INFORMATION NOTICE FOR CANDIDATES ON PERSONAL DATA PROCESSING
The Legal Entities belonging to Gianni Versace Group in their capacity as independent Data Controllers with reference to the applications directed to their respective countries (as better specified in paragraph 1., hereinafter, in short, and referred to the single Entity to which the application refers, the “Company” or “Controller”) wishes to inform you that, in terms of Articles 13 and 14 of European Regulation 679/2016 on personal data protection ( "Regulation" or “GDPR” ) and national regulations including the specific eventual orders of the Regulatory Authority, where applicable, the personal data provided by you during the selection process will be processed in compliance with current legislative and contractual provisions for the purposes and following the methods indicated below
“Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Personal data” means any information relating to an identified or identifiable natural person ('data subject', in this case, the candidate); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to other information such as a personal identification number, an online identifier etc.;
"Data concerning health " means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
“Special (sensitive) categories of personal data” means personal data capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of parties, unions, associations or organisations of a religious, philosophical, political or trade nature, as well as data concerning a natural person's sex life or sexual orientation;
The Data Controller is Gianni Versace S.r.l., registered office piazza Luigi Einaudi 4, 20124 Milan with reference to the applications submitted for open positions in Italy.
The Data Controller is Versace Nederland, registered office Stadsweide 76 6041TD Roermondwith reference to the applications submitted for open positions in the Netherlands.
The Data Controller is Versace España, S.A.U., Sucursal em Portugal, registered office Avenida Columbano Bordalo Pinheiro 94 2° 1070-065 Lisbona with reference to the applications submitted for open positions in Portugal. The Data Controller is Versace España, S.A.U., registered office Calle Gran Via No. 6 28013 Madrid with reference to the applications submitted for open positions in Spain.
The Data Controller is Versace Hellas S.A., registered office Notara Street 67 18535 Piraeus with reference to the applications submitted for open positions in Greece.
The Data Controller is Versace Suisse S.A., registered office Via Beroldingen 26 6850 Mendrisio with reference to the applications submitted for open positions in Switzerland.
The Data Controller is Versace France S.A., registered office 45 Avenue Montaigne 75008 Paris with reference to the applications submitted for open positions in France.The Data Controller is Versace Belgique S.A., registered office Boulevard de Waterloo, 7 1000 Bruxelles with reference to the applications submitted for open positions in Belgium.
The Data Controller is Versace Deutschland GmbH., registered office Goethestraße 22 60313 Frankfurt am Main with reference to the applications submitted for open positions in Germany.
The Data Controller is Versace UK PLC., registered office St Brides House – 10 Salisbury Square London EC4Y 8EH with reference to the applications submitted for open positions in United Kingdom.
The Data Controller is Versace Monte- Carlo S.A.M., registered office Allèe Francois Blanc - Casinò de Monte-Carlo, 98000 Principauté de Monaco with reference to the applications submitted for open positions in Monaco. The Data Controller is Versace Asia Pacific Limited, registered office 39/F Sunlight Tower, 248 Queen's Road East Wan Chai Hong Kong with reference to the applications submitted for open positions in Hong Kong
The Data Controller is Versace Japan Co., Ltd., registered office Cross Ginza Building 6F 5-9-8 Ginza, Chuo-ku Tokyo 104-0061 with reference to the applications submitted for open positions in Japan.
The Data Controller is Versace Macau Limited, Ltd., registered office Av. Praia Grande, No. 367-371 Keng Ou Commercial Building, 15TH Floor C, Macau with reference to the applications submitted for open positions in Macau.
The Data Controller is Versace Taiwan Co., Limited, Ltd., registered office 11F n. 456 Sec. 4 Xinyi Road Taipei 11052 with reference to the applications submitted for open positions in Taiwan.
The Data Controller is Versace Malaysia Sdn. Bhd., registered office Unit 30-01 Level 30 Tower A, Vertical Business Suite Avenue 3, Bangsar South, n. 8 Jalan, Kerinchi 59200 Kuala Lumpur with reference to the applications submitted for open positions in Malaysia.
