Information notice employees MSC Technology Italia S.r.l.
Information notice pursuant to Articles 13/14 of the Regulation (EU) 2016/679 – General Data Protection Regulation (hereinafter “GDPR”)
The following statement informs you about the processing of your personal data. The document has been drafted
according to articles 13 and 14 GDPR and to the Opinion 2/2017 “on data processing at work” drafted by Working
Party 29 (the Working Party on the Protection of Individuals with regard to the Processing of Personal Data).
This information notice (hereinafter “MSC TechNotice”) specifically concerns the processing of personal data
performed by MSC Technology Italia S.r.l as an indipendent Data Controller.
1. DATA CONTROLLER
With reference to this notice, the Data Controller is MSC Technology Italia S.r.l. (hereinafter “MSC Tech” or the “Controller”) with registered address at Via Nizza, 262/Int.27
10125 Turin (Italy), email email@example.com
2. DATA PROTECTION OFFICER of MSC Tech.: the Controller also appointed a Data Protection Officer (hereinafter “DPO”) pursuant to articles 37 et. seq. GDPR in charge for monitoring the compliance of the Company from a privacy standpoint, available at the following email address: firstname.lastname@example.org
3. SOURCE OF PERSONAL DATA (in the case personal data are collected from third parties and not directly from the data subject)
We could obtain personal data directly from you or from other sources. In this latter case we may obtain them from
a publicly accessible source. In fact, MSC Tech may acquire your personal data consulting for instance, official
journals and/or official registers held by public authorities for some categories of professionals (e.g. engineers). We
could obtain personal data also from recruiting agencies and/or head hunters
4. MAIN DEFINITIONS – CATEGORIES OF PERSONAL DATA BEING PROCESSED
Processing/process/processed means: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (art. 4 par. 1, n. 2 GDPR).
Data subject means: “the natural person (identified or identifiable)”.
Personal data means: “any information relating to an identifiable natural person (images, pictures and videos included), in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity” (art. 4 par. 1, n. 1 GDPR).
special categories of Personal Data means: “personal data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for
the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s
sex life or sexual orientation” (art. 9 par. 1 GDPR).
CATEGORIES OF PERSONAL DATA CONCERNED: personal data and any special categories of personal data
contained in the CV (e.g. personal details, contact details, image, protected category, payroll data etc.). Data
relating to criminal convictions and offences may be requested only in cases where the processing is authorized by
the law of the European Union or any of the member states.
5. PURPOSE OF PROCESSING – LEGAL BASE – DATA RETENTION PERIOD – NATURE OF PROVISION
|Purpose of processing
||Data Retention period
||Nature of provision (in the case of personaldata provided directly by the data subject)
|A) Staff recruitment activities research and selection of personnel for the purpose of establishing an employment relationship, included any positions different from those for which the data subject has applied for; storage of personal data for further selections; managing applications in response to job vacancies posted on our website; interviews and any video-interviews (data processing including image / audio). For specific job positions and within certain circumstances established by Data Controller, this latter may ask the candidate to provide some data from the last wage slip. In this case, the candidate shall provide the document only after having obscured any special categories of personal data (eg. union membership, foreclosure of the fifth of the salary
||Execution of pre-contractual measures adopted at the request of data subject art. 6 par. 1 lett. b) GDPR
||Necessary in order tomanage the application. Failure to provide the data will make it impossible to process the data for the purposes of research and selection of personnel.
6. RECIPIENTS/CATEGORIES OF RECIPIENTS
Personal data provided could be communicated to recipients who will process them as Data Processors (art. 28
GDPR, that is to say the “natural or legal person, public authority or agency or other body which processes personal
data” on behalf of MSC Tech), as independent Data Controllers and/or as natural person acting under the
Controller’s authority (art. 29 Reg. UE 2016/679) for the abovementioned purposes.
Namely, data will be communicated to:
- other companies within MSC Group;
- third parties assisting the Data Controller in the management of information systems;
- any third parties and labor consultants for personnel selection purposes, in the context of assistance and
- any third parties for the purpose of obtaining references (eg universities, former employers, schools, etc.);
- subjects designated pursuant to Legislative Decree 81/2008 as the competent doctor designated by the
- competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon
The list of Data Processors is constantly updated and available at the Controller’s office.
With regards to health status information, the candidate may be subject to medical examination pursued by
competent medical staff designated pursuant to Legislative Decree 81/2008 and to whom the Data Controller
merely asks for a judgment relating the suitability or unsuitability for specific job duties. The Data Controller will
not be aware of specific information relating your health status (e.g. any pathologies, etc.), except from the
hypothesis in which the doctor deems it necessary as it is mandatory in order to fulfill legal obligations.
7. DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANIZATION
Your personal data will be transferred in Switzerland according to article 45 GDPR (transfers based on an adequacy
decision adopted by the European Commission). We may also transfer personal data to countries located outside
the European Economic Area (USA and INDIA) in order to select specific employment profiles. In this case, the
transfer will be grounded on specific Standard Contractual Clauses pursuant to art. 46 GDPR. It’s possible to obtain
information regarding the guarantees underlying the transfers contacting the Data Controller.
8. DATA SUBJECTS’ RIGHTS
You can exercise your rights as expressed by articles 15 et. seq. of GDPR by writing to the Data Controller and the
DPO at the above addresses.
You have the right, at any time, to obtain from the Data Controller the access to your personal data (article 15),
request their rectification (article 16), their erasure when possible (article 17) or the restriction of their processing
You have also the right to data portability when applicable (article 20). In case of a request for data portability, the
Data Controller shall provide your personal data to you in a structured, commonly used and machine-readable
Finally, you have the right to lodge a complaint with the Supervisory Authority, that is to say the Italian Authority
for the protection of personal data (https://www.garanteprivacy.it/), or file a complaint to the judiciary authorities.
9. AMENDMENT OF MSC TECH INFORMATION NOTICE
The Data Controller reserves the right to amend at any time the present document, which will be shared in
accordance with GDPR principles, in particular the fairness and transparency principle established by art. 5 GDPR.
For this reason, the MSC TECH Information Notice will indicate its last date of update.
Last update: 8th April 2022
The Data Controller
MSC Technology Italia S.r.l.