PRIVACY POLICY

Last updated in June 2024

At DAB we value your privacy and take data protection seriously. We are committed to complying with the General Data Protection Regulation ("GDPR", Regulation (EU) 2016/679) and other applicable data protection laws in the countries where we operate.

In most cases, DAB PUMPS SPA, in its capacity as the operational parent company of the "DAB Group" companies, over which it has a role of direction, coordination and synergistic management, providing services both directly (with its own structure and organisation) and indirectly (through selected suppliers), is to be considered the Data Controller for itself and on behalf of the other companies of the "DAB Group", which are listed at https://www.dabpumps.com/. When your personal information is collected or processed in your capacity as a customer or marketing recipient or as a candidate for a specific position, the relevant DAB Group subsidiary may directly be the data controller.

Your personal data may therefore also be subject to local data protection laws. We take great care to ensure compliance with local requirements, and additional local policies may apply, in which case they will be available on our website.

If you have any questions about privacy notices or our processing of personal data, or if you wish to exercise any of your rights as outlined below, please contact:

Dab Pumps Spa, via Marco Polo 14, 35035 Mestrino (PD), Italy at data.protection@dabpumps.com.

This page provides all privacy policies related to the different recipients indicated below. Each information notice describes which personal data we collect, how we collect them, why we collect them, how we may use and share them, and what your rights are as a data owner.

Please read the specific privacy policy, concerning:

  1. WEBSITE VISITORS
  2. COMPANY INFORMATION SYSTEMS
  3. DAB DIGITAL APPLICATIONS
  4. SUPPLIERS
  5. CANDIDATES
  6. RECEPTION

 

YOUR RIGHTS
In connection with the processing of your personal data, we remind you that the following rights are always guaranteed:

* Revocation of consent: if you have given your consent for any personal data processing, you may withdraw this consent at any time with future effect. Such withdrawal will not affect the lawfulness of the processing carried out so far.

Depending on your position and under applicable laws, including the GDPR, you may also benefit from the following rights:

* Right of access: you could have confirmation from us as to whether or not personal data concerning you are being processed and, if so, to request access to the personal data. Access information includes, inter alia, the purposes of the processing, the categories of personal data involved, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You may have the right to obtain a copy of the personal data being processed. We may charge a reasonable fee based on administrative costs for any additional copies you might request.

* Right of rectification: you may have the right to have inaccurate personal data concerning you rectified. Depending on the purpose of processing, you may have the right to complete incomplete personal data, including through a supplementary statement.

* Right to erasure ("right to be forgotten"): under certain circumstances, you may have the right to have the personal data concerning you erased and we may be obliged to erase such personal data.

* Right to restriction of processing: under certain circumstances, you may have the right to have the processing of your personal data restricted. In this case, the relevant data will be marked and we may process them only for certain purposes.

* Right to object: under certain circumstances, you may have the right to object on grounds relating to your particular situation or - where personal data are processed for direct marketing purposes - to object at any time to our processing of your personal data, in which case we may be required to stop processing your personal data.

* Right to data portability: under certain circumstances, you may have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and readable format, and you may have the right to transmit such data to another entity without hindrance from us.

* Right to lodge a complaint: if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU or EEA member state where you reside, work, or where the alleged breach occurred. A right to lodge a complaint to the local supervisory authority may also apply outside the EU/EEA, depending on your location.

AMENDMENTS TO THE PRIVACY POLICY

We reserve the right to amend or supplement this privacy policy at any time. If the changes to the privacy policy are considered relevant and substantial, you will be notified of this, for example by e-mail or on our website. The privacy policy in effect at any given time will always be available on our website.

COOKIES

For information regarding cookies/pixels on our websites, please refer to our Cookie Policy.

  1. WEBSITE VISITORS

This information notice is provided to you as a data subject ("Data Subject") to inform you of how we will process your personal data as a result of your visit and/or interaction with the www.dabpumps.com website. The processing is carried out in accordance with the criteria set out in the applicable legislation, and will be based on the principles of fairness, lawfulness and transparency and the protection of your privacy and rights.

Personal data collected could include, inter alia:

* Details about how you arrived at our Websites, e.g. whether you clicked on a banner or arrived from a social media platform.

