This Privacy Policy refers exclusively to jobs applications made through the website www.bergsmore.com (hereinafter the "Website"). In accordance with the European Regulation on Data Protection [Regulation (EU) 2016/679, hereinafter also "GDPR"] and the relevant Italian legislation (hereinafter, collectively, the "Applicable Law"), this Privacy Policy is provided to the individual who applies for a job offered by the Data Controller directly on the Website (hereinafter, “Job applicant”, or “User”). 

1.       Data Controller and contact details

The Data Controller is BERGS & MORE S.r.l. società tra avvocati, with registered office in V. Bellini, 4 – 35131 Padova (Italia), VAT number and Tax Code IT05388510280, C.R.N. PD-463959, minimum registered capital €50.000,00, hereinafter “Bergs & More”, or also “Data Controller” or “Controller”.

For any clarification, information, or exercise of the rights listed in this Privacy Policy, the User can contact the Data Controller at the following contact details: tel.: +39 049 0991274, e-mail: info@bergsmore.com, PEC: bergsmore@legalmail.it.

1. Personal data subject to processing 

The personal data processed are those provided by the Job applicant (i.e., name, surname, e-mail address, Curriculum Vitae, Cover letter, telephone number, position, and LinkedIn URL) while fulfilling the form “Leave your application” that is available on the “Work with us”/“Careers” section, as well as the personal data contained in the CV that can be uploaded on the above-mentioned section of the Website. 

In order to send the Job application, the Data Controller does not require or ask for personal data that belong to special categories, which mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and/or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 

If the Job applicant autonomously decides to provide personal data that belong to special categories in the CV, he/she must insert a formula similar to the following in order to allow the processing of those data: “I hereby authorize the processing of my personal data belong to special categories present in the curriculum vitae in accordance with Legislative Decree 30 June 2003, n. 196 and of the GDPR (EU Regulation 2016/679)”. 

Please note that the User is not expected or required to register on the Website in order to apply for the job. The Job applicant, therefore, will not have a personal account in which data and information referring to the same will be stored and accessible for consultation and/or modification.

The Data Controller shall process personal data in compliance with the Applicable Law, assuming that they refer to the Job applicant or to third parties who have expressly authorised the Job applicant to provide them or whose personal data the Job applicant was entitled to provide. With respect to these assumptions, the User undertakes to indemnify and hold harmless the Data Controller from any dispute, claim or request for compensation for damage caused by the processing of personal data that may be received from such third parties.

1. Purposes and legal basis of the processing

The personal data of the Job applicant shall be processed for the following purposes:

 

PURPOSES

LEGAL BASIS

Recruiting new personnel in order to satisfy the Controller’s needs. 

The implementation of pre-contractual measures taken at the Job Applicant’s request and/or the contract to which he/she is a party [Article 6, (1)(b) of the GDPR]. 

If the Job applicant autonomously decides to provide in the CV personal data belonging to special categories, the legal basis is the consent that the Job applicant has given to the processing of his or her personal data [Article 9(2)(a) of the GDPR].

Complying with legal obligations to which the Data Controller is bound, included to respond to any requests to exercise the User’s rights as a data subject under current data protection legislation.

The compliance with legal obligations to which the Data Controller is bound [Article 6(1)(c) of the GDPR].

Ascertaining, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.

The legitimate interest of the Data Controller to ascertain, exercise, or defend legal claims or whenever the courts are acting in their judicial capacity [Article 6(1)(f) of the GDPR].

 

1. Consequences of failure to provide personal data

Failure to provide the personal data, in whole or in part, may determine the impossibility to send the job application and, therefore, to participate to the recruiting process.

Consent to the processing of personal data belonging to special categories is always optional and not solicited. These personal data will only be evaluated to verify whether the candidate belongs to any protected categories. Therefore, failure to provide these personal data will have no consequences other than the impossibility of verifying the candidate's belonging of any protected categories.  

1. Methods of personal data processing

Personal data are processed with manual and/or paper-based and/or computer-based and/or telematic instruments and/or supports, in any case in such a way as to guarantee their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out. In particular, the Website functionality is provided on HTTPS encrypted connection and personal data are collected, filed and stored on secure servers, protected by firewalls and physically located within the European Union.

