UniCredit Logo
Back to top

 

INFORMATION NOTICE ON THE PROCESSING ON THE PROCESSING AND PROTECTION OF CANDIDATES' PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF THE GENERAL DATA PROTECTION REGULATION

 

The following information notice is intended to provide an overview of the use of your personal data by UniCredit S.p.A. Branch Hungary (hereinafter "UniCredit") and your rights under the General Data Protection Regulation - Regulation (EU) 2016/679 (hereinafter also GDPR) for the recruiting purposes set out in paragraph 2 below.

 

1. DATA CONTROLLER

The Data Controller is UniCredit S.p.A. Branch Hungary, with registered office in with registered office in 1134, Budapest, Róbert Károly krt. 61-65 (hereinafter "UniCredit").

 

2. PURPOSE AND LEGAL BASIS OF PROCESSING

UniCredit process personal data in its possession, collected directly from the data subject, or from third parties, for the following purposes:

A. Selection of the candidate aimed at the possible establishment of a working relationship or collaboration (including, by way of example, internship) with UniCredit. In particular, your personal data may be processed in order to allow your participation in interviews and/or tests (in the classroom and/or online) aimed, for example, at assessing your professional aptitude or the level of knowledge of English, etc..

The legal ground that legitimizes the relevant processing is that of Article 6(1)(b) of the GDPR, i.e. the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same. The provision of personal data necessary for these purposes is not mandatory, but failure to do so will make it impossible to participate in the aforementioned interviews and/or assessment tests and, consequently, to participate in the selection procedure.

B. Communication of the data provided by you to the companies belonging to the UniCredit Group (Italian and foreign) for the selection of the candidate aimed at the possible establishment of a working relationship or collaboration with a company (Italian or foreign) belonging to the UniCredit Group.

The legal basis that legitimizes the relevant processing is that of Article 6(1)(b) of the GDPR, i.e. the performance of a contract to which the data subject is a party or the performance of pre-contractual measures adopted at the request of the same. The provision of the data necessary for these purposes is not compulsory and failure to provide such data will simply make it impossible to take part in the selection procedure in place at the other Group Companies.

C. Need to comply with legal obligations, such as, for example, obligations provided for by tax/social security regulations, accounting, social security and welfare obligations, regulations on the reporting of unlawful conduct (so-called Whistleblowing), on the provision of investment services with particular reference to conflicts of interest and with regard to the prevention of insider trading and market manipulation, or provisions issued by the Authorities.

The above-mentioned needs constitute the legal basis that legitimizes the relative processing. The provision of data necessary for these purposes is a legal obligation; without your personal data UniCredit would be unable to fully comply with contractual obligations and the provisions of the legislation.

D. Pursuit of the legitimate interest of the Data Controller in the use, for purposes related to the establishment of the employment relationship, of the data collected through the questionnaires, should you be asked to fill them in, submitted to you and aimed at verifying your interests outside the work environment (for example: other jobs, company shareholdings, positions in supervisory bodies....).

For the aforementioned purposes, UniCredit may cross-reference and/or enrich the personal data provided directly by you with those acquired through databases internal and/or external to the Bank.

The legal basis legitimizing such processing is the legitimate interest of the Data Controller based on the balancing of interests between the fundamental rights and freedoms of the data subject and the legitimate needs of the employer.

 

The processing of personal data based on legitimate interest is not mandatory and you may object to such processing at any time in the manner indicated in paragraph 9 below and, unless there are compelling legitimate reasons prevailing and/or the exercise and/or defense of a right of the Data Controller or third parties, the Data Controller will refrain from further processing of the data.

 

3. THE CATEGORIES OF PERSONAL DATA CONCERNED

UniCredit processes personal data collected directly from you, or from third parties, which include, by way of example, personal data (e.g. name, surname, address, date and place of birth), contact data (e.g. e-mail, landline and cell phone), your image (as part of selection activities carried out through online platforms),as well as data relating to your Curriculum Vitae.

