INFORMATION NOTICE FOR CANDIDATES ON PERSONAL DATA PROCESSING
Dear Sir/Madam,
The Legal Entities belonging to Gianni Versace Group in their capacity as independent Data Controllers with reference to the applications directed to their respective countries (as better specified in paragraph 1., hereinafter, in short, and referred to the single Entity to which the application refers, the “Company” or “Controller”) wishes to inform you that, in terms of Articles 13 and 14 of European Regulation 679/2016 on personal data protection ( "Regulation" or “GDPR” ) and national regulations including the specific eventual orders of the Regulatory Authority, where applicable, the personal data provided by you during the selection process will be processed in compliance with current legislative and contractual provisions for the purposes and following the methods indicated below
DEFINITIONS
“Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Personal data” means any information relating to an identified or identifiable natural person ('data subject', in this case, the candidate); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to other information such as a personal identification number, an online identifier etc.;
"Data concerning health " means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
“Special (sensitive) categories of personal data” means personal data capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of parties, unions, associations or organisations of a religious, philosophical, political or trade nature, as well as data concerning a natural person's sex life or sexual orientation;
The Data Controller is Gianni Versace S.r.l., registered office piazza Luigi Einaudi 4, 20124 Milan with reference to the applications submitted for job vacancies in Italy.
The Data Controller is Versace Czech s.r.o., registered office Klimentská 1216/46, Nové Město, 110 00 Prague 1 with reference to the applications submitted for job vacancies in Czech Republic.
The Data Controller is Versace Austria GmbH, registered office Schottenring 25 1010 Wien with reference to the applications submitted for job vacancies in Austria.
The Data Controller is Versace Nederland B.V., registered office Stadsweide 142, 6041TD Roermond with reference to the applications submitted for job vacancies in the Netherlands.
The Data Controller is Versace España, S.A.U., Sucursal em Portugal, registered office Avenida Columbano Bordalo Pinheiro 94 2° 1070-065 Lisbona with reference to the applications submitted for job vacancies in Portugal.
The Data Controller is Versace España, S.A.U., registered office Calle Conde De Aranda No. 24, 28013 Madrid with reference to the applications submitted for job vacancies in Spain.
The Data Controller is Versace Suisse S.A., registered office Via Franco Zorzi 18, 6850 Mendrisio with reference to the applications submitted for job vacancies in Switzerland.
The Data Controller is Versace France S.A., registered office 45 Avenue Montaigne 75008 Paris with reference to the applications submitted for job vacancies in France.
The Data Controller is Versace Belgique S.A., registered office Boulevard de Waterloo, 7 1000 Bruxelles with reference to the applications submitted for job vacancies in Belgium.
The Data Controller is Versace Deutschland GmbH., registered office Goethestraße 22 60313 Frankfurt am Main with reference to the applications submitted for job vacancies in Germany.
The Data Controller is Versace UK PLC., registered office 2nd Floor, 55 Ludgate Hill, London EC4M 7JW with reference to the applications submitted for job vacancies in United Kingdom.
The Data Controller is Versace Monte- Carlo S.A.M., registered office Allèe Francois Blanc - Casinò de Monte-Carlo, 98000 Principauté de Monaco with reference to the applications submitted for job vacancies in Monaco.
The Data Controller is Versace Asia Pacific Limited, registered office 16/F One Peking, No.1 Peking Road, Tsimshatsui, Hong Kong with reference to the applications submitted for job vacancies in Hong Kong.
The Data Controller is Versace Japan Co., Ltd., registered office Lattice Aoyama Square 8F, 1-2-6 Minami Aoyama, Minato-Ku, Tokyo with reference to the applications submitted for job vacancies in Japan.
The Data Controller is Versace Macau Limited, Ltd., registered office Av. Praia Grande, No. 369 Keng Ou Commercial Building, 17th Floor B, Macau with reference to the applications submitted for job vacancies in Macau.
The Data Controller is Versace Taiwan Co., Limited, Ltd., registered office Room D, 7F, NO.89, Songren Rd., Taipei 110, Taiwan with reference to the applications submitted for job vacancies in Taiwan.
The Data Controller is Versace Malaysia Sdn. Bhd., registered office Suite 29-03, 29th Floor, Menara Keck Seng,203 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. with reference to the applications submitted for job vacancies in Malaysia.
