1. Data Controller and DPO
Data Controller is Malesci Istituto Farmacobiologico S.p.A. with registered offices in Via Lungo l’Ema, 7, 50012 Bagno a Ripoli (FI) (“Controller”).
The Data Protection Officer (“DPO”) can be contacted at: firstname.lastname@example.org
2. The data we process
With your consent, we process the following ordinary and sensitive personal data which you provide when you interact with the Website and use the related services and functions. These data include, in particular name and surname, contact details, employment status, legally protected category status, information on professional expectations and goals, educational and professional qualifications, skills and experience, your CV, any other information you may decide to submit as well as the additional data which the Controller may acquire, also from third parties, in the course of business (“Data”).
In order to enable us to assess your application you must consent to the processing of the data marked with an asterisk (*). Without those mandatory data and/or your consent we cannot proceed any further. Conversely, the information requested in fields not marked with an asterisk are optional: failure to provide them shall have no consequence.
In any event, even without your prior consent, the Controller may process your data to comply with legal obligations stemming from laws, regulations and EU Law, to exercise rights in legal proceedings, to pursue its own legitimate interests and in all cases provided by Articles 6 and 9 of the GDPR, where applicable.
Processing shall take place both using computers and on paper, and shall always entail the implementation of the security measures provided by current law.
3. Why and how we process your data
The Data are processed only for the purpose of considering the job applications received and assess the applicant’s suitability for employment or collaboration with the company, pursuant to arts. 6.1.(a), 9.2.(a) e 9.2.(b) of the GDPR.
By ticking the appropriate box you agree to processing for these purposes.
Your data may in any case be processed, even without your consent, for the purpose of complying with laws, regulations, EU Law (art 6.1.(c) of the GDPR, to perform statistics on the Website’s usage and ensure its proper functioning (art. 6.1.(f) of the Regulation), to enforce the Code of Conduct of the Menarini Group and to establish or defend the legal claims in the interest of the Company.
The personal data are entered into the Company’s computer systems in full compliance with data protection laws, including the security and confidentiality aspects, and in line with the principles of fair, lawful and transparent processing.
Your data shall be kept and stored with the Company for two years after receipt of your application, in order to assess your suitability for employment or collaboration with the Company, and are erased after this period has elapsed. Under exceptional circumstances (e.g. in case of position which are still open, position that are due to be re-opened shortly etc.) we may store your data for longer periods of time, in any case not longer than necessary to achieve the purposes for which they were collected.
All your data will be processed on paper or by means of automated instruments, which in any case ensure an appropriate level of security and confidentiality.
4. Persons who have access to the Data
Your Data are processed electronically and manually according to procedures and logics relating to the abovementioned purposes and are accessible by the Controller’s staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: HR staff, staff of the departments concerned by your application, technical, IT and administrative staff, as well as other individuals who need to process the data to perform their job duties. The Data may be communicated, also in countries outside the European Union (“Third Countries ”) to: (i) institutions, authorities, public bodies for their institutional purposes; (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested; (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof, audits or other extraordinary operations; (iv) the Supervisory Board, based at the Controller’s address, in the pursuit of its supervisory activities and for the enforcement of the Menarini Group Code of Conduct, pursuant to Article 6.1.f and Recital 48 of the GDPR.
The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.
Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.
5. Your Rights
By contacting the Controller at the addresses indicated above you can, at any time, exercise the rights pursuant to Articles 15-22 of the GDPR such as, for example, obtaining an updated list of the individuals who can access your data, obtain confirmation of the existence or otherwise of personal data which relates to you, verify their content, origin, correctness, location (also with reference to any Third Countries ), request a copy, request their rectification and, in the cases provided by the GDPR, request the restriction of their processing, their erasure, oppose to direct contact activities (including limited to some mediums of communication). Likewise, you may always report your observations on specific uses of the data regarding particular personal situations deemed incorrect or unjustified by the existing relationship to the DPO or submit complaints to the Data Protection Authority. You may withdraw your consent at any time - however that shall not impair the lawfulness of the processing carried out before consent withdrawal .