Privacy Policy Job Applicants

With this policy notice, the Data Controller, as defined below, aims to provide you with the purposes of collecting and processing your data, which categories of data are processed, what are your rights granted by the data protection legislation and how can be exercised.

1. Data Controller and DPO

   Keyless Technologies S.r.l., with registered office in Viale Luca Gaurico 9-11, 00144 - Rome, VAT no. 14880901005 - with a sole shareholder - is the controller of your personal data (the "Data Controller", "Keyless" or the "Company").

   The Data Controller can be contacted by e-mail at gdpr@keyless.it or by regular mail at Keyless Technologies S.r.l., with registered office in Viale Luca Gaurico 9-11, 00144 - Rome.

   Keyless has appointed a Data Protection Officer ("DPO") who can be contacted by email at dpo@e-lex.it.

2. Categories of data, purposes and legal basis for the processing

   As part of the recruitment process, the Data Controller collects and processes the data contained within your resume, in particular:

   • identifying personal data (e.g., first name, last name, date of birth);
   • contact data, such as home address, e-mail address, telephone number;
   • educational qualification, previous work experience;
   • in general, any other information strictly necessary for the evaluation of your profile, that will be provided during the selection process.

   As a rule, in the application evaluation phase, the Company has no interest in acquiring information belonging to particular categories of personal data pursuant to Article 9 of the GDPR (so called "sensitive data"); please do not provide the same. In any case, should the Controller receive your sensitive data, it will refrain from using such information.

   However, for the sole purpose of fulfilling its obligations under Law No. 1999/68, as amended, Keyless should process your sensitive data (i.e., information regarding your health) to evaluate applications for positions reserved by law for so-called "protected categories".

   The provision of your data and, where applicable, of your sensitive data is entirely voluntary, but if you refuse to provide them, the Data Controller will not be able to evaluate your application.

   The data you provide will be processed, specifically, for the purposes described below.

   1. Application screening

      Your data and, where applicable, your sensitive data, will be processed by Keyless in order to evaluate your application with respect to open job positions, including internship, within the Data Controller’s structure.

      The processing of your data will be based on the condition of lawfulness set forth in Article 6(1)(b) GDPR, as the processing is necessary for the execution of pre-contractual measures taken at your request. Where applicable, the processing of the special categories of data relating to you will be based on Article 9(2)(b) GDPR, the processing being necessary to fulfill specific obligations in the field of employment and social security and social protection law.

   2. Legitimate interest

      In certain cases, Keyess may process your data to pursue a legitimate interest of its own. In particular, your data may be processed for the development of synergies with companies connected and/or related to Keyless or with its holding company.

      These processing operations are based on the lawfulness condition of Article 6(1)(f) GDPR.

3. Categories of recipients of personal data

   The Data Controller may disclose your data to third parties it uses to carry out activities and/or services necessary, functional or otherwise related to the aforementioned purposes.

   The aforementioned entities will carry out the processing as data processors pursuant to Article 28, GDPR. The updated list of data processors is kept by the Data Controller and is available for relative consultation.

   Finally, the Data Controller may disclose your data to third parties who provide assistance to the Company in the recruitment, evaluation and selection of staff or to other parties to whom the disclosure is required by law, to public administrations, lending institutions through which Keyless operates for payment purposes, as well as outsourced professionals. These entities will process your data as autonomous data controllers.

4. Transfer of personal data to third country

   Keyless may transfer your data to its sole shareholder, whose registered office is in the USA, for the purposes set out in paragraph 2(b) above. This transfer will take place in accordance with the conditions set forth in the data protection laws and is governed by standard contractual clauses adopted by the European Commission.

   Any further transfers outside the EU will be governed, depending on the recipients, through the use of standard contractual clauses adopted by the European Commission or, alternatively, on the basis of a Commission adequacy decision and/or any other appropriate safeguards provided by the GDPR.

   More information about where the data has been transferred may be obtained by writing to the Data Controller or the DPO at the addresses in paragraph 1.

5. Data retention period

   Your data will be processed by Keyless for the 12 months following the receipt of your resume, unless the previously started selection or evaluation process of your application has not yet been concluded at the end of this period.

   Upon reaching the 12-month period after receipt, or upon the negative conclusion of the selection process, whichever is later, your data will be permanently deleted. Should the selection process be successfully completed, an appropriate privacy notice will be provided to you.

6. Data subjects’ rights

   During the period in which the Data Controller stores or processes your data, you, as a data subject, may at any time exercise the following rights:

   • Right of access - you have the right to obtain confirmation as to whether or not data relating to your data is being processed, as well as, where applicable, the right to receive any information relating to such processing;
   • Right to rectification - You have the right to obtain rectification of your data held by the Data Controller, if the data is incomplete or inaccurate;
   • Right to erasure - under certain circumstances, you have the right to obtain the erasure of your data held within the Data Controller’s archives if it is no longer necessary for the achievement of the purpose of processing or to fulfill a legal obligation to which the Data Controller is subject or for the establishment, exercise or defense of a right of yours in court;
   • Right to restriction of processing - upon the occurrence of certain conditions, you have the right to obtain the restriction of processing concerning your data;
   • Right to portability - upon the occurrence of certain circumstances, you have the right to obtain the transmission of your data held by the Data Controller in favor of a different controller;
   • Right to object - you have the right to object, at any time on grounds relating to your particular situation, to the processing of your data based on the lawful condition of legitimate interest or the performance of a task carried out in the public interest or the exercise of official authority, including profiling, unless there are legitimate grounds for the Data Controller to continue the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

   The above rights may be exercised against the Data Controller by writing to the addresses in paragraph 1.

   The exercise of your rights as a data subject is free of charge pursuant to and within the limits of Article 12, GDPR.

   In the event that the Controller refuses to comply with your requests to exercise the above rights, the reasons for such refusal will be provided. If applicable, you have the right to file a complaint with the Supervisory Authority.