Biopharmed Candidates Information
Policy for the Processing of Personal Data in accordance with Art. 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter ''GDPR'')
This information is provided by Pirate Rocket S.r.l. (VAT number 02644170033) and by Biopharmed S.r.l. (VAT number 13130800967), with legal address in Milan at Via Giovanni Battista Sammartini, 33, as Joint Controllers (hereinafter the "Joint Controllers") of the processing of personal data (hereinafter the "Processing").
a) The Processing in which you are listed as a "Data Subject" shall be carried out for the following purposes:
- the management of the candidature and the performance of personnel search and selection activities carried out by the Joint Controllers on their own behalf or for group companies, on the basis of Article 6.1 (b), of the GDPR;
-
the management of future applications or search and selection activities, on the basis of article 6.1 (b) of the GDPR, i.e. the legitimate interest of the Joint Controllers to process the data in relation to their own activity.
Categoria di dati trattati | Tipologie di dati |
---|---|
Identification data |
Name, surname, residence/address, e-mail address, telephone number, tax code, e-mail, CV, photo, current salary |
Special data |
Be part of the so-called protected categories under Law 68/99 |
b) the Joint Controllers may communicate personal data to the following parties:
Category of recipients |
Purpose |
---|---|
Data controllers, persons authorised to process data |
Search and selection on own account or on behalf of group companies |
c) the period of conservation of personal data is as follows:
- for the management of applications and the performance of personnel search and selection activities by the Joint Controllers or by the group companies, the data will be kept for the period necessary for recruitment;
- for the management of future applications or search and selection activities, the data shall be kept for a period of 10 (ten) years, in compliance with the reasonable expectations of the data subjects.
d) personal data is stored in computer files located both inside and outside the European Union, if this is decisive for the achievement of the purposes set out in point (a). In the latter case, the Joint Controllers shall ensure that personal data is treated with the utmost confidentiality by undertakings outside the European Union in compliance with the adequacy decisions of the European Commission, or, if necessary, by concluding agreements ensuring an adequate level of protection;
e) personal data shall be processed in paper form, as well as by digital and telematic means of communication, without involving automated decision-making;
f) personal data shall not be disclosed to third parties not authorised to process them;
g) the Joint Controllers, in compliance with art. 32 of the GDPR, provide themselves with the appropriate security measures in relation to the Processing carried out, so as to guarantee the confidentiality, integrity and availability of the personal data, and requires the parties to whom such data is communicated to adopt the appropriate security measures in turn;
h) Data Subjects affected by the Processing, in accordance with art. 15 et seq. of the GDPR, are entitled to exercise the following rights:
- right to be informed that data processing is in progress concerning him/her and, if so, to have access to the personal data processed;
- right to rectification of personal data;
- right to erasure (right to be forgotten) of personal data concerning him/her;
- right to the restriction of the processing of personal data concerning him/her;
- right to data portability to receive, or have transmitted to another Controller, personal data concerning him/her in a structured, commonly used and machine-readable format;
- right to object to the processing of personal data;
- right to lodge a complaint with the competent authorities about a personal data processing breach.
Requests for the exercise of rights before the Joint Controllers, as well as any request relating to the Processing, may be made by e-mail to:
The Data Subject may also, at any time, contact the DPO by sending an e-mail to the following address: