Curriculum Vitae Policy

Curriculum Vitae Policy

released according to art. 13 Reg. 2016/679/EU.

Elettrotecnica Imolese surl collects personal data from Curricula Vitae.
The data controller will collect personal data and sensitive data (e.g. health condition, adhesion to associations and/or political parties, belonging to legally protected categories).
Data processing is carried out in compliance with the criteria established by the European General data protection regulation, Reg. 2016/679/EU, in force from 25 May 2018 (henceforth GDPR).
According to the above mentioned regulation, processing must be based on the principles of fairness, lawfulness and transparency and protection of the privacy and rights of the data subjects.

A. Data Controller

The data controller is Elettrotecnica Imolese surl, with registered office in Via Pagnina 4. Bubano di Mordano (Bologna), tel. +39 054258511, email:

B. Data processing purpose

The data of the applicants collected by Elettrotecnica Imolese surl are used to evaluate current or future potential candidates for positions within the company; to invite candidates for interviews with a view to possible recruitments;

to conduct an interview with a potential employee, for the purpose of selection and/or evaluation for possible recruitments and subject to prior processing authorisation.

The legal basis of processing can be found in art. 6 p.1 lett. f) GDPR "processing is necessary for the pursuit of a legitimate interest of the data controller or a third party";

data submission is optional by nature; in case of failure to submit data, the data controller will not be able to evaluate the candidate's profile.

The consent of the data subject is expressed by the entirely voluntary submission of their CV by email, fax or in the dedicated section of the website.

C. Data processing method

Personal data are processed by the data controller and duly authorised data processors for the correct achievement of the purposes indicated in point 2) by electronic means and paper archives,

as well as with the use of security measures to guarantee the confidentiality of personal data and avoid unauthorised access by other subjects.

The data controller will not use automated processes, including profiling, to achieve the purposes set out in this policy.

D. Data communication

The collected data may be notified to duly appointed external parties who carry out activities on behalf of the data controller such as, for example: employment consultants, consultancy companies in the HR field, etc.

Personal data relating to means of communication (telephone, email etc.) will be used by duly appointed internal subjects.

Data will not be notified to third countries outside the EU.

E. Duration of processing

The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case, for no more than 10 years from the collection for the purposes indicated, after which the data controller or another appointed person will proceed to deleting the CV.

F. Rights of the data subject

The data subject has the right to request from the data controller access to their personal data or the rectification or erasure of the same or the restriction of processing concerning them, or they have the right to object to data processing, as well as the right to request data portability.

A request may be submitted by email or fax or registered letter with the subject line: "Request from the data subject" specifying in such request the right that the data subject wishes to exercise (erasure, rectification, portability, "right to be forgotten", indicating a valid e-mail/certified e-mail ("PEC") address to which a reply will be sent.

The data controller, or anyone appointed by them, will proceed to responding to the data subject's request within 30 days from the date of receipt. For the most sensitive answers, the response time could be extended to a further 30 days, subject to timely communication to the data subject concerned.

Should you wish to enforce your rights, you may lodge a complaint with the supervisory authority, i.e. the National Data Protection Authority, based in Palazzo Monte Citorio 121, Rome, Italy.