Visit
Convention Bureau
Travel Trade
Schools
Media
Partner + Sponsorship
To do and to seeEventsTerritoryAccommodationWhere to eatPlan your trip
HomeInformation on the processing Personal DataPrivacy notice for job applicants

Privacy notice for job applicants

This privacy notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) – to individuals participating in recruitment and selection procedures for the evaluation of candidates for employment positions.

 

Type and Source of Data

The personal data processed includes:

  • Identification data (name, surname, date and place of birth, address, gender);
  • Contact details (telephone number, email address);
  • Curriculum information (CV, academic qualifications, professional training, certifications, specializations, licences);
  • Any personal data falling under special categories pursuant to Article 9 GDPR (e.g. belonging to protected categories, etc.).

Personal data is provided directly by the data subject through the submission of a curriculum vitae (CV).

 

Purpose and Legal Basis of Processing

The personal data is processed for the following purposes:

  1. Assessment of CVs and candidate selection
    • Legal basis: performance of pre-contractual measures (Art. 6(1)(b) GDPR).
  2. Proposing other job opportunities consistent with the applicant’s professional profile
    • Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).
  3. Managing any disputes or litigation, whether judicial or extrajudicial
    • Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR), specifically for the exercise or defence of legal claims.

The processing of any special category data under Article 9 GDPR is permitted even in the absence of explicit consent, when necessary for the purposes of fulfilling obligations and exercising specific rights in the field of employment, social security and social protection law (Art. 9(2)(b) GDPR).

 

Nature of Data Provision

Providing personal data is not mandatory; however, it is necessary for the proper and efficient management of the application and selection process. Failure to provide such data may wholly or partially compromise the evaluation of the application and the correct execution of the selection process.

 

Data Retention

The Controller retains personal data for the period necessary to achieve the purposes outlined above. Specifically, CVs will be retained for a period of 3 years.

If the candidate is selected and hired, the data provided during the recruitment process may be processed for the duration of the employment relationship and retained thereafter in accordance with applicable legal or administrative retention periods.

 

Data Recipients

Personal data will not be disseminated to unspecified third parties.

Data may be communicated to:

  • Authorized personnel (employees and collaborators) under the authority of the Controller, based on their roles and responsibilities;
  • External entities appointed as Data Processors.

Data may also be disclosed to entities entitled to access it under laws, regulations, or EU provisions.

A complete and updated list of Data Processors is available upon request.

 

Data Transfers

The Data Controller does not transfer personal data to non-EU countries or international organizations. However, the use of cloud services is reserved. In such cases, any transfer of personal data will occur exclusively to providers located in countries recognized as adequate under Article 45 GDPR, or who have adhered to the EU–U.S. Data Privacy Framework, or who provide appropriate safeguards pursuant to Article 46 GDPR.

Further information on such transfers and/or copies of applicable safeguards may be requested from the Data Controller.

 

Data Subject Rights

The data subject may exercise the rights provided under Articles 15 to 22 of the GDPR, including:

  • Confirmation of whether personal data concerning them is being processed and, if so, access to such data (right of access);
  • Rectification of inaccurate or incomplete data (right to rectification);
  • Erasure of personal data (right to erasure), unless retention is required by law or justified by the Controller’s legitimate interest;
  • Restriction of processing (right to restriction);
  • Portability of their data to another controller (right to data portability), applicable only when processing is based on consent or a contract.


The Controller particularly reminds data subjects of their right to object to processing, pursuant to Article 21 GDPR. However, such objection may be rejected where the Controller demonstrates compelling legitimate grounds to continue the processing.


Requests to exercise any of these rights must be addressed to the Controller, clearly stating the subject of the request, the right being exercised, and providing sufficient information for identification (including, for example, a copy of a valid identity document).


Furthermore, the data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

Uffici del Turismo
Tourist Offices

Find out when and where you can find us

Newlsetter
Newsletter

Keep in touch with us

Atp
Mangébin Logo Footer
Residenze Reali Footer
Logo Outdooractive Green White Rgb 1368x360