Itinera makes use of a responsible for the protection of personal data (also known as “Data Protection Officer” or “DPO”). The DPO can be contacted at the following email address dpo@itineraspa.it

INFORMATIVA PER I RICHIEDENTI IMPIEGO
AI SENSI DELLA NORMATIVA IN MATERIA DI PROTEZIONE DEI DATI PERSONALI

1. Trattamento dei dati personali

Ai sensi degli articoli 13 e 14 del Regolamento (UE) 2016/679 in materia di protezione dei dati personali (“GDPR”), La informiamo che Itinera S.p.A. (la “Società” o il “Titolare”), in qualità di titolare del trattamento, tratta i Suoi dati personali, da Lei fornitici ed anche acquisiti da fonti terze, in occasione di procedure di selezione avviate dalla Società.

2. Scopo del presente documento informativo

La presente informativa Le permette di conoscere la natura dei dati personali di Sua pertinenza e oggetto di trattamento, le finalità e le modalità di trattamento, gli eventuali destinatari degli stessi nonché i diritti che Le vengono riconosciuti.

3. Finalità d’uso dei dati

I Suoi dati personali sono utilizzati per le procedure di selezione del personale, in particolare, per procedere alla verifica dei presupposti per l’assunzione e/o per l’avvio di una collaborazione e per dar seguito alla Sua candidatura.

4. Dati personali oggetto di trattamento

In particolare, i dati personali in questione riguardano: Nominativo, indirizzo o altri elementi di identificazione personale, dati relativi al lavoro, dati previdenziali, il curriculum di studi e lavorativo.

Su base eventuale ed eccezionale, come nel caso in cui in ragione dell’instaurando rapporto lavorativo si venga a conoscenza dell’eventuale appartenenza dell’interessato alle categorie protette, possono essere acquisiti altri dati personali rientranti, secondo la terminologia della Legge, nella categoria dei dati “particolari” (precedentemente dati “sensibili”), come quelli idonei a rivelare l’originale razziale ed etnica, le convinzioni religiose, filosofiche o di altro genere, le opinioni politiche, l’adesione a partiti, sindacati, associazioni od organizzazioni a carattere religioso, filosofico, politico o sindacale; nonché i dati personali idonei a rivelare lo stato di salute e la vita sessuale.

5. Natura del conferimento

Il conferimento dei dati è facoltativo ed è rimesso alla volontà del candidato che, senza sollecitazione alcuna da parte del Titolare, presenti il proprio curriculum vitae. Per quanto concerne i dati successivamente ed eventualmente richiesti dal Titolare, il mancato conferimento comporta l’impossibilità di procedere alla verifica dei presupposti per le procedure di selezione, l’assunzione e/o per l’avvio della collaborazione e, quindi, all’eventuale instaurazione del rapporto con il Titolare.

6. Modalità d’uso dei dati

I dati personali possono essere trattati, oltre che con mezzi elettronici, anche con strumenti non automatizzati, e il trattamento è effettuato unicamente con operazioni, nonché con logiche e mediante forme di organizzazione dei dati strettamente indispensabili in rapporto ai sopra indicati obblighi, compiti o finalità.

7. Ambito di circolazione dei dati

I dati possono essere utilizzati da personale del Titolare cui è stato assegnato uno specifico ruolo ed a cui sono state impartite adeguate istruzioni operative al fine di evitare perdite, distruzione, accessi non autorizzati o trattamenti non consentiti dei dati stessi. I suoi dati personali saranno resi accessibili solo a coloro i quali, all’interno dell’organizzazione aziendale, ne abbiano necessità in ragione della propria mansione o posizione gerarchica.

Potranno utilizzare i dati anche soggetti terzi che svolgono attività strumentali per conto del Titolare, queste ultime agiscono in qualità di responsabili esterni del trattamento e sotto la direzione ed il controllo del Titolare. L’elenco aggiornato dei responsabili del trattamento è disponibile inoltrando richiesta a privacy@itineraspa.it.