* Location details such as current location, country, local website preferences (e.g. dabpumps.com, dabpumps.de, dabpumps.be or similar), etc.

* Usage and interaction information, such as anonymised IP address, details about interactions with our websites (including product searches, page visits, time spent on pages, clicks, written input, etc.), performance data, diagnostics and statistics, device operating system and other specifications, etc.

* Customer service information, such as details entered in contact forms or on the maintenance services page.

For website visitors, we collect personal data through interactions with the website, e.g. through the use of cookies, tags, or pixels (refer to our cookie policy for more details). Finally, we may collect or receive personal data from third parties, such as social media platforms, websites, and DAB’s business partners, or from publicly available sources.

This data are collected for the following purposes and according to specific legal bases:

PURPOSE OF PROCESSING

LEGAL BASIS
  1. We use personal data to improve our services and to learn more about our visitors' behaviour.
  1. DAB’s legitimate interests (Article 6(1)(f) of the GDPR).
  1. optimisation of our marketing services based on knowledge of users' behaviour and use of web platforms
  1. Consent (Article 6(1)(a) of the GDPR)
  1. provision of a digital service
  1. Implementation of contractual and pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. optimisation and development of support services
  1. DAB’s legitimate interests (Article 6 (1)(f) of the GDPR).
  1. sending newsletters
  1. Consent (Article 6(1)(a) of the GDPR)
  1. bug fixes and technical maintenance
  1. DAB’s legitimate interests (Article 6(1)(f) of the GDPR).
  1. compliance with DAB’s legal obligations
  1. Legal obligation (Article 6(1)(c) of the GDPR).
  1. resolution of disputes, enforcement of contractual agreements, and initiating, exercising or defending legal actions
  1. Legal obligation (Article 6(1)(c) of the GDPR).

 

STORAGE TIME

Personal data collected for the above purposes will be kept only as long as necessary for the relevant purpose.  When you register for a DAB account, you will receive an account validation email. If you have not been active for four years (48 months), your DAB account, including your personal information, will be deleted. If a court or disciplinary action is initiated or contemplated, your personal data may be stored until the end of such action, including any appeal periods, and will then be deleted or archived. When personal data are deleted, the data (including behaviour information) may be stored in an anonymous form so that the data cannot be identified.

DATA RECIPIENTS AND TRANSFER

We share your personal information only when necessary to achieve the purposes described above. The following are the main categories of recipients:

* Other DAB Group companies.

* IT service providers and data processors on behalf of DAB, e.g. hosting services, IT support, cloud services, user administration services, etc.

* Other recipients who support DAB's business activities, e.g. DAB’s consultants and advisors, etc.

* Other authorised third parties who may need to access or store personal data where required or permitted by applicable law (e.g. government authorities or other relevant public agencies, courts, arbitration tribunals, lawyers, etc.).

We do not sell your personal information or share it with third parties that are not relevant. In some circumstances, your personal data may be transferred to countries outside the EU/EEA. DAB guarantees that such a transfer will be made in accordance with applicable data protection laws.  If you reside outside the EU/EEA, your personal data may be transferred to countries within the EU/EEA or otherwise outside your country of residence. We take great care to ensure compliance with local requirements when transferring data across borders.

 

  1. COMPANY INFORMATION SYSTEMS

This information notice is provided to you as a data subject ("Data Subject") to inform you of how we will process your personal data as a result of your registration within the company's information systems. Processing is carried out in accordance with the criteria set out in the applicable regulations, and will be based on the principles of fairness, lawfulness and transparency and the protection of your privacy and rights.

Personal data collected could include, inter alia:

* Personal details, such as your first and last name, signature, language preferences, audio recordings (in case of remote support), etc.

* Contact details, such as your address, country of residence/geographical area, phone number, e-mail address, etc.

* Job-related information, such as sector, role, employer, relations with other parties (e.g. distributors or installers), areas of interest, etc.

* Sales-related information, to the extent it contains personal data, such as e-mail correspondence, information about sales visits, attendance at events or trade shows, participation at webinars, pending orders or active subscriptions, purchase/order history, subscription history, offer history, delivery addresses, discounts and incentives, etc.

* Product, warranty and service information, to the extent that it contains personal data, such as installed base, installation dates, warranty status, extended warranties, repair and service information, including maintenance status and service checks, etc.

