With this policy notice, the Data Controller, as defined below, aims to provide you with the purposes of collecting and processing your data, which categories of data are processed, what are your rights granted by the data protection legislation and how can be exercised.
Keyless Technologies S.r.l., with registered office in Viale Luca Gaurico 9-11, 00144 - Rome, VAT no. 14880901005 - with a sole shareholder - is the controller of your personal data (the "Data Controller", "Keyless" or the "Company").
The Data Controller can be contacted by e-mail at firstname.lastname@example.org or by regular mail at Keyless Technologies S.r.l., with registered office in Viale Luca Gaurico 9-11, 00144 - Rome.
Keyless has appointed a Data Protection Officer ("DPO") who can be contacted by email at email@example.com.
As part of the recruitment process, the Data Controller collects and processes the data contained within your resume, in particular:
As a rule, in the application evaluation phase, the Company has no interest in acquiring information belonging to particular categories of personal data pursuant to Article 9 of the GDPR (so called "sensitive data"); please do not provide the same. In any case, should the Controller receive your sensitive data, it will refrain from using such information.
However, for the sole purpose of fulfilling its obligations under Law No. 1999/68, as amended, Keyless should process your sensitive data (i.e., information regarding your health) to evaluate applications for positions reserved by law for so-called "protected categories".
The provision of your data and, where applicable, of your sensitive data is entirely voluntary, but if you refuse to provide them, the Data Controller will not be able to evaluate your application.
The data you provide will be processed, specifically, for the purposes described below.
Your data and, where applicable, your sensitive data, will be processed by Keyless in order to evaluate your application with respect to open job positions, including internship, within the Data Controller’s structure.
The processing of your data will be based on the condition of lawfulness set forth in Article 6(1)(b) GDPR, as the processing is necessary for the execution of pre-contractual measures taken at your request. Where applicable, the processing of the special categories of data relating to you will be based on Article 9(2)(b) GDPR, the processing being necessary to fulfill specific obligations in the field of employment and social security and social protection law.
In certain cases, Keyess may process your data to pursue a legitimate interest of its own. In particular, your data may be processed for the development of synergies with companies connected and/or related to Keyless or with its holding company.
These processing operations are based on the lawfulness condition of Article 6(1)(f) GDPR.
The Data Controller may disclose your data to third parties it uses to carry out activities and/or services necessary, functional or otherwise related to the aforementioned purposes.
The aforementioned entities will carry out the processing as data processors pursuant to Article 28, GDPR. The updated list of data processors is kept by the Data Controller and is available for relative consultation.
Finally, the Data Controller may disclose your data to third parties who provide assistance to the Company in the recruitment, evaluation and selection of staff or to other parties to whom the disclosure is required by law, to public administrations, lending institutions through which Keyless operates for payment purposes, as well as outsourced professionals. These entities will process your data as autonomous data controllers.
Keyless may transfer your data to its sole shareholder, whose registered office is in the USA, for the purposes set out in paragraph 2(b) above. This transfer will take place in accordance with the conditions set forth in the data protection laws and is governed by standard contractual clauses adopted by the European Commission.
Any further transfers outside the EU will be governed, depending on the recipients, through the use of standard contractual clauses adopted by the European Commission or, alternatively, on the basis of a Commission adequacy decision and/or any other appropriate safeguards provided by the GDPR.
More information about where the data has been transferred may be obtained by writing to the Data Controller or the DPO at the addresses in paragraph 1.
Your data will be processed by Keyless for the 12 months following the receipt of your resume, unless the previously started selection or evaluation process of your application has not yet been concluded at the end of this period.
Upon reaching the 12-month period after receipt, or upon the negative conclusion of the selection process, whichever is later, your data will be permanently deleted. Should the selection process be successfully completed, an appropriate privacy notice will be provided to you.
During the period in which the Data Controller stores or processes your data, you, as a data subject, may at any time exercise the following rights:
The above rights may be exercised against the Data Controller by writing to the addresses in paragraph 1.
The exercise of your rights as a data subject is free of charge pursuant to and within the limits of Article 12, GDPR.
In the event that the Controller refuses to comply with your requests to exercise the above rights, the reasons for such refusal will be provided. If applicable, you have the right to file a complaint with the Supervisory Authority.