Under Regulation (EU) 2016/679 regarding the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter, the “Regulation” or “GDPR”), Guber Banca S.p.A., as the Data Controller (hereinafter, “Guber,” the “Bank,” or the “Controller”), provides you with the following
on “processing”: i.e., any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, erasure, or destruction,
of the following “personal data”
personal data: any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
special categories of personal data: corresponding to “sensitive data,” i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning health or a person’s sex life or sexual orientation;
personal data relating to criminal convictions and offenses:personal data relating to criminal convictions and offenses or related security measures, substantially corresponding to “judicial data,” i.e., personal data suitable for disclosing measures referred to in Article 3(1)(a) to (o) and (r) to (u) of Legislative Decree no. 313 of November 14, 2002, concerning the criminal record, the register of administrative sanctions dependent on crime, and related pending charges, or the status of accused or investigated under Articles 60 and 61 of the Code of Criminal Procedure.
1. Purposes and methods of processing
The processing of personal data is aimed at achieving the following purposes:
a) to carry out personnel selection activities;
b) to respond to requests or inquiries in case of contact via email;
c) to enable you to use the interactive features of our website, if desired. The legal basis for the purposes mentioned in points a), b) and c) is the performance of pre-contractual measures under Article 6, letter b) of the b) GDPR.
If it becomes necessary to process your personal data for a purpose other than that for which they were collected, before such further processing, the Controller will provide you with information about the different purpose and any additional information necessary to ensure correct and transparent processing. This is excepted if such purpose can be considered compatible with the original purposes under the law.
Within the scope of the Controller’s activities, the processing of your personal data will comply with legal provisions, observing the principles of fairness and lawfulness, necessity and relevance, in protection of your privacy and rights. It will be carried out using both manual and computer tools, with logic strictly related to the aforementioned purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.
2. Nature of data provision and consequences of non-communication
The provision of personal data indicated in the “Contacts” section of the website for access to the information service and in the “Join Us” section of the website for submitting applications is purely optional.
Failure to provide the data strictly necessary for sending the message and the application will make it impossible to follow up on it and use the service offered by Guber through the website.
Data not expressly indicated as mandatory may be freely provided by the data subjects.
In particular, the personal data subject to processing include your identifying and contact information (such as, for example, name, surname, age, gender, place and date of birth, email address, etc.).
In addition to the aforementioned personal data, data relating to special categories of personal data, as defined in Article 9 of the GDPR, regarding membership in protected categories, may also be subject to processing.
To process these latter described data, your consent will be requested as the legal basis.
The Controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk in accordance with the provisions of Article 32 of the GDPR.
3. Communication and dissemination of data
To pursue the above-mentioned purposes, your personal data may be known to our employees and/or collaborators authorized by the Bank to process the data, to whom instructions for processing have been provided, and who have committed to confidentiality.
Communication to third parties other than the Controller and those authorized to process is envisaged for the pursuit of the purposes indicated and, in any case, within the limits of the same, to third parties engaged in the correct and regular pursuit of the purposes described above.
In any case, their processing is carried out fairly and in compliance with applicable legal provisions. The aforementioned subjects, except in cases of autonomous Data Controller status, act as Data Processors and have been bound by specific data protection obligations pursuant to Article 28 of the GDPR.
The list of external Data Processors can be requested from the email address of the Data Protection Officer. Your personal data is neither disclosed nor will be disclosed.
The management and storage of personal data will take place in Europe.
They are not communicated directly to recipients operating outside the European Economic Area (EEA) and subject to foreign jurisdiction, with the exception of the transfer of personal data to companies located in non-EU countries that are part of the same corporate group in compliance with Binding Corporate Rules (BCR).
4. Transfer of personal data
The personal data you provide will be retained for the period necessary to assess personnel hiring needs.
If you receive and accept a job offer from the Data Controller, your personal data collected before employment will become part of your personal file and will be kept for the duration of your employment, for which, in any case, you will be provided with separate information;
-If the Data Controller does not proceed with your employment, your personal data will be kept for 24 months to propose new job positions that may arise in the future and that are in line with your profile.
-Furthermore, we inform you that, pursuant to Articles 5 and 89, paragraph 1 of the Regulation, your personal data may be retained for longer periods than specified in the previous paragraph solely for statistical purposes, subject to the implementation of adequate technical and organizational measures required by law to protect your rights and freedoms.
5. Data Controller and Data Protection Officer
In relation to the processing of your personal data, you have the right to request from the Bank:
a) access: you can request confirmation as to whether or not your data is being processed and further clarifications regarding the information in this notice;
b) rectification: you can request the correction or integration of the data you have provided, if inaccurate;
c) erasure: you can request the erasure of your data if they are no longer necessary for the purposes pursued by the Bank, in case of revocation of consent or your objection to processing, in case of unlawful processing, or if there is a legal obligation to erase the data;
d) restriction: you can request that your data be processed only for retention purposes, excluding other processing, for the period necessary for the correction of your data or in case of unlawful processing for which you object to erasure or if you need to exercise your rights in court and the data held by the Bank may be useful to you, or finally, in case you object to processing and a verification of the Bank’s legitimate reasons compared to yours is underway;
e) objection: you can object at any time to the processing of your data, unless the Bank has legitimate reasons, overriding your rights, for processing, for example, for the exercise of a right or for the Bank’s defense in court;
f) portability: you can request to receive the data you provided, or to have them transmitted to another data controller you specify, in a structured, commonly used, and machine-readable format. Furthermore, we inform you that in case of partial or no response from the Controller to the aforementioned requests, you have the right to lodge a complaint or appeal with the supervisory authority, which in Italy is the Garante per la Protezione dei Dati Personali (Data Protection Authority).
You can exercise your Privacy rights against the Bank at any time by contacting the Data Protection Officer (DPO) at the following email address: firstname.lastname@example.org.
6. Data Protection Officer
The Data Controller for personal data is Guber Banca S.p.A., with registered office at Via Corfù n. 102, 25124 – Brescia (BS).
You can contact the DPO regarding requests and inquiries related to the processing of personal data concerning you by sending an email to the following address: email@example.com.