Privacy Notice for “LinkedIn”
Data Processing

PURSUANT TO ARTICLES 13 AND/OR 14 OF REGULATION (EU) 2016/679 (“GDPR”) 

Data Controller and Data Protection Officer 

The Data Controller is Blossom S.r.l., located at Via Milano 8, 20831 Seregno (MB), email: privacy@blossom.it (hereinafter referred to as the “Company” or the “Controller”). 

The Controller has appointed a Data Protection Officer (DPO), who can be reached at dpo@blossom.it. 

Categories of Personal Data Processed 

The Company will process common data, such as your name, surname, email address, and phone contacts, as well as any other data available through information shared via the professional social network “LinkedIn”, in your CV, portfolio, cover letters, accompanying text messages, etc. These data will hereinafter be referred to as “Data”. 

Source of Data 

The Data are collected from the data subject (directly provided by you) and/or from third parties, such as recruiting companies, employment agencies, and professional social networks. 

Purpose, Legal Basis, and Retention Period of Data Processing 

For the purpose of candidate search and selection activities. 

Execution of pre-contractual measures adopted at the request of the data subject, pursuant to Art. 6.1(b) of the GDPR. 

For the processing of special categories of data. 

To fulfill obligations and exercise specific rights of the data controller or the data subject in the field of labor law, social security, and social protection, as authorized by Union or Member State law or a collective agreement, ensuring appropriate safeguards for the fundamental rights and interests of the data subject (Art. 9.2(b) of the GDPR). 

For the duration of the selection activity for each specific selection and the following 24 months. 

To verify the accuracy of the Data using public information (including professional social network profiles). 

Processing is limited to information related to professional aptitude and profile in the least intrusive manner possible, ensuring a proper balance between the legitimate interest of the employer in verifying the data and the fundamental rights and freedoms of the data subject. Legitimate interest (Art. 6.1(f) of the GDPR). 

For the duration of the selection activity for each specific selection. 

If necessary, to demonstrate the Company’s compliance and to establish, exercise, or defend the Company’s rights in judicial proceedings. 

Common Data will be processed based on the legitimate interest of the Controller (Art. 6.1(f) of the GDPR). Special Categories of Data will be processed to establish, exercise, or defend a right in judicial proceedings (Art. 9.2(f) of the GDPR). 

For compliance purposes for a maximum of 2 years. For the entire duration of the litigation, until the exhaustion of appeal periods. 

After the retention periods indicated above, the Data will be destroyed or anonymized, in accordance with technical deletion and backup procedures. 

Data Provision 

Provision of Data for purposes 1 to 3 above is necessary for the search and selection activities; therefore, refusal to provide such Data prevents us from carrying out these activities and considering your application. 

Provision of Data for purpose 4 above is optional for receiving communications from the Controller. 

Automated Data Processing 

The Controller informs you that no automated processes or algorithms (typically mathematical calculation factors and statistical processes) are used in the selection process. 

Data Recipients 

The Data may be communicated to subjects acting as independent controllers, such as public authorities or professional firms, or processed on behalf of the Company by entities providing services aimed at achieving the above purposes (e.g., IT or personnel selection services), designated as data processors pursuant to Art. 28 of the GDPR. 

Additionally, the Data is processed by the Company’s employees belonging to the corporate functions responsible for achieving the above purposes, who have been expressly authorized to process and have received adequate operational instructions. 

Data Transfer Outside the European Union 

The Data will not be transferred to entities located in third countries, i.e., outside the European Union and the European Economic Area. 

Rights of Data Subjects 

By contacting the Controller via email at privacy@blossom.it, data subjects can exercise the rights recognized by Articles 15-22 of the GDPR, and in particular, may request from the Controller access to their data, rectification, integration, or deletion, as well as restriction of processing in the cases provided for by Art. 18 of the GDPR. 

Data subjects also have the right, where processing is based on consent or contract and carried out by automated means, to receive their data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance, if technically feasible. 

Data subjects have the right to withdraw consent at any time. 

The data subject has the right to object at any time, easily and free of charge, for reasons related to their particular situation, to the processing of Data in cases of the legitimate interest of the Controller. 

Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State where they usually reside or work or in the State where the alleged violation occurred. 

loader_black loader_white