Impressum
Joblaborum
HR Consultancy
Owner: Esther Moreschini
Place of business:
Via Giuseppe Revere 10b
00152 Roma
Italy
Tax code: /Codice fiscale:
MRSSHR70A52Z112C
UST-ID / P.IVA:
17408301004
www.joblaborum.com
info@joblaborum.com
Phone: 0039 334 322 6719
Website:
DIASERTE Informática
Owner: Javier Gutiérrez Mesa
78560973B
C/ Antonio del Castillo, 11
38280 Tegueste – SC de Tenerife
Canary Islands – Spain
www.diaserte.com
Phone: 0034 649139442
Privacy policy according to the DSGVO
Thank you for your interest in our website. The protection of the personal data of the users of our website www.joblaborum.com is very important to us. We would therefore like to take this opportunity to inform you about data protection in our company.
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is
Joblaborum
Via Giuseppe Revere 10b, 00152 Roma, Italia
Phone: 00393343226719
E-mail: info@joblaborum.com
Website: www.joblaborum.com
II. Name and address of the data protection officer
The data protection officer of the controller is
Esther Moreschini
Via Giuseppe Revere 10b, 00152 Roma, Italia
E-mail: emoreschini@joblaborum.com
Website: www.joblaborum.com
III General information on data processing
1. scope of the processing of personal data
We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3 Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version used
The user’s operating system
The user’s internet service provider
The IP address of the user
Date and time of access
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4. duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
5 Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
V. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
The following data is stored and transmitted in the cookies
Language settings
Log-in information
We also use cookies on our website that enable us to analyse the surfing behaviour of users.
The following data can be transmitted in this way
Search terms entered
Frequency of page views
Utilisation of website functions
Previously, it was possible to pseudonymise the processed personal data for technically unnecessary cookies and to inform the user about the use of cookies and their right of objection and removal (‘opt-out solution’) in accordance with Section 15 (3) TMG. However, it is disputed in the legal literature whether this standard will continue to apply after the GDPR comes into force. In case of doubt, it must therefore be assumed that the provisions of the GDPR alone now apply. In this case, only Art. 6 para. 1 GDPR should be taken into account. Even according to this standard, a continuation of the previous practice is conceivable if a ‘legitimate interest’ of the processor according to Art. 6 para. 1 lit. f GDPR is taken as a basis. In other words, if the user’s consent is not obtained before the technically unnecessary cookies are set and retrieved:
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data.
When accessing our website, users are informed about the use of cookies for analysis purposes by an information banner and referred to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.
Whether the current practice of the ‘opt-out solution’ fulfils the requirements of Art. 6 para. 1 lit. f GDPR cannot be said with certainty at present. The planned ePrivacy Regulation could provide clarity in this regard. Until then, however, the most legally secure solution is to obtain the user’s prior consent (‘opt-in solution’). In other words, if the user’s consent is obtained before the technically unnecessary cookies are set and retrieved:
When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.
b) Legal basis for data processing
If only technically necessary cookies are used or technically necessary cookies and technically unnecessary cookies are used without first obtaining the user’s consent:
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
If technically necessary and non-necessary cookies are used with the prior consent of the user:
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.
c) Purpose of the data processing
If technically necessary cookies are used:
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.
We require cookies for the following applications:
The following is a list of applications. Examples may include
Shopping basket
Adoption of language settings
Remembering search terms
The user data collected by technically necessary cookies is not used to create user profiles.
If technically unnecessary cookies are also used:
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
The exact purpose of the analytics cookies should be described in more detail here.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.
e) Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
If Flash cookies are also used:
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.
VI Newsletter
1. description and scope of data processing
The newsletter is sent on the basis of the user’s registration on the website:
It is possible to subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us:
The user’s email address.
The following data is also collected during registration:
The other data actually collected must be provided. This can be, for example
IP address of the accessing computer
Date and time of registration
Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.
No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
2 Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
3 Purpose of the data processing
The purpose of collecting the user’s email address is to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
4 Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is generally deleted after a period of seven days.
5. right of objection and cancellation
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, the user must send us an email with a corresponding request: info@joblaborum.
VII Contact form and email contact
1. description and scope of data processing
There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
Name
email address
Message text
The following data is also stored when the message is sent:
The IP address of the user
Date and time of registration
Your consent to the processing of the data is obtained during the sending process and reference is made to this privacy policy.
Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
3 Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
4 Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5 Possibility of objection and cancellation
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
For this purpose, the user informs us by email with a corresponding request:
info@joblaborum.com
All personal data stored in the course of making contact will be deleted in this case.
