Candidate Privacy Policy
Dear Candidate,
pursuant to art. 13 of the General Regulation for the Protection of Personal Data (EU Regulation 2016/679 hereinafter “Regulation”), Mirnagreen Srl informs you of the following:
Data Controller
Mirnagreen Srl
Via Ipazia 2, c/o NOI Techpark 39100 Bolzano (Italy)
Tel: +39 0471 155 1951
Mail: info@mirnagreen.com
PEC: mirnagreen@pec.it
Website: https://www.mirnagreen.com/
P.IVA 02375570229
Purposes Of Data Processing
The Data Controller will use your personal data, collected by sending applications via email and / or website form, to examine the candidates’ applications for the purpose of any contact.
The data processed as a result of sending a CV and / or a cover letter will be as follows:
– professional / working details (e.g. university attended, knowledge of foreign languages, professional qualifications, expectations of the candidate and desired place of work, links to your professional profiles on social networks, etc.)
– any particular categories of personal data such as belonging to protected categories, in order to comply with current legislation on the subject
If you provide us with third party data (eg contact details of references), you would act as an independent data controller, assume all legal obligations and responsibilities. In this sense, you grant the widest indemnity on this point with respect to any dispute, claim, request for compensation for damage from processing, etc. that should reach the Data Controller from third parties whose personal data have been processed by sending it in violation of the applicable rules on the protection of personal data. In any case, should he provide or otherwise process personal data of third parties in sending his application, he guarantees from now – assuming all related responsibility – that this particular hypothesis of processing is based on the consent of such interested third party or on a other suitable legal basis that legitimizes the processing of the information in question.
The legal basis identified for processing your personal data for the aforementioned purpose is as follows:
Search and selection: the processing for this purpose serves the Data Controller to be able to consider your application and is therefore necessary to be able to start the selection process in order to possibly offer you a job position. The legal basis underlying the purpose set out is represented by the pursuit of the legitimate interest of the Data Controller (Article 6 paragraph 1 letter f of EU Regulation 2016/679).
The provision of your personal data is not mandatory, but otherwise it will not be possible to consider your application. If you wish to provide particular categories of personal data (eg data relating to health, religion, etc.), the Data Controller will need your specific consent to be able to process them.
Processing Method
The processing will be carried out both with manual and / or IT and telematic tools with organizational and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organizational and physical measures. and logic provided for by the provisions in force.
Data, Purpose and legal basis of the processing
The Personal Data processed for the purposes of Research and selection will be kept by the Data Controller for the entire period in which the position for which the application was sent is still open. Your CV will be deleted after 12 months from the date of receipt of the application or from the closing date of the research. The Data Controller reserves the right to contact candidates before the expiry of this period to request them to extend the retention period of their personal data or to request an update. In case of no reply, DATA CONTROLLER will delete the personal data collected.
Scope of Communication And Diffusion of Data
The subjects authorized to the processing, as well as the external data processors appointed by the Data Controller (the complete list of external managers is available from the Data Controller), responsible for the management of the aforementioned purposes, may become aware of your data.
Your personal data may be shared with the subjects indicated below:
• subjects who typically act as external data processors, ie: i) persons, companies or professional firms that provide assistance and consultancy in accounting, administrative, legal, tax, financial and other matters;
• subjects with whom it is necessary to interact for the functionality of the e-mail system (for example hosting providers or platform providers for sending e-mails);
• subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks);
• persons authorized by the Data Controller for the processing of personal data necessary to carry out activities on behalf of the Data Controller, who are committed to confidentiality or who have an adequate legal obligation of confidentiality (eg employees of the Data Controller);
• subjects, bodies or authorities to whom it is mandatory to communicate your personal data by law, or by order of the authorities.
Your personal data will not be disclosed in any way.
Automated Decision-Making Process
Personal Data are not subjected to processing processes that involve automated decisions without human intervention, including the profiling process.
Rights of Data Subjects
Pursuant to European Regulation 2016/679 (GDPR) and national legislation, the data subject may, according to the methods and within the limits established by current legislation, exercise the following rights:
– request confirmation of the existence of personal data concerning him (right of access);
– know its origin;
– receive intelligible communication;
– have information about the logic, methods and purposes of the processing;
– request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
– in cases of consent-based processing, receive the data provided to the data controller at the cost of any support, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
– the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor);
– as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
The exercise of the rights related to the purposes set out in paragraph 2.2 letters a and b, may take place by sending a request that must be addressed without any formalities to the data controller, as better identified above, also through the email address of the data controller.