Information on the processing of personal data for candidates

This privacy policy (Policy) is provided in relation to the processing of personal data of candidates for job positions managed by Sidler SA.

1. Data Controller

For the purposes hereof, the data controller is Sidler SA, with registered office in Via Gaggiolo 27, 6855 Stabio CH, with business register number CHE-100.591.903 VAT (Data Controller). 

The Data Controller is a company operating in the field of recruitment and in the provision of career development services.

2. Data collected

Your personal data collected are limited to those necessary for the establishment, management, execution and/or conclusion of the relationship with the Data Controller. In particular, your personal data processed may be: (i) identification data (e.g. name, surname and job title); (ii) contact data (e.g. e-mail, telephone number) (hereinafter, jointly, the Data). 

3. Purpose of the data processing and legal basis

3.1 Establishment and execution of the relationship

The Data will be processed in order to establish and correctly execute the relationship with the Data Controller and comply with any legal obligations connected to the same.

The legal basis for the processing of the Data for the above purposes is the legitimate interest of the Data Controller to contact the data subject in order to offer him/her its services and to set up, manage and perform the tasks conferred on the same by virtue of the relationship established with the data subject. This legitimate interest of the Data Controller is compatible with the position of the data subject since it is reasonable to believe that the data subject has a corresponding interest in (and expects to be informed of) job opportunities related to the activity carried out by the Data Controller.

3.2 Marketing

The Data will also be processed in order to send you by e-mail, telephone, social network communications of a commercial, promotional and advertising nature concerning the services provided and the products offered by the Data Controller.

The legal basis for the processing of the Data for the purposes referred to in point 3.2 is the legitimate interest of the Data Controller to contact the data subject in order to offer him/her its services and update him/her on any new projects undertaken by the Data Controller or new products offered by the same. This legitimate interest of the Data Controller is compatible with the position of the data subject as it is reasonable to believe that the data subject has a corresponding interest in (and expects to be informed of) new opportunities and new services offered by the Data Controller.

The processing of the Data referred to in points 3.1 and 3.2 are not necessary to reply to specific requests and any opposition to the receipt of such communications shall not affect in any way any different relationship established with the Data Controller. It will always be possible, at any time, to oppose to the receipt of such communications or the use of one or more of the contact details provided by contacting the Data Controller at privacy@sidler-sa.ch.

4. Means of the Data processing

The Data will be processed by employees and/or collaborators of the Data Controller, specifically designated as authorised persons and external data processors, whose respective names are available on request to the Data Controller.

The Data Controller and such third parties process the Data manually or by means of electronic or automated instruments, according to procedures strictly related to the purposes and in any case in order to guarantee the security and confidentiality of the Data.

For the purposes hereof, the Data will be processed and kept outside the European Union, namely in Switzerland, where the Data Controller has its registered office and where the data processors appointed by the Data Controller have their registered office.

In any case, your Data will be processed exclusively in Non-EU countries providing adequate level of data protection pursuant to the rules of the European Institutions, as it takes place in Switzerland, in relation to which the European Commission adopted the Decision of 26 July 2000 on the adequacy of personal data protection in Switzerland pursuant to directive 95/46/EC.

5. Data notification and recipients

The Data may be notified to third parties only where necessary for the establishment, management, execution and/or conclusion of the relationship with the Data Controller.

The third-party recipients of the Data, autonomous data controllers or duly designated as data processors, belong to the following categories:

  1. subjects who perform, on behalf or in favour of the Data Controller, tasks of a technical and organisational nature or professional assistance/consultancy, (e.g. accounting and payroll consultants, legal consultants and notaries, managers of the software infrastructures used by the Data Controller); 
  2. central and local bodies of the Public Administration, local authorities and their local bodies;
  3. Judicial Authorities and Public Security Authorities.

The complete list of data processors is kept at the Data Controller’s registered office and can be consulted on request to be sent to the addresses indicated in article 8 below.

6. Data disclosure

Data shall not be disclosed.

7. Data retention

The Data are processed only for the time strictly necessary to achieve the purposes set out in paragraph 3 above and, in any case, for a maximum of 24 months from collection for such purposes.

8. Data subjects’ rights

The Data subjects are entitled at any time: (i) to obtain confirmation of the existence or non-existence of their personal data; (ii) to know the purposes and terms of data processing, the recipients of such Data, the data retention period; (iii) to obtain personal data rectification or erasure and, if applicable, restriction of processing; (iv) to object to processing; (v) if applicable, to receive their personal data provided to the Data Controller in a structured, commonly used, machine-readable format and send it to another data controller without any impediment by the Data Controller;  (vi)  to file any complaint to the Data Protection Authority (in Italy: Garante per la protezione dei dati personali).

The aforementioned rights may be exercised at any time upon request, to be sent to the Data Controller: