POLICY ON PROTECTING THE PERSONAL DATA OF CANDIDATES

1. Controller, Processors (in terms of processing personal data) and the Data Protection Officer

The Controller is Tecnosystemi S.p.A. Benefit Company (Tax Code and VAT no. 02535780247), with registered office at via dell’Industria 2/4, Vittorio Veneto, Italy, email info@tecnosystemi.com (hereinafter the “Controller” or the “Company”). The updated list of Processors, where assigned, will be provided upon request. In the event that a Data Protection Officer is appointed (pursuant to article 37 of EU Regulation 2016/679 – hereinafter the “Privacy Regulation”), their contact details will be published on the tecnosystemi.com website.

Purposes for which and the methods by which personal data is processed

Your personal data is that which you provide directly by sending your curriculum vitae unsolicited or for the purpose of applying for an open position with the Company. Furthermore, your personal data will be processed to evaluate your application, to contact you in the event that the Company wishes to arrange an interview, and to carry out any further actions necessary to fulfil the personnel selection activity aimed at either hiring you or establishing a collaboration relationship with you. Selecting candidates is done in compliance with the law on equal opportunities which imposes the prohibition on discriminating between men and women pursuant to Italian Legislative Decree no.198 of 11 April 2006 (the Italian Equal Opportunities Code), as amended and supplemented. In this case, the Controller will process your personal data in order to execute the pre-contractual measures adopted at your request which are aimed at potentially establishing an employment or a collaboration relationship with you; your consent, therefore, is not necessary. It should be noted that the Company does not require, in the registration fields or in the creation of the professional profile, any personal data to be provided which falls into the special categories of personal data, as referred to in article 9 of the Privacy Regulation. Therefore, in the event that you should provide such data or include such data in your curriculum vitae, we hereby inform you that we shall permanently delete your curriculum vitae. Processing your personal data will be done in compliance with the methods and the limits laid out by current legislation on the matter by parties specifically designated and trained in such processing pursuant to article 2-quaterdecies of the Italian Privacy Code and article 29 of the Privacy Regulation, as well as by external parties (such as, for example, personnel selection companies, external consultants who process salary and social security contribution data, etc.), who may assume the role of autonomous Controller or be appointed in writing as a Processor. In any case, the processing of personal data shall be done using manual, electronic and telematic means, using logic strictly related to the purposes for which such data was collected and in such a way as to guarantee the confidentiality and security of such personal data and in full and complete compliance with current legislation on the matter.

Your personal data will be kept by the Controller for the period of time strictly necessary in relation to the purposes laid out above, without prejudice to the need to store such data for a longer period in compliance with current law, including accounting regulations

Your personal data will be processed in Italy and, therefore, within the EU.

3. Obligatory or optional nature of providing personal data, the consequences of refusing to provide such data, and the legal basis for processing such data

With reference to the purposes described above, providing personal data is obligatory given that, without it, establishing any form of employment or collaboration relationship with a Data Subject would be impossible. The legal basis for processing this personal data is, therefore, in order to verify the possibility of establishing an employment or collaboration relationship of which the Data Subject is a party and at the request of the same (pursuant to article 6(1)(b) of the Privacy Regulation).

4. To whom and in what context can we transmit your personal data

In relation to the purposes for which processing is done, as indicated above, and strictly within the limits pertaining to the same, your personal data will or may be communicated, in Italy, or, in any case, within the EU: (i) to any party in any capacity whatsoever who is involved in the recruiting activities aimed at establishing an employment or a collaboration relationship and who has been duly appointed in writing and suitably trained in accordance with the law by the Controller in accordance with the methods provided for by company procedures; (ii) to any external consultant called upon to carry out the aforementioned activity, unless appointed in writing as a Processor.

The parties indicated above, to whom your personal data will or may be communicated (as they are not appointed in writing as Processors), will process your personal data as Controllers pursuant to current legislation, in full autonomy, being unrelated to the scope of the processing carried out by the Controller. A detailed and constantly updated list of these parties, with an indication of their respective offices, is available from the Controller’s headquarters.

Your personal data will not be disclosed.

5. Your rights as a Data Subject

Articles 15 et seq. of the Privacy Regulation give Data Subjects the right to obtain, under the conditions and within the limits established by article 2-undecies of the Italian Privacy Code and article 12 of the Privacy Regulation:

• confirmation of the existence or otherwise of the personal data concerning them, even if not yet registered, and their communication in an intelligible form;
• the indication of the origin of the personal data, the purposes and methods of processing, the logic applied in the case of processing carried out with the aid of electronic instruments, the identification details of the Controller;
• the updating, rectification, integration, erasure, transformation into anonymous form or blocking of personal data processed in violation of the law, including that data whose retention is not necessary in relation to the purposes for which the data was collected or subsequently processed, the confirmation that such operations have been brought to the attention, also with regard to their content, of those to whom the data has been communicated or disseminated, except in the case in which this proves impossible or involves a manifestly disproportionate use of means with respect to the protected right.

Data Subjects also have the right:

• to revoke at any time the consent (where given) to the processing of personal data (without prejudice to the lawfulness of the processing based on the consent given before the revocation);
• to oppose, in whole or in part, for legitimate reasons, the processing of the personal data concerning them, even if pertinent to the purpose for which it was collected;
• to oppose, in whole or in part, the processing of the personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or sales communication;
• to lodge a complaint with a Supervisory Authority in those cases envisaged by the Privacy Regulation. In Italy, the Supervisory Authority is the Italian Data Protection Authority. website www.gpdp.it - www.garanteprivacy.it Email: protocollo@gpdp.it Telephone switchboard: (+39) 06.69677.1
• to the portability of personal data within the limits envisaged in article 20 of the Privacy Regulation.

The complete form to be used to exercise any of these rights is available at bit.ly/tecnosystemigdpr and includes instructions and how to complete the form and send it to the Controller.

6. Security measures

Processing is done with the adoption of suitable technical and organisational measures to guarantee a level of security which is appropriate in relation to the risk involved, in compliance with the methods set out in articles 5 et seq. and articles 32 et seq. of the Regulation, as well as the related provisions issued by the Italian Data Protection Authority. In this regard, we confirm, among other things, the implementation of appropriate security measures aimed at preventing unauthorised access, theft, disclosure, modification or unauthorised destruction of your data.

7. Duration of the processing

The personal data being processed shall be stored for the time strictly necessary in relation to the purposes laid out above and, specifically:

• without prejudice to legal and judicial protection obligations, within a period not exceeding 12 months from the date on which a curriculum vitae is received, the same shall be deleted within 10 days from the date on which a decision is made not to proceed with the candidate’s application.