* Product use and status information, to the extent that it contains personal data that can be linked to the user as a customer, such as water flow and pressure, water and wastewater discharge, energy consumption, temperature, other usage data, error reports, maintenance status, pending service visits, usage logs, etc.

* Customer service information, such as details entered in self-service or contact forms, records of chat sessions with our customer service staff, caller IDs, audio recordings of calls (may be subject to consent, depending on circumstances) or call notes, time of calls, correspondence with DAB, etc.

* Details regarding participation in loyalty/reward programmes and contests, such as details on the number of points collected and how, spending of points, prizes and rewards won, number of batches or tickets drawn, answers to quizzes, participation in games, etc.

* Transaction and/or financial information, to the extent that it contains personal information, such as billing details, bank details, credit or debit card information, information from credit agencies, etc.

* Details regarding visits to DAB or elsewhere, to the extent that we host a visit from you or otherwise facilitate visits and travel by you in a DAB setting, such as the reason for the visit and, if relevant, dietary requirements, lodging, travel itinerary, copy of the passport (if required), home address (if required), emergency contacts, photos and group photos, etc.

* Survey and customer satisfaction data, such as survey responses, feedback provided to DAB, etc.

This data are collected for the following purposes and according to specific legal bases:

PURPOSE AND LEGAL BASIS:

STORAGE TIME
  1. To enable the performance of a contract or pre-contractual measures to which the Data Subject is a party pursuant to Article 6 (1)(b) of the GDPR
  1. 10 years from the termination of the business or contractual relationship

 
  1. Following your registration with our CRM and SSO, allow you access to company portals (e.g. Customer Portal and Technical Assistance Center Portal, D.Connect, D.Learning, D2B, DClub) and the services provided through them under Article 6 (1)(b) of the GDPR
  1. 10 years from the termination of the business or contractual relationship

 
  1. Conducting marketing activities, by sending commercial communications, promotions, discounts, concessions and other dedicated services by using newsletters, as well as invitations to participate in events dedicated to DAB Group customers for which consent is required under Article 6 1(a) of the GDPR
  1. until consent is withdrawn by the Data Subject, subject to the lawfulness of the processing during the period of the consent and in any event for a maximum period of 48 months after their collection. In case of withdrawal, DAB will not make any further notification to the Data Subject
  1. To carry out profiling activities, by analysing information regarding your interests, preferences on our products and services and consumption choices, including through detecting the type and frequency of the purchases you have made, to guarantee you a personalised service on the occasion of your future purchases for which consent is required under Article 6 1(a) of the GDPR. If you have also given consent to the processing your personal data for marketing purposes, we might send you promotions and/or invitations to initiatives that are more closely aligned to your profile, preferences and expectations
  1. until consent is withdrawn by the Data Subject, without prejudice to the lawfulness of the processing during the period of the consent. If you have given specific consent for marketing and profiling purposes, the data you have provided will be processed for a relevant, proportional time and, in any event not exceeding 12 months for profiling purposes and 48 months for marketing purposes. In any case, data on purchasing habits will be anonymised after 12 months from purchase
  1. Sending information, institutional and/or business communications regarding services similar to those as in previous sales between the parties through the use of newsletters and/or sending you personal invitations to events and trade shows for which consent is not required, i.e. soft-spam, pursuant to Article 6 1(f) of the GDPR

 
  1. until you object to such processing. The Data Subject may, at any time and free of charge, stop receiving these communications by writing to data.protection@dabpumps.com, without prejudice to the lawfulness of the processing in the period preceding such notification. In case of withdrawal, the controller will not send any further communication
  1. Fulfilling any legal obligations or pursuing a legitimate interest of the Controller pursuant to Article 6(1)(c) and (f) of the GDPR, (e.g. establishing, exercising or defending a right in all relevant forums, including the recovery of the debt through out-of-court procedures) in compliance with the conditions and restrictions provided under the current legislation
  1. for as long as strictly necessary for the performance of that purpose

 
  1. Transmitting personal data within the companies belonging to the DAB Group for administrative, planning or operational purposes falling within the Controller’s legitimate interest pursuant to Article 6 1(f) of the GDPR.
  1. for as long as strictly necessary for the performance of that purpose.

