Pursuant to Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the “Regulation” or “GDPR”), Guber Banca S.p.A., as Data Controller (hereinafter, “Guber”, the “Bank” or the “Data Controller”), provides you with the following
on the “processing”: i.e. any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
of the following ‘personal data‘
- personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity
- special categories of personal data: corresponding to ‘sensitive data’, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health or sex life or sexual orientation;
- personal data relating to criminal convictions and offences: personal data relating to criminal convictions and offences or related security measures, essentially corresponding to “judicial data”, i.e. personal data disclosing measures referred to in Article 3(1)(a) to (o) and (r) to (u) of Presidential Decree of 14 November 2002, D. P.R. no. 313 of 14 November 2002 on the criminal record, the register of administrative sanctions dependent on a criminal offence and the relevant pending charges, or the status of defendant or suspect pursuant to Articles 60 and 61 of the Code of Criminal Procedure.
1. Purpose and methods of processing
The processing of personal data is aimed at achieving the following purposes
a) to carry out personnel selection activities;
b) to respond to requests or questions in the case of contact by e-mail;
c) to enable you to use the interactive features of our website, if you so wish. The legal basis for the purposes referred to in points a), b) and c) is the execution of pre-contractual measures pursuant to Article 6 letter b) GDPR.
Should it become necessary to process your personal data for a purpose other than that for which they were collected, prior to such further processing the Data Controller shall provide you with information regarding the different purpose and any further information necessary to ensure fair and transparent processing. This does not exclude the case in which this purpose can be considered compatible with the initial purpose pursuant to the law.
As part of the Controller’s activity, your personal data will be processed in compliance with the law, in accordance with the principles of correctness and lawfulness, necessity and relevance, in the protection of your privacy and your rights and will be carried out through the use of manual and computerised tools, with logic strictly related to the aforementioned purposes and, in any case, so as to ensure the security and confidentiality of the data.
2. Nature of the provision of data and consequences of non-communication
Providing the personal data indicated in the “Contacts” section of the website for access to the information service and in the “Work with us” section of the website for sending applications is purely optional. 2 Failure to provide the data strictly necessary to send the message and the application will make it impossible to follow up the application and to use the service offered by Guber through the site.
The data not expressly indicated as compulsory may be freely granted by the interested parties.
In particular, the personal data subject to processing includes: your identification and contact data (such as, for example, name, surname, age, sex, place and date of birth, e-mail address, etc.).
In addition to the aforementioned personal data, data relating to special categories of personal data may also be processed, pursuant to Article 9 of the GDPR, in relation to membership of protected categories.
In order to process the latter data described above, you will be asked for your consent, which constitutes the legal basis.
The Data Controller has adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk in accordance with the requirements contained in Article 32 of the GDPR.
3. Communication and dissemination of data
In order to pursue the above-mentioned purposes, your personal data may be known by our employees, and/or collaborators authorised by the Bank in different capacities to process them, who have been provided with the instructions for processing and who have committed themselves to confidentiality.
Communication to third parties other than the Data Controller and the data processors is envisaged for the pursuit of the purposes indicated and in any case within the limits of the same to third parties engaged in the correct and regular pursuit of the purposes described above.
In any case, processing by them shall be carried out in accordance with fairness and in compliance with the provisions of the law in force. The subjects mentioned above, except in cases of independent Ownership, act as Data Processors and have been bound to specific data protection obligations under Article 28 of the GDPR.
The list of external Data Processors can be requested from the email address of the Data Protection Officer. Your personal data is not and will not be disseminated. The management and storage of personal data will take place in Europe.
They are not disclosed directly to recipients operating outside the European Economic Area (EEA) and subject to a foreign jurisdiction, except for the transfer of personal data to companies based in non-EU countries that are part of the same corporate group in accordance with the Binding Corporate Rules (BCR).
4. Transfer of personal data
The personal data that you provide will be kept for the period necessary to carry out assessments regarding the need to hire personnel.
- When you receive and accept an offer of employment from the Data Controller, your personal data collected in the period prior to employment shall become part of the personal data file concerning you and shall be kept throughout the course of your employment, for which, in any case, you shall be provided with an independent notice;
- If the Data Controller does not proceed with your employment, your personal data will be kept for 24 months in order to offer you new jobs that may arise in the future and that are in line with your profile.
- We also inform you that, pursuant to Articles 5 and 89, para. 1 of the Regulations, your personal data may be stored for longer periods than those specified in the previous paragraph for statistical purposes only, subject to the implementation of appropriate technical and organisational measures required by law to protect your rights and freedoms.
5. Data Controller and Data Processor
In relation to the processing of your personal data, you have the right to request from the Bank
a) access: you may request confirmation as to whether or not data relating to you are being processed, as well as further clarification of the information set out in this notice.
b) rectification: you may ask to rectify or supplement the data you have provided to us, if inaccurate.
c) erasure: you may request that your data be erased if they are no longer necessary for the purposes pursued by the Bank, in the event of withdrawal of your consent or your objection to processing, in the event of unlawful processing, or if there is a legal obligation to erase them.
d) limitation: you may request that your data be processed only for storage purposes, to the exclusion of other processing, for the period necessary to rectify your data or in the event of unlawful processing for which you object to their deletion or if you need to exercise your rights in court and the data stored by the Bank may be useful to you or, finally, if you object to their processing and a check is being carried out to ascertain whether the Bank’s legitimate reasons prevail over your own.
(e) objection: you may object at any time to the processing of your data, unless there are legitimate reasons for the Bank to proceed with the processing that override your own; for example, to exercise a right or to defend the Bank in court.
f) portability: you may request to receive the data you have provided, or to have them transmitted to another data controller indicated by you, in a structured, commonly used and machine-readable format. Furthermore, we inform you that in the event of failure or partial response from the Data Controller to the aforementioned requests, you will have the right to lodge a complaint or appeal with the Control Authority, which in Italy is the Control Authority for the Protection of Personal Data.
You may exercise your data protection’s rights against the Bank at any time at the email address of the Data Protection Officer (or DPO): email@example.com.
6. Data Protection Officer
The Data Controller has appointed a Data Protection Officer pursuant to article 37 of the Regulation who can be contacted at the following email address: firstname.lastname@example.org.