    3.1 PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA1

UniCredit may process particular categories of personal data (for example, data related to health) for purposes strictly connected and instrumental to the establishment of a working relationship or collaboration (for example, the establishment, management and termination of the working relationship or collaboration), or to fulfill specific legal obligations (for example, in the field of social security and assistance, including supplementary, in the field of hygiene and safety at work, tax, trade union, health protection).

In such cases, the processing is necessary in order to fulfil legal obligations deriving from the need to establish a working relationship or collaboration. This necessity represents the legal basis that legitimizes the related processing; without your personal data UniCredit would be unable to fulfill the provisions of the regulations or to establish the relationship or collaboration with you.

 

4. RECIPIENTS OR RECIPIENTS’ CATEGORIES OF PERSONAL DATA

Your data may be disclosed to the natural and legal persons appointed as Data Processors as well as in quality of persons authorized to the processing of personal data, relatively to the data necessary to the development of the assigned tasks, the physical persons belonging to the following categories:

  • employees or temporary workers or trainees assigned to the HR function of UniCredit, consultants and other natural persons occasionally assigned to the HR function of UniCredit;
  • the employees, temporary workers, interns and consultants of the external companies appointed as Data Processor.

 

5. DATA TRANSFER TO THIRD COUNTRIES

UniCredit informs that personal data could be transferred also in countries not belonging to the European Union or to the European Economic Area (so-called Third Countries) recognized by the European Commission as having an adequate level of protection of personal data or, otherwise, only if an adequate level of protection of personal data compared to that of the European Union is contractually guaranteed by UniCredit suppliers located in Third Countries (e.g. through the signing of standard contractual clauses provided by the European Commission) and that the exercise of the rights of the interested parties is always ensured. Further information may be requested by writing to: recruitinghungary@unicredit.eu.

 

6. MODALITIES OF THE PROCESSING

The processing of personal data is done through manual, computer and telematic tools with logic strictly related to the purposes and, however, to ensure the security and confidentiality of data.

 

7. DATA SUBJECTS’ RIGHTS

The GDPR gives you the right to know what data concerning you is held by UniCredit, as well as how it is used and to obtain, when the conditions are met, the copy, cancellation, updating, rectification or, if interested, integration of data, limitation of the processing of data concerning you, opposition to the processing and the right to portability.

    7.1 DATA RETENTION PERIOD AND RIGHT TO ERASURE (i.e. RIGHT TO BE FORGOTTEN)

In case of conferment of data for a generic candidacy, UniCredit processes and keeps your personal data for a maximum period of thirty-six (36) months starting from the date of the last log-in made by the data subjects on his/her own profile created on the UniCredit portal, in order to allow you to be called to participate in the selection procedure for possible professional positions in line with your professional profile.

In case of conferment of data for a specific application, UniCredit processes and keeps your personal data for a maximum period of thirty-six (36) months from the date of conclusion of the selection procedure for any professional positions in line with your profile.

At the end of the applicable retention period, the personal data relating to you will be deleted or stored in a form that does not allow your identification (e.g., irreversible anonymization), or stored in a form that does not allow your identification. irreversible anonymization), unless their further processing is necessary for one or more of the following purposes: i) resolution of pre-litigation and/or litigation initiated before the expiry of the retention period; ii) to follow up investigations/inspections by internal control functions and/or external authorities initiated before the expiry of the retention period; iii) to follow up requests from Italian and/or foreign public authorities received/notified to UniCredit before the expiry of the retention period.

 

8. PROCEDURES TO EXERCISE THE RIGHTS

For the exercise of the above rights, the data subjects may contact:

  • recruitinghungary@unicredit.eu

The deadline for a response is one (1) month, extendable by two (2) months in cases of particular complexity; in such cases, UniCredit will provide at least one interim communication within one (1) month.

The exercise of rights is, in principle, free of charge.

 

9. COMPLAINT OR REPORTING TO THE DATA PROTECTION AUTHORITY

UniCredit informs you that you have the right to complain or make a report to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH). The contacts of the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) are available on the site https://www.naih.hu.

 

 

1 Pursuant to Article 9.1 of the GDPR are "personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data concerning the person's health or sex life or sexual orientation”

 

Please click here to download the above text in PDF format.

Spinning wheel animation

Loading

UniCredit Logo