This Privacy Police is made available to all those who spontaneously, or following a search for personnel carried out by Whatwapp Entertainment S.r.l., also through third-party companies, send their curriculum vitae to Whatwapp Entertainment S.r.l., granting it the right to process the data inserted therein, according to art. 13 Legislative Decree of 30 June 2003, n. 196 (“Code regarding the protection of personal data”) and art. 13 of the European Regulation on the protection of personal data n. 679/16, in acronym GDPR (“General Data Protection Regulation”).
1. Data Controller
Data Controller is the natural or legal person, public authority, agency or other which, alone, or jointly with others, determines the purposes and means of the processing of personal data.
In this case, the Data Controller is Whatwapp Entertainment S.r.l. (hereinafter also the “Data Controller”).
2. Personal Data and Data Subject
Personal Data is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. Purpose of the processing
Personal Data, which must be understood as provided voluntarily and optionally by the Data Subjects, will be used for the sole purpose of allowing the Data Controller to view the curriculum vitae, evaluate its content – also with the help of subjects appointed by the Data Controller such as “persons authorized to process personal data” according to art. 29 of the EU Regulation no. 679/2016 -, as well as to make contact with the interested party to carry out cognitive and evaluative interviews.
In the case of recruitment, personal data will also be processed to allow the Data Controller to fulfil all tax, fiscal and legal obligations.
4. Processing methods
The data collected will be processed by persons authorized by the Data Controller and duly identified and appointed by the same as “persons authorized to process personal data” according to art. 29 of Regulation no. 679/2016, through automated and non-automated tools, with methods suitable to guarantee their security and confidentiality, and for the time necessary to achieve the purposes for which they were collected, referred to in the previous point.
The Personal Data provided voluntarily by the Data Subject will be collected and processed, also with the aid of electronic means managed directly by the Data Controller and/or through delegated third parties, duly appointed by the Data Controller as “Data Processors” (for example companies providing e-mail services, companies for hosting the website, companies that manage applications through third parties, etc.): for these, we mean natural persons or legal, public authority, service or other body that processes personal data on behalf of the Data Controller.
5. Communication and diffusion of Personal Data
The personal data processed by the Data Controller will be communicated to:
- collaborators of the Data Controller, duly identified and appointed by the same as “persons authorized to process personal data” according to art. 29 of Regulation no. 679/2016;
- third parties identified as Data Processors, i.e., natural or legal persons, public authorities, services or other bodies that process personal data on behalf of the Data Controller;
- labour consultants, accountants, legal consultants and the like, to allow the Owner the due fulfilment of all tax, fiscal and legal obligations;
- third parties expressly identified by law, or by a public or judicial authority, if this proves necessary to fulfil an obligation established by law, by a public or judicial authority, or by community legislation.
6. Transfer of Personal Data
The Data Controller does not transfer personal data to third countries or international organizations; therefore, the Data will be processed in Italy. However, the Data Controller reserves the right to use cloud services; in the latter case, the service providers will be selected from those who provide adequate guarantees, as required by art. 46 of Regulation no. 679/2016.
7. Personal Data Retention
In compliance with the principles of lawfulness, purpose limitation and data minimization, according to art. 5 of the EU Regulation no. 679/2016, the retention period of personal data is established for a period not exceeding the achievement of the purposes for which they are collected and processed.
However, Whatwapp Entertainment S.r.l. reserves the right to keep the curriculum vitae sent by the Data Subject for the 24 months following receipt, to subsequently contact the candidate following any opening of further job positions, without prejudice to the right of the Data Subject to request in the deletion of all data at any time.
8. Denial to provide data
The Data Subject may refuse to give his/her personal data to the Data Controller. The provision of data is, in fact, optional, but any refusal to provide them in whole or in part may make it impossible for Whatwapp Entertainment S.r.l. to evaluate and select the candidacy.
9. Rights of the Data Subject
At any time, the Data Subject can exercise the rights referred to in Articles 15 et seq. of Regulation no. 679/2016. In detail, he/she can:
- ask the Data Controller for confirmation of the existence or otherwise of their personal data;
- obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom such data have been or will be communicated and, when possible, the retention period;
- obtain the correction of inaccurate personal data concerning him/her without undue delay on the part of the Data Controller;
- obtain the integration of incomplete personal data concerning him/her, also by providing himself/herself with a supplementary declaration to the Data Controller;
- obtain the cancellation of personal data concerning him/her without undue delay;
- obtain the limitation of the processing, if possible, or the eliminations of personal data;
- oppose the processing itself against the Data Controller;
- obtain the portability of his/her personal data;
- obtain all available information regarding the origin of personal data that do not come directly from the Data Subject;
- withdraw consent to the processing of the personal data at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
- propose a complaint to a Supervisory Authority, represented in Italy by the Guarantor for the Protection of personal data, based in 00186 Rome (RM), at Piazza Montecitorio n. 121.
For any clarification or request aimed at exercising the rights guaranteed to the Data Subject, the same can contact the Data Controller at the certified mail address firstname.lastname@example.org, or by sending a registered letter with return receipt to the registered office located in 20123, Milan (MI), at Via Venti Settembre n. 27.
Whatwapp Entertainment S.r.l.