INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

 

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR – General Data Protection Regulation) and the applicable Italian laws

Tecnolife IT Consulting S.r.l. as the Data Controller, hereby informs you, in accordance with the provisions of EU Regulation 2016/679 and the international, European, and Italian laws regarding the processing of personal data, about the processing of personal data carried out in the context of recruitment and selection activities related to the evaluation of your job application submitted voluntarily via the website.

This information notice is provided pursuant to Articles 13 and 14 of EU Regulation 679/2016 and the applicable international, European, and Italian laws concerning the processing of personal data.

Data Controller

The Data Controller is Tecnolife IT Consulting S.r.l. with its registered office at Via Del Serafico, 200 – 00142 Rome, Tax Code and VAT number 11747341003.

Data Protection Officer

Tecnolife IT Consulting S.r.l. has appointed a Data Protection Officer (DPO) in compliance with Article 37 of GDPR 2016/679, who can be contacted by writing to the email address: dpo@tecnolife.com.

Categories of Personal Data Processed

For the purposes outlined in point 4, the following categories of data may be processed:

  • Personal details, contact information, tax code, education, and professional experience present in the CV, cover letters, or other materials (e.g., portfolio), such as photographs or video recordings;
  • Other information collected by the recruiter, related to the outcome of the interview or obtained through searches in public databases (e.g., social networks, such as LinkedIn) and deemed useful for defining the professional profile;
  • Data related to health status and membership in protected categories;
  • Data related to trade union and associative memberships, union activities or duties, public office functions, or management of union or political membership fees;
  • Data related to racial and ethnic origin, religious or philosophical beliefs, or membership in religious or philosophical organizations.

No further “special categories” of personal data will be sought, collected, or processed beyond those voluntarily included in the CV, and the provision of data not necessary for possible employment (e.g., participation in political, union, philosophical, or religious volunteer organizations) is optional, with the legal basis being the explicit consent of the data subject. It is understood that if you send data to the Data Controller that exceeds what is necessary for merely evaluating your candidacy or you have not given consent for additional special categories of data, such data will be deleted. Your data is collected directly from you via the submission of the CV or obtained through public databases as specified above or during the selection phase, such as through an interview.

Purposes of the Processing and Legal Basis for the Processing

Purpose of the ProcessingLegal Basis for the Processing
Spontaneous application for a job positionArt. 6 par. 1 lett. b) GDPR – the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at their request related to the possible establishment of an employment relationship
CV evaluation
Interview
Consultation of the candidate’s professional profile in relation to the characteristics in the CV or gathered during subsequent stages, such as during an interview or through public databases, for possible future needs of the Data ControllerArt. 6, par. 1 lett. f) GDPR – legitimate interest of the Data Controller
Compliance with legal obligations or provisions issued by authorities legally authorized to do so, and supervisory bodiesArt. 6 par. 1 lett. c) GDPR – the processing is necessary for compliance with a legal obligation to which the Data Controller is subject

The provision of personal data for the purposes described in point 4 is mandatory, and failure to provide, partial provision, or incorrect provision of such data may result in the impossibility of fulfilling any obligation arising from the employment contract.

Also, regarding the special categories of personal data, it is specified that the provision of such data is at this stage entirely optional (there may be at most information related to employment suitability – EU Reg. No. 2016/679, Art. 9.2, lett. b) and in compliance with the provisions of the Privacy Guarantor on the processing of “special categories” of data, pursuant to Art. 21, paragraph 1 of Legislative Decree No. 101 of August 10, 2018, as amended by the June 5, 2019 ruling). In this regard, it is specified that the provision of personal data, belonging to additional special categories voluntarily included in the CV (e.g., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data, or data related to sexual life or sexual orientation), is optional, and without your consent (EU Reg. No. 2016/679, Art. 9.2, lett. a), these data will be deleted without compromising the evaluation of the CV by the designated and authorized subjects of the Data Controller.

Methods of Processing

The collection and processing of personal data is carried out with the aid of paper, electronic, IT, or web-based means managed using tools that ensure security and confidentiality and will include any operation or set of operations necessary for the processing itself. Personal data will be processed for the time necessary to achieve the purposes for which they were collected.