The Data Controller is Versace Singapore Pte. Ltd., registered office 111 Somerset Road, #03-09, Singapore 238164 with reference to the applications submitted for job vacancies in Singapore.
The Data Controller is Versace Korea Co., Limited. Ltd., registered office #11, Dosan-daero 98-gil, Gangnam-gu, Seoul, Korea with reference to the applications submitted for job vacancies in Republic of Korea.
The Data Controller is Versace Australia Pty Limited, registered office Suite 01, Level 20, 60 Castlereagh Street, Sydney, NSW 2000 with reference to the applications submitted for job vacancies in Australia.
The Data Controller is Versace China Limited, registered office 2T01-31, 9th Floor, No. 79, Jianguo Rd., Chaoyang District, Beijing, China with reference to the applications submitted for job vacancies in China.
The Data Controller is Versace (Thailand) Co., Ltd., registered office 179/60-62 Bangkok City Tower, 13th Floor South Sathorn Road Thungmahamek, Sub-district, Sathorn District, Bangkok Metropolis 10120 with reference to the applications submitted for job vacancies in Thailand.
The Data Controller is Versace USA, Inc., registered office 11 W 42nd Street, 28th Floor, New York, NY 10036 with reference to the applications submitted for job vacancies in United States of America.
The Data Controller is Versace Canada Inc., registered office 1055 West Hastings Street, Suite 1700 Vancouver, BC V6E 2E9 with reference to the applications submitted for job vacancies in Canada.
With regards to applications relating to Gianni Versace S.r.l. and the EMEA Data Controllers, pursuant to Article 37 of the GDPR, the Data Controller has appointed a Data Protection Officer (hereinafter, also “DPO”) who may be contacted at the following e-mail address: DPO@versace.it.
Ordinary personal data or data concerning health
The Company mainly processes the following categories of personal data:
- Identification data and contact data (e.g. name, surname, data of birth, tax number, address, telephone numbers, residential address, domicile);
- Data relating to previous work experiences (e.g. duties covered, date hired, role with company, any benefits, periodical assessments, other data relating to work experience), professional qualifications;
- Tax and income data (e.g. previous remuneration);
- Data provided by sending curriculum vitae and other data collected during the personal selection and evaluation process, including those provided when completing information questionnaire;
- Photographs (e.g. photos present in CV);
- Any other data provided by the candidate;
- Data capable of revealing health status (documentation regarding invalidity or membership of a protected category); data regarding unfitness for work for assignment of specific duties.
Ordinary personal data are collected and processed for the following purposes:
a ) Ordinary personal data are collected and processed for the following purposes;
b ) to comply with legal, regulatory and EU obligations, in particular obligations under Local Labour Law;
c ) to exercise a right in court, where necessary.
Consent is not required for these purposes because processing is necessary to fulfil legal obligations resulting from the selection of personnel and/or because the processing may qualify for a specific exemption from the consent requirement in terms of Article 6.1(f) of the Regulation such as legitimate interest or protection of rights.
Meanwhile, data concerning health shall be processed for the following purposes only:
a ) to comply with or to ensure compliance with specific obligations or to fulfil specific duties required by the EU regulation, by law, by regulations or by collective agreements ( in particular, when establishing the employment relationship and in relation to workplace health and safety issues. Consent is not required for these purposes because processing is necessary, respectively, to comply with obligations imposed by law or by the national collective agreement (Art. 9.2(b) of the Regulation);
b ) to guarantee equal opportunities at work. Consent is not required for these purposes because the processing is necessary to comply with legal obligations.
Sensitive data, concerning health status, which is processed by a doctor during any medical check-up required prior to recruitment and with reference to the duties, shall be processed by the Company in execution of obligations under the Local Labour Law, where applicable. The doctor shall communicate to the Company only those opinions on the candidate’s unfitness for the duties in question.
Any additional personal data concerning health status, other categories of personal data not necessary for selection purposes and contained in the CV or provided by the candidate or by third parties shall be cancelled immediately and shall not be processed.