8. Non comunicazione né diffusione dei dati

I suoi dati personali non saranno comunicati ad entità terze né saranno oggetto di diffusione a soggetti indeterminati.

9. Trasferimento dei dati all’estero

Per i soli fini indicati al paragrafo 3 che precede, il Titolare potrebbe trasferire i Suoi dati personali all’estero, sia verso Paesi appartenenti all’Unione Europea sia verso Paesi extra UE, in tal caso con l’adozione di adeguate misure di salvaguardia volte a garantire la tutela dei dati e la sicurezza dei trasferimenti.

Per quanto concerne in modo specifico il trasferimento dei Suoi dati personali verso Paesi extra UE, la Società La informa che alcuni di essi potrebbero essere eventualmente trasferiti anche in Stati relativamente ai quali la Commissione europea non ha ancora adottato alcuna decisione di adeguatezza e/o privi di garanzie adeguate ai sensi dell’art. 46 GDPR. In tali casi la Società si impegna, ove possibile, a stipulare accordi specifici adottando “clausole tipo” di protezione standard adottate dalla Commissione UE, al fine di garantire la maggiore protezione e salvaguardia dei Suoi dati personali durante l’intero trattamento e fornire quelle garanzie adeguate di cui all’art. 46 del GDPR.

In via residuale e per le ipotesi in cui ciò non fosse possibile, Le chiediamo di prestare esplicitamente consenso a tale trasferimento, fermo restando che la Società potrebbe non essere in grado di garantire il pieno rispetto del GDPR da parte del soggetto terzo, sito in un Paese extra UE, a cui verranno eventualmente trasferiti i Suoi dati personali.

Resta fermo che, qualora i dati vengano trasferiti dalla Società a proprie branch e/o filiali estere site in Paesi extra UE, queste ultime agiranno in conformità alle disposizioni del GDPR per le finalità di cui ai precedenti paragrafi della presente informativa.

10. Tempi di conservazione dei dati

I dati saranno conservati per il tempo necessario agli adempimenti previsti per la selezione del candidato e comunque non oltre 5 (cinque) anni dalla loro raccolta salvo l’eventuale instaurazione del rapporto di lavoro e/o di collaborazione.

11. Non necessità del consenso

Il Suo consenso al trattamento non è necessario in quanto il trattamento riguarda dati contenuti nei curricula, spontaneamente trasmessi dagli interessati ai fini dell’eventuale instaurazione di un rapporto di lavoro/collaborazione, con l’eccezione di quanto previsto al precedente paragrafo 9.

12. Titolare del trattamento

Titolare del trattamento è Itinera S.p.A., con sede legale in Via M. Balustra, 15 – 15057 Tortona (AL) – Italia, codice fiscale e partita IVA 01668980061.

13. Data Protection Officer

La Società si avvale di un responsabile per la protezione dei dati personali (anche noto come “Data Protection Officer” o “DPO”). Il DPO può essere contattato tramite il seguente canale di comunicazione: dpo@itineraspa.it.

14. Esercizio dei diritti

In ogni momento Lei potrà avere piena chiarezza sulle operazioni che abbiamo riferito e, in particolare, ottenere la cancellazione, la trasformazione in forma anonima ed il blocco dei dati trattati in violazione della legge, chiedere l’aggiornamento o la rettifica o l’integrazione, opporsi al loro utilizzo, ed esercitare gli altri diritti previsti dalla legge. A tale scopo si potrà rivolgere a privacy@itineraspa.it.

Le ricordiamo altresì che Lei ha diritto di proporre reclamo all’Autorità Garante per la protezione dei dati personali qualora ritenga che i Suoi diritti non siano stati rispettati o che non abbia ricevuto riscontro secondo legge.

Itinera S.p.A.
(Il Titolare)

Si prega di selezionare l’opzione, del tutto facoltativa, nel caso in cui si desideri autorizzare la Società a trasferire i dati personali in Paesi Extra UE, per le finalità di cui al paragrafo 3 e come meglio descritto al paragrafo 9 dell’informativa che precede.

