Privacy

Privacy policies

Expand all keyboard_double_arrow_down

Website's Privacy Policy

Pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter the "Regulation"), Centrico S.p.A. (hereinafter the "Company" and/or the "Data Controller"), provides you with the following information regarding the characteristics of the processing it carries out on your personal data.

  1. Who is the Data Controller of your personal data?

    The Data Controller of your personal data is Centrico S.p.A. with headquarters at Piazza Gaudenzio Sella, No. 1, 13900, Biella.

  2. How to contact the Data Protection Officer?

    The Data Protection Officer ("DPO") can be contacted at the following addresses:

    • postal address: Piazza Gaudenzio Sella 1, Biella
    • e-mail address: dpo@sella.it

  3. What are the categories of personal data processed?

    The Company may process the following personal data:

    • data collected through the completion of the form present in the "Get in Touch" section on the website.

      With reference to the processing of your personal data carried out through that form present on the website, please refer to the "Privacy Policy - Spontaneous Sending of Information" linkable through the "Privacy" section available at the bottom of the home page of the website;

    • data collected through the completion of the form present in the "Work with us" section on the website.

      With reference to the processing of your personal data carried out through such form present on the website, please refer to the "Privacy Policy - Recruitment" linkable through the "Privacy" section available at the bottom of the home page of the website;

    • navigation data.

      The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, but is not limited to, IP addresses, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining statistical information on the use of the website and to check its correct functioning. The aforementioned data could also be used to ascertain responsibility in case of computer crimes to the detriment of the website, other connected or related sites;

    • data collected through cookies.

      With reference to the processing of your personal data carried out through cookies and other tracking tools on the website, please refer to the "Cookie policy" linkable through the "Privacy" section available at the bottom of the website home page.

  4. On what legal basis and for what purposes does the Company process your personal data?

    Your personal data is processed by the Data Controller in order to:

    1. enable you to navigate the website;
    2. manage the security of the website, ensure the security of the network, systems and information managed by it;
    3. follow up pre-contractual measures with the Company;
    4. to fulfill any obligations under applicable laws, regulations or EU legislation.

    In relation to purposes a) and c), the legal basis legitimizing the processing is the execution of the contract and/or pre-contractual measures to which you are a party. The provision of your personal data for the aforementioned purposes is necessary because a refusal to do so would not allow the Company to make it possible for you to navigate the website and/or to follow up on any pre-contractual measures in place.

    In relation to purposes b), the legal basis for processing is the Company's legitimate interest in ensuring the security of the network, systems and information it manages as well as in analyzing the level of satisfaction with its website. The provision of your personal data for purpose b) is necessary as a refusal to do so would not allow the Company to make it possible for you to browse the website.

    In relation to purpose d), the legal basis legitimizing the processing is the need for the Company to fulfill a legal obligation. The provision of your personal data for the above purpose is necessary because a refusal to do so would not allow the Company to fulfill its legal obligations.

  5. To whom may your personal data be disclosed?

    Your personal data may be known to the Company's personnel authorized to process them by reason of the performance of their work duties.

    In addition, the Company may disclose your personal data to third parties operating as Data Processors, specifically appointed pursuant to Article 28 of the Regulations, such as by way of example but not limited to service management companies and IT systems.

    Finally, your personal data may be shared with authorities and/or entities that act as autonomous data controllers.

  6. Can your personal data be transferred to countries outside the European Economic Area?

    The transfer of your personal data outside the European Economic Area will take place to third countries for which the European Commission has recognized that they provide an adequate level of protection or where there are adequate safeguards or the specific exceptions provided for in the Regulation.

  7. How long is your personal data kept?

    The Company stores data in a form that allows the identification of data subjects for a period of time necessary to achieve the specific purposes for which they are processed, in compliance with contractual and/or regulatory obligations.

