Information to be provided ex art. 13, GDPR
Identity and contacts of the Controller
1MED SA – Via Campagna 13 – 6982 Agno – Switzerland (CH), VAT CHE-345.019.233, phone +41 (0)91 605 40 50, e-mail firstname.lastname@example.org (hereinafter: “Controller” or “1MED”).
Source of data and purposes of processing
Personal data are provided directly by the data subject (applicant) and consist of name, surname, e-mail, phone number, interest and details on the job the user is interested in, and any other special categories of data. They are processed for the following purposes:
- To analyse and reply to requests of applications if the user wants to work with us
- To carry out statistics on the applicants.
- To send newsletters
Means of data processing
- Personal data are processed by the Controller with manual, electronic and telematic means and stored in its filing system. Appropriate security measures are applied to prevent data from loss or alteration – even if accidental – unlawful or improper uses or unauthorised access.
- All processing will be carried out with criteria which take into account the purposes for which data have been collected and in accordance with the security measures in force.
- The reply to the request of application will be sent by e-mail provided by the user.
- The profile of the applicant will be examined without automated means.
- Statistical analysis referred to in point 2., “Source of data and purposes of processing” will be carried out elaborating data relating to the data subject and have as an outcome anonymous data which cannot be matched to the data subject any more.
Legal basis of the processing
Depending on the purpose of processing, the legal bases of the processing are:
- for the purpose referred to in point 1), paragraph “Source of data and purposes of processing”, the legal basis is article 6, par. 1, letter b), GDPR, since the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In the present case, to allow the user to send a request of application to work in our company; and the legal basis is article 9, par. 2, letter b), GDPR, since processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
- for the purpose referred to in point 2., paragraph “Source of data and purposes of processing”, the legal basis is the “legitimate interest” (art. 6, par. 1, letter f, GDPR, Recital 47, GDPR and Opinion 6/2014 Working Party 29, par. III.3.1.) pursued by the Controller in studying the characteristics of the applicants so that 1MED can propose jobs and positions of interest of the applicants in general.
- for the purposes referred to in point 3., paragraph “Source of data and purposes of processing”, the legal basis is the user’s consent (art. 6, par. 1, letter a), GDPR, since the data subject has given consent to the processing of his or her personal data for one or more specific purpose
Processors, persons authorised to process personal data, autonomous controllers
- Data will be processed by the persons authorised for the processing and acting under the authority of the data controller and in charge of communication and institutional activities, business activities, HR Department, and information technology and data security.
- Data will be processed by processors engaged by the Controller for the management of the website and for the elaboration of data for statistical purposes.
- Personal data may be processed by autonomous controllers (e.g.: Internet Provider) to carry out activities connected to the management of the accesses to the Internet and to this website and, if not here described, they shall provide the user with information ex art. 13, GDPR
Communication and dissemination of personal data
- Data are not communicated to associations, companies or bodies, unless the data subject gives consent. In particular, data will be communicated to the Controller’s Affiliates if the user has given his / her consent.
- Data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks on their request or to assert, exercise, defend a right in judiciary by 1MED or by a third party.
- Data are not and will not be disseminated without the data subject’s consent.
Period of data storage
Data will be stored depending on the purposes of their processing. The period for which data will be stored is determined by the Controller as follows:
- for the purpose referred to in point 1), “Source of data and purposes of processing”, data will be stored for the period necessary to analyse the applicant’s profile and reply if the characteristics are suitable for the position and job of the company’s interest. Data will be stored for at maximum 24 months if the profile is not of immediate interest but can be in the near future.
- for the purpose referred to in point 2), “Source of data and purposes of processing”, data will be stored in our filing system for the period necessary to elaborate them to create statistical reports. In so doing, the outcome does not allow to trace the identity of the person, but anonymous data are useful to improve and adjust our offers of employment. Identification data will be, therefore, destroyed, unless otherwise provided by supervisory authorities, law enforcement or judiciary as well as to exercise, enforce or defend rights of the Controller or of third parties in court.
- for the purpose referred to in point 3)., “Source of data and purposes of processing”, data will be stored in our filing system until, duration of the purposes or until withdrawal of consent
Where data are processed and transfers of personal data to third Countries
Processing takes place at 1MED’s headquarter and are performed by the persons authorised to processing. If need be, personal data can be processed by companies which are in charge of the technological management of the website (data processors designated pursuant to art. 28, GDPR), at their offices. It is understood that, if need be, the Controller will have the right to transfer personal data to third Countries or international organisations. In this case, the Controller assures that the transfer will take place in accordance with provisions laid down in articles 45, 46, 47 and 49, GDPR.
Data subjects’ rights
Pursuant to articles 15-22, GDPR, writing to the data controller at the postal address of the Controller or by e-mail email@example.com you may request the list of data processors and the list of third parties to which data can be communicated (e.g.: our Affiliates) and exercise your right of access, rectification, right to be forgotten, restriction of processing, data portability, and you can object to the processing of your data on legitimate grounds or for the sending of institutional and informational communications.
How to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – www.garanteprivacy.it, e-mail firstname.lastname@example.org, format https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw ) to exercise and defend the right of data protection.
Data Protection Officer
Our Data Protection Officer can be contacted by e-mail email@example.com, for information on data processing.