Resta inteso che l’eventuale diniego di tale consenso non avrà alcuna conseguenza sulla gestione e presa in carico della candidatura, ma soltanto sul successivo ed eventuale trasferimento dei dati personali forniti alla Società in Paesi extra UE.

Il/La sottoscritto/a pienamente informato/a e consapevole dei possibili rischi connessi al trasferimento verso Paesi extra UE dei dati personali raccolti, come meglio indicato al paragrafo 9 dell’informativa,

□ PRESTA IL CONSENSO                           □ NON PRESTA IL CONSENSO

affinché la Società possa trasferire i propri dati personali – per la finalità di selezione del personale – anche in Paesi extra UE, pure in mancanza di una decisione di adeguatezza ai sensi dell’art. 45, paragrafo 3, GDPR e/o eventualmente di garanzie adeguate ai sensi dell’art. 46 GDPR.

Il consenso potrà essere revocato in ogni tempo con comunicazione scritta da inviare a mezzo e-mail all’indirizzo privacy@itineraspa.it

NOTICE FOR EMPLOYEES/COLLABORATORS OF THE SUPPLIERS
ACCORDING TO THE REGULATION ON THE PROTECTION OF PERSONAL DATA

1. Background

ITINERA S.p.A. (the “Company“) is carrying out preliminary operations for the selection of potential suppliers, including your company (the “Supplier“), for the provision of works/services/supplies/professional services (collectively the “Services“) and, for the above purpose, it needs to acquire some information about the Supplier and its organization (including information on its employees and collaborators) qualifiable as “personal data” in accordance with Regulation (EU) 2016/679 on the protection of personal data (the “GDPR“).

1.1 Please note that, according to the GDPR, (i) “controller” means the person or legal entity which determines purposes, methods and means of the processing of personal data, including the security profile; (ii) “data subject” means the natural person to whom the personal data belong, thus excluding the legal entity.

1.2 In relation to personal data of Supplier’s employees and collaborators processed by the Company for the management of the relationship with the Supplier, the Company qualifies as the controller for processing of such data (hereinafter, the Company is also referred to as the “Controller”).

1.3 It is the Controller’s duty to inform, in advance, the data subject and the subject with whom the personal data are collected about the processing of personal data.

1.4 In case of relationships amongst legal entities, the information to any data subject involved in the relevant processing – when they work for or perform professional activities in favour of or collaborate with the Supplier and the data of whom can be communicated, known and / or processed by the Controller in execution and in the performance of the main relationship – is released by the Controller through the Supplier itself.

1.5 With this information, the Company, in its role as Controller, informs the data subjects about the purposes and methods of the processing of personal data collected, the scope of their communication and dissemination, as well as the reason of their communication.

1.6 The Supplier undertakes to guarantee to the data subject full knowledgeability of this information.

2. Purposes of processing of personal data

The Company processes personal data of the data subjects in order to:

1. i. acquire preliminary information enabling the evaluation of the Supplier (references of previous works, financial soundness, internal organizational structure, absence of impedimental elements according to law) for the purposes of the latter qualification within the Company’s Supplier Register;
2. ii. evaluate the possibility to establish a contractual relationship with the Supplier in relation to performance of the Services, also by means of the fulfillment of requirements from time to time set forth by applicable law or by the relevant contracts applicable to the specific type of service (works, services, supplies, professional services) and, in this case,

iii. use and manage the Services, as well as for purposes strictly related to those indicated above.

3. Data processed

Identification and contact data, as well as different data relating to employees and/or collaborators of the Supplier and / or individuals who hold positions and roles within the organization of the Supplier, with whom the Company is in contact for the purposes indicated in the previous Paragraph 2 (Purpose of the processing of personal data) are subject to processing.

Furthermore, in the cases provided for by paragraph 2, sub II, judicial data and data concerning relatives of the data subjects may be processed.

4. Processing methods

Personal data are processed both by electronic and by non-automated means.

5. Circulation of data

Data may be used by the Company’s personnel to whom a specific role has been assigned and to whom adequate operating instructions have been given, as well as by third parties carrying out ancillary activities on behalf of the Controller, the latter acting as external processors, acting under the Controller’s direction and control. The updated list of processors is available by submitting a request to privacy@itineraspa.it.

