PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA FOR UNSOLICITED APPLICATIONS AND APPLICATIONS

Information on the Processing of Personal Data pursuant to Articles 13 and 14 of EU Regulation 679/2016 (GDPR)

This privacy notice applies to unsolicited applications and applications for open positions submitted through the Myworkdayjobs.com platform (hereinafter the “platform”).

Zenita Group is an industrial group operating in the information technology sector through its parent company, Maticmind S.p.A., or its subsidiaries (hereinafter referred to as “Zenita Group”). The Zenita Group brand is owned by Maticmind S.p.A.

Through the platform, you can submit unsolicited applications (“Become a #Zeniter”) or apply for specific job openings at one of the Zenita Group companies.

For the purposes of this privacy notice regarding the processing of personal data (hereinafter the “Notice”), Maticmind S.p.A. and the Zenita Group company to which you are applying, represented by their current Legal Representatives, will act as Joint Controllers pursuant to Article 26 of the GDPR (hereinafter “Controller”) for the personal data you provide through the platform.

You can view the complete and up-to-date list of companies belonging to the Zenita Group by visiting www.zenitagroup.com and going to the “Our Companies” section.

1. CONTACT INFORMATION FOR THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER

1.1 Data Controller: Maticmind S.p.A. (also on behalf of Zenita Group companies). Registered office: Centro MAC6, Via Bracco 6, 20159 Milan (MI)
Email: info@maticmind.it, privacy@maticmind.it
Phone: +39 0227426456
Fax: +39 022500370

1.2 DPO (Data Protection Officer): Email: dpo@maticmind.it

2. PURPOSES AND METHODS OF DATA PROCESSING

2.1 The processing carried out by the Data Controller is intended to manage Candidates’ personal data, to carry out activities related to recruitment and onboarding, and to manage their resumes. The personal data collected may be provided directly by the Candidate or gathered during the evaluation and selection process itself.

2.2 The processing of personal data is carried out for the purpose of evaluating the candidate during the selection process (Art. 88, Par. 2 of the Regulation) and is conducted in accordance with and within the limits established by the provisions referred to in Art. 113 of Legislative Decree 196/2003 “Privacy Code,” as amended by Legislative Decree 101/2018 and EU Regulation No. 679/2016, in accordance with principles of fairness and lawfulness and in a manner that ensures security and confidentiality.

2.3 The Data Subject is hereby informed that:

  • The information collected may be processed by Maticmind itself or by one or more companies within the Zenita Group;
  • The Data Controller may consider the candidate’s suitability for other open positions within its own organization or at other companies in the Zenita Group;

2.4 Data processing is carried out using both manual and computerized methods, with organizational and processing procedures strictly related to the purposes for which the data is collected, and in any case in a manner that ensures the confidentiality, integrity, and availability of the data, in compliance with the technical, organizational, physical, and logical measures required by applicable regulations and internal procedures.

2.5 Personal data processed electronically is stored in the Data Controller’s data centers or in cloud-based systems; these systems are located within the European Economic Area. Personal data processed manually is stored at Maticmind’s offices or at the offices of Zenita Group companies located in Italy and, for staff working at European branches, at the branch’s own premises.

2.6 It is understood, in any case, that the Data Controller, should it become necessary, has the right to transfer personal data outside the EU. In such a case, the Data Controller hereby guarantees that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the conclusion of the standard contractual clauses provided for by the European Union.

3. TYPES OF DATA PROCESSED

3.1 The personal data processed for the purposes described above pertain to the resume submitted and are strictly relevant to and limited to the evaluation of the candidate within the overall selection process. By way of example, but not limited to, the following data will be collected:

  • Username;
  • first and last name;
  • phone numbers and email addresses;
  • place of residence and/or domicile;
  • information included in the resume, such as: photographs, qualifications, work experience, education, and academic credentials;
  • whether the candidate belongs to a protected category (if the candidate indicates that they are registered with these mandatory employment placement lists).

4. LEGAL BASIS FOR DATA PROCESSING AND WHETHER THE PROVISION OF DATA IS MANDATORY OR VOLUNTARY

4.1 The processing of personal data for the purposes described above is based on the data subject’s consent (Article 6(1)(a) of the Regulation).

4.2 The data subject’s consent to the provision of their personal data is optional. Any refusal to provide such data or to consent to its processing will make it impossible for the Data Controller to manage the application and selection process.

5. Duration of Treatment

5.1 The data collected for the purposes described above will be retained by the Data Controller for the period strictly necessary to achieve those purposes.

5.2 However, the Data Controller may continue to retain such data for a period not exceeding 5 years, provided that this is in compliance with applicable law.

6. PARTIES TO WHOM DATA MAY BE DISCLOSED AND SCOPE OF DISCLOSURE

6.1 Personal data collected for the purposes described above will not be disclosed, but may be shared with employees and contractors of the Data Controller who are responsible for processing such data, as well as with Zenita Group companies involved in the selection process.

