A. PREMISE

In compliance with the European Privacy Regulation (General Data Protection Regulation) No. 679 of 2016, we hereby provide some information regarding the collection and use of your personal data by COOPROGETTI soc. coop. The processing of information relating to you and the personal data provided, or otherwise obtained, within the scope of our activities, will be conducted in accordance with principles of fairness, lawfulness, transparency, and the protection of your confidentiality and other rights, in compliance with EU REGULATION 2016/679 (hereinafter referred to as the Regulation or simply GDPR) as amended.

B. PERSONAL DATA WE COLLECT

The data that may be collected and processed by the Controller for the purposes specified below are only those indicated in the “WORK WITH US” form as well as the data in the CV uploaded by the data subject on the same page. This data includes “common data” and, where necessary, data belonging to special categories, as per Article 9 of the GDPR, relating to enrollment in placement lists under Law 68/99, as well as photographic images. At the data subject’s discretion, data relating to third parties may also be processed under the “PORTFOLIO” section.

C. PURPOSES OF PROCESSING – WHY YOUR PERSONAL DATA IS USED

The personal data we collect will be processed solely for purposes related to personnel recruitment and selection.

D. LEGAL BASES FOR PROCESSING

The data and information voluntarily provided by the data subject in the CV are processed pursuant to Article 111-bis of Legislative Decree 196/2003 as amended (Privacy Code) and, for special categories of data (Article 9 GDPR) related to enrollment in placement lists, in accordance with Law 68/99.

E. SPECIAL CATEGORIES OF PERSONAL DATA

In line with the principle of data minimization, applicants are requested not to include unnecessary or redundant data and information relative to the purposes of recruitment and selection. Therefore, applicants are requested not to indicate personal data that falls under special categories (particularly relating to health, religious beliefs, or political opinions) other than those potentially required for selection purposes (e.g., enrollment in placement lists under Law 68/99); in such cases, the Controller will refrain from using such information.

F. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO PROVIDE DATA

Notwithstanding the freedom to provide personal data, please note that the failure to provide such data will prevent the Company from considering the data subject’s application in any recruitment and selection process, except for photographic images, the lack of which does not prevent the processing related to the application.

Failure to provide data falling under special categories as per Article 9 of the GDPR, as indicated in section 2 above, may prevent the continuation of the selection process if it is aimed at filling positions reserved for disabled workers under Law No. 68/99.

G. PROCESSING METHODS – HOW YOUR PERSONAL DATA IS HANDLED

Your data will be processed by means of the operations indicated in paragraph 2 of Article 4 of the Regulation, specifically: collection, recording, organization, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your data will be processed in both paper and electronic formats.

The data will not be subject to fully automated processing as specified in Article 22 GDPR.

H. SCOPE OF DATA COMMUNICATION AND DISCLOSURE – WHO CAN ACCESS YOUR DATA

Personal data may be accessed by designated data processors (employees and collaborators of the Controller) and/or service providers related to recruiting/selection/hiring activities, as well as IT service providers who enable the platform’s operation and maintenance, all of whom are required to process data for the same purposes outlined in section B.

Personal data will not be disclosed.

I. PERSONAL DATA RETENTION PERIOD

Data will be retained for a period consistent with the specified purposes, in line with the principle of minimization. Specifically, data will be kept for a period not exceeding two years from the date of collection or the last update made by the data subject.

J. DATA TRANSFER

Personal data is stored on servers located in Italy, within the European Union. It is understood that the Controller, should it become necessary, may move servers outside the EU. In such cases, the Controller assures that the transfer of data outside the EU will comply with applicable legal provisions, including the signing of the standard contractual clauses provided by the European Commission.

K. DATA SUBJECT’S RIGHTS

As a data subject, you have the rights provided in Articles 15-22 of the GDPR, available at the following link:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

The data subject may exercise their rights by sending a clear email to the addresses/contacts listed in section J of this document.

L. CONTROLLER, DATA PROCESSOR, AND THIRD-PARTY AUTHORIZED PERSONNEL

The Data Controller is COOPROGETTI soc. coop., with its registered office at Via Thomas Alva Edison, 5 06024 Gubbio (PG), 06024 – tel. 075923011 – email: staff@cooprogetti.it, represented by its Legal Representative.

The updated list of data processors and authorized third parties is kept at the registered office of the Data Controller.