As provided by current legislation in force (art. 13 General Data Protection Regulation, hereinafter “GDPR”), users accessing the website www.bkt-tires.com and interested in presenting a job application by compiling the form available on the website are provided with the information concerning their personal data processing.
WHO IS THE DATA CONTROLLER AND HOW CAN I GET IN TOUCH?
The Data Controller is Balkrishna Industries Limited, BKT HOUSE, C/15, Trade World, Kamala Mills Compound, Senapati Bapat Marg, Lower Parel, Mumbai – 400013, India. The company can be contacted at the following email address firstname.lastname@example.org.
WHICH DATA ARE PROCESSED?
The processed data are identification and résumé-related data provided by the person concerned by means of the form available on the website and by means of the file upload system used to make the file available. Data collection refers only to common data. For that reason, the candidate shall not provide specific personal data – such as data suitable for detecting racial and ethnic origin, religious, philosophical, and other beliefs, political opinions, belonging to Parties, Unions, associations or organizations of religious, philosophical, political and labor kind, as well as personal data suitable for detecting the state of health and sexual preferences, which will be at any rate immediately cancelled, if provided.
WHICH ARE THE LEGAL BASES AND THE PURPOSE OF DATA PROCESSING?
The data provided by the person concerned are processed for the purpose of assessing the job application only. More specifically, data are used for:
examining the candidate’s job application;
proceeding with the check of requirements for an employment and/or the start of a collaboration.
The legal basis for the collected data processing is the execution of pre-contractual, or introductory measures for stipulating an employment relationship or a collaboration.
Should it be necessary, the data might also be used for the Data Controller’s lawful reasons to proceed with defensive actions or to enforce or defend a right through legal action.
HOW ARE THE DATA HANDLED?
The collected data are processed by means of IT tools. Adequate security measures are taken in order to prevent data loss, unlawful or incorrect usage, and unauthorized access.
For web-services-related data processing, servers located within European territory are used.
The data will be stored by the Data Controller for the time necessary to comply with the requirements set for the candidate’s selection and assessment, but at any rate not longer than one year after their collection, except for the possible stipulation of an employment relationship and/or collaboration. This is intended without prejudice to possible defensive needs for which the data might be stored for a longer period of time than that indicated.
WHAT HAPPENS IF DATA ARE NOT PROVIDED?
Providing data is optional and up to the candidate’s choice, who decides to send his/her résumé and job application. Not conferring such data makes it impossible to check whether there are the requisites for an employment and/or the start of a collaboration resulting in the possible stipulation of a relationship with the Data Controller.
WHO CAN OBTAIN KNOWLEDGE OF THE DATA?
Data are processed by the Data Controller’s authorized staff members.
Besides, data are also processed by the group company, BKT Europe Srl, for activities performed in relation to the website management as Data Processor on behalf of the Data Controller.
In the case of vacancies at one of the group companies, the data sent through the application form can be known by the group companies indicated in the proposal.
The data might also be known by the competent Authorities in case of specific requests that the Data Controller is obliged to respond to by the law, by counsels or companies providing IT supplies and assistance for activities performed on behalf of the Data Controller, and by counsels for dealing with disputes and legal assistance in case of possible controversies, which might make necessary their involvement.
It is understood that some of the indicated subjects operate as Data Processors and that the communication to those operating as autonomous Data Controllers is made due to legal obligations or the necessity to proceed with obligations deriving from the contractual relationship or the Data Controller’s lawful interest consisting in preserving the security of IT systems by means of maintenance operations on the part of competent staff and in performing defensive actions by means of legal counsels.
The data subject might ask the Data Controller the list of external subjects carrying out their activity as Data Processors.
Communication is hence limited to such data classes only, the transmission of which is necessary for carrying out activities and achieving purposes.
WHICH ARE THE DATA SUBJECT’S RIGHTS?
According to law, the data subject is entitled to ask the Data Controller to access his/her personal data, to rectify or cancel these, or to limit processing of his/her data, or to oppose against their processing. In addition, he/she has the right of data transferability.
The data subject can exercise his/her rights at any moment without any formalities addressing to the Data Controller by sending an email to email@example.com
Hereinafter the rights conferred by the current legislation in force on personal data protection are stated in detail.