Personal data of family members and third parties
The following personal data (e.g. general details, data of birth, presence of any family members in the Company or other data relating to family members provided by the candidate) relating to the data subject’s family members are processed, when necessary, in order to perform regular checks of compliance with ethical principles as well as with the requirements of the organisational model. Consent is not required for these purposes as processing is necessary to fulfil the Company’s legitimate interests in terms of Article 6.1 (f) of the Regulation. It is the duty of the data subject to communicate the contents of this information to his or her family members.
If the data subject provides the Company with data relating to third parties (e.g. previous employers or references), the Company might contact such third parties for references and to check the information received.
The submission of the aforesaid data (e.g. identification data, data relating to family members, data concerning health status) is necessary to perform activities related to the selection of personnel and failure to provide such data shall make it impossible for the Company to consider the candidacy during a selection process.
The personal data shall be processed by the Company and by its Authorized Person using information systems (and manually) in accordance with the principles of lawfulness, fairness and transparency required by the applicable regulation on personal data protection and safeguarding the confidentiality of the data subject and his/her rights by adopting appropriate technical and organisational measures to guarantee a level of security proportionate to the risk (e.g. storage of ordinary personal data and data concerning health in separate databases, encoding of personal data, capacity to restore access to data in case of an accident, etc.).
As part of its selection activities, the Company may perform activities to verify information provided (e.g. academic qualifications and previous employers) solely for selection purposes.
The personal data provided directly by the candidate – also by spontaneous submission of a CV – shall be retained for the time strictly necessary to fulfil the purposes for which the date were acquired. The data retention period is up to 24 months from collection of the data.
The personal data will be retained for the stated period also in order to demonstrate, in case of a petition/request/claim, that there has been no discrimination against candidates and that processing for recruitment purposes was performed fairly and transparently. After this period, the personal data will be destroyed securely and in compliance with applicable laws and regulations.
If, at any time, the data subject considers exhausted the scope of the processing by the Company in that it is no longer necessary or useful, the data subject may inform the Company accordingly to enable it to cancel the data immediately.
The Processing is necessary pursuant to Art. 6 paragraph 1.b) of the GDPR to the execution of pre-contractual measures adopted upon your request. Therefore, your personal data will be processed by the Company for purposes related to the conduct of research and selection of candidates.
The data shall not be communicated, disseminated or transferred but may be shared with external advisors who are supporting the Company with the selection of personnel. Processing shall be carried out by employees and collaborators of the Data Subject, instructed and authorised to do so, in pursuit of the purposes described above. The complete and updated list of persons processing personal data as Data Processors and Data Controllers is available upon request to the Company, as specified in Par. I.
In addition, personal data may be made accessible, communicated and transferred to Public Authority in order to give effect to investigation requests or where expressly authorized by legal obligation.
We also inform you that your personal data may be the subject of intra-Group correspondence, to subsidiaries or associated companies and to their collaborators, always for the purposes stated above. The data are not generally transferred outside the European Union. However, where for specific requirements regarding the location of the services rendered by suppliers, or for reasons of travel management and coordination of Group activities, it proved necessary to transfer the data to countries outside the European Economic Area – also in countries that do not offer adequate protection – the Company undertakes to guarantee levels of protection and safeguards, also of a contractual nature, in accordance with applicable laws and regulations.
A list of countries outside the European Economic Area where data is transferred is available on request at the registered office of the Data Controller.
The data subject may, in relation to the processing of data described therein, exercise the rights provided for by the Regulation (Articles 15-21), as follows:
- to receive confirmation of the existence of his/her personal data and to access their content (right of access);
- to update, amend and/or correct his/her personal data (right to rectification);
- to ask for the erasure, or the restriction of processing, of data processed in breach of the law, including those whose retention is not necessary in relation to the purposes for which the data was collected or otherwise processed (right to be forgotten and right to restriction of processing);
- to object to processing (right to object);
- to withdraw consent, where given, without prejudice to the fairness of processing based on consent given prior to withdrawal;
- to appeal to the regulatory authorities in case of violation of the rules on personal data protection;
- to receive an electronic copy of data regarding him/her as provided during the selection process (e.g. data relating to previous work experience) and to ask that said data be transmitted to another data controller (right of data portability).
In order to exercise these rights, the data subject may contact writing by email at privacy@versace.it
Updated on 26th September