you that it is the Data Controller of your data.

2. Data Processor

The company intends to appoint Mr ANDREA ALBERATI as DATA PROCESSOR who is reachable at the following: tel.: + 39 0566-56701, email: AMMINISTRAZIONE@YOURFRIENDS.IT.

The updated list of external Data Processors (if appointed) can be obtained from the aforementioned office.

3. Data Protection Officer and contact details

The Company does not intend to appoint any D.P.O. as it does not process data on a large scale.

4. Source of the processed data

The personal data in the Company’s possession are collected directly from you (Data Subject) in your capacity as a candidate for a position with us in the following manner:

  • Oral, paper, electronic and/or computer means, at our registered and/or operational headquarters or at events and/or recruitment days, organised in Italy.
  • Electronic and computer means, on our website WWW.YFGROUP.IT (“Site”), in the dedicated area “Work with us”, through the relative application form.

5. Data subject to processing

In relation to the employment relationship, the Company processes or may process:

  • personal identifiable contact data (name, surname, sex, date and place of birth, C.F (Tax Code), address of residence and domicile, email address, nationality, educational qualification, telephone number; if non-EU citizens also: residence permit number, date of issue, issuing police station, expiry date and type of permit).
  • social security/national insurance number
  • hire date and employment position
  • salary information
  • tax and/or invoicing data, or other, communicated by you.
  • banking data, in particular regarding current account information, or other related to payroll and salary management.

6. The processing that the Data Controller carries out may concern “special categories of personal data” pursuant to Article 9 of the GDPR.

In relation to the employment relationship, the Company may process such data to detect for example:

  1. data related to your general health (absences due to illness, maternity, accident or mandatory disabled worker job placement), in order to fulfil legal obligations;
  1. the psycho-physical suitability or otherwise in the performance of certain tasks (as expressed by medical personnel following preventive/periodic medical examinations or requested by yourself), in order to fulfil legal obligations and legitimate interest;
  2. membership of a trade union (taking office and/or requesting deductions for trade union membership fees), because it is communicated by you of your own free will or for legitimate interest;
  3. membership of a political party or the holder of an elected public office (permits or expectations), because it is communicated by you of your own free will or for legitimate interest;
  4. religious convictions (religious holidays granted by law), because it is communicated by you of your own free will or for legitimate interest;
  5. biometric data (e.g. photos, videos), with prior consent.

The data of a “super-sensitive” nature, as defined by the Supreme Court of Appeal, concerning health, processed by the competent doctor in performing the tasks required for Legislative Decree 81/08 and other provisions concerning workplace hygiene and safety, for carrying out preventive and periodic medical checks, will be processed at the employer’s exclusively by the doctor as an independent data controller.

Only decisions involving unsuitability will be communicated by the doctor to the employer.

The special data eventually communicated by you will be processed only and exclusively if and because they were voluntarily provided and in any case because they are necessary for the fulfilment of legal obligations and/or for the legitimate interest of the Company.

Biometric data (e.g. photos, videos, audio) will be processed by the employer only with your free and explicit consent, given by signing the form at the bottom of this notice.

7. Purposes of data processing

The purposes of processing personal data, data relating to health, specific data pursuant to Art. 9 of the GDPR and personal data pursuant to art. 10 GDPR (e.g. household composition, mandatory hiring, pending charges,…), provided through the submission of a curriculum vitae, the compilation of information sheets, aptitude tests and the sending of passport photos or in any case by filling in the form on the website www.yfgorup.it section “Work with us”, are detailed below:

a) recruitment and selection of personnel for the establishment of the employment or collaborative relationship;

b) transmission to third parties for the establishment of the employment or collaborative relationship;

c) storage of the data provided;

d) candidate training;

e) transmission to the candidate of communications concerning the position by the Company,

f) creation of a candidate profile for the future identification of a position in line with your profile within the company;

In the event and only after express, free and informed consent, the Company processes special categories of data for purposes other than those listed above, as per the paragraph “Further purposes of processing” and through separate acquisition of consent at the bottom of the notice.

8. Further purposes of processing that can be pursued with consent

  • Collection of biometric data

Subject to your consent, which we will ask you for at the bottom of this notice, the Company may collect biometric data (by way of example but not limited to: photos, videos, audio) that portray you, for publication on our website and in our social media channels of the role held by you within our company or for the drafting, on paper and/or digital, of the company organisation chart or for simple purposes of image and promotion of corporate activities and of its employees.

