Privacy Notice for Agile Lab Personnel
Personal data means any information relating to an identified or identifiable natural person (through name, address, telephone number, bank account number, etc.).
What personal data does AGILE process? AGILE may process the following categories of personal data that relate to herself and, depending on the circumstances, to dependents and/or any person to whom you provide benefits (e.g. family):
- Personal contact information such as name, title, addresses, telephone numbers, and personal e-mail addresses.
- Date of birth.
- Marital status and dependents and/or parties to whom you provide benefits.
- Contacts of close relation and emergency contacts.
- Social security number.
- Bank account details, payroll, social security number and tax status information.
- Remuneration information, including entitlements to benefits such as social security and insurance coverage.
- Start date and, if different, date of your continued employment.
- Date of termination of employment and reason of termination.
- Personnel records and employment contracts including, but not limited to, details of qualifications, skills, work experience, job titles, work schedules, training records and enrolment in professional registers, and, finally, vacation days.
- Copy of the driving license.
- Copy of passport.
- Copy of the birth certificate.
- Hiring information, including copies of employment law documents, references, and other information contained in the CV or cover letter or that is part of the selection process.
- Information needed to monitor equal opportunity policies.
- Correspondence with you or about you, including through AGILE's e-mail systems.
- Details of any disciplinary or conciliation proceedings in which you are involved, including any warnings issued to you and any related correspondence.
- Analysis of your performance, such as evaluations, performance reviews and judgments, training attended, performance improvement plans, and related correspondence.
- Other information obtained through electronic means such as magnetic badge registers, anti-fraud systems, logs of IT activities and similar. In this regard, it should also be noted that, pursuant to art. 4 of the Italian Labour Code, the Company uses the Miscrosoft 365 and Intune systems to carry out its corporate activities. For further information, reference should be made to the Company's Handbook.
- Photographs, audio and video material (excluding video surveillance) for business purposes.
- Other personal data customarily provided for the purpose of becoming or working as an Employee.
AGILE may also process the following "special categories" of personal data ("Sensitive Personal Data"):
- Information relating to race or ethnicity, religious or philosophical beliefs, sexual orientation or sex life, and political opinions.
- Information on union membership.
- Information about your health, such as all medical conditions, medical records and sick leave, including:
- Information regarding leave periods and reasons, such as vacation, sick leave, family leave, and sabbatical leave.
- Genetic and Biometric Data.
- Information about your medical or health condition, including whether or not you have a disability for which the organization must make necessary adjustments.
- Information relating to criminal convictions and offences or related security measures;
- Information criminal proceedings in which you are involved;
- Other Sensitive Personal Data routinely provided in order to become an Employee.
In addition, reference will inevitably be made to you in numerous AGILE documents and records that are produced by you and your colleagues in the course of performing your duties and during AGILE activities.
AGILE is also entitled to examine the use of computers and hardware equipment used in the performance of work activities.
How does AGILE collect and store this personal data? AGILE may collect such personal data:
- Through the selection and recruitment process, either directly by applicants or sometimes by an employment agency or other third party, such as references provided by former employers and information from court records, if and to the extent permitted by law.
- Directly by you as an Employee of AGILE in connection with your employment, such as from forms completed by you at the beginning or during the course of employment, from correspondence with you, or through interviews, meetings, trainings, or other evaluations.
- In some case by third parties, in connection with your employment relationship, such as fiduciaries administrators or managers of pension schemes operated by a group company.
Your personal data may be stored in various ways, by electronic means and/or in hard copies, such as in your personal files, in AGILE's various human resources information management systems, in AGILE's other systems and applications (including AGILE's email system) or in hard copy filing systems, as well as by specific third parties.
Why and for what purpose does AGILE process your personal data?
As your employer, AGILE must process your personal data for the usual business purposes. AGILE will process such personal data for the performance of its activities and the management of its relationship with you in an effective, lawful and appropriate manner. This involves enabling AGILE to comply with the legal grounds outlined below. If you do not provide AGILE with the above information, it is possible that in certain circumstances AGILE may not be able to comply with its obligations and will inform you of the implications of such a decision.
Legal basis AGILE will process your personal data, in particular Sensitive Personal Data, only if and to the extent permitted by law. AGILE is permitted to process your Personal Data under at least one of the following legal bases, as applicable:
- to enter into a contract with you as an Employee;
- for the processing and payment of your remuneration;
- for the execution of the fulfilments provided by the regulations in force regarding Safety in the workplace;
- for the fulfilment of legal and contractual obligations, including collective ones, connected with the employment relationship;
- for the fulfilment of orders and instructions of the Mother Company;
- to execute any judicial orders;
- for the organization and execution of training courses;
- for operational, management and accounting requirements;
- for the protection of corporate assets;
- for the protection of the legitimate interests of AGILE or third parties, as illustrated below;
- to protect the vital interests of any person.
AGILE has a legitimate interest in processing personal data, such as, for example:
- ensuring the security of its sites, networks and information;
- preventing frauds;
- reporting actual or potential crimes;
Unless otherwise specified, the legal basis for the data processing is Articles 6 paragraph 1 letters b), c) and f), and 9 paragraph 2 letters b) and h) of the EU Regulation 2016/679. Therefore, in such cases, the processing of your data will be irrespective of your consent. The provision of the personal data indicated is a necessary requirement for the conclusion and/or execution of the employment contract and any failure to provide the requested data will make it impossible for AGILE to conclude and/or execute the contract.