6. Data communication

Furthermore, the data may also be disclosed (i) to other companies of the Group with which specific agreements exist, for shared processing purposes, for administrative and accounting purposes and by the latter used for the same purposes; to public bodies for the fulfilment of legal requirements, as well as (ii) to third parties and companies, such as banks, credit institutions and companies closely linked to the collection of credit; to legal and specific consultants, auditors; credit recovery consultants, administration and contractual advisors. The indicated third parties will act as autonomous data controllers. The updated list of the aforesaid recipients and the categories of data recipients can be obtained by writing to privacy@itineraspa.it .

Personal data are not disclosed to undetermined recipients.

7. Transfer of data abroad

Personal Data of the data subjects may be transferred abroad to countries belonging to the European Union and to third Countries, in this case with the adoption of adequate security measures apt at ensuring data protection and security of transfers. Further information can be provided by writing to: privacy@itineraspa.it .

8. Data retention time

The data will be kept for the duration of the entire contractual relationship and, in any case, for a period not exceeding 10 (ten) years from finalisation thereof or from the date of registration in the Suppliers Register, without prejudice to the statute of limitations and legal deadlines in respect of the consequent rights and in compliance with the consequent obligations.

9. The Controller

The Controller is Itinera S.p.A., with registered office in Via M. Balustra, 15 – 15057 Tortona (AL) – Italy, fiscal code and VAT number 01668980061.

10. Data Protection Officer

The Company has appointed a Data protection officer (the “DPO”). The DPO can b contacted via the following communication channel: dpo@itineraspa.it .

11. Exercise of rights

At any time, the data subjects can have full knowledge of the above-mentioned processing operations and, in particular, obtain the cancellation, anonymization and blocking of data unlawfully processed, request their update or correction or integration, challenge their use and exercise the other rights set forth by law. For this purpose, please contact privacy@itineraspa.it .

Moreover, we remind you that the data subjects also have the right to submit a claim to the Data Protection Authority should they deem that their rights have not been respected or that they have not received a reply according to law.

Tortona,
24th May 2018
ITINERA S.p.A.
(the Owner)

NOTICE TO CORPORATE OFFICERS AND ATTORNEYS IN ACCORDANCE WITH DATA PROTECTION LAW

1. Personal data processing.

In accordance with EU Regulation 2016/679 on the personal data protection (the “GDPR“), effective from 25 May 2018, we inform you that ITINERA (the “Company” or the “Data Controller“), in the capacity of data controller, processes the personal data you provide us following your acceptance of the office of Director / Statutory Auditor / Member of the Supervisory Body pursuant to Legislative Decree 231/01 or your appointment as Attorney of society.

2. Purpose of this policy

This information allows you to know the nature of your personal data and object of treatment, the purposes and methods of treatment, any recipients as well as the rights that are recognized. Also, in consideration of the future changes that may occur on the applicable legislation on personal data, the Company may integrate and / or update, in whole or in part, this information on the Company’s website (https: //www.itinera- spa.it/privacy/).

3. personal data undergoing processing.

The personal data being processed are: name, address or other elements of personal identification of you and your family members or data relating to work, social security data, the curriculum of studies and work as well as, where necessary, the details of the bank account, Its relevance (so-called “common data”). The personal data you provide to us and possibly collected by us from other sources may also be of a sensitive or judicial nature, such as those required for the purpose of submitting offers or even in order to manage, where the conditions exist, any professional insurance policies. in the name of the company of which you are the beneficiary.

In any case, the Company may find it necessary to request personal data other than those falling within the above category and to submit them to processing operations and to communicate them to the recipient bodies indicated in the following Paragraph 7 (Circulation of data), if the provision is:

1. a) imposed by laws, regulations or decisions of authority; or
2. b) necessary and instrumental to the management and execution of the ongoing professional relationship with you;

in the latter case, only the essential data for the indicated purpose will be requested or collected by third parties and will be transmitted to the subjects specified above to allow the relationship in place to be fully implemented.

