This Policy describes the way personal information provided by the users of the site www.zgen.zambon.com (hereafter referred to as the “Site”) is used and managed. The goal is to inform users about the nature of personal data that will be collected, how they are used, and how they may be shared.
The Policy is issued pursuant art. 13 of the current Personal Data Protection Act (better known as the General Data Protection Regulation – GDPR).
Data controller and data coordinator
Through the Site, Zambon SpA with its registered office in Via Lillo del Duca, 10 – 20091 Bresso – Milan proposes to carry out personnel selection and evaluation (recruiting) of users interested in participating in the Z-Gen Program project (hereinafter referred to as “the Project”). The abovementioned company is responsible for the processing of personal data (hereinafter referred to as the “Owner”) provided by those submitting their application for the Project.
Responsible for the data treatment is the J-SERVICE SRL agency with its registered office in Strada, 27 – 09092 Arborea-Oristano, which takes care of the Site management.
Personal data processed and purpose of process
By using the Site, users interested in working in the pharmaceutical and fine chemicals industry can submit their application form by filling out a form (hereafter referred to as “Application”). Once received by the Owner, Applications are evaluated and selected by the staff according to the requirements and skills. The personal data provided by the users are processed solely to assess the possibility of initiating an employment relationship with the Owner. Data are recorded, selected, reorganized, and processed to be extracted and used – in electronic mode and, whenever necessary, manually – for the sole purpose of the project recruitment.
The user is free to provide the personal data required for completing the application to participate in the Project. However, failure to provide compulsory data, marked with an asterisk, may result in the inability to process them, and thus to respond to the Applications.
Data Collection Procedure
Interested users should send their curriculum to be evaluated by the staff involved in the online recruiting activity. The information contained in the curriculum and all the information provided by the Applicant constitute personal data under the current legislation. In particular, the interested users provide the Owner with their personal and professional data (curriculum) by submitting an online Application. However, additional information regarding the profession of the users may be collected or gathered by the Owner from other sources (outside of the Site) after being authorized to access them (e.g. consultation of the user’s Linkedin profile).
REQUEST OF DATA COLLECTION CONSENT
As the submission of personal data is required for the recruiting process conducted on the site, a request for consent is not required under the current legislation.
The Owner invites interested users not to provide sensitive information (such as information on their health status, their religious beliefs or their political experiences) as irrelevant. If such data are included in their curriculum, they will be immediately deleted, if possible even before being processed.
The Owner does not process users’ personal data for purposes other than those necessary for the recruitment processes. For example, the holder does not send commercial communications to users.
Finally, you can visit the website without registering and without being identified.
During their normal operation, the computer systems and software used to operate this site collect personal data whose transmission is implicit when using internet protocols.
This information is not collected with the intent of the identification of users but, by its own very nature, could lead to the identification of users through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of computers used by persons who connect to the site, the URI (Uniform Resource Identifier) of requested resources, the time of request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the user’s operational and computer systems.
The site is built on the WordPress publishing and content management system (CMS), a server-side operating software that allows the creation and distribution of written and / or multimedia content, that can be dynamically managed. The platform used is hosted by Fancy Chap, Inc.’s Flywheel – which could possibly outsource some of its activities to third parties – that also manages its technological features. Flywheel guarantees the following security measures to protect the Site:
– integrating systems with updated antivirus and antimalware software;
– complex password management, protected from possible external attacks;
– implementation of IP processing systems to protect against possible external attacks;
– use of protocols for the secure transmission of data;
– use of software upgrades for the whole infrastructure;
– implement and manage the backup of the data relevant to the site.
Data collection is directly done from the site through a platform managed by Flywheel (hereinafter the “Supplier”). To carry out this task they hire third parties (“subcontractors”) operating outside the EU territory. For this reason, to manage, administer, and better support the activities of the site, users’ data might be transferred outside the EU territory. Anyway, we inform you that the Supplier has adhered to the Privacy Shield, thus ensuring a level of personal data protection equivalent to the one of the European Union.
Any circulation of data is excluded.
Procedures and deadlines for data retention
The site is equipped with computer systems designed to ensure the utmost security of the stored data. Users ‘data are recorded and stored electronically. In any case, personal data are kept only for the time they are needed for the purpose they were entered and collected: specifically, for up to two years.
Rights of interested parties.
At any time, users can exercise their rights under the current data protection legislation, and in particular:
– the right to revoke this consent, if provided;
– the right to request confirmation of the existence of their data, and to request access to them by a special request;
– the right to receive their personal data in a structured, commonly used and readable by an automatic device form, the right to transfer their data to another Owner without impediment;
– the right to know the content, origin, treatment modalities of data and verify their accuracy;
– the right to limit or oppose the data processing for legitimate reasons;
– the right to file a complaint with a supervisory authority;
The above rights may be exercised by sending an e-mail to [email protected]