 

 

COLLECTION AND PROCESSING METHODS:

For the purposes referred to in points (a), (b), (f) and (g) above, the provision of data is mandatory and the data are collected without your consent; otherwise the Controller will not be able to perform the contract or carry out pre-contractual negotiations. For the purposes referred to in points (c) and (d), the provision of data is optional, and if you do not provide them the Controller will not be able to proceed for that specific purpose without obtaining your prior and explicit consent. For the purposes referred to in point (e) above, the provision of data is optional; if you don’t give your explicit consent, the Controller may send communications as long as you do not object to such processing.

Personal data are processed, including through the use of automated tools, by the Controller and duly appointed Processors for the proper fulfilment of the abovementioned purposes by means of electronic tools and paper archives, as well as with the use of security measures that ensure the confidentiality of personal data and prevent undue access by unauthorised parties.

DATA RECIPIENTS AND TRANSFER

The Data are processed at the Controller’s operational offices and at any other place where the parties involved in the processing are located. Accounting/fiscal data may be disclosed to duly appointed external parties who perform activities on behalf of the Controller such as but not limited to: accountants, credit institutions and relevant external professionals. The data subject to processing may be transferred to partners and suppliers duly appointed as external Processors who guarantee the same level of technical/organisational/IT/legal protection as guaranteed by the Data Controller. There is no data dissemination (e.g. social networks, websites, etc.). As defined in this policy, the Controller may use automated processes, including profiling, to achieve the purposes described above. Personal data related to the processing in question may be transferred to the companies of the DAB Group, to achieve the purposes set forth in this information notice and providing sufficient safeguards to put in place appropriate technical and organisational measures so that the processing meets the security requirements of this agreement and the GDPR.

 

  1. DAB DIGITAL APPLICATIONS

This information notice is provided to you as a data subject ("Data Subject") to inform you of how the Company collects and processes personal data concerning users of DAB’s digital applications (e.g. DConnetc, DABlive) including physical products with smart features, or if you are a registered user with DAB (creating a DAB account).

Personal data collected could include, inter alia:

* Personal details, such as first and last name, user ID/login and password, language preferences, video/audio recordings and personal photos (in case of remote support), etc.

* Contact details, such as your address, country of residence/geographical area, phone number, e-mail address, etc.

* Job-related information, such as your employer/company, areas of interest, professional role, etc.

* Sales-related information, to the extent that it contains personal data that can be linked to you as a user, such as pending orders or active subscriptions, purchase/order history, subscription history, delivery addresses, discounts and incentives, etc.

* Product, warranty and service information, such as installed base (products and serial number, installation address), installation dates, warranty status, extended warranties, repair and service information, including maintenance status and service checks, etc.

* Product use and status information, to the extent that it contains personal data, such as water flow and pressure, water and wastewater discharge, energy consumption, temperature, other usage data, error reports, maintenance status, pending service visits, usage logs, etc.

* App or offering use, such as interactions with features within the various apps or services (including using features, product searches, visiting pages, time spent on pages, clicks or touches, written input, etc.), product connectivity, data regarding activity (inactivity) levels within the context of the offering, event logs, reports created or shared, details of downloaded/installed apps or programmes, IP address, performance and diagnostic data and statistics, device type, operating system and other specifications, version data, crash data, network operator, etc.

* Activities on third-party platforms, such as social media activities (in accordance with your consents/settings on such social media) and platforms of our business partners (in connection with specific offerings).

* Geolocation data, such as the user's location.

* Customer service information, such as details entered in self-service or contact forms, caller ID, audio recordings of calls (if agreed by you), etc.

* Survey and customer satisfaction data, such as survey responses, feedback provided to DAB or DAB employees, etc.