VIII Sending CV, curriculum vitae
On our website, you can send us your CV to apply for jobs and for personnel selection procedures.
Description and scope of data processing
We process personal data that we have received as part of your application. This includes personal master data (title, first name, surname, date of birth, address), communication data (e-mail address and telephone number), as well as application data (cover letter, CV, attachments, certificates, photo and any other information you have provided.
This data is transmitted to us in encrypted form over the Internet using Secure Socket Layer (SSL) encryption.
What do we process your data for (purpose of processing) and on what legal basis?
Legal basis for data processing
In accordance with Art. 88 of the EU General Data Protection Regulation (GDPR), we may process your personal data for the initiation of employment relationships. Furthermore, you consent to the processing of your data in accordance with Art. 6(1)(a) GDPR.
Purpose of the data processing
Who receives your data?
Your application data will be forwarded to our co-operation partners who have commissioned us with the recruitment of specialist staff for their facilities. These are usually organisations in the healthcare and childcare sectors.Furthermore, processors are used in accordance with Art. 28 GDPR who are responsible for the operation and maintenance of our network, the devices and applications used.
Duration of storageYour data will be stored for 18 months.
Is data transferred to a third country or an international organisation?
Data is not transferred to third countries (countries outside the European Economic Area EEA).
Objection and removal options
Users can withdraw their consent to the processing and forwarding of their application documents at any time.For this purpose, the user informs us with a corresponding request by email: info@joblaborum.comIn this case, all personal data stored in the course of the application will be deleted in our company. If application data and documents have been forwarded to co-operation partners, i.e. employers, for job placement and on behalf of the user, the user will be informed of this in order to also request the deletion of their data there, for which the respective companies are responsibleIX Web analysis by Matomo (formerly PIWIK)1. scope of the processing of personal dataWe use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer (for cookies, see above).If individual pages of our website are accessed, the following data is stored
Two bytes of the IP address of the user’s accessing system
The website accessed
The website from which the user accessed the website (referrer)The subpages that are accessed from the accessed website
The time spent on the website
The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The user’s personal data is only stored there.The data is not passed on to third parties.Note: As the user has not given their consent, the ‘Automatically Anonymise Visitor IPs’ function must be activated. This assumes that the IP address is truncated to 2 bytes. More information can be found here: https://matomo.org/docs/privacy/ .
The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx).In this way, it is no longer possible to assign the shortened IP address to the calling computer.
2 Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. f GDPR.
3 Purpose of the data processing
The processing of users’ personal data enables us to analyse the surfing behaviour of our users.By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
4. duration of storage
The data will be deleted as soon as it is no longer required for our recording purposes.The exact time of deletion must be specified here. This can be set in the software (see: https://matomo.org/docs/privacy/).
In our case, this applies after xx.
Right to object and opt-out possibility
Cookies are stored on the user’s computer and transmitted to our site from there. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to fully use all functions of the website.
If the opt-out option is offered on the website:
We offer our users the possibility to opt-out of the analysis procedure on our website. To do this, you must follow the corresponding link. This will set another cookie on your system, which signals to our system not to save the user’s data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.
For more information about the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.
X. Rights of the data subject
If your personal data is processed, you are considered a data subject under the GDPR, and you have the following rights against the controller:
Right to information
You can request confirmation from the controller whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you, or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, according to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and the intended consequences of such processing for the data subject.
You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with the transfer.
Right to rectification
You have the right to rectification and/or completion against the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must make the rectification without undue delay.
Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the deletion of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims, or
(4) if you have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.
Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been obtained under the above conditions, you will be informed by the controller before the restriction is lifted.
Right to deletion
a) Deletion obligation
You can request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete this data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The deletion of the personal data concerning you is required to fulfill a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17(1) GDPR, the controller, taking into account the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the deletion of any links to, or copies or replications of, this personal data.
c) Exceptions
The right to deletion does not exist to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health according to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR to the extent that the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise, or defense of legal claims.
Right to be informed
If you have exercised your right to rectification, deletion, or restriction of processing against the controller, the controller is obliged to communicate this rectification or deletion of data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another where technically feasible. The freedoms and rights of others shall not be adversely affected by this.
The right to data portability does not apply to processing personal data necessary for performing a task carried out in the public interest or exercising official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility, in connection with using information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object using automated means with technical specifications.
Right to withdraw the data protection consent declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into or performing a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests, or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies, and suitable measures to safeguard your rights, freedoms, and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.