VWe would like to inform you that, starting from May 25, 2018, the regulation on the protection of individuals and the processing of personal data as well as the free movement of such data GDPR came into force and will be applied by all European Union states. In this context, our company is committed to protecting and respecting the confidentiality of your personal data.

If, after reading this policy, you send us your data (in the form of a Curriculum Vitae) through one of the multiple channels provided, it means that you have been informed based on art. 13 of regulation 2016/679 of the European Parliament and of the Council / April 27, 2016, that we will collect and process your personal data (name, email address, telephone number, home address, etc.) for the purpose of carrying out the recruitment and selection process initiated by the company representatives and that you have given your consent for them.

We emphasize that we will use this data only for the purpose for which it was requested, namely to complete the recruitment process. In this regard, based on the data and information that you voluntarily provide us and for which we have your consent to analyze, we aim to determine whether or not you are a suitable candidate for the vacant positions within the company, as well as to contact you with a proposal, in order to set up an interview or in order to request / provide you with additional information related to our offer.

We note that we will not provide any third party with the information provided by you, except as provided by legal provisions.

It is also very important for us that you know that you have at any time the right to information, the right to access data, the right to intervene in data, the right not to be subject to an individual decision, the right to request the deletion of data and the right to object, as follows:

• you can request at any time, by a request addressed to our company, the updating, modification or deletion of your personal data, transmitted through the communicated CV;
• you have the right to obtain from the company, upon request and free of charge, confirmation of the fact that the data concerning you are or are not being processed by it;
• you have the right to object at any time, for justified and legitimate reasons related to your particular situation, to the data concerning you being the subject of a processing.

For any of the above reasons as well as to exercise your rights guaranteed by the law on the protection of individuals with regard to the processing of personal data and the free movement of such data, please contact our company’s DPO, via the email address dpo@prato.ro.

The company’s GDPR policy complies with the following steps, regarding the processing of data transmitted by you:

• eligible candidates are always contacted (by phone or in writing), within a short period of time (up to 72 hours), in order to communicate details related to the recruitment and selection process;
• data collected during a recruitment process are deleted as soon as it becomes clear that we will not contact the candidate, as they are not suitable for the position they applied for;
• if the mismatch is only temporary and we wish to keep a candidate’s data (CV, cover letter, portfolio, etc.) in order to contact them on the next occasion, the candidate will be contacted in order to obtain their written consent in this regard;
• if the data subject objects to the extension of the data retention and processing period, we destroy their data immediately.

Within our company, recruitment is carried out internally and therefore the information does not leave its physical and digital boundaries. Within the company, the people exposed to this data are:

• members of the human resources department (recruitment area managers);
• managers of departments with vacant positions within the company, people who play a role of analysis and decision-maker in the recruitment process.

As a protective measure, all personnel involved in this process are properly trained in data protection and understand the risk of compromise.

Ensuring an adequate level of security of the data processed in the context of recruitment is an obligation for us, which implies compliance with the following conditions:

• the transmission of the forms (CVs) is done by a secure method;
• the storage of the forms (CVs) is done on a virtual (or physical) storage space/location to which only the persons involved in the recruitment and selection process have access;
• in the event that you submit forms directly to the company’s headquarters or send them by post or fax, the route taken by them to a secure storage location is as short as possible.

Terms used:

• Personal data means any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
• Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Consent means a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies agreement, by a statement or by a unequivocal action, that the personal data concerning it be processed.
• The DPO (data protection officer) – the person responsible for data protection, designated by the company.
• GDPR is the abbreviation of EU regulation no. 679/2016 applicable from May 25, 2018 throughout the European Union as well as in any other country in the world where personal data of EU citizens are used.