- Access right, i.e. the right to obtain from the Data Controller a confirmation whether any of his/her personal data are currently processed, and in the affirmative case, to gain access to the personal data and the following information: a) purpose of processing; b) the personal data classes concerned; c) recipients or recipient classes to which personal data have been or will be communicated, in particular if directed to third country recipients or international organizations; d) if possible, the expected period of personal data storage, or if impossible, the criteria used to establish such a period; e) the existence of the data subject’s right to ask the Data Controller to rectify or cancel personal data, or to limit the processing of his/her personal data, or to oppose against their processing; f) the right to lodge complaint with a supervisory Authority; g) in the case that the data have not been collected from the data subject, all information available on their origins; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logics used, as well as the importance and consequences for the data subject deriving from such processing. Should any personal data be transferred to a third country or an international organization, the data subject is entitled to be informed whether there are adequate existing guarantees concerning the transfer.
- Rectification right, i.e. the right to obtain from the Data Controller the rectification of incorrect personal data without any unjustified delay. Taking into account the purpose of the processing, the data subject is entitled to obtain the integration of incomplete data, even by means of an additional note.
- Cancellation right, i.e. the right to obtain from the Data Controller the cancellation of his/her personal data without any unjustified delay, if: a) the personal data are no longer necessary to the purpose for which they had been collected or processed; b) the data subject revokes his/her consent for data processing, and if there is no other legal ground for data processing; c) the data subject opposes against performed processing, since it is necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with, or for pursuing a lawful interest and there is no prevailing interest for proceeding with processing, or opposes against data processing for the purpose of direct marketing; d) the personal data have been processed unlawfully; e) the personal data are to be cancelled in order to comply with a legal obligation provided by EU or the Member State’s legislation the Data Controller belongs to; f) the personal data have been collected in relation to the company’s services on information of under-age persons. However, the request for cancellation cannot be accepted if data processing is necessary for: a) exercising the right of freedom of expression and information; b) for complying with a legal obligation that requires data processing as provided by EU or the Member State’s legislation the Data Controller belongs to, or for executing a task performed in the public interest or exercising public powers the Data Controller has been endowed with; c) for reasons of public interest in the public health sector; d) for the purpose of filing based on public interest, scientific or historical research or for statistical purposes, to the extent the cancellation would be a risk of making impossible or compromising seriously the pursue of the objectives of such processing; or e) for ascertaining, exercising or defending a right in legal proceedings.
- Limitation right, i.e. the right to obtain that data are processed, except for storage, with the data subject’s consent only, or for ascertaining, exercising or defending a right in legal proceedings, or for the purpose of safeguarding another natural or legal person’s rights, or reasons of public interest relevant for the EU or a Member State, if: a) the data subject claims that the personal data are incorrect, for the period necessary to the Data Controller in order to verify the correctness of such personal data; b) data processing is unlawful and the data subject opposes against the cancellation of personal data requesting instead the limitation of usage; c) even though the Data Controller does no longer need the data for processing, the personal data are necessary to the data subject for ascertaining, exercising or defending a right in legal proceedings; d) the data subject has opposed against performed data processing, since it is necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with or for pursuing a lawful interest by the Data Controller or third parties, waiting for the verification concerning possible prevalence of lawful reasons by the Data Controller compared to those of the data subject.
- Transferability right, i.e. the right to receive in a common structured format, readable by an automated device, his/her entire personal data to be delivered by the Data Controller, and the right to transmit such data to a different Data Controller without any impediment by one Data Controller towards the other, if technically possible, if processing is based on consent or a contract and processing is performed by means of automated devices. The right is applicable without prejudice to the cancellation right.
- Opposition right, i.e. the data subject’s right to oppose at any time, for personal reasons, against the processing of his/her personal data, which has been carried out, since it had been necessary for executing a task of public interest or is linked to the exercise of public powers the Data Controller is endowed with or for pursuing a lawful interest by the Data Controller or third parties. Should personal data have been processed for the purpose of direct marketing, the data subject is entitled to oppose at any time against his/her personal data processing, which has been performed for such purpose, including profiling to the extent it is linked to such direct marketing. The data subject is hereby informed that in the case he/she should consider that the processing of his/her personal data is performed violating the provisions of GDPR, he/she has the right to lodge a complaint with a supervisory Authority as provided by art. 77 of the Regulation or to take appropriate legal action (art. 79 of the Regulation).