The data will be collected and processed exclusively by authorized personnel who are bound by confidentiality obligations and are currently stored at the Data Controller’s office. All data processing operations are carried out in a manner that ensures the integrity, confidentiality, and availability of the data.

Recipients of Personal Data

For the pursuit of the purposes outlined in point 4, the Data Controller may communicate the users’ personal data to third parties belonging to the following categories of recipients:

  • Police forces, armed forces, and other public administrations, for the fulfillment of legal obligations, regulations, or EU legislation;
  • Public and/or private entities, individuals, and/or legal entities (e.g., insurance companies, experts, judicial offices, chambers of commerce, labor offices), when communication is necessary or functional to the proper fulfillment of contractual obligations, as well as legal obligations;
  • Companies, consultants, or professionals who may be entrusted with the installation, maintenance, updating, and general management of IT and telematic systems;
  • Companies, consultants, or professionals who may be entrusted with the provision of services for the Data Controller.

The Data Controller ensures that the communication of users’ personal data to the above recipients concerns only the data necessary to achieve the specific purposes for which they are intended. Regarding the data communicated to them, the recipients belonging to the categories listed above may operate, depending on the case, as data processors (and in such cases will receive appropriate instructions from the Data Controller) or as independent data controllers.

Data Transfer Outside the EU

The Data Controller is committed to limiting the scope of circulation and processing of personal data (e.g., storage, archiving, data retention on its servers) to the countries of the European Union, with an express prohibition on transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or in the absence of safeguard tools provided by EU Regulation 2016/679 – Chapter V (adequacy decision, Standard Contractual Clauses, Binding Corporate Rules, or explicit consent from the data subject).

Data Retention Period

Personal data will be stored in the Data Controller’s electronic archives and protected by appropriate security measures for the time necessary to achieve the purposes outlined in paragraph 4 and for the period permitted by Italian law to protect the interests of the Data Controller. They will then be deleted. Personal data may be retained for a subsequent period in the event of legal disputes, requests from competent authorities, or under applicable laws.

Rights of the Data Subject

The user may freely exercise the rights under Articles 15 to 22 of GDPR 2016/679, namely:

  • Right of access: the data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to access the personal data, the source of such data, the purposes, the processing methods, the recipients to whom the data will be communicated, and the logic applied when processing is carried out using electronic tools;
  • Right to rectification: the data subject has the right to obtain without undue delay the rectification of inaccurate personal data concerning them;
  • Right to erasure: the data subject has the right to obtain the erasure or anonymization of personal data concerning them (under specific conditions outlined in Article 17 of the Regulation);
  • Right to restriction: the data subject has the right to restrict the processing of their personal data (under specific conditions outlined in Article 18 of the Regulation);
  • Right to notification of rectification/erasure/restriction: the Data Controller is required to notify each recipient to whom the personal data have been communicated of any rectification, erasure, or restriction of processing carried out under Articles 16, 17, and 18, unless this proves impossible or involves a disproportionate effort;
  • Right to data portability: the data subject has the right to receive in a structured, commonly used, and machine-readable format the personal data concerning them. In exercising their rights related to data portability, the data subject has the right to have their personal data transmitted directly from one data controller to another, if technically feasible;
  • Right to object: the data subject has the right to object to the processing (under specific conditions outlined in Article 21 of the Regulation), and the Data Controller must cease processing unless specific conditions are met under Article 21;
  • Right not to be subject to decisions based solely on automated processing: the data subject has the right not to be subjected to decisions based solely on automated processing, including profiling, that produce legal effects concerning them or similarly significantly affect them.

As per Article 7 of the Regulation, the data subject also has the right to withdraw consent at any time without affecting the lawfulness of the processing of personal data carried out by the Data Controller prior to such withdrawal.

To exercise your rights, you can contact Tecnolife at Via del Serafico, 200 – 00142, Rome, by writing to the email address: dpo@tencolife.com

Updates and Revision of this Information Notice

The possible entry into force of new applicable regulations, as well as the ongoing examination of new needs, may require changes to the methods of processing personal data.

In such cases, the Data Controller reserves the right to partially or completely modify this notice.

This notice is provided in its most recent version, revision 2 of 16/01/2025.