Privacy policy

1. Data Controller
The Data Controller is S.O.S Bonifiche Srl, with registered office at Via San Crispino, 12 – 35129 Padova (PD) and operational offices at Via Makallè, 73 – 35138 Padova (PD) and Piazza Dante, 17 – 25045 Castegnato (BS), Tax Code and VAT No. 01543200289 (hereinafter "Controller").

This notice is provided to those who, following a recruitment search, a spontaneous application, in response to one of our job advertisements, or during a job interview, send their curriculum vitae to the Data Controller via the Controller's website.

For any other information on the processing of personal data during browsing, we recommend reading the privacy policy available on the website.

2. Categories of Personal Data Processed

Data voluntarily provided by the user, including:

 

 

The data collected by the Controller through the submission of curricula vitae, professional profile assessment interviews or referrals by third parties — such as first name, surname, place and date of birth, tax code, telephone number, postal address, educational qualifications and other personal identification details, submitted in relation to open positions or as a spontaneous application — fall within the category of "personal data" pursuant to Article 4, paragraphs 1 and 15 of the GDPR, and will be processed exclusively for the purpose of assessing the aptitudes and professional abilities of the candidates themselves, in relation to the open position for which a selection procedure is underway, or for future staffing needs.

With the exception of positions reserved for protected categories, it will not be necessary to include special category data in the curriculum vitae (i.e. data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations of a religious, philosophical, political or trade union nature, as well as data capable of revealing health status or sex life).

 

3. Purposes and Legal Basis of Processing

The personal data of those who voluntarily, or following a recruitment search, submit their curriculum vitae are processed, in the manner and forms prescribed by the GDPR:

 

The collection and processing of data is carried out to enable the Controller to conduct recruitment, selection and personnel assessment activities. The processing carried out for this purpose does not require the data subject's consent, as it is necessary for the performance of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR), with the exception of the processing of special categories of personal data which, where provided, may only be processed by the Controller with the data subject's explicit consent. Data will be processed by authorised personnel pursuant to Article 29 of the GDPR. The processing of data for these purposes will be carried out by electronic and manual means, based on logical criteria compatible with and functional to the purposes for which the data were collected, in compliance with the confidentiality and security rules required by law and internal company regulations.

4. Obligation to Provide Data
The provision of personal data for the purposes indicated is optional and voluntary.

It is however necessary in order to complete the specific functionality on the website for correctly submitting one's application and participating in any personnel selection processes. In order to submit an application correctly, the candidate must give consent to the processing; without such consent, the candidate will not be able to submit their data for personnel selection purposes.

In any case, even where the data subject has given consent authorising the Controller to pursue all the purposes mentioned above, they will remain free at any time to withdraw it.

It is specifically and separately noted, as required by Article 21 of the Regulation, that the data subject has the right to object at any time to the processing of their personal data carried out for the above purposes, and that, should the data subject object to the processing, the personal data may no longer be processed for such purposes.

5. Recipients of Personal Data

The personal data processed will not be disclosed to the general public but will be communicated to specific, well-defined parties, such as the Controller's personnel expressly authorised to process data. Based on their roles and job functions, personnel are entitled to process data within the limits of their responsibilities and in accordance with the instructions given by the Controller. The same data may be communicated to parties entitled to access it pursuant to legal provisions, regulations and legislation.

Specifically, data may be used by third-party individuals and/or companies carrying out instrumental activities on behalf of the Controller, such as:

The aforementioned recipients will, depending on the case, process data as controllers, processors or authorised persons. Outside the cases indicated above, data will not be disclosed in any way.

6. Data Storage Methods

Data is processed by manual, electronic and IT means, in a manner strictly related to the purposes for which the data are processed, and in any case in compliance with the provisions of Article 32 GDPR regarding security measures.

7. Data Retention Period

Personal data are retained for the period necessary to achieve the specific purposes for which they are processed, and in any case for no longer than 6 months from receipt of the curriculum vitae, after which they will be automatically deleted and no copies will be kept.

Excluded from the above terms are cases where it is necessary to retain data for a longer period in order to defend or assert a right, or to comply with any legal obligations or orders from the Authorities.

8. Transfer of Personal Data

The Controller does not transfer personal data to third countries or international organisations.

9. Rights of the Data Subject

Each data subject has the right of access, rectification, erasure (right to be forgotten), restriction, notification in the event of rectification, erasure or restriction, portability, objection, and the right not to be subject to automated individual decision-making, including profiling, pursuant to Articles 15 to 22 of the GDPR. These rights may be exercised in the manner and within the timeframes set out in Article 12 of the GDPR, by means of a written communication sent to the Controller (see point 10).

The Controller will provide an adequate response as soon as possible upon receipt of the request.

10. Right to Withdraw Consent (How to Exercise Your Rights)

Where applicable, consent may be withdrawn at any time and/or rights may be exercised by sending:

11. Complaints

Each data subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for Italy is the Garante per la protezione dei dati personali (Italian Data Protection Authority). The forms, procedures and timeframes for lodging complaints are set out and governed by applicable national legislation. The complaint is without prejudice to administrative and judicial remedies, which in Italy may be brought alternatively before the same Authority or before the competent Court.

12. Controller, Authorised Persons and Data Processors

Below we provide certain information that it is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our activities.

Data Controller. The Data Controller of your personal data is S.O.S. Bonifiche Srl, responsible to you for the lawful and correct use of your personal data, which you may contact for any information or request at the following details: telephone +39 049 9903228, email: amministrazione@sosbonifiche.it.

Authorized Personnel. The updated list of authorised personnel is kept at the Controller's registered office.

Data Processors.

 

For the sake of brevity, the detailed list of such figures is available at our office.