DATA PROTECTION NOTICE PURSUANT TO ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATION ("GDPR")
TABLE OF CONTENTS
- 1. SUBJECT MATTER OF THIS NOTICE
- 2. DATA CONTROLLER AND CONTACT DETAILS
- 3. CATEGORIES OF DATA
- 3.1 Log Data
- 3.2 Applicant Data
- 4. PURPOSES OF PROCESSING AND LEGAL BASIS
- 4.1 Log data
- 4.2 Applicant Data
- 4.3 Enforcement of Legal Claims
- 5. NO OBLIGATION TO PROVIDE APPLICANT DATA
- 6. SOURCE OF THE APPLICANT DATA
- 7. RECIPIENTS OF THE DATA
- 7.1 Log Data
- 7.2 Applicant Data
- 7.3 Enforcement of Legal Claims
- 8. DATA STORAGE LOCATION
- 9. DATA RETENTION PERIOD
- 9.1 Retention Period of Log Data
- 9.2 Retention Period of Applicant Data in the Event of a Successful Application
- 9.3 Retention Period of Applicant Data in the event of an Unsuccessful Application
- 9.4 Enforcement of Legal Claims
- 10. DATA SECURITY
- 11. YOUR LEGAL RIGHTS TOWARDS US
- 12. RIGHT OF LODGE COMPLAINT WITH A SUPERVISORY AUTHORITY
- 13. CHANGES TO THIS NOTICE
1. SUBJECT MATTER OF THIS NOTICE
We, the company alpitronic GmbH, hereby inform you as to how we process personal data concerning you (hereinafter: "Your Data") when you visit the website https://alpitronic.onboard.org (hereinafter: the "Website") and submit an application. This data protection notice is supplemented by the cookie notice, which you will also find on the Website. Such notices do not concern any other website.
2. DATA CONTROLLER AND CONTACT DETAILS
We are the data controller within the meaning of Article 4(7) GDPR:
alpitronic GmbH
Bozner-Boden-Mitterweg 33, 39100 Bozen (BZ)
Italien
E-mail: info@alpitronic.it
3. CATEGORIES OF DATA
3.1 Log Data
When simply visiting our Website - as when visiting any other website - your browser (e.g. Internet Explorer or Safari) automatically sends information to the server of the Website. Such information is temporarily stored in a server log file and is therefore hereinafter referred to as "Log Data". Log Data includes, in particular, the IP address of your terminal equipment (e.g. computer, smartphone or tablet), the time stamp of access (date, time, time difference), the content of the request (specific page), the HTTP status code (e.g. "200" for a successful request), the amount of data sent (byte) and information on the browser used and the operating system (e.g. Windows or iOS) of your terminal equipment.
3.2 Applicant Data
Moreover, when you submit an application, we may process the following categories of data: (a) core data (e.g. first and last name); (b) identification data (e.g. identity card, nationality and, where relevant, residence permit); (c) contact data (e.g. post address, telephone number, e-mail address); (d) data relating to your application (e.g. cover letter and other correspondence, CV, certificates, letters of reference); and (e) other data resulting from the circumstances of your application. Please note that normally we do not need from you any so-called "special categories of personal data" within the meaning of Article 9 GDPR except as noted in Section 4.2.
The above categories of data are hereinafter collectively referred to as "Applicant Data".
4. PURPOSES OF PROCESSING AND LEGAL BASIS
4.1 Log Data
Log Data may be processed for the following purposes: (a) for establishing a connection between your terminal equipment and the Website; (b) for evaluating system security and stability as well as for identifying errors; and (c) for investigating security incidents (e.g. DoS or DDoS attacks). Such processing is based on our overriding legitimate interests (Article 6(1)(f) GDPR) resulting from the said purposes.
4.2 Applicant Data
Your Applicant Data will be processed, if and to the extent necessary, for carrying out the application process (e.g. for communicating with you or verifying your qualifications for the position) and, where applicable, for preparing the employee relationship (e.g. for preparing the contractual documents). Accordingly, the legal basis for this is to take steps prior to entering into a possible contract (Article 6(1)(b) GDPR).
In accordance with the provisions of Article 9 GDPR, for the sole purpose of assessing the suitability of your professional profile, (where applicable) the processing of special categories of personal data (such as, for example, those relating to your health status or membership in so-called “protected categories”) is necessary to fulfill the obligations and exercise the specific rights of the Data Controller or the data subject in the field of labor and social security law and social protection.
