Pursuant to articles 13 and 14 of EU Regulation 2016/679 (“G.D.P.R.”), Cementir Holding N.V. (“Cementir Holding” or the “Data Controller” or “Company”) - with registered office in Amsterdam, the Netherlands - 36, Zuidplein, 1077 XV, and branch and operating office in Rome, Corso di Francia, 200, 00191 - in its capacity as Data Controller, represented by the legal representative, hereby informs you that your personal data shall be processed by Cementir Holding manually or using electronic or in any event automated, IT and computerised tools, with processes strictly correlated with the purposes listed below and, in any event, so as to guarantee data security and privacy.
Identity and contact information of the Data Controller
The Data Controller is Cementir Holding N.V., represented by the legal representative, and may be contacted by registered letter to be sent to the branch and operating office at Corso di Francia, 200, 00191 Rome, or by email to the email address: firstname.lastname@example.org.
It should be noted that the treatment listed below is carried out jointly with Spartan Hive S.p.A. and Aalborg Portland Digital s.r.l., both Cementir group companies with registered offices in Rome, Corso di Francia n. 200. Any relevant information contained in the joint ownership agreement between Cementir, Spartan Hive S.p.A. and Aalborg Portland Digital s.r.l., may be requested by registered letter sent to Cementir Holding at the following address: Corso di Francia, 200, 00191 Rome, or by e-mail to the e-mail address: email@example.com.
Source of personal data
Personal data are collected through direct conferment by the Data Subject (by spontaneous application, for example, by hand delivery or transmission by e-mail of the curriculum vitae, or by filling in the webform available in the section "People / Join us" of the corporate website of the Company with contextual attachment of the curriculum vitae and any cover letter) or with third parties (for example, internet portal and social networks, recruitment agencies). In the latter case, the personal data collected are: name, surname, email address, telephone contacts and in general the personal data included in the curricula vitae and in any cover letters made available by the Data Subject.
Purposes and lawfulness of the processing
Personal data are processed by the Data Controller pursuant to art. 6 of the G.D.P.R.
The specific purposes of the processing and the relative legal bases are listed below:
|Purpose of the processing
||Legal basis of the processing
|Recruitment and personnel selection process
||Fulfill the contract or implementation of pre-contractual measures.
Nature of provision and consequences of refusal to allow data processing
The provision of data is mandatory for the fulfilment of contractual or pre-contractual obligations. Therefore, any refusal to provide mandatory data will make it impossible to pursue the processing purposes referred to in this disclosure.
Candidates are invited not to provide redundant and / or unnecessary data and information with respect to the purposes of the recruitment and selection of personnel. Candidates are therefore requested not to include personal data in the curriculum vitae that reveal racial or ethnic origin, political opinions, religious or philosophical or other beliefs, personal data suitable for revealing the state of health or sexual life, membership of parties, associations, trade unions or organizations of a religious, political or trade union nature. If such data were entered or even communicated in another way, they will not be processed, and the information will be immediately deleted.
Categories of personal data recipients
Personal data may be disclosed to third parties used by the Company for the purposes of recruitment and personnel selection, or even to subsidiaries or in any case to Cementir Group companies. All parties to whom the data may be communicated are qualified as "Data Processors" specially appointed by Cementir Holding, pursuant to art. 28 of the GDPR, or as independent "Data Controllers”.
Transfers outside the E.U.
For the pursuit of the processing purpose described above, personal data may be transferred to the recipients specified above in Italy and abroad, even outside the European Union (EU).
The following recipients are located outside the EU:
Cementir Group companies based in the United States, Turkey, Australia, Malaysia, Egypt and China.
The Data Controller provides adequate guarantees (pursuant to art.46 of the GDPR) through the adoption of the standard clauses relating to data protection adopted by the European Commission (Standard Contractual Clauses) with the recipients of the aforementioned data, which process data both in as independent Controllers (Data Controllers) and as Data Processors. These guarantees ensure compliance with data protection requirements and data subjects' rights appropriate to processing within the Union, including the availability of actionable rights of data subjects and effective remedies, including effective redress at the headquarters. administrative or judicial and claiming compensation, in the Union or in a third country. To obtain a copy of the data, to have information about the adequate guarantees and to know the place where the data provided has been made available, you can contact the Data Controller at the following e-mail address: firstname.lastname@example.org.
Personal data storage period
The personal data processed shall be stored at the secondary and operational office of the Company for the time necessary and strictly connected to the recruiting and selection process of the personnel and in any case not later than 24 months. Once these terms have elapsed, the data will be anonymized or deleted, unless it is necessary to keep it for other and different purposes provided for by express provision of the law.
Below, details concerning the time period for which the data will be stored for the purpose described above:
|Purpose of the processing
||Category of personal data
||Time limits for erasure
|Recruitment and personnel selection process
- Name and Surname, other personal identification items
- Email address
- Phone contacts
- Other personal data provided by the Data Subject in the curriculum vitae and in any cover letter
- References, motivation check and assessment of leadership potential
- Remuneration and contractual data
|24 months from the receipt of personal data
Automated decision making
For the pursuit of the processing purpose described above, no decision is taken based solely on automated processing that produces legal effects that affect the data subject or that significantly affects his person in a similar way.
Rights of the data subject
Pursuant to and in accordance with the GDPR, Data Subject is recognised the following rights which may be exercised with respect to Data Controller:
- right to obtain from the Data Controller confirmation as to whether or not personal data of Data Subject are being processed, and, where that is the case, access to the personal data and the information set forth in Article 15 and specially on the purposes of the processing, categories of personal data concerned, recipients or categories of recipient to whom the personal data have been or shall be disclosed, period for which the personal data shall be stored, etc.;
- right to have your personal data rectified if inaccurate as well as supplemented when deemed incomplete again in relation to the purposes of the processing (Article 16);
- right to erasure of data (“right to be forgotten”), in one of the circumstances set forth in Article 17;
- right to restriction of processing, in the cases envisaged in Article 18;
- right to data portability pursuant to Article 20;
- right to object to processing pursuant to Article 21;
Such rights may be exercised by sending a request by registered letter with advice of receipt to the Data Controller at the following address: Corso di Francia, 200, 00191 Rome, or by email to the email address: email@example.com.
Finally, Data Subject has the right to submit a complaint to the Personal Data Protection Authority or to another Supervisory Authority pursuant to art. 13, par. 2, letter d) of the G.D.P.R.
Changes to this disclosure
The Data Controller reserves the right to modify and update this disclosure over time.