Sofidel UK privacy notice
Data Controller and Data Protection Officer
We hereby inform you that, pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter "GDPR"), Sofidel UK Limited, with registered office at Brunel Way Baglan Energy Park, Briton Ferry, Neath, Wales, SA11 2FP - as the data controller (hereinafter "Data Controller") - who can be contacted at the e-mail address: [email protected]- will process your personal data collected through the Success Factor Recruitment Portal (hereinafter "Portal").
The Data Controller has appointed a Data Protection Officer (hereinafter "DPO"), who can be contacted at the address: [email protected].
Categories of data processed
The data processed by the Data Controller may include:
1) Common data, such as, by way of example, personal details (e.g. first name, surname, date of birth, address, image, sex, tax code, etc.), contact details (e.g. landline and/or mobile telephone number, e-mail address, etc.), work and professional details, any other information contained in the curriculum vitae or application form you have submitted, any other information gathered during the interview process, and information that is publically available (such as social media posts) about you;
2) Where appropriate, and in any case within the limits of the requirements of the applicable legislation, data belonging to the 'special categories' referred to in Art. 9(1) of the GDPR (i.e. data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, membership of political parties, membership of trade unions, associations or organisations of a religious or philosophical nature, biometric or genetic data, and health status (for example, belonging to “protected categories”), data concerning the sexual life or orientation of the person) or;
The personal data indicated above will be jointly defined below, for brevity, as "personal data".
We hereby inform you that, if you decide to provide data belonging to the special categories referred to in Art. 9(1) of the GDPR which the Data Controller is not required to process in compliance with the regulatory obligations to which it is subject or personal data not relevant to the purposes pursued, the Data Controller will refrain from processing such data. For this reason, we ask you not to provide this type of information unless it is strictly necessary to do so.
It is also possible that you may voluntarily provide the Data Controller - within the framework of the above procedure - with data relating to third parties. We would like to inform you that, in relation to such cases, you are the independent data controller with all the obligations and responsibilities under the law. On this point you shall hold the Data Controller harmless in the broadest possible sense against any dispute, claim or compensation for damages resulting from such processing, etc. that may be received by the Data Controller from third parties whose personal data has been processed through your spontaneous communication in breach of the applicable rules on personal data protection. Should you provide or otherwise process the personal data of third parties, you warrant as of now - accepting all related liability - that this particular case of processing is based on an appropriate lawful basis legitimising the processing of the information in question.
Purpose and legal basis of the processing of personal data
Your personal data will be collected and processed, without the requirement for your specific consent, to assess the suitability of your profile for open positions for which you have submitted an application and, in general, to manage staff selection procedures and to contact you in order to schedule any interviews that may be necessary (“purpose of managing your application”) pursuant to Art. 6(1)(b) and (f) and 9(2)(b) of the GDPR
The provision of your personal data for the purpose indicated above is optional but, if not provided, it may not be possible to assess your profile in order to schedule interviews.
Once provided, your personal data may also be processed for the following purposes:
a) to contact you in order to propose open positions you have not applied for but which match your profile (“purpose of managing open positions”) in accordance with Art. 6(1) (f) of the GDPR, i.e. based on the legitimate interest of the Data Controller;
b) to fulfil any legal obligations to which the Data Controller is subject pursuant to Art. 6(1)(c) and 9(2)(b) of the GDPR (“compliance purpose”);
c) to defend against any legal claims on the basis of Art. 6(1)(f) and 9(2)(f) of the GDPR (“purpose of defence in court”).
We would also like to inform you that, based on the legitimate interest that the Data Controller has found to exist as a result of the balancing of interests carried out in accordance with Art. 6(1)(f) and recital 48 of the GDPR, your personal data will be shared, for internal administrative purposes, with Sofidel Spa, in its capacity as Parent Company and independent data controller ("purpose of data sharing with the Parent Company for internal administrative purposes"). We will only share the information with Sofidel Spa for the purposes of processing your application. We confirm that Sofidel Spa is required to take appropriate security measures to protect your personal data. Sofidel Spa is not allowed to use your personal data for its own purposes and is only permitted to process your personal data for specified purposes and in accordance with our instructions.
Retention of personal data
Your personal data will be kept only for the time necessary for the purposes for which it was collected, in line with the principles of data minimisation and storage limitation referred to in Art. 5(1)(c) and (e) of the GDPR.
Specifically, your data will be kept for as long as the position for which you have applied is open and, in any case, no longer than 2 years after your application was submitted. At the end of this period, your data will be permanently deleted. The Data Controller, however, reserves the right to retain your data for as long as necessary to comply with the regulatory obligations to which it is subject or to meet any defence requirements.
Your data may be shared with:
1. Subjects who typically act as data processors pursuant to Art. 28 of the GDPR (e.g. Portal supplier);
2. Personnel appointed to process data in accordance with Art. 29 of the GDPR;
3. Subjects, entities or authorities, independent data controllers, to whom it is compulsory to communicate your personal data pursuant to the provisions of law or orders by the authorities;
4. Sofidel Spa, in its capacity as Parent Company and independent data controller, for the purpose of sharing data for internal administrative purposes.
The updated and complete list of processors is available from the Data Controller and can be requested at the addresses specified above.
Transfer of data outside the EU
Personal data will not be transferred outside the territory of the European Union.
Your privacy rights
You have the right to access your data at any time in accordance with Articles 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of such data in the cases set out in Art. 18 of the GDPR, Where your personal data is processed on the basis of consent withdraw your consent, or obtain the portability of data relating to you in the cases laid down in Art. 20 of the GDPR.
You can object to the processing of your data under Art. 21 of the GDPR, giving evidence of the reasons for your objection. The Data Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.
You may submit a request to us in any manner you wish however we recommend that Requests be made in writing and sent to the Data Controller or to the DPO at the above addresses.
If you believe that the processing of your personal data performed by the Data Controller is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Information Commissioner’s Officer (ICO), the UK supervisory authority for data protection issues.
Please note that you can remove any sensitive data from your CV, as you are not obliged to communicate it to us. However, if you believe this information is necessary for your application, you must consent to data processing, otherwise we will not be able to process your data.
The Data Controller