1.Who we are

We are DATAFLOW SECURITY SRL, having its legal seat in Via Jacopo Vittorelli, 3 – 36061 Bassano del Grappa (ITALY), hereinafter “Dataflow” or “we” or “us”, who act as Data Controller for the purposes described into this Notice. This Notice helps you to better understand what data is collected, for what purposes and how you can manage your information.

To make the following explanation as understandable and usable as possible, we have included examples and created definitions that refer to more detailed explanations available at the end of this document. If you have any questions about the Notice or how your information is handled, you can write to us at [email protected]

 2. What data we process

Depending on how you submitted your Application, we may collect all or some of the following information.

Data provided by you

By means of the Application you may provide us with Personal Data such as your name (first and last), referral sources, e-mail address, telephone number, country of residence, physical address (state, city, zip / postal code, street), age, photo, education, salary expectations, languages, professional skills and answers to assessment questionnaires. This is the case, for example, when you share your Application through Our Pages or at one of Our Events or when you decide to make it physically available at one of our locations or through our representatives. In some cases, we may be able to anticipate questionnaires that help us in the evaluation process, but in most cases it is you, through a curriculum vitae and/or letter of introduction, to freely decide which information you want to share in your Application.

If you provide data of third parties (e.g., contact details for references etc.), you assume all the obligations and responsibilities prescribed by the law, conferring the widest indemnity with respect to any dispute, claim, request for compensation for damage, etc. that we may receive from third parties whose Personal Data were transmitted by you and therefore processed in violation of the applicable data protection laws.

Sensitive data provided by you

In some cases, your Application may contain Sensitive Data relating to you or third parties such as the disabilities of your parents, children, or relatives. We do not intend to use this information unless it is necessary or required for the position you are interested in (e.g., if the position is for persons belonging to protected categories or requiring special assistance). If not, please delete them before sending your Application.

If you send them anyway and they are not relevant, we inform you that they will not be taken into consideration, in accordance with the provisions of the Italian Data Protection Authority no. 146 dated 5 June 2019. If, on the other hand, the collection of Sensitive Data is necessary to establish the relationship, or justified by determined and legitimate purposes, the processing will be based on fulfilling the obligations and exercising ours or your specific rights in the field of labour law and social security and social protection.

Data collected from HR Partners

We may receive your Application from business partners we have appointed for the selection process (e.g. head hunters), who have contractually assured us that they have obtained your consent or that they have another legal basis that justifies their communication/sharing with us.

On this point, we specify that we make every commercially possible effort to verify the conformity of the data we receive before their use.

Data collected from public or publicly accessible sources

We collect or enrich your Personal Data with information extracted from public or publicly and generally accessible sources as allowed by the data protection law applicable to us. These sources may consist of your professional social profiles (e.g. LinkedIn) if they are freely accessible or gathered/collected from public directories or boards. We specify that a preliminary verification is always carried out on the possibility of using this information, according to the best practices established by the competent Supervisory Authority to which we are subject (Garante per la protezione dei dati personali).

Data collected by Browser and Device

If you submit your Application through Our Pages, we collect information about the Browser or Device you are using. For more information you can read the information notice available in the footer of the page dfsec.com. 

4. Why we use your data

The Data are used for the following purposes:

 Evaluate the Application and respond to your requests

We use your Data to evaluate your Application, contact you for an interview and/or answer your questions/requests for clarification. The processing of your Data is based on the need to execute your request for selection.

 Fulfilment of legal obligations to which we are subject

We may use your Data to comply with any legal obligations to which we are subject, which is the legal basis for this processing.

 Protect our interests and those of our users

We may need to use your Data as part of our activities to detect, prevent and respond to fraudulent or unlawful conduct or conduct that compromises our security. This may also include the processing of “Data collected from public or publicly accessible sources” when necessary to double-check your Application. These purposes are based on our legitimate interest in protecting us and our users, including you.

We remind you that is it not compulsory to provide your Personal Data for any of the purposes indicated above, but in the absence of this, we will not be able to fulfil those purposes.

 5.How we use your Data

All Data collected for the above purposes are processed both manually and through semi-automated decision-making processes. Your Personal Data may also be subject to combination and/or cross-referencing. This allows us, for example, to combine the “Data provided you” with the “Data collected from public or publicly accessible sources” or with the “Data collected from HR Partners”, thus, collected at different times with respect to when the Application was submitted.