  8. What are your rights?

    We inform you that you, as a data subject, may exercise the following rights with regard to the processing of your personal data:

    1. right of access: right to obtain confirmation from the Data Controller as to whether or not any processing of your personal data is taking place, and if so, to obtain access to the same (provided that this does not infringe the rights of others);
    2. right to rectification: right to obtain from the Controller the rectification of your inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary statement;
    3. right to erasure ("oblivion"): right to obtain from the Data Controller the erasure of your personal data without undue delay. The Company is obliged to proceed with the aforementioned deletion if, by way of example only:
      1. Your personal data are no longer necessary with respect to the purpose of the processing;
      2. Your personal data have been processed unlawfully;
      3. Your personal data must be deleted in order to comply with a legal obligation;
    4. Right to restriction of processing: right to obtain from the Data Controller the restriction of processing. The Company is obliged to proceed with the aforementioned restriction if:
      1. the accuracy of your personal data is disputed (for the period necessary for the Controller to verify the accuracy of such personal data);
      2. the processing is unlawful and you have objected to the deletion of your personal data and requested its limitation;
      3. the personal data (although no longer necessary for the purposes of processing) is needed by you for the establishment, exercise or defense of a legal claim;
      4. checks are being made as to whether the interests of the Company prevail if you have exercised your right to object as set out below;
    5. right to data portability: right to receive in a structured, commonly used and machine-readable format your personal data and to transmit such data to another Data Controller, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
    6. Right to object to processing: for reasons related to your particular situation, you have the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the Controller, except where the Company demonstrates the existence of compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;

    7. right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial remedy, if you consider that the processing operations concerning you are in breach of the Regulation, you have the right to lodge a complaint with the Supervisory Authority of the Member State in which you reside or habitually work, or of the State where the alleged breach has occurred.

      To exercise the above rights, you can submit a request to the following addresses:

      • mailing address: Piazza Gaudenzio Sella, No. 1, 13900, Biella;
      • e-mail addresses: privacy@centrico.tech

    The Company will provide information regarding the action taken regarding the specific request without undue delay and at the latest within one month of its receipt.

    In any case, you can contact the Company and/or the DPO at the above-mentioned addresses should you wish to have more details and/or need clarifications with respect to the processing carried out on your personal data.

    If the exercise of the rights listed above may result in actual and concrete prejudice to the interests protected under the provisions on money laundering, pursuant to Article 2-undecies Privacy Code, the scope of such rights and certain related obligations on the part of the Data Controller, may be limited. In such circumstances, the exercise of the same rights may be delayed, limited or excluded, for such time and to the extent that this constitutes a necessary and proportionate measure. If the conditions are met, a reasoned notice will be sent to you without delay.

    Last updated: 30/04/2024

Cookie Policy

Spontaneous Sending Of Information Policy

Pursuant to Art. 13 of the EU Regulation 2016/679 (hereinafter referred to as the 'Regulation'), we inform you about the characteristics of the processing of your personal data, that you decide to spontaneously send us via the form “Get in touch”. In particular, information is provided here on:

  1. Who is the Data Controller?

    The Data Controller of your personal data corresponds to the Company with which you will be in contact. You will find details of the companies concerned with all the necessary contact information in the table in Article 8).

  2. How can the Data Protection Officer be contacted?

    The Data Protection Officer (hereinafter also referred to as “DPO”) may be contacted in relation to the Company that is processing your personal data and thus acts as Data Controller, at the contact details indicated in the table in Article 8).

  3. What are the categories of personal data being processed?

    The personal data that the Company may process are:

    • data collected the form in the “Get in touch”.

    The optional, explicit and voluntary sending of e-mail to the addresses indicated on this Website entails the subsequent acquisition, by the Company chosen as the addressee, of the sender's address, which is necessary to reply to the request, and any other personal data included in the message. Personal data must be only common data. Should there be any special data and/or data relating to criminal convictions and offences, the Company cannot consider your request.

  4. On what legal basis and for what purposes does the company process your personal data?

    The processing of your personal data is carried out by the Controller in order to respond to your contact request.

    The legal basis legitimising the processing is the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. The provision of your personal data is necessary and a refusal to provide them would not allow the Company to respond to your request.

  5. To whom may your personal data be disclosed?

    Your personal data may be disclosed to the personnel of the Company authorised to the processing by reason of the performance of their work duties.

    The Company may also disclose your personal data to third parties who act as Data Processors, specifically appointed pursuant to Article 28 of the Regulation, such as, by way of example but not limited to, service management companies and IT systems.

    Your personal data may also be shared with authorities and/or entities that act as autonomous data controllers.

  6. Can your personal data be transferred to countries outside the European Economic Area?

    We inform you that the Data Controller doesn't transfer your personal data to countries outside the European Union, unless you voluntarily contact the Company Centrico India Ltd as mentioned in paragraph 1 of this Privacy Policy.

  7. How long are your personal data stored?

    The Company stores the data in a form that allows the identification of the data subjects for as long as is necessary to achieve the specific purposes for which they are processed, in compliance with contractual and/or regulatory obligations.

  8. What are your rights?

    We inform you that you, as an interested party, may exercise the following rights in relation to the processing of your personal data:

    1. right of access: right to obtain from the Data Controllers confirmation as to whether or not any processing of your personal data is taking place and, if so, to obtain access to the same (provided that this does not infringe the rights of others), in accordance with Article 15 of the Regulation;
    2. right of rectification: the right to obtain from the Data Controller the rectification of your inaccurate personal data without undue delay, as well as the integration of your incomplete personal data, also by providing a supplementary declaration;
    3. the right of cancellation ("oblivion"): the right to obtain from Data Controllers the removal of your personal data without undue delay, in accordance with Article 17 of the Regulation and, by way of example but not limited to, if:
      1. your personal data are no longer necessary in relation to the purpose of the processing;
      2. Your personal data have been processed unlawfully;
      3. Your personal data must be deleted in order to comply with a legal obligation;
    4. right to restriction of processing: the right to obtain from Data Controllers the restriction of processing in cases where:
      1. you contest the accuracy of your personal data (for the period necessary for the Data Controllers to verify the accuracy of such personal data);
      2. if the processing is unlawful and you object to the deletion of your personal data and have requested its restriction;
      3. if your personal data (although no longer necessary for the purposes of the processing) is needed by you for the establishment, exercise or defence of a legal claim;
      4. whether the overriding interests of the Data Controller are being verified if you have exercised your right to object as set out below;
    5. the right to data portability: the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit such personal data to another Data Controller, only for cases where the processing is based on consent (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the Regulation) or on contract and only for personal data processed by electronic means;
    6. right to object to processing: on grounds relating to your particular situation, the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the individual Data Controller, unless they can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
    7. right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial remedy, if you consider that the processing operations concerning you are in breach of the Regulation, you have the right to lodge a complaint with the Supervisory Authority of the Member State in which you reside or habitually work, or of the State where the alleged breach has occurred;

    To exercise your rights and for any information regarding the processing of your data, please send your request to the following contacts:

    Controller Registered office e-mail
    Centrico S.p.A. Piazza Gaudenzio Sella n. 1, 13900 Biella (BI) privacy@centrico.tech
    Centrico Selir S.r.l. Str. Basarabiei nr. 55, Bl. A16, sc. 2, Galati privacy@selir.com; DPO@Sella.it
    Centrico India Ltd. Fourth Floor, Block I, Tyche Towers, 2, MGR Salai, Kandanchavadi, Chennai, India, 600096. chennai.info@centrico.tech

    The Company will provide information on the action taken with respect to the specific request without undue delay and at the latest within one month of receipt thereof.

    In any event, you may contact the Company and/or the DPO at the above-mentioned addresses should you require further details and/or need clarification regarding the processing of your personal data.

    Last updated: 31/08/2024

Recruitment Policy

  1. Centrico S.p.A. Recruitment Policy

    Dear Candidate,

    In accordance with Articles 13 and 14 of the EU Regulation 2016/679 (Regulation), we provide you with the following information on the characteristics of the processing carried out on your personal data.

    1. Who is the Personal Data Controller?

      Details of the Personal Data Controllers can be found in the list at the end of this notice (Art. 9).