The data concerning health conditions, which the competent doctor processes in performance of the obligations provided by Italian Legislative Decree 81/08 and other provisions regarding health and safety on the workplace, as well as for the performance of preventive and periodic medical checks, will be handled in AGILE exclusively by the same doctor. Only judgments of unsuitability and/or suitability with prescriptions or limitations will be communicated to AGILE by the doctor
Consent If AGILE processes your personal data on the basis or consent voluntarily expressed (by way of example your data may be processed for purposes otherwise related to the management of the employment relationship, such as membership in recreational clubs, forwarding of publications and invitations, humanitarian initiatives), you will be entitled to revoke such consent at any time, in compliance with the Personal Data Protection Regulations. Such revocation will not affect the lawfulness of the processing based on the consent previously given.
Does AGILE process personal data by automated means? AGILE shall not use your personal data for decisions based only processing of personal data by on automated means, if such decisions legally affect you or have any substantial consequence, unless you give your express consent to such processing.
Who has access to personal data? Can AGILE share and transfer them?
6.1.1 AGILE will not share your personal data or otherwise provide access to it to any third parties unless one of the following circumstances shall occur: AGILE may share personal data with its Affiliates and other subsidiaries, in accordance with the Data Protection Regulation and other applicable laws and regulations. AGILE may share personal data, subject to compliance with policies, codes and procedures, with third parties other than those listed in (a) in accordance with the Personal Data Protection Regulation and other applicable laws and regulations. AGILE may share personal data with your consent, at your direction, through a relevant contractual agreement, in order to serve its legitimate interests or as otherwise permitted under the Personal Data Protection Regulation and other applicable laws and regulations. AGILE may share personal data (and will endeavour to give you with a prior written notice, to the extent legally permitted) in response to a request for information, if, as determined by AGILE to be reasonable, the disclosure is to fulfil with, or is required by, any applicable law, regulation, legal process or governmental request. 6.1.2 Sharing of or access to such personal data will be possible if it serves the purpose for which the personal data are processed and the relevant third parties are obliged to apply data privacy standards that are no less binding than those contained herein, including adherence to the Data Protection Regulation. 6.1.3 AGILE will not disclose your other than as provided herein, unless it has your permission, is required or authorised to do so by law or as otherwise permitted by the Data Protection Regulation. 6.1.4 In consideration of the above, AGILE may transfer your personal data to the following recipients that include, by way of example and without limitation: Third party service providers, consultants and agents. Professional consultants (e.g. lawyers and accountants). Third parties related to a potential or actual corporate or commercial transaction. Affiliates or other subsidiaries. Government or administrative authorities. Financial institutions. Insurance companies. 6.1.5 Without prejudice to the above, AGILE may share aggregate or anonymised information, that cannot reasonably be used to identify you.
Transfer to other countries/international transfer
Personal data may be transferred to recipients, who therefore are entitled to process them, within as well as outside the EU.
AGILE may subcontract the processing to, or share your personal data with third parties established in countries other than your country of residence. Therefore, AGILE may transfer your personal data to an entity, including third parties and AGILE's affiliated companies, established outside the EU, and in particular, may transfer to the United States personal data collected in order to serve its own legitimate interests or for any other legal basis defined herein
Should it be necessary to transfer your personal data to an entity based outside the EU, AGILE will ensure that, in relation to privacy, appropriate regulations, certifications, contractual safeguards or measures are in place to ensure that your personal data is protected and transferred in accordance with applicable Data Protection Legislation.
What are the “rights of the data subject” that concern you?
7.1 If you live or work in the EU, you are entitled, according to the GDPR to the following rights of the data subject:
Access to, copy of your personal data.
Rectification of any errors or omissions in your personal data.
Withdrawal of consent to personal data being processed, where such processing is based on consent and not on some other legal basis.
Objecting to the processing of personal data on grounds related to your personal situation and/or requesting the restriction of such processing
Deletion of your personal data, provided that AGILE has no need to retain them for legal reasons or that such retention is not authorised on another valid legal basis. Requesting that your personal data is sent to you or another organisation on your behalf. Complaints to the competent supervisory authority in your country concerning data protection. 7.2 If you wish to submit a request relating to your Data Subject Right, please contact us as set out in paragraph 10.
How AGILE protects your personal data? 8.1 AGILE undertakes to ensure that your personal data are protected. In order to prevent accidental or unlawful access or disclosure, unauthorised transmission, destruction, loss and/or modification, AGILE has put in place technical and organisational security measures to safeguard and protect the personal data processed. Should a personal data breach occur despite AGILE's best efforts, AGILE will endeavour to limit the damage. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, and depending on the circumstances, AGILE will inform you about the corrective measures to be taken to avoid further damage. As required by the GDPR, AGILE will also inform the competent supervisory authorities.
How long AGILE stores your personal data?
9.1. AGILE shall store personal data exclusively: To the extent that they are necessary for the purpose for which they are processed. In compliance with AGILE's criteria for the relevant retention period.
To the extent necessary to comply with their legal and contractual obligations.
AGILE may retain personal data for a longer period if there is an adequate legal basis and in any case no longer than 10 years after the termination of the employment relationship.