6.2 Such data may also be disclosed to third parties who perform activities on behalf of the Data Controller in their capacity as external data processors, in compliance with the provisions of the Regulation.

7. RIGHTS OF THE DATA SUBJECT

7.1 The data subject has the right to exercise the rights set forth in Articles 15 through 21 of the Regulation, specifically:

  1. to obtain confirmation as to whether or not personal data concerning him or her are being processed, as well as the logic and purposes on which the processing is based;
  2. to have data processed in violation of the law erased, anonymized, or blocked;
  3. to have your data updated or corrected if it is inaccurate; or, if you so wish, to have incomplete data supplemented or the use of your data restricted;
  4. to obtain confirmation that the actions referred to in points 2) and 3) have been brought to the attention of those to whom the data have been disclosed or disseminated, unless this proves impossible or involves a clearly disproportionate effort compared to the right being protected;
  5. to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning him or her, even if such data is relevant to the purpose for which it was collected;
  6. to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller, as well as to have the data transmitted directly from one data controller to another, where technically feasible (data portability);
  7. withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to withdrawal;
  8. file a complaint with a supervisory authority.

7.2 The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed. The Data Controller shall provide a copy of the personal data being processed; if the data subject requests additional copies, the Data Controller may charge a reasonable fee based on administrative costs.

7.3 In addition to the rights listed above, the Data Subject, in accordance with Articles 77 and 79 of the Regulation, has the right to lodge a complaint with the Data Protection Authority if they believe that their data is being processed in a manner that does not comply with applicable law, or to bring the matter before the competent courts.

7.4 The Data Subject may exercise the rights described above or obtain further information regarding the Company’s use of their personal data. To exercise their rights, the Data Subject may contact the Data Controller and/or the DPO; see Section 1, “Contact Information for the Data Controller and the DPO.”

8. NOTIFICATION TO THE DATA SUBJECT

8.1 Pursuant to Provision No. 146/2019 of the Italian Data Protection Authority setting forth the “Requirements regarding the processing of special categories of data,” communications to the data subject regarding data falling within these categories will be made using personalized forms of communication, including electronic means, directed to the data subject or their representative, including through authorized personnel. If such data is transmitted using paper documents, the transmission shall take place in a sealed envelope, with receipt confirmed by a signed acknowledgment.

8.2 In the event of a personal data breach, and if such a breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall notify the data subject without undue delay, in accordance with Article 34 of the Regulation. Such notification is not required if the Data Controller has implemented appropriate technical and organizational protection measures or if the notification would require disproportionate effort.

PRIVACY NOTICE REGARDING UNSOLICITED APPLICATIONS AND APPLICATIONS FOR OPEN POSITIONS

Privacy Notice pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

This Privacy Notice applies to unsolicited applications and applications submitted for open positions through the Myworkdayjobs.com platform (hereinafter, the “Platform”).

The Zenita Group is an industrial group operating in the information technology sector through its parent company, Maticmind S.p.A., and its subsidiaries (hereinafter collectively referred to as “Zenita Group”). The Zenita Group brand is owned by Maticmind S.p.A.

Through the Platform, you can submit both unsolicited applications (“Become a #Zeniter”) and applications in response to job postings for specific positions within one of the companies in the Zenita Group.

For the purposes of this Privacy Notice (hereinafter, the “Notice”), Maticmind S.p.A. and the Zenita Group company to which you submit your application, each acting through their respective legal representatives at the time, will act as Joint Controllers pursuant to Article 26 of the GDPR (hereinafter, the “Controller(s)”) with regard to the personal data you provide through the Platform.

The complete and up-to-date list of companies belonging to the Zenita Group can be found on the website www.zenitagroup.com in the “The Companies” section.

1. DATA CONTROLLER AND DPO CONTACT INFORMATION

1.1 Data Controller: Maticmind S.p.A. (also on behalf of Zenita Group companies). Headquarters: Centro MAC6, Via Bracco 6, 20159 Milan (MI) – Italy
Email: info@maticmind.it, privacy@maticmind.it
Phone: +39 0227426456
Fax: +39 022500370

1.2 DPO (Data Protection Officer): Email: dpo@maticmind.it

2. PURPOSES AND METHODS OF PROCESSING

2.1 The processing carried out by the Data Controller is intended to manage the personal data of applicants, handle recruitment-related activities and job placement processes, and manage the relevant resumes. The personal data collected may be provided directly by the applicant or collected during the evaluation and selection process itself.

2.2 The processing of personal data is carried out for the purpose of evaluating the candidate as part of the recruitment process (Article 88(2) of the GDPR) and is performed in compliance with, and within the limits set by, the provisions referred to in Article 113 of Legislative Decree No. 196/2003 (the “Italian Data Protection Code”), as amended by Legislative Decree No. 101/2018 and Regulation (EU) 2016/679, in accordance with the principles of lawfulness and fairness, and in a manner that ensures the security and confidentiality of the personal data.

