Pursuant to EU Regulation no.2016/679 relevant to personal data protection and free circulation of such data (hereinafter, the “Regulation” or “GDPR”), Centro per la Ricerca sugli Enti Pubblici S.r.l., in its quality of Data Controller (hereinafter, “REP” or the “Controller”), provides the following notice.

Definitions

“Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

“Personal data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

“Special categories of personal data”: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation

“Personal data relating to criminal convictions and offences”: data relating to criminal convictions and offences or related security measures, substantially correspondent to “judicial data that are personal data suitable to reveal measures as per art. 3, subclause 1, letters from a) to o) and from r) to u), of D.P.R. no. 313, dated 14 November 2002, in relation to criminal records, registry of administrative sanctions due to crime and the relevant pending proceedings, or the fact of being accused or under investigation as per art. 60 & 61 of code of criminal procedure.

Processing purposes and modalities 
Personal data processing is aimed to:
a) carry out personnel recruitment; 
b) answer to requests received by e-mail 
Such processing is lawful because necessary for entering into a contract pursuant to art.6 b) of the GDPR.

If data processing were necessary for a purpose different from the one for which they have been collected, before such additional processing, the Controller would provide information relevant to the different purpose and any further information useful to guarantee a correct and transparent processing, except in case such processing could be compatible with the initial lawful ones. 
Within Controller’s activities, the data will be processed in compliance with the law, in respect of the principles of accuracy and lawfulness, in defense of confidentiality and data subjects’ rights and will be carried out through manual and IT means, basing on purpose-logics and, in any case, will guarantee data safety and confidentiality.
Personal data will be stored for the time necessary.

Data provision and lack of communication

Personal data provision for having access to the information dashboard and for job application is optional. The lack of the communication of the data strictly necessary to send a message or a job application will cause the impossibility of receiving an answer or using the services offered by REP through its website.

Data communication and dissemination

In order to reach the abovementioned purposes, personal data could be known by our employees and/or professionals duly authorised by REP, who have received the relevant processing instructions and are committed to confidentiality.
The potential communication of personal data to third parties is envisaged for the purposes indicated and, in any case, the processing will be carried out pursuant to accuracy and respecting the applicable laws.  Personal data will not be disseminated.
Personal data management and storage will take place in Europe. 

Data Controller and Processor

As regards to personal data processing, a data subject has the right of:

    a) access
    b) rectification
    c) erasure
    d) limitation
    e) opposition
    f) portability

Furthermore, in case of missing or partial reply to the above requests, data subjects will have the right to file a complaint or to appeal before the Authority that is, in Italy, Garante per la Protezione dei Dati Personali.

In every moment, all the rights can be exercised through the following e-mail address segreteria@centrorep.it. 

The Data Controller is Centro per la Ricerca sugli Enti Pubblici S.r.l., having its headquarters in Via Dante 9 – 20123 Milan.