1. The reason for this policy
Because it is required by Regulation (EU) 679/2016 (“GDPR”) and by Italian privacy law (Legislative Decree 196/2003 and 101/2018). In accordance with those rules, we must provide you with information on “how” and “why” we process your personal data as an aspiring scout (“Scout”) who offers support to the Reverse group (“Reverse”) in the selection of candidates (“Candidates”).
2. About us
We are a group of companies, consisting of the Italian parent company, Reverse S.p.A., and other subsidiaries (the "Subsidiaries") established in other EU and non-EU countries (you will find our subsidiaries in the footer of the language versions of the site reverse.hr). In technical/legal terms, using the terminology of the GDPR, we are the "Data Controller", i.e. the entity that decides why and how to process your data. More specifically, Reverse S.p.A. and each Subsidiary are "Joint Controllers" for the processing of your data. This is because, even if Reverse S.p.A. is the Group's "think tank" and establishes the general and specific directives and objectives, each Subsidiary contributes and supports the parent company in pursuing these directives and common objectives, without prejudice to the legal and regulatory aspects that must be managed by each Subsidiary in accordance with its own national laws. In this regard, there is a specific co-ownership agreement on data processing between the Reverse Group companies.
3. Contact us
Regardless of the Subsidiary with which you have direct relations, you can contact us using the addresses listed at: reverse.hr (“Sito”) (the "Website") or preferably email@example.com. Under the co-ownership agreement, you will be put in touch with the Joint Controller who manages your data and can give you the appropriate answers to your request.
4. What data do we process? How, why and for how long?
Processing methods - the Reverse Group does not like using paper. For this reason your personal data is processed almost exclusively through IT and digital tools (for example, video call software and IT services for the management and storage of digital documents);
purpose and legal basis for processing - the reason for which we process your data is very simple: to evaluate your application as an aspiring Scout and, in the event of a successful selection, to establish and implement the contractual relationship that will come into being between you and Reverse. Your consent is not required for this data processing, as it is necessary for pre-contractual purposes (Article 6.b. of the GDPR);
processed data - to achieve the above purposes, we need your general data such as your forename and surname, your contact details (mobile number and email), your bank details (to pay your wages), your professional qualifications and previous experience, your soft-skills and, in general, all the data and information you enter in your CV. If your CV contains data constituting particular types of information (for example, data on health or your political opinions), we will process it limited to the selection and evaluation phase of your application, as well as all the other information contained in the CV that you have made available to us;
data retention - Your CV is important to us and we keep it in our systems for 10 years, from the date of your application, so that we can contact you if your profile matches the professional profiles sought at that time. In the event that your CV matches one of the Group's vacancies, in addition to keeping your CV in our database, we also collect and store the data you provide during the interviews, for the duration of the selection process; this will be in digital format (as notes). In the event that selection results in a negative outcome (decision not to hire), your data is retained in accordance with the aforementioned criteria; conversely, in the event of a positive outcome (decision to hire), we retain your data for the entire duration of the employment contract with us, in accordance with the employee information provided during hiring. In all cases, at any time, you can ask us to delete your data from our database by sending a specific request (Reverse data erasure request) to us at firstname.lastname@example.org. If the conditions are met, we will proceed with the deletion as soon as possible and will send you a reply by email.
5. Who your data is shared with
In general, we do not need to disclose your data to parties outside the Group, but in the following cases some parties may have access to your data in a limited number of situations and in any case governed by specific agreements: a) the use of IT services, such as those for video calls and remote interviews or for the management of our database and cloud services, provided by third-party providers through which your data may pass or be stored, (b) our legal, accounting and tax consultants, (c) the credit institutions we use to pay your wages, (d) the public authorities, in cases where they are entitled to obtain the disclosure of data.
6. Where your data is transferred to
Some of these external parties may have their main place of business in the United States. We are aware that, following the recent European Court of Justice rulings on the transfer of data to the United States (judgment C-311/18, so-called "Schrems II"), it is impossible for us to ensure that these persons benefit from guarantees equivalent to those provided by the privacy legislation of the European Union. However, since that ruling, most US-based providers – many of whom are global operators in telecommunications and IT services – have adopted even higher security measures to ensure that data receives as much protection as possible from interference by public authorities. That said, for the sake of transparency, we believe it right and proper ot inform you that the tools we use to process data may include services from US providers. If this situation is not acceptable to you, unfortunately we will not be able to proceed with our relationship.
7. Privacy and protection rights
Please note that you can exercise a series of rights in connection with your data, by sending a specific request to us at email@example.com, in order to obtain: access, correction, deletion, restriction, the interruption of processing and data portability. Should you feel that your rights are not satisfied or if you believe that the Group is failing to comply with personal data processing laws, you can always contact us to try to resolve the matter amicably or send a complaint to the Personal Data Protection Authority (https://www.garanteprivacy.it).
8. DPO contact details
DPO means Data Protection Officer, the person who works alongside us and supports us so that your personal data is processed in accordance with the GDPR. You can contact the DPO by writing to: firstname.lastname@example.org