Pursuant to and for the purposes of the existing legislation on the protection of personal data (the " Privacy Policy"), including Regulation (EU) 2016/679 (" GDPR ") as well as Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018 (the "Privacy Code"), Reno De Medici S.p.A., as data controller (hereinafter, "RDM" or "Data Controller"), informs users (below the "Users" or, individually, "User") of the website www.rdmgroup.com (the "Website"), which will deal with their personal data collected through said Website using the procedures and for the purposes described in this policy (the "Policy").
The terms of this Privacy Policy apply only and exclusively to the Website and not to other websites owned by the Data Controller or owned by third parties that the User may access via the links that may be contained in the Website. Should the User access to another website, he/she is advised to read the information regarding the processing of personal data applicable to said website.
The User, by browsing the Website, acknowledges having read and understood the contents of this Policy.
This category of data includes, for example, IP addresses or domain names of the computers used by Users who connect to the Website, the pages visited by Users therein, the domain names and addresses of the websites from which the User has logged in to the Website (by referral), URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in reply, the numerical code indicating the status of the response sent from the web server and other parameters related to the type of browser (e.g. Internet Explorer, Google Chrome, Firefox), operating system (e.g. Windows) and the User's computing environment.
These data are also collected by cookie technology or text and number files that are installed, whilst browsing a website, in the memory of the device (PC, smartphone or tablet) connected to the Internet via the browser application installed therein. For more information about cookies used on the Website users are advised to consult the Cookie Policy.
The terms of this Privacy Policy apply only and exclusively to the Website and not to other websites owned by the Data Controller or owned by third parties that the User may access via the links that may be contained in the Website. Should the User access to another website, he/she is advised to read the information regarding the processing of personal data applicable to said website.
The User, by browsing the Website, acknowledges having read and understood the contents of this Policy.
- Type of data processed via the Website
- Data collected implicitly whilst a User browses the Website
This category of data includes, for example, IP addresses or domain names of the computers used by Users who connect to the Website, the pages visited by Users therein, the domain names and addresses of the websites from which the User has logged in to the Website (by referral), URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in reply, the numerical code indicating the status of the response sent from the web server and other parameters related to the type of browser (e.g. Internet Explorer, Google Chrome, Firefox), operating system (e.g. Windows) and the User's computing environment.
These data are also collected by cookie technology or text and number files that are installed, whilst browsing a website, in the memory of the device (PC, smartphone or tablet) connected to the Internet via the browser application installed therein. For more information about cookies used on the Website users are advised to consult the Cookie Policy.
- Common data provided directly by the User
- Special data categories (pursuant to Article 9 of the GDPR) provided directly by the User
Generally, specific data are not processed, as defined pursuant to Article 9 of the GDPR, nor are judicial data, except for "data relating to the membership of the data subject to protected categories". These data should be conferred by the applicant User solely in the context of selection procedures aimed at covering positions reserved for disabled workers pursuant to Law no. 68/99 and subsequent amendments and additions.
Users who wish to apply either spontaneously or in response to an open position published on the Website must not, therefore, provide data of a specific category. One exception concerns data relating to the possible disability of the data subject and this is exclusively due to the subsidies from which they may benefit, where the selection is aimed at protected categories.
The User must also not provide judicial data, i.e. personal data relating to criminal convictions or offences or related safety measures, or in any case eligible for revealing an accused or investigated status pursuant to Articles 60 and 61 of the Code of Criminal Procedure.
- Legal basis and purpose of processing
- Common personal data provided by the user, be it implicitly or directly, whilst browsing the Website shall be processes, without requiring the prior consent of the User, for the following purposes:
- to enable Users to benefit from the Website services;
- to carry out the maintenance and technical assistance necessary to ensure the correct operation of the Website and the services relating thereto;
- to enable RDM to exercise its rights in court proceedings and suppress illegal activities;
- to fulfil the obligations of the law and/or regulations.
-
- The processing of personal data provided directly by Users who intend to apply spontaneously, by emailing [email protected] by accessing the "Join us" section of the Website and by filling in the online "form" that enables the acquisition of information relating to their professional experience, organised in the form of a CV, is aimed at searching for and selecting staff for the department within RDM or its associated companies and/or subsidiaries (the "RDM Group Companies").
Where, during the selection procedure or within the CV, personal data of a specific category needs to be collected, said data shall be processed exclusively following the issuance of appropriate consent by the applicant User. It should be noted that, in the event of the non-provision of consent to the processing of personal data of a specific category by the applicant User, said personal data shall be immediately deleted by RDM.