      We inform you that the companies mentioned in the aforementioned list entered into a co-ownership agreement on January 31, 2024, as provided for by art. 26 of the GDPR, in order to jointly determine modalities and purposes and to carry out in a coordinated manner some phases of the recruitment process within the companies of the Sella group. Specifically, co-ownership processing concerns the sharing of applicant data regarding job advertisements published by at least one company of the Sella group and the comparison of such data in order to assess the opportunity to hire such candidate, including for job positions other than the one to which the candidate has applied, yet relevant to their profile. We inform you that this notice concerns the aforementioned processing carried out under a co-ownership regime and, in general, all processing of personal data concerning the management of your application, some of which is not carried out under a co-ownership regime, as detailed below.

      With regard to the processing of personal data not carried out on a joint basis, the Data Controller is the company to which you have submitted your application (refer to the list in Article 9).

    2. How can the Data Protection Officer be contacted?

      The Data Protection Officer (hereinafter also referred to as “DPO”) of the Controllers can be contacted at the references provided for each Data Protection Officer in the list at the end of this notice (Art. 9).

    3. What are the categories of personal data being processed?

      The personal data that Data Controllers may process in the course of the processing in question are common personal data (such as, for example, personal, contact and contractual data and data revealing the economic situation). We would like to inform you that during the selection phase the Data Controllers may also process data belonging to special categories (also known as "sensitive data").

      Specifically, your special data, which may be processed during the selection process, concern the fact that you may belong to protected categories and the corresponding percentage of disability. Such data are processed within the limits of Article 9(2)(b) of the GDPR, i.e. in order to comply with legal obligations and to exercise the specific rights of the Data Controller or the interested party in the field of labour law and social protection; for this reason, your consent to the processing of such data is not required.

    4. What are the personal data sources?

      Personal data are collected directly by you as the interested party or by other Data Controllers with whom you have come into contact, in compliance with the relevant regulations.

      In addition, personal data may be collected through third parties, such as, for example:

      • The university or institution of higher education attended by you
      • Employment agencies or companies specialising in recruitment and personnel selection to which you are registered or which you have applied for;
      • Employees or collaborators of one of the companies of the Sella Group, should your application have been indicated by them.

      If within this context you directly provide your personal data to the Data Controllers, we would like to point out that such provision is necessary, as a refusal to do so would not allow your possible employment in one of the companies belonging to the Sella Group.

    5. On what legal basis and for what purposes does the company process personal data?

      The processing of your personal data is carried out, on the basis of the execution of pre-contractual measures, in order to follow up your application.

      The processing, therefore, is carried out in compliance with the conditions of lawfulness provided for by the Regulation and is limited to what is necessary for the processing, by the Data Controllers, of activities connected with and necessary for the search and recruitment of personnel to be included in their organisation, in relation to their open positions.

      Following your application, the Data Controllers may use your data to contact you and, on the basis of their legitimate interest, to carry out pre-employment checks on the suitability of the candidate. As part of this processing, the Data Controllers may consult external, private and public databases and search websites where the candidate's profile is visible for professional purposes only. We would like to inform you that the data processing carried out within the framework of these pre-employment checks is for consultation only, therefore the Data Controllers do not keep any data consulted from external databases and websites where the candidate's profile is visible for professional purposes only, and not for private purposes. This type of processing is not carried out on a co-ownership basis.

      Moreover, following your application, the Data Controllers may use your data to contact you and, on the basis of their own legitimate interest, to carry out activities to assess your potential. In fact, the selection process may involve your involvement in cognitive and/or technical interviews, tests and questionnaires to assess your aptitude and professional orientation. This type of processing is carried out on a co-ownership basis. Also on the basis of the co-ownership agreement mentioned in the introduction to this privacy policy, the Data Controllers may process your data in order to evaluate your application for positions open in companies of the Sella Group other than the one to which you have applied, if your profile is relevant to them. This type of processing, therefore, is also carried out on a co-ownership basis.

      Within the limits of the specific purposes indicated above, processing is carried out by means of manual, IT and telematic tools (such as, for example, e-mails or calls). The Data Controllers take appropriate organisational and technical measures to guarantee security and confidentiality.