This data are collected for the following purposes and according to specific legal bases:

 

 

PURPOSE OF PROCESSING:

LEGAL BASIS:
  1. We use this personal data to offer you additional value and personalisation, e.g. features that could optimise water use, energy efficiency, product maintenance, setting alarms for you, delivering reports to you, etc.
  1. Implementation of contractual and pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. We also use your personal information for internal purposes at DAB. The main purposes include:

* bug fixes and technical maintenance;

* planning, conducting and management of the contractual relationship with users, including administration and accounting;
  1. legitimate interest (Article 6(1)(f) of the GDPR);
  1. Customer satisfaction management, i.e. monitoring, analysing, managing, and supporting full lifecycle customer relationships;

* optimisation of marketing and sales activities based on knowledge of user behaviour and usage offerings;

* optimisation and development of support services; communication purposes, e.g. interviews or stories to users;

 
  1. Consent (Article 6(1)(a) of the GDPR)
  1. compliance with DAB's legal obligations, e.g. product compliance laws or data protection laws; and dispute resolution, enforcement of contractual agreements, and initiating, exercising or defending legal actions.
  1. Legal obligation (Article 6(1)(c) of the GDPR)

 

COLLECTION AND PROCESSING METHODS:

The above personal data will be collected only to the extent relevant to the use of our offerings and other interactions with DAB. We collect personal data both directly from you and through the use of our offerings (including physical products, apps, cloud services, etc.). As an example of personal data collected directly from you when you create a DAB account, you provide us with your contact information, user/login ID and employer information, and you can also provide us with additional (optional) details such as areas of interest. Some personal data will be collected only if you choose to use a specific function, such as alarms or reports, or if you link the app/product with a DAB account (where linking is optional). Finally, we may collect or receive personal data from third parties, such as DAB’s business partners, or from publicly available sources.

STORAGE TIME

The Data provided are stored for as long as necessary to fulfil the purposes for which they were collected, and in any event for as long as strictly necessary to fulfil any legal, accounting, or reporting requirements. If you have been a user of our digital offering, we may store your personal data for a reasonable period of time (24 months) after deactivation to facilitate onboarding and usability quality of digital offering if you decide to return to the digital offering at a later time. We will set the storage period based on what we believe to be a realistic time period for returning users.

If a court or disciplinary action is initiated or contemplated, your personal data may be stored until the end of such action, including any appeal periods, and will then be deleted or archived. When personal data are deleted, the data (including behaviour information) may be stored in an anonymous form so that the data cannot be identified.

DATA RECIPIENTS AND TRANSFER

The following are the main categories of recipients:

* Other DAB Group companies.

* DAB’s business partners e.g. suppliers, sales and marketing partners, partners for digital and IoT offerings, logistics partners, event organisers, DAB’s customers in relation to specific offerings (e.g. water services, water treatment plants or district heating providers), etc.

* IT service providers and data processors on behalf of DAB, e.g. hosting services, IT support, cloud services, user administration services, etc.

* Other recipients who support DAB's business activities, e.g. DAB’s consultants and advisors, sanctions screening partners, etc.

* Other authorised third parties who may need to access or store personal data where required or permitted by applicable law (e.g. government authorities or other relevant public agencies, courts, arbitration tribunals, lawyers, etc.).

We do not sell your personal information or share it with third parties that are not relevant. In some circumstances, your personal data may be transferred to countries outside the EU/EEA. DAB guarantees that such a transfer will be made in accordance with applicable data protection laws.  If you reside outside the EU/EEA, your personal data may be transferred to countries within the EU/EEA or otherwise outside your country of residence. We take great care to ensure compliance with local requirements when transferring data across borders.

 

  1. SUPPLIERS

This information notice is provided to you as a data subject ("Data Subject") to inform you of how the Company collects and processes personal data relating to its Suppliers or penitential persons, including those of the natural person Supplier, the legal representative of the legal person Supplier (who signs the contract in the name and on behalf of the latter), as well as its employees/consultants involved in the activities covered by the contractual relationship.

Personal data collected could include, inter alia:

* Personal details, such as first and last name, user name/login and password (if applicable), signature, language preferences, etc.

* Contact details, such as your (business) address, country of residence/geographical area, phone number, e-mail address, etc.

* Job-related information, such as sector, role, employer, relationship with other parties, work permit status, educational training and courses/certifications completed (if applicable), etc.

* Vendor-related information, to the extent that it contains personal data, such as e-mail correspondence, vendor history with DAB, references, performance reviews, participation at events or trade shows, etc.

* Transaction and/or financial information, to the extent that it contains personal information, such as billing details, bank details, information from credit agencies, etc.