1. Recipients of personal data

The personal data provided by the Job applicant may be shared, for the purposes set out in paragraph 3 above, with:

• employees or other types of collaborators of the company authorized by the Data Controller to process those personal data pursuant to and for the purposes of Article 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code and who have received specific instructions on how to process the data in accordance with the Applicable Law;

• companies, consultants or professionals who may be entrusted with the maintenance and updating of the Website (i.e., web agencies or recruiting agencies) and, in general, management of the Data Controller's hardware and software, including the hosting provider and cloud computing services providers who typically act as data controllers pursuant to and for the purposes of Article 28 of the GDPR;

• entities managing Bergs & More's international offices, who, as independent data controllers, it’s necessary or appropriate to disclose your personal data in order to respond to your application;

• Public Authorities to whom, in their capacity as independent data controllers, it is obligatory to disclose those personal data by virtue of legal provisions or orders of the authorities;

• law firms, associated firms, consultants or professionals (e.g., legal, administrative and/or tax consultancies) who may be appointed to support the Data Controller in order to ensure the correct fulfilment of the legal obligations with which he/she is required to comply; the ascertainment, exercise or defence of a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions. 

7.       Data transfers to countries outside the E.U or international organisations

The Data may be transferred to countries outside the European Economic Area or to international organizations. In such cases, the transfer will take place, alternatively, on the basis of an adequacy decision or the standard contractual clauses (Standard Contracual Clauses or SCC's) approved by the European Commission or, failing that, provided that one of the exceptional situations referred to in Article 49 of the GDPR is met.

For more information on data transfers, the User can contact the Data Controller at the following e-mail addresses: info@bergsmore.com, PEC bergsmore@legalmail.it.

1. Period of retention of personal data

The personal data provided by the Job applicant will be retained for a period not exceeding the fulfilment of the above-mentioned purposes for which they are processed.

With regard to the processing of personal data for the purpose of recruiting new personnel, these data will be kept for a maximum period of 12 months after receipt, unless the employment/collaboration relationship is contracted and consequently retained for the time related to it.  

9.       Rights of the data subject

We inform you that, as the data subject, the Job applicant is entitled:

·    to receive confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information relating to: a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by the Job applicant;

·    to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;

·   to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the Job applicant objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation; 

·    to request and obtain the restriction of processing in the event of: a) contestation of the accuracy of his/her personal data for the time necessary for the Data Controller to carry out the requested verifications; b) unlawful processing of data by the Data Controller, if the Job applicant objects to the deletion of the data and instead requests the restriction of their use; c) ascertainment, exercise or defence of a right of the data subject in court, although the Data Controller no longer needs the data for the purposes of processing; d) awaiting the outcome of the verification as to whether the Data Controller's legitimate reasons prevail over those of the data subject;

·    in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format his/her personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;

·    to object, in whole or in part, on legitimate grounds relating to his/her particular situation, to the processing of personal data concerning the Job applicant, even though they are relevant to the purpose of collection;

·    in cases where the processing of personal data is based on the consent, to withdraw, at any time, the consent given; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal; 

·    to file a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR and Articles 140-bis et seq. of the Italian Privacy Code.

The Data Controller shall inform each of the recipients to whom the personal data of the Job applicant have been transmitted of any rectification, cancellation and/or restriction of processing carried out, except when this proves impossible or involves a disproportionate effort.

1. Ways of exercising rights of data subject

As data subject, the User may exercise the above-mentioned rights at any time by contacting the Data Controller at the contact details listed above. 

If the User wishes to lodge a complaint, he/she may use the forms available on the website of the Italian Data Protection Authority. 

1. Changes to this Privacy Policy

This Privacy Policy may be amended and/or integrated and/or updated periodically, also as a consequence of the updating of the Applicable Law.

In this case, the Data Controller shall inform the Job applicant of any amendments and/or additions and/or updates to this Privacy Policy by publishing the updated version of the Privacy Policy on the Website.