Privacy Information Notice for Job Applicants

1. Data Controller and DPO. The data Controller is BERLIN-CHEMIE A.MENARINI SRL, a Romanian company with its headquarters at Floreasca Business Park, 169A Calea Floreasca, building A, 7th floor, sector 1, Bucharest, 014459, registered with the Trade Registry under no. J40/531/2011, EUID: ROONRC.J40/531/2011, sole identification number 27924011 (“we”, the “Company” or the “Controller”), which may be reached by contacting the Company headquarters and/or by writing to the Data Protection Officer (“DPO”) at

2. What data we process and for which purposes . We process the personal data you provide during the selection process (in the application form, during the job interview, as well as the data we collect by our recruitment agencies etc). These data include, in particular, your name, contact details, areas of professional interest, employment status, information pertaining to your professional expectations, your educational background, your skills and experience, your CV, the additional information you may provide in the course of our contacts as well as the data which the Controller may collect, also from third parties, in the course of its activities (“Data”). Please be informed that we may process your Data only for the purpose of assessing the applications we receive to evaluate the possibility of starting an employment relationship and/or collaboration with the Company, as this is necessary to take steps at your request prior to entering into a contract (art. 6 1.b). We also process your Data if it is necessary to meet legal obligations (art. 6.1.c) or to pursue our legitimate interests (art. 6.1.f) .

3. How we process your data Data are entered in the company information system in line with the applicable privacy laws, including the aspects pertaining to security and confidentiality and in accordance with the principle of fair, lawful and transparent processing. We will store the Data for one year in order to assess your application and after that period your data are subsequently
erased. All Data are processed both manually and electronically - in any case measures will be taken to ensure security and confidentiality

4. Who may access your Data. Data are accessible by the Company’s staff authorised to process personal data and particularly to HR staff, to staff belonging to the offices that are interested in your professional profile, to administrative staff, IT technicians and other staff members that need to process them to perform their job duties. Data may be communicated, also in non-EU countries
(“Third Countries”) to (i) institutions, authorities, government agencies for their institutional functions, as well as legitimate recipients as set out by the applicable laws; (ii) professionals, collaborators (including those working as sole professionals or in partnership); third parties and providers of which the Company avails for commercial, technical and professional services (e.g. IT or
cloud computing providers); (iii) third parties in case of mergers, acquisitions or company/branch take-overs; (iv) the Supervisory Body of the Company, based at the Company’s address, for the pursuit of its supervisory activities and for the enforcement of the Code of Conduct of the Menarini Group. Data may be communicated, also in Third Countries, to other Companies of the Menarini
Group for the same purposes and/or for administrative/accounting purposes, pursuant to art. 6.1.(f) and Recital 48 GDPR. Such entities will use them only for the purposes indicated above and shall process them in compliance with the applicable laws on data protection. With the exception of the above, Data will not be shared with third parties, or published/disseminated. Data Recipients
shall process them, as the case may be, in the capacity as data controllers, processors, or persons authorised to the processing, in compliance with the applicable laws on data protection. Regarding possible transfers of Data outside the EU, including countries whose laws do not afford the right to personal data privacy the same level of protection as EU Law, the Controller informs that all
transfers shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user’s consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programes for free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered
safe by the European Commission. You can request a copy of the Standard Contractual Clauses or other relevant warranty(s) at the contact details above.

5. Your rights. By contacting the Company at the above address, you may at any time exercise the rights afforded by Articles 15-22 of the GDPR, including the right to obtain an updated list of those who may access your Data, obtain confirmation of the existence of Data pertaining to you in our databases, check the Data’s content, origin, correctness, location (also with reference to any Third
Countries), request a copy thereof, request their rectification; in the cases provided by the law, request the restriction of their processing, their erasure, oppose to direct contact activities. You may object at any time, on grounds relating to your particular situation, to the processing of your Data which is based on our legitimate interest(s). Likewise, you may always make observations
on specific issues regarding processing operations of your personal Data which you regard as incorrect or unjustified by your relationship with the Company to the DPO, or lodge a complaint with the National Supervisory Authority for Personal Data Processing. You may at any time withdraw the consent you have conferred to the Processing of your Data, although this will not affect the lawfulness of the processing carried out before withdrawal.

Further topics