If RDM intends to use the collected personal data for any other purpose that is inconsistent with the purposes for which it was originally collected or authorised, RDM shall inform the User in advance and the user shall also be able to refuse or withdraw his/her consent.
The provision of common data provided directly by the User is optional. However, their non-provision can make it impossible for RDM to perform the application requests.
The provision of data of specific categories provided directly by the User is optional and, in any case, may be processed by RDM only with prior consent duly provided by the User. Only where the selection is aimed at protected categories, the non-provision of personal data relating to the possible disability of the data subject may make it impossible for RDM to perform the application request.
We also inform you that the User's data:
will be processed in compliance with the principles of legality, correctness and transparency; will be collected for the legitimate purposes determined above;
will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
will be kept in a form which permits the identification of the User for a period of time not greater than the achievement of the purposes and better defined in Paragraph 8 below;
will be processed in such a way as to ensure adequate security from the risk of destruction, loss, modification, disclosure or unauthorised access by means of technical and organisational security measures.
Users' data shall be processed on paper, using automated, computer or electronic tools, using organisational procedures and logic closely related to the specified purposes.
RDM uses the most appropriate technological and security measures (electronic, computer, physical, organisational and procedural) to ensure the security and confidentiality of the data processed.
If RDM intends to use the collected personal data for any other purpose that is inconsistent with the purposes for which it was originally collected or authorised, RDM shall inform the User in advance and the user shall also be able to refuse or withdraw his/her consent.
- Nature of the Provision of Data
The provision of common data provided directly by the User is optional. However, their non-provision can make it impossible for RDM to perform the application requests.
The provision of data of specific categories provided directly by the User is optional and, in any case, may be processed by RDM only with prior consent duly provided by the User. Only where the selection is aimed at protected categories, the non-provision of personal data relating to the possible disability of the data subject may make it impossible for RDM to perform the application request.
- Data processing methods
We also inform you that the User's data:
will be processed in compliance with the principles of legality, correctness and transparency; will be collected for the legitimate purposes determined above;
will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
will be kept in a form which permits the identification of the User for a period of time not greater than the achievement of the purposes and better defined in Paragraph 8 below;
will be processed in such a way as to ensure adequate security from the risk of destruction, loss, modification, disclosure or unauthorised access by means of technical and organisational security measures.
Users' data shall be processed on paper, using automated, computer or electronic tools, using organisational procedures and logic closely related to the specified purposes.
RDM uses the most appropriate technological and security measures (electronic, computer, physical, organisational and procedural) to ensure the security and confidentiality of the data processed.
The User notes, however, that said communication of personal data by means of websites presents risks related to the disclosure of such data and that no system is totally secure or tamper-proof and/or secure from intrusion by third parties.
hosting providers that offer services for hosting Website;
computer companies involved in maintaining and managing the Website;
communication agencies involved in the market research activities carried out by RDM using, anonymously, Users' browsing data;
other Companies of the RDM Group (for management, statistical and data consolidation needs).
Also, following the explicit consent given by the applicant User, RDM may disclose the personal data contained in the CV for the same pursuit of the purposes referred to above, to other RDM Group Companies, where are the latter companies are interested in applying or in having an open working position. In the latter case, the RDM Group Companies will act as autonomous Data Controllers and RDM, as Data Processor on behalf of the former.
- Data disclosure
- The personal data provided by Users by browsing the Website or by filling in the online "form" contained in the "Join us" section of the Website, or through appropriate communications sent to RDM's contact persons specified on the Website will not be distributed or made accessible to undetermined parties, in any way, even by their provision or consultation.
- RDM can instead communicate (this term meaning to give knowledge to one or more specific individuals) the User's personal data processed for the purposes referred to in Paragraph 2.1 of the Policy to: (a) supervisory and/or control bodies of RDM, (b) Judicial Authorities as well as (c) all other subjects to which the disclosure is mandatory by law for the accomplishment of the purposes such as autonomous data controllers. RDM may also entrust certain personal data processing procedures carried out for the purposes referred to in Paragraph 2.1 to third parties, duly appointed by RDM, if necessary, as Data Processors, including, by way of example and not limited to:
hosting providers that offer services for hosting Website;
computer companies involved in maintaining and managing the Website;
communication agencies involved in the market research activities carried out by RDM using, anonymously, Users' browsing data;
other Companies of the RDM Group (for management, statistical and data consolidation needs).