4. Purpose of personal data processingYour personal data are used by the Company for the purpose of managing your relationship with the Company itself, by way of indication and not exhaustive for the following activities: a) the management of your position; b) communications addressed to you in writing or by telephone made directly with internal staff; c) access to the Company’s intranet; d) verification of the requirements for the office and the inexistence of causes of ineligibility and forfeiture pursuant to the law; as well as, where applicable e) in relation to the information requested from time to time for the purpose of submitting offers, for the correct exercise of pre-qualification activities and / or accreditation activities in the registers / registers / IT platforms of public / private counterparties, in Italy or abroad.

5. Provision of personal data

The provision of your personal data is optional, but it is necessary and / or mandatory for the management of the professional relationship that binds you to the Company and to fulfil regulatory obligations. Failure, partial or incorrect communication of your personal data may result in the inability to execute the aforementioned relationship.

6. Processing method

Your data are used not only by electronic means but also by paper means.

7. Data traffic
   • The data may be used by Company personnel who have been assigned a specific role in relation to the processing and who have been given adequate operating instructions. Your personal data will be made accessible in colours who, within the company organization, need it due to their duties or hierarchical position.

• Your personal data may also be processed by third parties to whom the Company entrusts the activities or services (or part of them) for the pursuit of the purposes indicated in this information, or third parties to whom the Company is required to communicate the your data in compliance with the applicable legislation. These subjects will operate, depending on the case, as data processors or as independent data controllers and are typically included in the following categories:

1. a) institutions, bodies and / or public authorities (Courts, supervisory and control authorities, etc ..);
2. b) public and / or private clients.
3. c) members of the corporate bodies of the Company.
4. d) companies belonging to the same group as the Company.
5. e) auditing company.
6. f) companies / service centres, professional firms or freelancers for consultancy and assistance in corporate activities and / or transactions and related activities.
7. g) companies or persons for the management and maintenance of information systems;
8. h) banks, credit institutions, factoring companies and credit collection companies;

1. companies or professionals appointed by the Company to manage your insurance relationship (where applicable).

7.3 The third parties may also be established abroad, in EU or non-EU countries. In the latter case, the transfer of data is carried out by virtue of the existence of a decision by the European Commission on the adequacy of the level of data protection of the non-EU country or on the basis of the appropriate and appropriate guarantees provided for by Articles 46 or 47 of the GDPR (eg signing of the “standard clauses” of data protection adopted by the European Commission) or the additional conditions of legitimacy for the transfer provided for by art. 49 of the GDPR. For more information on the possible transfer of your personal data outside the European Union, you can write to privacy@itineraspa.it.

Your personal data are not disclosed to undetermined recipients.

8. No need for consent

The consent to the processing of the aforementioned data is not necessary as their use is a function of the execution of the relationship of which you are a part.

9. Data controller

The data controller is Itinera S.p.A., with registered office in Via M. Balustra, 15 – 15057 Tortona (AL) – Italy, tax code and VAT number 01668980061.

10. Data Protection Officer

Itinera makes use of a responsible for the protection of personal data (also known as “Data Protection Officer” or “DPO”). The DPO can be contacted at the following email address dpo@itineraspa.it

11. Exercise of the rights

Upon the fulfillment of the conditions and within the limits of the applicable legislation, you may exercise the following rights in relation to the processing of your personal data: (i) the right to access personal data and information on the related processing; (ii) right of rectification if personal data are inaccurate or incomplete; (iii) the right to obtain the cancellation of personal data; (iv) right to object to the processing of personal data; (v) right to limit the processing of personal data; (vi) the right to obtain the transfer of personal data to other companies or organizations and / or to receive personal data in a structured format, commonly used and readable by an automatic device. The aforementioned rights may be exercised by contacting privacy@itineraspa.it.

If you find any irregularities in the processing of your personal data, you can lodge a complaint with the Guarantor for the protection of personal data, in the manner indicated on the website of the Guarantor (www.garanteprivacy.it).

ITINERA S.p.A.

Late update: 10/05/2021