POLICY FOR THE PROCESSING OF PERSONAL DATA OF APPLICANTS
pursuant to Article 13 of Regulation (EU) 2016/679
Pentax SpA hereby informs you that your personal data will be processed in accordance with the Regulation and with the policy set out below.
The Data Controller is Pentax Industries SpA, in the person of its pro tempore legal representative, with registered offices in Viale dell’Industria 1 — 37040 Veronella (VR) Italy. Telephone: +39 0442489500 Fax: +39 0442489510 Email: firstname.lastname@example.org
Purpose of the processing
The processing may concern your personal data as follows: name and surname, date, nationality, domicile, telephone number, email address, and any other information shown on your CV (including photos).
We advise you that your CV may contain special categories of personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation). The processing of such data does not require your explicit consent under Article 9, paragraph 2, letters b, e and h of the Regulation.
Your data will be processed through the use of computer and manual tools (paper documentation) and will be protected with appropriate security measures that guarantee its confidentiality and integrity.
We adopt strict security procedures for the storage and disclosure of personal data and to protect it against accidental loss, destruction or damage.
We may disclose your information to the third parties referred to in the “Data Recipients” paragraph for the purposes stated in this Policy. We require all third parties to take appropriate technical and operational security measures to protect personal data, in line with EU data protection legislation.
Purposes and legal basis of the processing
We will process your personal data for:
- purposes related to the handling of the application within our company and associated companies. This may include: entering your data into our database; requesting references from your previous employers (as stated in your CV and on condition that there is no ongoing work relationship with them); collecting data concerning you from other sources, such as Linkedin; sending you questionnaires (concerning, for example, language skills or technical material), subsequent to your accessing the personal area of our website.
- We may also process your data in order to: comply with legal requirements or to exercise statutory rights relating to employment, social security and social protection laws; or to establish, exercise or defend rights in a court case. The processing for these purposes does not require your consent, in accordance with Article 6, paragraph 1 letter c) and Article 9, paragraph 2, letters b) and f) of the Regulation.
- Again, without your consent, we may use your personal data where this is necessary for the pursuit of our legitimate interests pursuant to and under the conditions of Article 6, paragraph 1 letter f) of the Regulation.
Provision of data and consequences in the case of non-provision
The provision of data for the purposes mentioned in the preceding paragraph is not mandatory, but the absence thereof in connection with the purposes referred to in paragraph 5, letter a) will prevent us from establishing a relationship with you.
Scope of communication of the personal data:
The Data is processed at the operational venues of the Controller and in any other place where the parties involved in the processing are located. The User’s Personal Data may be transferred to a country other than the one where the User is located. If one of the aforesaid transfers takes place, the User may ask for information by contacting the Controller at the contact details shown above.
In addition to the Controller, access to the data may be granted to other persons involved in the operation of this website, including administrative, sales, marketing, legal and systems administration staff, or also third parties (such as the employment consultant), appointed, where necessary, as Data Processors by the Controller. An updated list of Processors may be requested from the Data Controller at any time.
Period of data storage
The personal data will be stored for a period of 6 (six) months from your registration done online or by application on paper to the company.
Rights of the data subject
We advise you that you may exercise the following rights:
- Obtain confirmation that data concerning you is or is not being processed;
- If data processing is in progress, obtain access to personal data and information concerning you and request a copy of it;
- Obtain the rectification of inaccurate personal data and the integration of incomplete personal data;
- Obtain the erasure of your personal data if one of the conditions under Article 17 of the Regulation applies;
- Obtain the restriction of processing in cases provided for by Article 18 of the Regulation;
- Withdraw, at any time, your consent to data processing for those purposes that require consent. (Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal);
- Receive the personal data concerning you in a structured, commonly used and machine-readable format and request its communication to another controller, where technically feasible;
- Object to the processing of your personal data where a legitimate interest (or that of a third party) is invoked and where items relating to a specific personal situation prompt the objection to the processing;
- Lodge a complaint with the Italian Data Protection Authority, if you believe that your rights have been infringed, in the manner indicated on the Authority’s website, accessible here: garanteprivacy.it.
There is no cost to you if you access your personal information (or to exercise any of the other rights). However, if the request for access is clearly baseless or unduly onerous we may charge a modest fee. Alternatively, we may decline your request in such circumstances.
We may need to ask you for specific information to help us confirm your identity and to guarantee your right of access to information (or to exercise any of the other rights). This is another security measure designed to ensure that personal information is not released to unauthorised parties.