  • Dissemination of biometric data

Always with your prior consent, the material related to you, also related to special categories of data (video and photos) or the material you may have produced (for example, video, photos, audio, drawings, papers, writings, laboratory activities) while carrying out your work for the Company may be published on its website: https://www.yfgroup.it/ and on those connected to it on social platforms (Facebook, Twitter, YouTube, Instagram, Google+, LinkedIn, as by way of example but not exhaustive); the material may be used for printed/digital publications of the company as well as on its website.

This material may be used by the Company for communication purposes and transmitted through the press, TV and internet to support articles in local and national media.

9. Legal basis for processing

The legal basis for processing is your consent, pursuant to art. 6, paragraph 1, letter a).

10. Compulsory or optional nature of data provision and consequences of any refusal to provide.

For the purposes referred to in Article 7, the provision of personal data, health data, special data pursuant to Art. 9 of the GDPR and personal data pursuant to art. 10 of the GDPR is necessary and has a mandatory nature and your refusal would result in the impossibility for the Company to carry out the personnel selection and recruitment activity.
For the purposes referred to in art. 7 letter f) consent is optional and your refusal only means the impossibility for the Company to proceed with the processing of your data for such purposes.

It is not mandatory to provide biometric data (photos, videos, etc.) and non consent will make it impossible for the Company to use the relative photographic or audiovisual material.

Similarly, non consent will make it impossible for the Company to disseminate your biometric data on its website, on its social media channels or through paper/digital publications.

11. Processing methods

The personal data processed for the purposes referred to in article 7 above are processed on paper and/or with the support of information systems by employees expressly designated by the Data Controller as authorised to process personal data and/or through third parties, according to logic strictly connected to the purposes referred to in this notice. The data are stored in electronic archives as well as in paper form, in such a way as to guarantee the security and confidentiality of the data. The processing of personal data is carried out in compliance with the principles that underpin the GDPR.

12. Place of processing

The data are currently processed and stored at the operating office, in FOLLONICA (GR) – 58022, VIA DELL’ARTIGIANATO, 745, or on servers located in Europe.

They are also processed, on behalf of the Writer, by professionals and/or companies entrusted with carrying out technical, development, management and administrative – accounting activities.

13. Recipients of personal data

Data Recipient, pursuant to art. 4, paragraph 1, no. 9) of the GDPR, means ‘the natural or legal person, the service or other body that receives personal data, whether it is a third party or not. However, public authorities that may receive communication of personal data in the context of a specific investigation in accordance with European Union or Member State law are not considered as recipients; the processing of such data by these public authorities complies with the applicable data protection rules according to the purposes of the processing’.
It should be noted that, in relation to the aforementioned purposes, the employee’s personal data may be communicated to recipients collaborating with the Controller or for the fulfilment of legal obligations.

Such recipients are bound by absolute confidentiality with regard to any information they may become aware of and the categories are reported below. a) Authorities, public administrations and supervisory and control bodies for their institutional purposes.

b) Employees and Subjects who collaborate with the Data Controller to achieve the purposes indicated above.

c) Subjects that provide services for the management of the Controller’s IT system.

d) Qualified professionals for the purpose of studying and resolution of possible legal and contractual problems.

e) Consultants, consulting firms and professional firms (including competent doctors, experts in the field of occupational safety, experts in business organisation, labour consultants, payroll companies, accountants, etc.).

f) Banks or similar organisations.

g) Health associations/bodies.

14. Dissemination and communication of data

Your personal data are not subject to disclosure or transfer.

Any communication to third parties other than the Data Controller and the Processor- internal or external to the Company – identified and appointed pursuant to articles 24 and 28 of the GDPR, is envisaged where necessary.

In any case, the processing by third parties will be carried out in compliance with the principles of correctness, proportionality and necessity, as well as in compliance with the laws in force.

15. Retention period

The data will be stored in compliance with the principle of proportionality and in any case for the period necessary for the accomplishment of the purposes referred to in art. 7 of this notice and in any case no later than 12 (twelve) months from the last contact with the Company. In any case, you have the right to ask the Company to delete your personal data at any time before the 12 (twelve) month period expires. After this period, your data will be deleted and destroyed.