The Data Controller is Versace Singapore Pte. Ltd., registered office 80 Robinson Road, #02-00 068898 with reference to the applications submitted for open positions in Singapore.
The Data Controller is Versace Korea Co., Limited. Ltd., registered office #703 Yoolim B/D 766 Samseong-ro, Gangnam gu Seul 135-952 with reference to the applications submitted for open positions in Republic of Korea.The Data Controller is Versace Australia Pty Limited, registered office 2 Riverside Quay Southbank VIC 3006 with reference to the applications submitted for open positions in Australia.
The Data Controller is Versace China Limited, registered office N2- 35/36 Taikoo Li Sanlitun North, 11 Sanlitun Road, Chaoyang District Beijing 100027 with reference to the applications submitted for open positions in China. The Data Controller is Versace (Thailand) Co., Ltd., registered office 179/60-62 Bangkok City Tower, 13th Floor South Sathorn Road Thungmahamek, Sathorn Bangkok 10120 with reference to the applications submitted for open positions in Thailand.
The Data Controller is Versace USA, Inc., registered office 3 Columbus Circle 20th Floor New York, NY 10019 with reference to the applications submitted for open positions in United States of America.
The Data Controller is Versace Canada, registered office Pacific Centre, 400 725 Granville Street VancouverBritish Columbia V7Y 1G5 with reference to the applications submitted for open positions in Canada.
With regards to applications relating to Gianni Versace S.r.l. and the EMEA Data Controllers, pursuant to Article 37 of the GDPR, the Data Controller has appointed a Data Protection Officer (hereinafter, also “DPO”) who may be contacted at the following e-mail address: DPO@versace.it.
Ordinary personal data or data concerning health
The Company mainly processes the following categories of personal data:
Identification data and contact data (e.g. name, surname, data of birth, tax number, address, telephone numbers, residential address, domicile);
Data relating to previous work experiences (e.g. duties covered, date hired, role with company, any benefits, periodical assessments, other data relating to work experience), professional qualifications;
Tax and income data (e.g. previous remuneration);
Data provided by sending curriculum vitae and other data collected during the personal selection and evaluation process, including those provided when completing information questionnaire;
Photographs (e.g. photos present in CV);
any other data provided by the candidate;
data capable of revealing health status (documentation regarding invalidity or membership of a protected category); data regarding unfitness for work for assignment of specific duties.
Ordinary personal data are collected and processed for the following purposes:
a ) Ordinary personal data are collected and processed for the following purposes;
b ) to comply with legal, regulatory and EU obligations, in particular obligations under Local Labour Law;
c ) to exercise a right in court, where necessary.
Consent is not required for these purposes because processing is necessary to fulfil legal obligations resulting from the selection of personnel and/or because the processing may qualify for a specific exemption from the consent requirement in terms of Article 6.1(f) of the Regulation such as legitimate interest or protection of rights.
Meanwhile, data concerning health shall be processed for the following purposes only:
a ) to comply with or to ensure compliance with specific obligations or to fulfil specific duties required by the EU regulation, by law, by regulations or by collective agreements ( in particular, when establishing the employment relationship and in relation to workplace health and safety issues. Consent is not required for these purposes because processing is necessary, respectively, to comply with obligations imposed by law or by the national collective agreement (Art. 9.2(b) of the Regulation);
b ) to guarantee equal opportunities at work. Consent is not required for these purposes because the processing is necessary to comply with legal obligations.
Sensitive data, concerning health status, which is processed by a doctor during any medical check-up required prior to recruitment and with reference to the duties, shall be processed by the Company in execution of obligations under the Local Labour Law, where applicable. The doctor shall communicate to the Company only those opinions on the candidate’s unfitness for the duties in question.
Any additional personal data concerning health status, other categories of personal data not necessary for selection purposes and contained in the CV or provided by the candidate or by third parties shall be cancelled immediately and shall not be processed.
Personal data of family members and third parties
The following personal data (e.g. general details, data of birth, presence of any family members in the Company or other data relating to family members provided by the candidate) relating to the data subject’s family members are processed, when necessary, in order to perform regular checks of compliance with ethical principles as well as with the requirements of the organisational model. Consent is not required for these purposes as processing is necessary to fulfil the Company’s legitimate interests in terms of Article 6.1 (f) of the Regulation. It is the duty of the data subject to communicate the contents of this information to his or her family members.