    6. To whom may your personal data be disclosed?

      Your personal data may be disclosed to the Data Controllers' staff authorised to process them in the performance of their duties.

      The Data Controllers may also communicate your personal data to third parties who act as Data Processors, specifically appointed pursuant to Article 28 of the Regulation.

      In addition, your data may be communicated to the following categories of third parties, for the same purposes expressed in the previous paragraph, including parties who provide assistance and consultancy services for the recruitment of Company's personnel, who act as autonomous Data Controllers:

      • Temporary employment agencies;
      • Employment consultants;
      • Legal or financial consultants;
      • Companies specialising in search and recruitment/headhunting;
      • Companies and consultants specialising in assessment methodologies;
      • Associations specialising in employment guidance activities.

      Finally, your personal data may be shared with authorities and/or entities that also act as autonomous Data Controllers.

    7. Can your personal data be transferred to countries outside the European Economic Area?

      We inform you that the Data Controllers do not transfer your personal data to countries outside the European Union. However, please note that any data transfer outside the European Union can only take place in the presence of one of the guarantees provided by the Regulation in Articles 45 and 46.

    8. How long are your personal data stored?

      The Data Controllers will keep your personal data in a form that allows their identification only for the period of time necessary to achieve the specific purpose of the processing referred to above, in compliance with contractual and/or regulatory obligations.

      In particular, we inform you that your personal data and further data collected during the process may be used and stored for a period of time not exceeding 24 months from their collection or from the last contact, if any. In the event that the recruitment process is successful, resulting in your employment in one of the companies belonging to the Sella Group, your data will be transmitted to the group's internal Managers specifically appointed for the purpose of managing your employment process. On this point, you will be provided with a specific privacy policy containing detailed information on such further processing

    9. What are your rights?

      We inform you that you, as an interested party, may exercise the following rights in relation to the processing of your personal data:

      1. right of access: right to obtain from the Data Controllers confirmation as to whether or not any processing of your personal data is taking place and, if so, to obtain access to the same (provided that this does not infringe the rights of others), in accordance with Article 15 of the Regulation;
      2. right of rectification: the right to obtain from the Data Controller the rectification of your inaccurate personal data without undue delay, as well as the integration of your incomplete personal data, also by providing a supplementary declaration;
      3. the right of cancellation ("oblivion"): the right to obtain from Data Controllers the removal of your personal data without undue delay, in accordance with Article 17 of the Regulation and, by way of example but not limited to, if:
        1. your personal data are no longer necessary in relation to the purpose of the processing;
        2. your personal data have been processed unlawfully;
        3. your personal data must be deleted in order to comply with a legal obligation;
      4. right to restriction of processing: the right to obtain from Data Controllers the restriction of processing in cases where:
        1. you contest the accuracy of your personal data (for the period necessary for the Data Controllers to verify the accuracy of such personal data);
        2. if the processing is unlawful and you object to the deletion of your personal data and have requested its restriction;
        3. if your personal data (although no longer necessary for the purposes of the processing) is needed by you for the establishment, exercise or defence of a legal claim;
        4. whether the overriding interests of the Data Controller are being verified if you have exercised your right to object as set out below;
      5. the right to data portability: the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit such personal data to another Data Controller, only for cases where the processing is based on consent (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the Regulation) or on contract and only for personal data processed by electronic means;
      6. right to object to processing: on grounds relating to your particular situation, the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the individual Data Controller, unless they can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
      7. right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial remedy, if you consider that the processing operations concerning you are in breach of the Regulation, you have the right to lodge a complaint with the Supervisory Authority of the Member State in which you reside or habitually work, or of the State where the alleged breach has occurred;

      Data Controllers will provide information on the action taken with regard to the specific request without undue delay and at the latest within one month of receipt of the request. In order to exercise the above rights, a request may be made to the contact details listed at the end of this notice. Should the exercise of the rights listed above result in an actual and concrete prejudice to the interests protected under the provisions on money laundering, pursuant to Article 2-undecies of the Privacy Code, the scope of such rights and of certain related obligations of the Data Controller may be limited. In such circumstances, the exercise of these rights may be delayed, limited or excluded, for such time and to the extent that this constitutes a necessary and proportionate measure. If the conditions are met, a reasoned notice will be sent without delay.

