PRIVACY POLICY

Data controller

This privacy policy, pursuant to Article 13 of the General Data Protection Regulation (“GDPR”), applies to ErnieApp website www.ernieapp.com (also the “Site”). Data controller is ErnieApp Limited, a corporation validly organized and existing under the laws of Ireland, registration number 595950, having its principal place of business at Harcourt Street 88, Dublin 2, business identity code/Tax ID IE-3449986LH.

 

Purposes of the processing

Users’ data are processed to allow us to respond to their specific requests. In particular, collection and subsequent processing of data are done for the following purposes:

  • Requests of information;
  • Submission of resumes.

Processing for these purposes is necessary to provide you with information requested, and, therefore, the applicable legal basis is the necessity of the processing for the performance of a contract with you, as well as to take steps at your request prior to entering into a contract with you – Article 6.1.b) of the Regulation. While filling out the form for requesting to be contacted, you may choose to receive newsletters from ErnieApp; in such case you will be asked to give your consent – Article 6.1.a) of the Regulation. The consent is optional, but failing to provide it may not allow ErnieApp to send you its newsletters.

ErnieApp will not use the data provided for purposes other than those provided for the above mentioned service, that the user has requested, or within the specified limits from time to time described in the eventual additional specific information notice for a different and particular service requested by the user.

 

Subjects that process your data

For purposes related to the provision of services requested by the user, personal data will be made available to third parties, as for example the appointed data processors, pursuant to Article 28 of the GDPR, or to subjects to whom the communication of data is required to comply with laws or regulations.

Personal data will be made available to people expressly authorized by the data controller – and so appointed as persons in charge of the processing, pursuant to Article 29 of the GDPR, who carry out processing activities necessary for the purposes listed above; such appointed individuals belong to administrative personnel, communication, accounting, legal advice, technical maintenance of information systems, and marketing personnel, depending on the specific request made by the data subject over this Site.

Your data may be transferred abroad, to European Union countries or to other countries deemed as safe by the European Commission, or even to Countries outside the European Union which are not included in the list of safe Countries, with which we will stipulate in advance, the specific agreements for the protection of your privacy, containing standard contractual clauses given by the European Commission decision of 5 February 2010, or that has obtained the Privacy Shield certification for data transfers between EU and US.

 

How we process your data

All processing activities performed as part of the services available through this Site is made by electronic or telematic means, or by print/manual means.

The data will be processed within the purposes for which they were collected and in compliance with current security standards, for the purposes listed above or specified from time to time in any further information notice given to the user.

Personal data will be processed for the time strictly necessary to achieve the purposes for which they are collected.

 

Types of personal data processed and optionality for provision of personal data

The forms to be filled on this Site provides both for personal data that are strictly necessary to request which if not given it won’t be possible to proceed with the request, and for personal data that is optional and not strictly necessary to respond to requests.

The user is free to provide his personal data contained in the sent resume and filled into other sections of this site, and provides for his specific informed consent for processing activities that require it, such as in case of personal data that may be qualified as sensitive or judicial data. These include the personal information that allows the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life, the commission, known or suspected, of criminal offenses or the existence of ongoing proceedings.

When the user decides to use the services available on the Site to share content on social networks, he is aware that the content shared in such way may be processed according to the rules on the processing of personal data applied from the data controller which operates the social network.

 

Navigation data

During their normal operation, the computer systems and software procedures used by this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information which is not collected in order to be associated with particular persons, but which by its nature could, through processing and combination with data held by third parties, enable users to be identified. This category includes: IP addresses and domain names of computers utilized by users to connect to the website, addresses of requested resources in URI (Uniform Resource Identifier) notation, the time the request was made, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response given by the server (successful conclusion, error, etc.) and other parameters relating to the user’s operating system and informatics environment.

This data is used solely to obtain anonymous statistical information on the use of the website and to verify that it is functioning correctly (see also the paragraph on Cookies). The data could be used by the competent authorities to ascertain responsibility in hypothetical cases of computer-related crime resulting in damage to the site: other than this occurrence, personal data are not stored for more than seven days.

 

Cookies

Cookies and similar technologies are information that applications send and record on user’s devices when accessing them, then are resubmitted to the those applications at the next access. Thanks to these technologies, websites recall actions and preferences (such as login data, preferred language, font size, other display settings, etc.) so that they do not have to be re-selected at the next access. Some services provided to the Data Controller by third parties may result in third parties access to personal data and other information contained in your device, also for purposes other than the provision of services to the Data Controller.

When users access the Site, they consent to ErnieApp use of third-party cookies and the processing of information collected through them.

In higher detail, the cookies used by the Sites are:

  • Google Analytics;
  • HubSpot.

To request information on data processed by third parties listed in this Policy, and if you wish to object to such processing, we encourage you to consult third parties’ privacy policies and activate the opt-out mechanisms provided by such third parties.

Find below the links to the information notices about the use of your data by third parties:

 

Personal data provided voluntarily by the user

Personal data normally required for the use of services of this Site is constituted by personal records, contact details. The optional, specific and voluntary sending of e-mail to addresses listed on this Site or filling out electronic forms of contact involves the subsequent acquisition of sender’s address, necessary to respond to requests, and any other personal data included in the message. Specific brief information notices will be provided or displayed on web pages dedicated to specific on demand services. Generally, sensitive data is not processed as per Article 9 of the GDPR (in case of processing of sensitive data for certain services a specific information notice will be given together with the express request for consent by the data subject).

 

Data retention

Personal data processed for the purposes set out above may be kept by ErnieApp for the period deemed strictly necessary to fulfil such purposes – in any case, personal data contained within CVs sent via the Site will be kept as long as the position for which the CV was sent remains open. As for spontaneous applications, this Personal Data may be kept for up to 1 (one) year. ErnieApp may contact candidates before the mentioned periods end, in order to request an extension of this retention period.

 

Data subjects’ rights

Under Articles 15 and following of the Regulation, you, as a data subject, are entitled to request from ErnieApp, at any time, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to ErnieApp in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.

Requests should be made in writing to: privacy@ernieapp.com

In any case, please note that, as a data subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of Personal Data, if you believe that the processing of your Personal Data carried out through this Website violates applicable law.