2.3 The data subject is hereby informed that:

  • The information collected may be processed by Maticmind and/or by one or more companies within the Zenita Group;
  • the Controller may assess the candidate’s suitability for other open positions within the company or at other companies in the Zenita Group;

2.4 The processing is carried out using both manual and automated means, with organizational and processing procedures strictly aligned with the stated purposes, and in any case in a manner that ensures the confidentiality, integrity, and availability of the personal data, in compliance with the technical, organizational, physical, and logical measures required by applicable laws and internal procedures.

2.5 Personal data processed by automated means are stored in the Controller’s data processing centers (data centers) or in cloud-based systems located within the European Economic Area (EEA). Personal data processed by non-automated means are stored at the premises of Maticmind or Zenita Group companies located in Italy and, for personnel working at European branches, at the premises of the relevant branch.

2.6 It is understood, in any event, that the Data Controller reserves the right, where necessary, to transfer personal data outside the European Union. In such a case, the Data Controller hereby ensures that any transfer of personal data outside the EU will be carried out in compliance with applicable legal provisions, including, where required, the implementation of the Standard Contractual Clauses adopted by the European Commission.

3. CATEGORIES OF PERSONAL DATA PROCESSED

3.1 The personal data processed for the purposes described above pertains to the submitted resume and is strictly relevant to and limited to the evaluation of the candidate within the overall recruitment process. By way of example, but not limited to, the following data will be collected:

  • Username;
  • first name and last name;
  • phone numbers and email addresses;
  • place of residence and/or domicile;
  • information contained in a resume, such as photographs, qualifications, professional experience, education, and academic degrees;
  • membership in protected categories (where the candidate discloses enrollment in mandatory employment registries).

4. LEGAL BASIS

4.1 The processing of personal data for the purposes described above is based on the data subject’s consent (Article 6(1)(a) of the Regulation).

4.2 The provision of personal data by the data subject is optional. However, any refusal to provide such data or to consent to its processing will result in the controller being unable to manage the application and recruitment process.

5. DATA RETENTION PERIOD

5.1 Data collected for the purposes described above will be retained by the Controller for the period strictly necessary to achieve the purposes for which it was collected.

5.2 However, the Controller may continue to retain such data for a period not exceeding 5 years, in accordance with applicable law.

6. Recipients of Personal Data and Disclosure of Data

6.1 Personal data processed for the purposes described above will not be disclosed. However, it may be shared with employees and contractors of the Data Controller who are authorized to process personal data, as well as with Zenita Group companies involved in the recruitment process.

6.2 Such data may also be disclosed to third parties who perform activities on behalf of the Controller as data processors, in accordance with the requirements of the Regulation.

7. DATA SUBJECT’S RIGHTS

7.1 The Data Subject may exercise the rights set forth in Articles 15 through 21 of the Regulation, including, in particular, the right to:

  1. obtain confirmation as to whether or not personal data concerning them are being processed, as well as information on the logic and purposes underlying the processing;
  2. obtain the erasure, anonymization, or restriction of personal data processed unlawfully;
  3. obtain the rectification of inaccurate data and, where applicable, the completion of incomplete data, or the restriction of processing;
  4. obtain confirmation that the actions referred to in points 2) and 3) have been notified to those to whom the data were communicated or disclosed, unless such a requirement proves impossible or involves a disproportionate effort;
  5. object, in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if such data is relevant to the purpose for which it was collected;
  6. receive personal data concerning them, provided to a controller, in a structured, commonly used, and machine-readable format, and transmit that data to another controller, and obtain the direct transmission of data from one controller to another, where technically feasible (data portability);
  7. withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal;
  8. file a complaint with a supervisory authority.

7.2 The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. The controller shall provide a copy of the personal data undergoing processing; for any additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

7.3 In addition to the above rights, pursuant to Articles 77 and 79 of the Regulation, the data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if they believe that their personal data are being processed in a manner that does not comply with applicable law, or to bring legal proceedings before the competent courts.

7.4 The Data Subject may exercise the rights listed above or obtain further information regarding the use of their personal data by contacting the Data Controller and/or the DPO. Please refer to Section 1 (“Data Controller and DPO Contact Details”).

8. NOTIFICATION TO THE DATA SUBJECT

8.1 Pursuant to Provision No. 146/2019 of the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) regarding the “Requirements related to the processing of special categories of personal data,” communications to the data subject concerning such data shall be carried out using individualized means of communication, including electronic means, addressed to the data subject or their authorized representative, including through authorized personnel. Where such data are transmitted in paper format, transmission shall take place in a sealed envelope, with proof of receipt obtained through signature.

8.2 In the event of a personal data breach, and where such breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall notify the Data Subject without undue delay, in accordance with Article 34 of the Regulation. Such notification is not required where the Controller has implemented appropriate technical and organizational protection measures, or where notification would involve a disproportionate effort.

Click here to view the External Career Sites Powered by Workday – Cookie Details