    LIST OF DATA CONTROLLERS

    Last updated: 31/01/2024

  2. Centrico Selir S.r.l. Recruitment Policy

    Dear Candidate,

    In accordance with Articles 13 and 14 of the EU Regulation 2016/679 (Regulation), we provide you with the following information on the characteristics of the processing carried out on your personal data.

    1. Who is the Personal Data Controller?

      The Data Controller of your personal data is Centrico Selir S.r.l., based in Romania, Galati, str. Garii nr. 59.

    2. How can the Data Protection Officer be contacted?

      The Data Protection Officer (hereinafter also referred to as “DPO”) of the Controller can be contacted at the following references:

      • Postal address of Centrico Selir S.r.l.: Romania, Galati, str. Garii nr. 59
      • email: Privacy@selir.com
    3. What are the categories of personal data being processed?

      The personal data that Data Controller may process in the course of the processing in question are common personal data (such as, for example, personal, contact and contractual data and data revealing the economic situation). We would like to inform you that during the selection phase the Data Controller may also process data belonging to special categories (also known as "sensitive data"). Specifically, your special data, which may be processed during the selection process, concern the fact that you may belong to protected categories and the corresponding percentage of disability. Such data are processed within the limits of Article 9(2)(b) of the GDPR, i.e. in order to comply with legal obligations and to exercise the specific rights of the Data Controller or the interested party in the field of labour law and social protection; for this reason, your consent to the processing of such data is not required.

    4. What are the personal data sources?

      Personal data are collected directly by you as the interested party or by the Data Controller with whom you have come into contact, in compliance with the relevant regulations.

      In addition, personal data may be collected through third parties, such as, for example:

      • The university or institution of higher education attended by you
      • Employment agencies or companies specialising in recruitment and personnel selection to which you are registered or which you have applied for;
      • Employees or collaborators of one of the companies of the Sella Group, should your application have been indicated by them.

      If within this context you directly provide your personal data to the Data Controller, we would like to point out that such provision is necessary, as a refusal to do so would not allow your possible employment in one of the companies belonging to the Sella Group.

    5. On what legal basis and for what purposes does the company process personal data?

      The processing of your personal data is carried out, on the basis of the execution of pre-contractual measures, in order to follow up your application.

      The processing, therefore, is carried out in compliance with the conditions of lawfulness provided for by the Regulation and is limited to what is necessary for the Data Controller to carry out activities connected with and instrumental to the search and selection of personnel to be included in its structure, in relation to its open positions.

      Following your application, the Data Controller may use your data to contact you and, on the basis of its own legitimate interest, to carry out pre-employment checks on the suitability of the candidate. As part of this processing, the Data Controller may consult external, private and public databases and search websites where the candidate's profile is visible for professional purposes only. We would like to inform you that the data processing carried out within the framework of these pre-employment checks is for consultation only, therefore the Data Controller does not keep any data consulted from external databases and websites where the candidate's profile is visible for exclusively professional purposes, and not also private ones.

      Moreover, following your application, the Data Controller may use your data to contact you and, on the basis of its own legitimate interest, to carry out activities to assess your potential. In fact, the selection process may include your involvement in cognitive and/or technical interviews, tests and questionnaires aimed at assessing your aptitude and your professional orientation.

      Within the limits of the specific purposes indicated above, the processing is carried out by means of manual, computerised and telematic tools (such as, for example, e-mails or calls). The Data Controller adopts appropriate organisational and technical measures to guarantee security and confidentiality.

    6. To whom may your personal data be disclosed?

      Your personal data may be disclosed to the Data Controller's staff authorised to process them in the performance of their duties.

      The Data Controller may also communicate your personal data to third parties who act as Data Processors, specifically appointed pursuant to Article 28 of the Regulation.