If the data subject provides the Company with data relating to third parties (e.g. previous employers or references), the Company might contact such third parties for references and to check the information received.
The submission of the aforesaid data (e.g. identification data, data relating to family members, data concerning health status) is necessary to perform activities related to the selection of personnel and failure to provide such data shall make it impossible for the Company to consider the candidacy during a selection process.
The personal data shall be processed by the Company and by its Authorized Person using information systems (and manually) in accordance with the principles of lawfulness, fairness and transparency required by the applicable regulation on personal data protection and safeguarding the confidentiality of the data subject and his/her rights by adopting appropriate technical and organisational measures to guarantee a level of security proportionate to the risk (e.g. storage of ordinary personal data and data concerning health in separate databases, encoding of personal data, capacity to restore access to data in case of an accident, etc.).
As part of its selection activities, the Company may perform activities to verify information provided (e.g. academic qualifications and previous employers) solely for selection purposes.
The personal data provided directly by the candidate – also by spontaneous submission of a CV – shall be retained for the time strictly necessary to fulfil the purposes for which the date were acquired. The data retention period is up to 24 months from collection of the data.
The personal data will be retained for the stated period also in order to demonstrate, in case of a petition/request/claim, that there has been no discrimination against candidates and that processing for recruitment purposes was performed fairly and transparently. After this period, the personal data will be destroyed securely and in compliance with applicable laws and regulations.
If, at any time, the data subject considers exhausted the scope of the processing by the Company in that it is no longer necessary or useful, the data subject may inform the Company accordingly to enable it to cancel the data immediately.
The Processing is necessary pursuant to Art. 6 paragraph 1.b) of the GDPR to the execution of pre-contractual measures adopted upon your request. Therefore, your personal data will be processed by the Company for purposes related to the conduct of research and selection of candidates.
The data shall not be communicated, disseminated or transferred but may be shared with external advisors who are supporting the Company with the selection of personnel. Processing shall be carried out by employees and collaborators of the Data Subject, instructed and authorised to do so, in pursuit of the purposes described above. The complete and updated list of persons processing personal data as Data Processors and Data Controllers is available upon request to the Company, as specified in Par. I.
In addition, personal data may be made accessible, communicated and transferred to Public Authority in order to give effect to investigation requests or where expressly authorized by legal obligation.
We also inform you that your personal data may be the subject of intra-Group correspondence, to subsidiaries or associated companies and to their collaborators, always for the purposes stated above. The data are not generally transferred outside the European Union. However, where for specific requirements regarding the location of the services rendered by suppliers, or for reasons of travel management and coordination of Group activities, it proved necessary to transfer the data to countries outside the European Economic Area – also in countries that do not offer adequate protection – the Company undertakes to guarantee levels of protection and safeguards, also of a contractual nature, in accordance with applicable laws and regulations.
A list of countries outside the European Economic Area where data is transferred is available on request at the registered office of the Data Controller.
The data subject may, in relation to the processing of data described therein, exercise the rights provided for by the Regulation (Articles 15-21), as follows:
- to receive confirmation of the existence of his/her personal data and to access their content (right of access);
- to update, amend and/or correct his/her personal data (right to rectification);
- to ask for the erasure, or the restriction of processing, of data processed in breach of the law, including those whose retention is not necessary in relation to the purposes for which the data was collected or otherwise processed (right to be forgotten and right to restriction of processing);
- to object to processing (right to object);
- to withdraw consent, where given, without prejudice to the fairness of processing based on consent given prior to withdrawal;
- to appeal to the regulatory authorities in case of violation of the rules on personal data protection;
- to receive an electronic copy of data regarding him/her as provided during the selection process (e.g. data relating to previous work experience) and to ask that said data be transmitted to another data controller (right of data portability).
In order to exercise these rights, the data subject may contact writing by email at firstname.lastname@example.org
Updated on 26th September