 6. With whom we share your Data

We share your Data with the following categories of subjects (“Recipients“):

Ø  the persons authorized by us: these are our employees and collaborators who have signed a confidentiality agreement and are subject to specific instructions for the processing of your Personal Data;

Ø  our Data Processors: these are external subjects to whom we entrust certain processing operations. For example, this category includes suppliers for the security of our systems, consultants, accountants, technology platforms for data hosting, recruitment companies acting on our behalf, etc. We have signed a contract with each of these parties to ensure that the processing of your Personal Data is performed according to appropriate security measures and only upon our instructions;

Ø  law enforcement or any other authority whose measures are mandatory for us: this is the case, for example, when we have to comply with a judicial measure, a law or when it is necessary to defend ourselves in court.

 7. Where your Data are

Some of your Personal Data is shared with Recipients who may be located outside the European Economic Area (EEA). We ensure that your Personal Data is processed by Recipients in accordance with applicable law. Indeed, transfers are made through appropriate safeguards, including but not limited to adequacy decisions and the Standard Contractual Clauses approved by the European Commission. More information can be obtained from SMC Italy by contacting [email protected].

 8. How long we store your Data

The Data processed for the purposes of evaluating the Application are kept by us no longer than 12 months from the time they were shared or updated, unless you request deletion before the conclusion of the aforementioned period. The Data processed to comply with legal obligations to which we are subject will be kept until the time provided by those laws. The Data processed to protect our interests and those of our data subjects will be kept until the time allowed by local law to protect our interests. You can ask us for more information on retention criteria and periods by writing to [email protected].

 9. How you can control your Data

Anytime you can ask for:

Ø  access your Data: we will provide you with the Data we have on you and, where applicable, the source of your Data (if, for example, we received your “Data collected from HR Partners”);

Ø  make your Data portable: where applicable, we will provide you with an excel file containing the Data we have on you.

Ø  rectify your Data: for example, you can ask us to modify the e-mail, telephone number or professional experience you have provided us with, if you believe they are not correct or should be updated;

Ø  limit the processing of your Data: for example, if you believe that our processing is unlawful and/or that certain processing operations carried out on the basis of our legitimate interest are inappropriate;

Ø  delete your Data: for example, and where applicable, if you are no longer interested in a job and would like us to no longer store your Data.

The response time required by European legislation to which we are subject is 1 month from your request (extendable up to a further 2 months in case of particular complexity).

You can exercise any of the rights listed above towards:

Ø  DFSEC by writing to [email protected];

Ø  HR Partners who shared your Application with us (e.g. LinkedIn) by writing to them.

At any time you can also contact the competent Supervisory Authority or the one of your country whose contact details are available here https://edpb.europa.eu/about-edpb/board/members_en

 10. What is not covered by this Notice

This Notice explains and covers the processing operations that we carry out as Data Controller.

The Notice does not cover processing carried out by parties other than us and in particular does not cover the processing carried out by our HR Partners as autonomous Data Controllers including those carried out by social media such as LinkedIn within Our Pages.

With respect to such hypotheses, we do not assume any responsibility for the processing of your Data not covered by this Notice.

 11. Changes to the Notice

This Notice is effective from the date indicated at the beginning of this document and sent to you via e-mail or shared at moment of the interview with us. We reserve the right to modify or simply update the content, in part or in full, also due to changes in applicable legislation. In the event of substantial changes to the Information, you will receive adequate notice. This Notice is available on our website dfsec.com.

 12.Definitions

Application: means sending or sharing with us a request or feedback relating to you for a job at DFSEC.

Browser: means the program you use to access the Internet (e.g., Safari, Chrome, Firefox, etc.).

Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Processor: means a natural or legal person, public authority, agency or other body which processors personal data on behalf of the Data Controller.

Device: means the device (e.g., Apple smartphone) from which you visit Our Pages.

HR Partners: companies appointed by us for the selection process (e.g., LinkedIn, head hunters, external recruitment agencies) who share with us your Application as autonomous Data Controller or as Data Processors. You can ask us for the full list by writing to [email protected].

Our Events: these are events at universities, institutes and trade fairs organised by us to collect Applications.

Our Pages: include the website dfse.com, its domains, the webpages in which this Notice is presented as well as our LinkedIn page.

Personal Data: means any information that makes a natural person identified or identifiable. For example, your IP Address, email address (if it contains a natural person’s personal details).

Sensitive Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person.