      In addition, your data may be communicated to the following categories of third parties, for the same purposes expressed in the previous paragraph, including parties who provide assistance and consultancy services for the recruitment of Company's personnel, who act as autonomous Data Controllers:

      • Temporary employment agencies;
      • Employment consultants;
      • Legal or financial consultants;
      • Companies specialising in search and recruitment/headhunting;
      • Companies and consultants specialising in assessment methodologies;
      • Associations specialising in employment guidance activities.

      Your personal data may also be shared with authorities and/or entities that also act as autonomous Data Controllers.

    7. Can your personal data be transferred to countries outside the European Economic Area?

      We inform you that the Data Controller doesn't transfer your personal data to countries outside the European Union. However, please note that any data transfer outside the European Union can only take place in the presence of one of the guarantees provided by the Regulation in Articles 45 and 46.

    8. How long are your personal data stored?

      The Data Controllers will keep your personal data in a form that allows their identification only for the period of time necessary to achieve the specific purpose of the processing referred to above, in compliance with contractual and/or regulatory obligations.

      In particular, we inform you that your personal data and further data collected during the process may be used and stored for a period of time not exceeding 24 months from their collection or from the last contact, if any. In the event that the recruitment process is successful, resulting in your employment in one of the companies belonging to the Sella Group, your data will be transmitted to the group's internal Managers specifically appointed for the purpose of managing your employment process. On this point, you will be provided with a specific privacy policy containing detailed information on such further processing.

    9. What are your rights?

      We inform you that you, as an interested party, may exercise the following rights in relation to the processing of your personal data:

      1. right of access: right to obtain from the Data Controllers confirmation as to whether or not any processing of your personal data is taking place and, if so, to obtain access to the same (provided that this does not infringe the rights of others), in accordance with Article 15 of the Regulation;
      2. right of rectification: the right to obtain from the Data Controller the rectification of your inaccurate personal data without undue delay, as well as the integration of your incomplete personal data, also by providing a supplementary declaration;
      3. the right of cancellation ("oblivion"): the right to obtain from Data Controllers the removal of your personal data without undue delay, in accordance with Article 17 of the Regulation and, by way of example but not limited to, if:
        1. your personal data are no longer necessary in relation to the purpose of the processing;
        2. your personal data have been processed unlawfully
        3. your personal data must be deleted in order to comply with a legal obligation;
      4. right to restriction of processing: the right to obtain from Data Controllers the restriction of processing in cases where:
        1. you contest the accuracy of your personal data (for the period necessary for the Data Controllers to verify the accuracy of such personal data);
        2. if the processing is unlawful and you object to the deletion of your personal data and have requested its restriction;
        3. if your personal data (although no longer necessary for the purposes of the processing) is needed by you for the establishment, exercise or defence of a legal claim;
        4. whether the overriding interests of the Data Controller are being verified if you have exercised your right to object as set out below;
      5. the right to data portability: the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit such personal data to another Data Controller, only for cases where the processing is based on consent (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the Regulation) or on contract and only for personal data processed by electronic means;
      6. right to object to processing: on grounds relating to your particular situation, the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the individual Data Controller, unless they can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
      7. right to lodge a complaint with a Supervisory Authority: without prejudice to any other administrative or judicial remedy, if you consider that the processing operations concerning you are in breach of the Regulation, you have the right to lodge a complaint with the Supervisory Authority of the Member State in which you reside or habitually work, or of the State where the alleged breach has occurred;

    The Data Controller will provide information on the action taken with regard to the specific request without undue delay and at the latest within one month of receipt of the request. In order to exercise the above-mentioned rights, you may submit a request to the addresses listed in Section 2) of this notice.

    Should the exercise of the rights listed above result in an actual and concrete prejudice to the interests protected under the provisions on money laundering, pursuant to Article 2-undecies of the Privacy Code, the scope of such rights and of certain related obligations of the Data Controller may be limited. In such circumstances, the exercise of these rights may be delayed, limited or excluded, for such time and to the extent that this constitutes a necessary and proportionate measure. If the conditions are met, a reasoned notice will be sent without delay.

    Last updated: 31/01/2024