PRIVACY POLICY STATEMENT
AS Roma SpA, with registered headquarters at Piazzale Dino Viola 1, 00128 Roma (RM), Tax Code and VAT no. 01180281006, as data controller (hereinafter “Controller”), informs you, pursuant to EU Regulation 679/2016 (“GDPR”) and to the legislation, including national regulations, concerning the protection of personal data currently in force (“Privacy Legislation”), that your data will be processed in the following manner and for the following purposes:
- Nature of data processed
The Controller processes personal identifying data which is non-sensitive and not of a special protected type (specifically: first name, surname, e-mail, telephone number, IP address, etc. – hereafter “Data” or “Personal Data”) provided by you upon registering on the “Careers” section of the website https://asroma.altamiraweb.com/privacy (hereinafter “the Site”).
- Purpose and legal grounds for data processing
-
Your Data is processed, without requiring your prior consent, for the following service-related purposes:
-
To implement the contract or fulfil pre-contractual requirements, specifically:
- to ensure your participation in the job selection for which you have submitted your application;
- to guarantee the correct implementation of the process of employee selection (e.g. the management and evaluation of applications);
- to contact you in order to invite you to a job interview;
- to contact you in order to communicate the results of the application evaluation processes;
- to ensure the fulfilment of any pre-contractual and contractual requirements necessary for the purpose of establishing an employer-employee relationship;
- to store your CV in the appropriate database, for the purpose of evaluating it in view of other future positions that may interest you, and which are a fit for your experience and professional qualifications;
-
To pursue the Controller's legitimate interests, specifically:
- to include your application in the statistical analyses that we are conducting regarding the selection process;
- to prevent or uncover fraudulent activity or abuse that may be harmful to the Site;
- to fulfil the obligations set out by any law, regulation, community standard or order by the relevant authority;
- to exercise the Controller's rights, such as the right to legal defense.
- Modes of processing
The processing of your Data is undertaken – via electronic means – by the operations of collection, recording, updating, organization, preservation, consultation, elaboration, modification, selection, extraction, comparison, use, interlinking, blocking, erasure and destruction of the Data.
- Data retention
The Controller will process your Data for the time necessary to meet your requests and fulfil the purposes set out above, and, in any case, for a period of:
Purpose of data processing | Maximum data processing duration |
End goal of employee selection | 24 Months |
- Access to data
Your Data may be accessed for the abovementioned purposes by:
- the Controller's employees and/or collaborators, in their capacity as persons responsible for processing and/or internal data processing managers and/or system administrators;
- third-party companies or other parties (e.g. website providers, suppliers, hardware and software technicians, professional firms, etc.) which perform outsourced activities on behalf of the Controller, in their capacity as external data processors.
- Data disclosure
Your Data may be disclosed, even without your consent, for the purposes mentioned above, to oversight authorities, the police or the judiciary, who will process it, upon their own express request, as autonomous data controllers for institutional purposes and/or as required by law during the course of investigations and oversight activities.
- Data transmission and storage location
The Data will not be disclosed nor transferred to countries outside the EU. Personal data will be stored and managed on servers located within the European Union. It is, however, understood that the Controller shall, whenever necessary, retain the right to communicate/transfer the data outside the EU and/or change the location of the servers in the European Union and/or in non-EU countries. In such a case, to ensure an adequate level of protection of the Personal Data, the transfer of the data to non-EU countries will be undertaken on the basis of a request for consent by the interested party, and in accordance with the standards approved by the European Commission, i.e. the Controller shall adopt the Standard Contractual Clauses drawn up by the European Commission.
- Data submission
Data submission is a prerequisite for the processing of your Data by the Controller for service-related purposes and for selection purposes. Should you decide to not submit your Data, we will be unable to ensure your participation in the selection process and will be unable to offer our services to you. Submitting your data is optional for the other processing purposes, i.e. for marketing and profiling purposes. In case you decide to not submit your Data, you will not be able to receive our commercial communications.
- Rights of interested parties
As an interested party, the Controller informs you that, with the exception of cases when legal limitations apply, you have the right to:
- obtain confirmation of the existence or non-existence of your Personal Data, even if not yet recorded, and have such data be made available to you in an intelligible form;
- receive and, where applicable, obtain a copy of information regarding: a) the origin and type of the Personal Data; b) the logic involved, in case of processing using electronic tools; c) the purposes and modes of processing; d) identifying information of the Data Controller and managers; e) the subjects or categories of subjects to whom the Personal Data may be communicated or who may come into contact with it, particularly if these are recipients located in third countries or international organizations; f) when possible, the data retention period or the criteria used to determine that period; g) the existence of an automated decision-making process, and, if this is the case, the logic involved, its significance and the consequences envisaged for the person concerned; h) the existence of adequate safeguards in the event of the transfer of the Data to a non-EU country or to an international organization;
- obtain, without undue delay, the updating and correction of inaccurate Data or, if you so require, the completion of incomplete Data;
- obtain the erasure, blocking or transformation into anonymous form, whenever possible, of Data in the following cases: a) it was processed unlawfully; b) it is no longer required for the purposes for which it was collected or subsequently processed; c) in case of the withdrawal of the consent on which the processing is based, and if there is no other legal basis for it; d) in the event you have objected to the processing and there is no prevailing legitimate justification for its continuance; e) if required to comply with a legal obligation; f) in the case of Data pertaining to minors. The Controller may refuse to erase the Data only in the following cases: a) the exercise of the right to freedom of expression and information; b) compliance with a legal obligation, the performance of a task carried out in the public interest or the exercise of public powers; c) public health reasons; d) archiving in the public interest, for scientific or historical research, or for statistical purposes; e) the exercise of a right in connection with a legal claim;
- have limits applied to the processing in the following cases: a) a dispute concerning the accuracy of the Personal Data; b) illegal processing by the Controller to prevent erasure; c) exercise of a right in connection with a legal claim; d) pending the verification whether the Controller's legitimate grounds take precedence over those of the interested party;
- receive, in the event that the processing is being carried out by automatic means, without impediment and in a structured, commonly used and readable format, the Personal Data relating to you, in order to transfer it to another Controller or – if technically feasible – to obtain the direct transmission of the Data from the Controller to another Controller;
- object, in whole or in part: a) on legitimate grounds, to the processing of your Personal Data, even if it is relevant for the purposes for which it is being collected; b) to the processing of your Personal Data for purposes of sending advertising or direct sales materials, or for carrying out market research or commercial communications, through automated calling systems not involving an operator, via e-mail and/or through traditional marketing channels via phone and/or mail;
- submit a complaint to the Data Protection Authority.
In the above cases, whenever necessary, the Controller will advise any third parties with whom your Personal Data has been shared regarding any exercise of rights by you, except in specific cases (i.e. when this proves impossible, or involves an effort that would be manifestly disproportionate to the right protected).
- Procedures for the exercise of the rights
You may exercise these rights at any time by:
- sending a register letter with delivery confirmation to the Controller's address;
- sending an e-mail to Federica.Bafaro@asroma.it;
- calling the telephone number 06 50191334;
- Data Controller and Data Processor
The Data Controller is AS Roma SpA
The internal data processing manager is:
The External Data Processor for the "Careers" platform is ALTAMIRA S.R.L., with registered headquarters at 1 Via G. Marradi, 20123 Milan.
The list of internal and outsourced External Data Processors, as well as that of system administrators, is available at the registered headquarters of the Controller at Piazzale Dino Viola 1, 00128 Roma (RM).
AS Roma SpA