Privacy Policy

YARD | Credit & Asset Management

Information sheet pursuant to article 13 of Legislative Decree No. 196 dated 2003


Disclosure pursuant to and for the effects of the Privacy Code and EU Regulation 2016/679 (GDPR) for the protection of personal data of applicants within the processing of research and selection of personnel

1. Data controller

The data controller is Yard Credit & Asset Management srl (“YARD Credit & Asset Management”), Corso Vittorio Emanuele II, 22 – 20122 Milan. The person to whom the data subject can apply for the exercise of rights is YARD Credit & Asset Management by writing to the e-mail address privacy.yardcam@yard.it.

2. Purpose and lawfulness of data processing

The collection and processing of personal data within the curriculum vitae and other personal data provided by the applicant (“the applicant”) have the following purposes:

  1. the research, selection and evaluation of personnel, in the interest of the applicant and of YARD Credit & Asset Management for its direct recruiting needs
  2. inclusion of the applicant’s curriculum vitae in the archive of the curricula collected by the company

The legal basis of the processing is typically the consent of the applicant through the submission of his / her CV to YARD Credit & Asset Management.

 3. Categories of personal data processed

The information processed should include, but not limited to, the following data within the limits of the purposes and methods described in this document:

  • name, date and place of birth, personal contact data and qualification (education, training courses and internships), documents proving the identity and right to work and any other data reported on the CV;
  • trace of correspondence in case of contact by the applicant;
  • feedback on the application

When sending the curriculum, pursuant to art. 9 of the 2016/679 GDPR, the applicant could give the data controller

Data that are qualifying as “special categories of personal data” (ie those data revealing “racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sex life or sexual orientation “).

This category of data, such as for example being part of the “protected job programmes”, can be treated by the data controller as relevant for the purpose of assessing the position to be filled and the professional attitude and within the following limits of data processing:

  • whether the processing is strictly relevant to the obligations, duties or purposes related to the possible establishment of the working relationship with the applicant and the fulfilment of regulatory and contractual obligations that cannot be carried out anonymously for the purposes, including but not limited to: management of situations such as disability, exposure to risk factors, assessment of psychophysical fitness to specific tasks, belonging to certain protected job programmes, etc ..;
  • the processing does not have to be in conflict with other reference regulations, such as Law no. 300/1970 (the Workers’ Statute), with the rules on equal opportunities or aimed at preventing discrimination

In any case, the processing of “special categories of personal data” will be performed only with the prior consent of the data subject, expressed in written form.

4.      Submission of data

The submission of personal data is not mandatory, but it is necessary to be able to assess the characteristics of the applicant and any refusal to provide such data would make it impossible to manage the relationship with applicant and proceed with the research, selection and assessment of staff and what could be achieved, even in the direct interest of the applicant.

5.      Data processing and storage

The processing will be carried out in manual form, with methods and tools in compliance with the security measures set forth in art. 32 of the GDPR 2016/679, by persons specifically appointed, in compliance with the provisions of art. 29 GDPR 2016/679. We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, the storage period of personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, in compliance with the time limits prescribed by law and in any case for a period not exceeding 24 months. YARD Credit & Asset Management reserves the right to keep the curriculum for the maximum period indicated, unless otherwise indicated by the data subject, so as to be able to contact the applicant in time for possible opening of further work positions, without prejudice to the right of the data subject to request at any time the erasure of data from our archives, or the right to exercise the Rights of the data subject referred to in paragraph 7.

6.    Scope of communication and disclosure

For the pursuit of the purposes indicated in paragraph 2 above and as strictly related to the processing in question, the personal data of the data subject may be communicated to other companies of YARD Group.

In any case, this is without prejudice to all rights outlined in the paragraph 7 referred to the data subject.

3.      Rights of the data subject

At any time, the applicant may exercise, pursuant to articles 15 to 22 of the GDPR 2016/679, the right to:

  1. request confirmation of the existence of personal data (Article 15 GDPR – Right of access of the data subject)
  2. obtain information about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period (Article 15 GDPR – Right of access of the data subject.
  3. obtain the correction and erasure of data (Article 16 GDPR – Right of rectification).
  4. obtain the right to restriction of processing (art. 18 GDPR – right to restriction of processing)
  5. obtain the right to data portability. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (art 20 GDPR Right to data portability).
  6. object to data processing at any time even in case of data processed for direct marketing purposes;
  7. object to an automated individual decision-making referring to natural persons, including profiling (art 22 GDPR Automated individual decision-making, including profiling)

without prejudice to the mandatory obligations provided for by the legislation in force at the time of the request for revocation, by contacting the data controller at the addresses indicated in paragraph 1 – Data controller.

YARD Credit & Asset management points out that where the data subject requests are not met, he/she can file a complaint to the Italian Data Protection Authority http://www.garanteprivacy.it in compliance with the in-force regulation.

Visit YARD GROUP
Visit YARD RE