4.3 Enforcement of Legal Claims
We may also process your data if and to the extent that this is necessary for the assertion, exercise or defence of legal claims (e.g. if a security incident occurs or you assert claims against us in connection with the application process). The legal basis for this is also our overriding legitimate interests (Article 6(1)(f) GDPR), resulting from the said purposes.
5. PROVISION OF THE APPLICANT DATA
Your data is processed by the Data Controller exclusively for personnel selection purposes. For this purpose, the provision of the data is necessary and a failure to provide it will, as a result, make it impossible to follow up on your application.
6. SOURCE OF THE APPLICANT DATA
We usually receive your Applicant Data directly from you. For your information, we also indicate that as part of the selection process we also collect data on your qualifications and activities from publicly available sources (especially from professional social networks such as LinkedIn or XING. The legal basis for this is also our legitimate interests (Article 6(1)(f) GDPR), which consist in finding suitable employees or obtaining information about your qualifications and activities that you have made public.
7. RECIPIENTS OF THE DATA
7.1 Log Data
Your Log Data may be received by appropriately authorised staff and our external IT service providers, in particular the company onboard Srl based in Lana, Italy, which provides us with the onboard software and acts as our data processor.
7.2 Applicant Data
Your Applicant Data may be received by the above categories of recipients. In addition, your Applicant Data may also be received by our external advisors (e.g. labour consultants) and other service providers (e.g. postal and shipping service providers) who may typically be used in the context of the above purposes. Disclosure of your data to these recipients corresponds to our overriding legitimate interests (Article 6(1)(f) GDPR) in competent and efficient business management as well.
7.3 Enforcement of Legal Claims
If legal claims are asserted, exercised or defended, such authorities and persons may also gain knowledge of Your Data who are typically involved for the said purposes (e.g. law enforcement agencies, judicial authorities, lawyers, experts).
8. DATA STORAGE LOCATION
Your Data is stored within the European Union and we won't transfer Your Data to third countries or international organisations. Where data is transferred to a third country, this will be done on the basis of the European Commission's standard contractual clauses (SCC) with supplementary measures as per recommendations 01/2020 of 10 November 2020 of the European Data Protection Board (EDPB).
9. DATA RETENTION PERIOD
9.1 Retention Period of Log Data
Your Log Data is automatically deleted after 7 days unless a security incident occurs. If a security incident occurs, the Log Data is retained until we have investigated and resolved the incident.
9.2 Retention Period of Applicant Data in the Event of a Successful Application
The retention period of your Applicant Data depends primarily on the duration of the application process. The subsequent retention period depends on whether the application is successful or unsuccessful. If the application is successful, Your Data will be included in the personnel file. Any further data processing (and retention) is then governed by our data protection notice for employees, which you will receive in good time.
9.3 Retention Period of Applicant Data in the Event of an Unsuccessful Application
In the event of an unsuccessful application, your Applicant Data will be deleted after the end of the job opening. A job opening usually lasts for not more than 1 year. Moreover, if you consent that we may take your Applicant Data into account for other job openings, the maximum retention period of Your Data provided for this purpose is 2 years. In this case, such further retention and use of Your Data is based on your consent pursuant to Article 6(1)(a) GDPR or, if special categories of personal data are involved, pursuant to Article 9(1)(a) GDPR. You can revoke your consent at any time with effect for the future (see contact details under point 2 above).
9.4 Enforcement of Legal Claims
If legal claims are asserted, exercised or defended, the maximum retention period depends on the applicable prescription periods.
10. DATA SECURITY
The Website is protected against security incidents through appropriate technical and organisational measures. In particular, data is transmitted in encrypted form. We use the cryptographical protocol TLS (Transport Layer Security).
11. YOUR LEGAL RIGHTS TOWARDS US
As a data subject, you have, vis-à-vis us, certain rights under the European Regulation 2016/679, including in particular the right to request access to your personal data (Article 15 GDPR), to request rectification of inaccurate data (Article 16 GDPR), to request erasure of Your Data (Article 17 GDPR) and to request restriction of data processing (Article 18 GDPR).
If you have further questions about these data protection rights or would like to exercise one of them, please send us a relevant request (see contact details under point 2 above). Please note that restrictions or even an exclusion of these rights may result from the GDPR itself. If this is the case, we will inform you accordingly.
12. RIGHT TO LODGE A COMPLAINT WITH A A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Your Data infringes the GDPR. The Italian supervisory authority is the Garante per la protezione dei dati personali (GPDP) based in Rome (https://www.garanteprivacy.it).
13. CHANGES TO THIS NOTICE
We may change this notice at any time. This may happen, for example, following any further development of data protection law (e.g. also in light of new case law) or a change in our processing activities.
Version: 2023-03-09