* Details regarding visits or work at DAB or elsewhere, to the extent that we host a visit by the user or otherwise facilitate visits and travel by the user in a DAB setting or if work is carried out at DAB premises or on behalf of DAB elsewhere, such as the reason for the visit (including details of the work activity) and, if necessary, dietary requirements, lodging, travel itinerary, copy of the passport (if required), home address (if required), emergency contacts, photos and group photos, etc.

* Supplier survey data, such as survey responses, feedback provided to DAB or DAB employees, etc.

This data are collected for the following purposes and according to specific legal bases:

PURPOSE OF PROCESSING:

LEGAL BASIS:
  1. Activities related to the performance of the contract with the Supplier, including the pre-contractual phase.
  1. Implementation of contractual and pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. Activities related to establishing and/or exercising and/or defending rights.
  1. Legitimate interest (Article 6(1)(f) of the GDPR);
  1. Fulfilment of legislative obligations/orders of Authorities or other binding regulations.
  1. Legal basis is identified in the legal obligation (Article 6(1)(c) of the GDPR)

 

DATA COLLECTION AND PROCESSING METHODS

The processing is carried out electronically and in paper form, to the extent necessary to pursue the purposes set out above and in full compliance with the law, in accordance with principles of lawfulness and fairness and with every measure necessary to protect the confidentiality and security of the data.

The provision of data is mandatory in performance of legal and contractual obligations and, therefore, any refusal to provide them, in whole or in part, may result in the inability of the Company to perform the contract or to properly carry out all related obligations.

 

 

STORAGE TIME

The Data provided are stored for as long as necessary to fulfil the purposes for which they were collected, and in any event for as long as strictly necessary to fulfil any legal, accounting, or reporting requirements. Once the final storage periods have expired, the Data will be destroyed or anonymised, consistent with the technical procedures for erasure and backup. Personal financial, transactional, tax/customs and compliance-related data (such as billing details, payments received or made, results of penalty checks, etc.) will be stored for as long as required by applicable law or as long as necessary to ensure proper performance of contractual obligations. If a court or disciplinary action is initiated or contemplated, your personal data may be stored until the end of such action, including any appeal periods, and will then be deleted or archived. When personal data are deleted, the data (including behaviour information) may be stored in an anonymous form so that the data cannot be identified.

DATA RECIPIENTS AND TRANSFER

The personal data collected will be accessible to individuals within the organisation of the Controller on the basis of precise instructions and in performance of their specific duties. In addition, the personal data collected may be disclosed to third parties, for technical and operational needs closely related to the purposes set out above, and in particular may be disclosed to the following categories of persons:

* other DAB Group companies (https://www.dabpumps.com/it);

* entities, professionals, companies or other structures assigned by the Controller for the processing related to the fulfilment of administrative, accounting, insurance and management obligations associated with the ordinary course of business;

* public authorities and administrations for the purposes related to the fulfilment of legal obligations or to persons entitled to access them under laws, regulations or EU legislation;

* providers of installation, support and maintenance services for computer and telecommunications equipment and systems and all services functionally related to and necessary for the performance of services under the contract with the Supplier;

The Controller may be requested for an updated copy of the list of Data Processors. Personal data are processed at the Controller's premises, and in some cases, may be transferred to countries outside the EU/EEA in accordance with applicable legal requirements.

 

  1. CANDIDATES

This information notice is provided to you as a data subject ("Data Subject") to inform you of how we will process your personal data at our company as a result of your application for a job position. Processing is carried out in accordance with the criteria set out in the applicable regulations, and will be based on the principles of fairness, lawfulness and transparency and the protection of your privacy and rights.

Personal data collected could include, inter alia:

* Personal details, such as first and last name, signature, language preferences, audio/video recordings, and photos of the user

* Contact details, such as your address, country of residence/geographical area, phone number, e-mail address, etc.

* Job-related information, such as sector, role, employer, relations with other parties (e.g. distributors or installers), areas of interest, etc.

* Information related to education, professional skills and qualifications, employment and education background data

* Test results administered directly by the Controller.

* It may also be necessary to process certain categories of special data under Article 9(2)(b) of the GDPR (e.g. data revealing health status or belonging to protected categories, disability/inability etc.). The Company will limit the use of these data as much as possible.

