(Version 01, February 2019)
1. DATA PROCESSING: WHAT IS IT ABOUT AND WHO IS AFFECTED?
R-Everse SpA (“Company”), whose data is displayed on company websites at the following URLs https://www.r-everse.com and https://reallyzation.com/ (“Site(s)”), in accordance with (EU) Regulation 2016/679 pertaining to the protection of processing individuals’ personal data, the free movement of such data and which rescinds Directive 95/46 /CE (“GDPR”), as well as the Italian national legislation on personal data protection (“National Data Protection Law”), is committed to protecting personal data (“Data”) belonging to Clients or potential Clients (“Clients”) who use the Company, including on its Sites, in order to use the service to search for and select personnel provided by the Company (“Service”) as well as suppliers, individuals and representatives of service suppliers (legal entities) used by the Company (“Suppliers”).
2. REFERENCE TO CONTRACTUAL DISCIPLINE
In order to provide its Services, the Company establishes various legal relationships with different individuals (Candidates, Scouts and Clients). Should you wish to find out more about the Service’s contractual obligations, please refer to the relative contractual Terms and Conditions published on the Sites or which are otherwise made available to contractors.
3. AUTHORIZED PROCESSING
Client Data is processed by Company personnel who are authorized and properly trained.
4. EXTERNAL MANAGERS/ INDEPENDENT DATA CONTROLLERS AND CO-DATA CONTROLLERS / PROCESSING RECIPIENTS
Upon appointment by the Company (and upon specific agreement), consultants, bodies, enterprises and companies supply services whose provision entails processing Candidates’ Data. Specifically, this relates to:
(a) suppliers of software, applications (including CRM systems) and hardware as well as related management and support/maintenance services;
(b) suppliers of connectivity and email systems as well as related management and support/maintenance services;
(c) suppliers of external storage systems, including cloud;
(d) legal and tax advisers as well as labour consultants and accountants.
Depending on the particular circumstances or the activities performed, these parties may work as independent data controllers or as co-data controllers, should shared purposes and processing methods be established.
The Company can provide specific information about the about the recipients at the request of the data subject.
5. PROCESSED PERSONAL DATA
The processed data is made up of common data, such as the names and surnames of Clients’ or Suppliers’ company or corporate names, tax codes, VAT numbers, legal and tax addresses, any and all relevant contact information (including cell phone numbers), fax, PEC, emails and CAP. In addition, any general information needed carry out the contract, such as Client representatives’ email addresses assigned to the personnel selection office or the Supplier’s representatives, bank account details and/or any data related to the payment debit system.
For the purposes of this Notice, as the GDPR and National Data Protection Laws only refer to data held by natural people, individuals are exclusively natural people who provide services for Clients or the Suppliers regardless of their nature.
6. PURPOSES OF THE DATA PROCESSING AND LEGAL BASIS OF THE PROCESSING
The Company carries out Data processing for the purposes and related legal basis outlined below:
- (a) establish and engage in contractual relations with Clients and Suppliers, processing is required to execute pre-contractual measures and contractual obligations as well as to fulfil legal obligations;
- (b) perform requests from Candidates who upload their CVs onto the Sites, using Clients’ contact information (particularly, the Clients’ email addresses and/or the Clients’ representatives), the processing – limited exclusively to personal data consisting of addresses and email addresses of the Clients and/or the Clients’ representatives – is based on the Service-provision contract, or, in the cases where such a contract has still to be concluded, on the legitimate interests of the Candidates for Service provision;
- (c) send to the email addresses provided by the Clients informative, commercial and promotional communications relating to the Service already provided (soft spam) as part of a previous business relationship, unless the Clients have withdrawn their consent (opt-out process), in the case of soft spam, processing is based on the Company’s legitimate interest;
- (d) to send to the email addresses of Clients’ potential representatives informative, commercial and promotional communications about the Service, processing is based on consent, until consent is withdrawn.
7. DATA CONSERVATION TIME
Without prejudice to observance of the retention period as required by law, the Clients’ and Suppliers’ data shall be stored for defensive purposes for the entire duration of the contractual relationship and shall be deleted ten years and six months after this relationship ends, unless there is a legal dispute, in which case the data will be kept for the time needed to exercise the right of defense and handle the dispute.
The data processed for the purpose mentioned under point (c) of paragraph 6 is stored and processed until the right to opt-out is exercised.
The data processed for the purpose mentioned under point (c) of paragraph 6 is stored and processed until the right of withdrawal is exercised.
8. TRANSFERRING DATA ABROAD
Suppliers of IT services located outside the European Union and of whose services the Company avails itself have adopted the Privacy Shield framework. Therefore, any data transferral takes place in compliance with the provisions of articles 44 et seq. of the GDPR. In any case, the Company must make sure it uses suppliers that observe the guarantees envisaged under articles 44 et seq. of the GDPR on transferral of data abroad.
Clients and Suppliers may contact the Company or any external managers to exercise the rights set out in the National Data Protection Laws (where applicable) and the GDPR (articles 15 and onwards) specifically to access their personal data, request for it to be modified, updated, deleted, limited or transferred by getting in contact with the Company at the address indicated above.
10. RIGHT TO OPPOSITION
Along the same procedures described above, Clients may entirely or partly object to their personal data being processed where the relevant legal basis is constituted by the legitimate interests of the Company, pursuant to and for the purposes of the provisions of Article 21 of the GDPR.
Any Client who believes that Data processing is in violation of the GDPR may file a complaint in accordance with the provisions of Article 77 of the GDPR with a supervisory authority where the Candidate normally lives or works, or to a supervisory authority where the alleged data breach occurred.
12. AMENDMENTS AND UPDATES
The Company reserves the right to modify and/or update this Notice, including any subsequent additions and/or amendments to national and/or European Union regulations regarding personal data protection or due to possible further purposes of data processing. For this reason, this Notice is published with a progressive identification number and the month of publication, starting with the May 2018 version which displays the number “00”. Subsequent versions of the notice will replace previous ones and will be valid, effective and applied from the date they are published on the Website.