Privacy Policy – Candidates

Information for candidates pursuant to Article 13 of Regulation (EU) 679/2016 (the “Regulation”)

We would like to inform you that this privacy policy is provided pursuant to Article 13 of EU Regulation 2016/679 (“Regulation” or “GDPR”) with respect to data subjects who apply for a work collaboration. The Data Controller is Pharma Data Factory S.r.l., via Sant’Agnese 12, 20123, Milan (MI) – Italy; e-mail: info@pharmadatafactory.com (hereinafter the “Data Controller”).

Categories and types of data processed
Personal data processed by the Data Controller may include

ordinary data, such as personal information (e.g. first name, last name, date of birth, address, picture, sex, marital status, tax identification number, etc.), contact information (such as a landline and/or mobile phone number, e-mail address, etc.), employment and professional information;
through viewing your CV or thereafter, the Data Controller could collect “special” data. As defined under Article 9 of the GDPR, special categories of personal data comprise “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties and in trade unions, religious or philosophical associations, as well as personal data disclosing health (such as if the data subject belongs to any of the so-called protected categories).

Please be informed that, for selection purposes, we may analyse professional social media profiles that you will have made freely available on the Internet (such as, though not limited to, the page on the portal known as LinkedIn).

Purpose and legal basis for processing personal data
The data provided by you in sending of your CV, or thereafter, will be processed for the following purposes:

to assess whether your profile is a match for the requirements of the job openings, current ones or future ones, and, generally speaking, to handle employee recruiting procedures;
to contact you, using the contact details you have provided, in order to schedule any interviews that should be deemed necessary.

The legal basis for the processing of your personal data for the purposes referred to above, are Articles 6.1.a), 6.1.b) and 6.1.f) of the GDPR, i.e. the Data Controller’s legitimate interest in verifying the candidate’s suitability for the specific job opening.

Providing personal data for these purposes is optional, however failing to provide such data would make it impossible for the Data Controller to assess your profile and/or schedule interviews.

Should your job application be accepted, your personal data will be processed by the Data Controller in accordance with the privacy policy specifically drawn up for employees and/or collaborators.

Any processing of special data may only take place in accordance with Article 9.2.a) of the Regulation, that is, only with your explicit consent and in accordance with the applicable rules on personal data protection. Should you fail to provide your consent to the processing of your special data, any such data that you may have provided shall not be taken into account for the purposes of your application.

In this respect, should your CV include any so-called “special” data, we would ask that you also include the following statement in your CV:

“In accordance with EU Regulation 2016/679, I consent to the processing of any special data that I may have included in my CV, and I specify that this was done on an optional, explicit and voluntary basis for the purpose of my application.”

In accordance with local regulations, we could also process certain sensitive personal data should you include it in the information you send us; please be informed that we may also be required to check for any criminal convictions in those countries in which this is mandatory or permitted by law.

The processing of third parties’ personal data which you have sent the Data Controller could also take place. With respect to these instances, you are acting as an independent data controller, taking on all legal obligations and responsibilities. In this respect, you grant the most extensive indemnity with respect to any dispute, claim, request for damage compensation for processing, etc. that the Data Controller should receive from third parties whose personal data have been processed through you spontaneously submitting it in breach of the applicable data protection regulations. In any event, should you provide or otherwise process personal data of third parties, you warrant, as of now – taking on all related responsibilities – that such specific processing case is grounded on an appropriate legal basis which legitimizes the processing of such information.

Storing personal data
Unless otherwise indicated by you, any personal data we may obtain, also as a result of further contacts/interviews, shall be stored for a period of 24 months from the time it was obtained, and may be used for future contacts and interviews. At the end of such period of time, your data will be permanently deleted. At the end of such period of time, your data will be permanently deleted.

Recipients
Your personal data may be shared with:

individuals or entities who typically act as data processors pursuant to Article 28 of the Regulation;
personnel in charge of processing in accordance with Article 29 of the GDPR;
independent subjects, body corporates or authorities, that are data controllers, to whom communicating your personal data is mandatory pursuant to legal provisions or requests by the authorities.
other companies that are part of the Data Controller’s network, and for the same purposes as set out above.

The updated and complete list of data processors is available from the Data Controller and may be requested at the address indicated in the above-mentioned contact details.

Transferring data outside the EU
As for any potential transfer of Data to Third Countries, the Data Controller informs that the processing will take place in accordance with one of the methods permitted by the applicable law, such as the data subject’s consent, the adoption of Standard Clauses approved by the European Commission, and the selection of subjects, individuals or entities, adhering to international programs for the free circulation of data or operating in countries that the European Commission considers safe.

Your rights
Pursuant to Articles 15-22 of the GDPR you have the right to access your personal data at any given time. More specifically, you may request the rectification or erasure of the same, and request the restriction of processing of personal data for those cases provided for by Article 18 of the GDPR; you may withdraw your previously given consent, and, for those cases provided for by Article 20 of the GDPR, obtain the portability of the data that refers to you, as well as lodge a complaint with the competent supervisory authority under Article 77 of the GDPR.

You may lodge a request whereby you object to the processing of your data pursuant to Article 21 of the Regulation, and where you substantiate the reasons and grounds for the objection: the Data Controller reserves the right to assess the application, which would not be accepted should there be compelling legitimate grounds for the processing which override your interests, rights and freedoms.

Requests should be sent in writing to the Data Controller at the addresses specified in the above-mentioned contact details.

Would you like to know more
about Pharma Data Factory?

Please fill in the form and you will be contacted by one of our consultants

First name

Last name

E-Mail address

Telephone number

Company

Message

I have read and agree to the privacy policy

I consentI do not consent

to the processing of your personal data by the Data Controller, for the purposes of sending promotional and marketing communications, there including sending newsletters and carrying out market research related to the Data Controller’s products and services as well as those of its business partners; be it done through automated means (text messages, mms, e-mail, push notifications, fax, automated calling system without operator and use of social networks) and traditional means (paper-based mail, telephone calls by an operator).

I consentI do not consent

to the processing by the Data Controller in communicating of your personal data to companies with which the Data Controller may have commercial agreements in place and/or affiliations in the following categories: communication and marketing professionals, companies or entities; professionals, companies or entities operating in the legal, tax/fiscal, financial, accounting/administrative, insurance, education, IT/technology fields; professionals, companies or entities operating in the social and humanitarian sectors; professionals, companies or entities operating in the real estate and related industries; professionals, companies or entities operating in the television and film production industries; professionals, companies or entities in the health, healthcare, medical and pharmaceutical sector as well as providers of services for the individual and for leisure amenities, for their direct marketing purposes carried out through automated means.

I consentI do not consent

to the processing of your personal data by the Data Controller in order to carry out profiling activities aimed at improving the quality of the services provided and suitability of the commercial communications to your preferences, habits and/or choices, in addition to comparing your personal data that exists in the Data Controller’s various databases.