Privacy Policy For Applicants

Dear Applicant,

The laws on the processing of personal data (specifically EU Regulation 2016/679, hereafter “GDPR”) require us to provide the following information on the processing of personal data, in order to consider your application as a potential resource for the firm.
The processing personal data refers to any operation concerning any “information related to an identifiable or identified natural person”: your name, your address, your email, etc. (hereafter the “Processing”).
According to privacy regulations:

• the Firm is the “Controller”, as it determines how and for what purposes to process the personal data you provide in the context of the application;
• you, as natural person the data refers to, are the “Data Subject”.

Who are we (Controller)?

IPG (Tax ID e VAT no. 12074170015), with registered office in Torino, Galleria San Federico 16 (the “Firm”), email info@ipglex.it

What categories of personal data do we process?

Regular personal data (e.g. name, surname, tax code, phone numbers, physical addresses, email addresses, etc.); depending on the application content, we might also process “Special Categories of Data”, meaning information that, according to Art. 9 GDPR, reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data or data concerning sexual orientation.

What is the source of personal data?

Depending on the case, data might come directly from the candidate via spontaneous application through our channels (e.g. email or the firm’s website), through third-party portals (e.g. LinkedIn) or other direct contact tools (e.g. regular mail, hand delivery).
If the application is received through a third-party portal, we advise the candidate to also check the privacy policy of that portal, which is not covered by this information.
Applications might also be provided by a third party (e.g. training school or database purchased from third parties) to whom the candidate has given consent. In this case, the firm will process the candidate's personal data after ensuring that consent has been validly obtained from third parties.

Why do we process personal data (“Purpose”) and on what legal basis (“Legal Basis”) for each data category?

To whom do we disclose Personal Data (Categories of Recipients)?

To the following categories of entities, to the minimum extent necessary to achieve each Purpose, based on applicable regulations or a contract with the Data Controller:

1. Entities required for executing activities connected to and resulting from application management (e.g. IT service providers, banks, insurers, shippers, accountants, tax consultants, labour consultants, legal advisors, recruitment consultants, staffing agencies, etc.) acting as Data Processors or as independent Data Controllers;
2. Authorized entities, bound by confidentiality or legally obliged to confidentiality (e.g. our employees, professionals, recruitment consultants, etc.);
3. Public organizations and authorities, if and to the extent required by applicable regulations or their orders, or for asserting, enforcing, and/or defending a right in court.

We do not disseminate personal data unless required by law by authorities, information and security bodies, or other public entities for defence or state security purposes or for preventing, detecting, or suppressing crimes.

How long do we retain personal data?

The maximum retention period for personal data will not exceed six months after the end of the selection process. If the selection is successful and results in a professional or subordinate working relationship with the firm, the dedicated privacy policy will apply.

Do we transfer personal data outside the European Union or to international organizations?

It could happen, but only towards entities (Third Countries and/or international organizations) for which there is a European Commission adequacy decision, or based on one of the other safeguards set out in Chapter V of the GDPR.

Is the candidate obliged to communicate personal data? What happens if the candidate refuses?

We won't be able to consider the application or manage the selection process. Refusing to provide Special Categories of Data, when not essential for potentially establishing an employment relationship, has no consequences. If the application contains Special Categories of Data, the candidate might be asked to give explicit consent for their Processing.

What rights does the Data Subject have?

1. Access personal data in our possession and request a copy;
2. Ask for the rectification of possibly incomplete or incorrect personal data;
3. Request deletion when criteria are met;
4. Request processing limitation when criteria are met;
5. Oppose processing based on public interest, for reasons related to one's specific situation;
6. Request data portability when criteria are met and technically feasible;
7. Request a list of data processors, accompanied by useful identification data;
8. File a complaint with the Data Protection Authority (in Italy, www.garanteprivacy.it) or the Supervisory Authority of the EU State where one usually lives, works, or where the presumed violation of personal data rights occurred.

Contacts in case of questions/doubts about data processing, and for exercising rights

Candidates can contact the firm at the addresses provided in this policy.

This policy is effective from October 2023; we reserve the right to modify its content, partially or entirely, also due to changes in privacy regulations; we will publish the updated version, which will be binding from that moment, on our website.

The Data Controller does not intentionally collect information about individuals under sixteen years of age. If information about minors is recorded, it will be promptly deleted upon the request of the Data Subject or the person exercising authority over them.