-
- RDM may disclose Users' personal data processed for the purposes referred to in Paragraph 2.2 of the Policy ("managing staff applications, searches and selection") to: (a) authorised individuals within RDM's structure and, specifically, employees or collaborators of the Human Resources Department [email protected], who will process the data according to the operating instructions defined by RDM, as Data Controller; (b) entities which can access the data by virtue of the provisions of the law or regulations, within the limits provided for by law; (c) individuals who need to access the data for auxiliary purposes to the relationship with the User within the limits strictly necessary to carry out the auxiliary tasks entrusted to them (e.g. companies and/or third parties which the Data Controller uses for specific consulting and data processing services), following a specific assignment letter that imposes upon such third parties the duty of confidentiality and security in the processing of personal data.
Also, following the explicit consent given by the applicant User, RDM may disclose the personal data contained in the CV for the same pursuit of the purposes referred to above, to other RDM Group Companies, where are the latter companies are interested in applying or in having an open working position. In the latter case, the RDM Group Companies will act as autonomous Data Controllers and RDM, as Data Processor on behalf of the former.
- Transfer of data outside of the EU
The User's data will not be transferred outside of the European Union.
A possible transfer of the User's personal data to non-EU countries may take place only under the terms and with the guarantees provided by the Privacy Legislation.
- Data retention period
Personal data collected and processed for the purposes referred to in Paragraph 2.2 ("Managing applications, staff search and selection"), will be retained for a period of up to twelve months from the User's registration or from the submission of their CV.
At the end of the retention period, personal data will be deleted, provided that there are no further legitimate interests of the Data Controller and/or legal obligations that require, after minimisation, their retention.
- User Rights
- the "Right of Access" and, specifically, to obtain confirmation of the existence or non-existence of personal data relating to the User and their communication in an intelligible form, as well as to obtain the following information:
- the purposes and methods for processing the User's personal data (including the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR and, at least in these cases, significant information on the logic used, as well as the importance and the expected consequences of this processing for the data subject), the categories of personal data processed, the origin of the personal data, the retention period of the personal data (if possible), or the criteria used to determine this period;
- the details of the data controller, data processors and the appointed representative pursuant to Article 5, paragraph 2; e) of the GDPR and, in general, of all the subjects or categories of subjects to whom the personal data have been or will be disclosed on Italian territory, especially if there are recipients of third countries or international organisations (and, in this case, the User also has the right to be informed of the existence of adequate safeguards pursuant to Article 46 of the GDPR relating to the transfer);
- the existence of the right of the User, as data subject, to ask the data controller for the rectification, erasure or limitation of the processing of personal data or to object to their processing;
- the right to lodge a complaint with the Italian Personal Data Protection Authority (the "Personal Data Protection Authority");
- the "Right of Rectification" i.e. the right to request the rectification or, if they had an interest, the supplementation of personal data;
- the "right to erasure" (or "right to oblivion"), i.e. the right to request the erasure, transformation into anonymous form or the blocking of data processed in breach of the law, including data that does not need to be retained in relation to the purposes for which the data were collected or subsequently processed;
- the "Right of limitation of processing" i.e. the right to obtain, from the data controller, the limitation of processing in some cases provided for under the Privacy Legislation;
- the right to request, from the data controller, an indication of recipients to whom it has notified any rectifications or erasures or limitations of processing (made in accordance with Articles 16, 17 and 18 of the GDPR, in fulfilment of the obligation of notification, except in the case where this proves impossible or involves a disproportionate effort);
- the "right to data portability" i.e. the right to receive (or transmit directly to another data controller) personal data in a structured format, of common use and readable by automatic device;
- the "Right of objection" i.e. the right to object, in whole or in part:
- to the processing of personal data carried out by the Data Controller for a legitimate interest of the latter;
- to the processing of personal data carried out by the Data Controller for the purposes of marketing or User profiling.
- Methods for exercising rights and complaining to the Italian Personal Data Protection Authority
- by sending a registered letter with return receipt to RDM's address in Milan, Viale Isonzo 25;
- by sending an email to: [email protected] and the DPO at: [email protected]
- by calling the number: +39 0289966111 (r.a.)
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the EU Supervisory Authorities are available at the following link:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Finally, if the User intends to lodge a complaint with the Control Authority competent for the Italian territory (i.e. Garante), the complaint form is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524
- Data Controller and Data Protection Officer
[email protected]
The data protection officer (the "DPO"), domiciled for the office at the registered office of Reno de Medici S.p.A., can be contacted via the following email address: [email protected] .
- Policy Updates
Last update: 4 December 2020