Upon consent to the creation of a candidate profile, your data will be kept for 36 months in order to identify a future position in line with your profile.

16. Data security

The Company adopts adequate technical and organisational measures for data protection in order to prevent their loss, unlawful or incorrect use and unauthorised access.

17. Rights of the Data Subject

We inform you that, pursuant to art. 13, paragraph 2, letter b) of the GDPR, in relation to the processing of the personal data in object, in order to guarantee correct and transparent processing, the following rights can be exercised:

1. Right to information and access (pursuant to art. 15 of the GDPR): in order to obtain from the Data Controller information on the existence or otherwise of data processing concerning you and access to your personal data and information on the processing purposes, on the recipients or categories of recipients to whom the data is transmitted.
2. Right to rectification (pursuant to art. 16 of the GDPR), to erasure (pursuant to art. 17 of the GDPR) and to the restriction (pursuant to art. 18 of the GDPR): in order to request the Data Controller to correct and delete your personal data and restrict their processing. You have the right to object to the processing.
3. Right to portability (pursuant to art. 20 of the GDPR): in order to receive in a structured, commonly used and automatic device the personal data provided to you by the Data controller and have the right to transmit such data to another Controller, provided that this operation is technically feasible.
4. Right to object (pursuant to article 21 of the GDPR) as well as the right to complain to the Italian Data Protection Authority, using a specific complaint form, which can be downloaded from the website https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275.

To exercise the rights referred to in the aforementioned art. 13, paragraph 2, letter b) and e) of the GDPR, you can write to 4EVER YOUR FRIENDS SRLU based in Follonica (GR), Via del Fonditore 790/b, or contact the Company through the contact form on the website www.yfgroup.it or by sending an email to: privacy@yfgroup.it.

18. Right to lodge a complaint

Pursuant to Art. 13, paragraph 2, letter d) of the GDPR, you have the right to lodge a complaint to the Privacy Guarantor/Data Protection Authority, as Control Authority pursuant to art. 77 of the GDPR, if it is deemed that the processing of data is carried out in violation of the provisions of the European Regulation on the protection of personal data (GDPR).

19. Consent

Pursuant to articles 6 and 7 of the GDPR, consent to the processing of personal data is necessary, for the purpose referred to in Article 7 above.
The consent can be withdrawn at any time by contacting the Company using the contact form on the website www.yfgroup.it or by sending an email to: privacy@yfgroup.it. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to withdrawal.

When sending your application through our website, we invite you to give your consent at the bottom of the data entry form and CV in the “Work with us” section of the website in the corresponding separate boxes.

20. Data concerning minors

The Company may process data concerning minors aged 16 or over, limited to what is indicated in article 7 “Purposes of processing”, collected directly from you (data subject) as a candidate for a position and/or collaboration with us.

With regard to consent, as required by art. 8 GDPR and the opinions of the Data Protection Authority, even though registration to information society services is admissible through the personal consent of the minor who has reached 16 years of age, the Company with respect to the principle of confidentiality and the rights of the Data Subject, requires the consent of the minor and, where possible, encourages consent given by one or both persons with parental responsibility, even if not necessary.

21. Profiling

Always with your prior consent, the personal data you provide may be entered and stored, in accordance with your right to limit and prevent their use and storage at any time, through archiving and creating an employee profile on company management software (cloud CRM).

In particular, by giving your consent, the personal data and the CV you have sent to us can be used to create a “candidate profile” and stored for a period of more than 12 months and, more precisely, for 36 months (3 years).

This is in order for the three years following the sending to identify a position within our company in line with your profile and with the requests of our clients.

In the event of non-consent, no candidate profile will be created and your data will be deleted 12 months after archiving.

22. Data transfer to non-EU countries

Your data will not be disseminated and will not be transferred to countries outside the EU or to international organisations.

23. Security measures

The company adopts adequate technical and organisational security measures to protect your personal data from accidental or unlawful destruction, loss, modification, unauthorised disclosure or access.

These measures may include, depending on the nature of the processing, for example the encryption of your personal data, redundancy and back-up, regular security tests, updating of the regulatory documentation.

Your Friends Group

Via dell'Artigianato, 745 – 58022 Follonica (GR)
tel: +39 0566 56701
mail: info@yfgroup.it

Download the app

A sostegno di

Privacy Policy Cookie Policy