PRIVACY POLICY – APPLICATIONS AND RECRUITMENT

Dear Candidate,

pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation , hereinafter “GDPR” or “Regulation”) We inform you that the personal data that you provided to IMQ Minded Security S.r.l. (hereinafter the “Company”), in compliance with the aforementioned legislation and in accordance with the confidentiality obligations which inspire the activity of our Company, will be processed as referred into Article 4 GDPR.

DATA CONTROLLER

IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, e-mail: [email protected]. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]

PURPOSES OF THE PROCESSING ACTIVITIES

The collection and processing of your personal data have the following purposes:

• selection of personnel and recruitment;
• creation of professional profiles;
• planning of activities.

CATEGORIES OF PERSONAL DATA AND METHODS OF PROCESSING ACTIVITIES

The Data Controller will process personal data provided spontaneously by the data subject or through direct contact with the company (e.g., via LinkedIn), including the name, images, contact details and some professional information, as well as an e-mail address.

With reference to the methods of the processing activities carried out by the Company, the processing activities will be carried out both manually and with the aid of electronic tools, based on logical criteria that are compatible and functional to the purposes for which the data were collected, in compliance with the rules of confidentiality and security provided for by the law and by internal company regulations.

LEGAL BASIS OF THE PROCESSING ACTIVITIES

The legal basis is the performance of pre-contractual and contractual measures related to the data subject during the management of applications and the recruitment (Article 6, par. 1, lett. b) GDPR).

DATA RETENTION

Curriculum vitae received will be deleted after 3 (three) years, unless there is a prior request for deletion by the data subject. If the candidate is still interested in proposing his application, it will be required to send it again.

The Data Controller reserves could store the personal data collected for a longer period of time in relation to candidates who are interesting for the purposes of the recruitment.

OBLIGATION TO PROVIDE PERSONAL DATA OR OTHERWISE

The provision of personal data to the Company is mandatory only for personal data for which there is a legal provision (established by laws, regulations, provisions of Public Authorities, etc.) or necessary for recruitment activities. In all other cases, the data subject has the freedom to provide their personal data.

IMPLICATIONS IN CASE OF REFUSAL TO PROVIDE PERSONAL DATA

If required by a legal or contractual obligation to provide personal data, the refusal to provide their personal data may result in the violation of the rules that establish this obligation by the data subject (with possible implications on their part) or “breach of contract” by the data subject (who may obtain contractual or civil remedies on the matter). In any case, the Company will not be able to carry out operations that require the processing of the aforementioned personal data, with implications and damage to the person concerned.

Whenever the data subject has the freedom to provide their personal data, any refusal will not lead to regulatory or contractual violations (with the related consequences set out above). However, if the personal data are necessary or strictly instrumental to the execution of the contractual relationship, the refusal to provide them may make it impossible to carry out the operations connected to such personal data (or in any case it may cause delays in the fulfillment of these operations). Any refusal to provide personal data connected to the activities of the Data Controller, other than those necessary or strictly instrumental to the execution of the contractual relationship, may prevent the conduct of such additional activities but does not interfere with the performance of the current contractual relationship.

SPECIAL CATEGORIES OF DATA

Please do not insert special categories of personal data on the curriculum vitae or personal data suitable to reveal the state of health, racial and ethnic origin, religious beliefs, political opinions, sexual life. If the data subject belongs to “protected categories”, please kindly indicate only this membership as we will proceed to its definition during other steps of the recruitment process.

SHARING, COMMUNICATION AND DISCLOSURE OF PERSONAL DATA

Personal data collected through the website will not be disclosed. The data collected may be transferred, for activities strictly connected to the service required, to persons qualified as “Data Processors” pursuant to Article 4, par. 8 GDPR and Article 28 GDPR (e.g., hardware and software assistance companies, companies with technical and organizational tasks on the website) and by persons authorized to the processing pursuant to Article 29 GDPR, operating under the direct authority of the Data Controller (e.g., employees and contractors).

Personal data may also be disclosed to service companies or professionals in the context of assistance and consultancy relationships, for the purposes strictly connected with those indicated above.

TRANSFER OF PERSONAL DATA TO COUNTRIES NOT BELONGING TO THE EU (THIRD COUNTRIES)

Your personal data will not be transferred outside the European Union.

RIGHTS OF THE DATA SUBJECTS

The GDPR expressly provides for certain rights of the persons to whom the data refer (so-called “data subjects”). Pursuant to Articles 15-22 GDPR, each data subject has:

• right to access their information, asking for full details of the personal information hold by the Data Controller;
• right to data portability, asking for and downloading personal information hold by the Data Controller, so the data subject can move, copy or keep it for themselves;
• right to be informed, asking for their personal information hold by the Data Controller and having the details of their usage (e.g., what they are used for, how long they are kept, with whom they are shared with);
• right to rectification, providing the correct information to the personal data deemed wrong and hold by the Data Controller;
• right to restrict the processing activities, asking to use or store their information only for certain purposes;
• right to object, asking to stop using their personal information;
• right to erasure, also known as the “right to be forgotten”, asking to delete their personal information to be deleted.

The data subject also has the right to lodge a complaint with a Supervisory Authority if they believe their rights described herein have not been recognized.

QUESTIONS, COMPLAINTS AND EXERCISE OF RIGHTS

In order to exercise the aforementioned rights please write an e-mail to the Data Controller: IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, e-mail: [email protected]. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]