This data are collected for the following purposes and according to specific legal bases:

PURPOSE OF PROCESSING:

LEGAL BASIS:
  1. Personnel recruitment and selection to evaluate the candidate and for the possible establishment of an employment, freelance, internship, or apprenticeship relationship.
  1. Implementation of pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. Filing of CV, communications related to the selection process or future selections also regarding positions other than the one for which the candidate sends their application, always in line with the candidate’s profile;
  1. Implementation of pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. Performance of legislative obligations or obligations pursuant to other binding regulations (such as regulations on taxation, social security and welfare, occupational health and safety, health protection, and public order and safety).
  1. Legal obligation (Article 6(1)(c) of the GDPR)

 

DATA COLLECTION AND PROCESSING METHODS

The candidate's personal data are collected directly when sending the CV or through third parties such as: recruitment and selection agencies, job databases and public websites (such as LinkedIn), i.e. specialised entities and/or companies that support the entry of recent graduates and students into the work environment.

The processing is carried out electronically and in paper form, in the manner to the extent necessary to pursue the purposes set out above and in full compliance with the law, in accordance with principles of lawfulness and fairness and in such a manner as to protect their confidentiality.

Personal data collected will not be processed by automated decision-making. However, the data (CV) may be stored in relation to the work area and the job position for which the candidate has applied; the personal and professional characteristics of the person concerned; and the specific needs of the company.

STORAGE TIME

Personal data collected in paper form will be stored for a maximum of 12 months; vice versa with reference to personal data stored on electronic/digital media, the storage period is one year, after which the data subject will receive a request by e-mail to update their profile and if the data subject does not access their profile within the next 15 days it will be automatically deleted and the data will be erased.

DATA RECIPIENTS AND TRANSFER

Personal data will be accessible: to persons within the Controller's organisation involved in the evaluation and recruitment process and specially authorised to conduct an evaluation of the candidate's profile for the specific position or a related one based on precise instructions, and to all persons to whom disclosure is required under specific legal obligations. Finally, the data may be disclosed to third parties selected and appointed pursuant to Article 28 of Regulation 2016/679 if necessary for the purposes stated above (e.g. recruitment and assessment companies, IT service providers). The Controller may be requested for an updated copy of the list of Data Processors.

The Personal Data collected will not be transferred outside the EU/EEA; however, should it be transferred from an EU member state to a third country and in particular to one of the countries where a DAB Group subsidiary is based, the transfer will take place in accordance with applicable legal requirements.

 

  1. RECEPTION

This information notice is provided to you as a data subject ("Data Subject") to inform you of how we will process your personal data at our company following your visit to one of our operating locations. Processing is carried out in accordance with the criteria set out in the applicable regulations, and will be based on the principles of fairness, lawfulness and transparency and the protection of your privacy and rights.

Personal data collected could include, inter alia:

* Personal details, such as first and last name, language preferences.

* Contact details, such as phone number, e-mail address, etc.

* Job-related information, such as role, employer, etc.

This data are collected for the following purposes and according to specific legal bases:

PURPOSE OF PROCESSING:

LEGAL BASIS:
  1. the provision of reception/welcoming service
  1. Implementation of pre-contractual measures at the request of the data subject (Article 6 (1)(b) of the GDPR)
  1. the management of its presence and stay on the premises of the Data Controller
  1. Legitimate interest (Article 6(1)(f) of the GDPR)
  1. Fulfilment of legislative obligations or other binding regulations (such as safety regulations).
  1. Legal obligation (Article 6(1)(c) of the GDPR)

 

DATA COLLECTION AND PROCESSING METHODS

Data are processed by paper, computer and electronic means, according to principles of correctness and lawfulness, and with storage in electronic files, taking specific security measures to prevent data loss, unlawful or incorrect use and unauthorised access in accordance with the GDPR.

STORAGE TIME

The Data provided are kept as long as necessary to fulfil the purposes for which they were collected, and in any event for a period not exceeding 90 days. 

DATA RECIPIENTS AND TRANSFER

The processing of personal data by the Controller will be carried out only by trained and authorised personnel who have received the relevant instructions. Personal data may be disclosed to external parties that have been formally appointed by DAB as Data Processors. Data may also be disclosed to additional external parties, acting as independent Data Controllers. The Personal Data collected will not be transferred outside the DAB Group's operational office where it was collected.

For more information read the Frequently Asked Questions

Visit FAQ Page