Data protection notice for the anonymisation of customer personal data

Table of Contents

  1. Scope of this notice
  2. Data controller and contact details
  3. Categories of personal data
  4. Purposes and legal basis of processing
  5. Sources of the data
  6. Requirement to provide the data
  7. Recipients of the data
  8. Automated decision-making (including profiling)
  9. International data transfers
  10. Retention period
  11. Your rights as a data subject
  12. Right to lodge a complaint
  13. Amendments

1. Scope of this notice

We, onboard Srl, offer our customers SaaS services in the areas of recruiting, HR management and related areas as a processor. As a processor, we process personal data on behalf of our customers (hereinafter "Customer Personal Data" ), who are the data controllers under data protection law. We may anonymise this Customer Personal Data in order to use it for our own business purposes described below. Anonymisation will be carried our under our responsibility and we will be the data controller in relation to such processing as we will determine the purposes and means.

This notice in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR" ) relates only to the anonymisation process and does not concern the subsequent use of the anonymised data itself, which no longer constitutes personal data.

2. Data controller and contact details

The data controller responsible for the data processing in question is:

onboard Srl
Dr. J. Köllensperger Straße 10/B
39011 Lana (BZ)
South Tyrol / Italy
E-Mail: [email protected]
PEC: [email protected]

Our data protection officer can be contacted at [email protected] .

3. Categories of personal data

The data categories that we may anonymise for the purposes explained below include the log data mentioned in the respective customer data protection notices, as well as other data resulting from your application to or employment by our customers.

If you are an applicant for one of our customers, this is usually the personal data relating to your application (application data). If you are an employee of one of our customers, this is typically personal data related to your employment with our customers (employment data).

4. Purposes and legal basis of processing

The anonymisation of Customer Personal Data is carried out in order to analyse and improve our services and verify accounts. The legal basis for this is our overriding legitimate interests (Art. 6(1((f) GDPR), which clearly result from the purposes mentioned.

5. Sources of the data

We process Customer Personal Data collected by or on behalf of our customers. We do not collect any Customer Personal Data ourselves for our anonymisation purposes. Our customers determine the sources of such data. Please refer to the relevant data protection notices of our customers for more information.

6. Requirement to provide the data

Our customers decide whether and which Customer Personal Data is required to be provided. Please refer to the relevant data protection notices of our customers for more information.In any case, the provision of such data is not required for our anonymisation purposes.

7. Recipients of the data

The recipients of Customer Personal Data are indicated in our customers’ protection notices. Please refer to the relevant data protection notices of our customers for more information. We do not disclose Customer Personal Data to any other party for our anonymisation purposes.

8. Automated decision-making (including profiling)

There is no automated decision-making (including profiling) in accordance with Art. 22 GDPR.

9. International data transfers

If Customer Personal Data is transferred to countries outside the European Economic Area (EEA) or to international organisations, this is described in the relevant data protection notices of our customers. No further international data transfer takes place for our anonymisation purposes.

10. Retention period

The retention period of Customer Personal Data is described in the relevant data protection notices of our customers, over which we as a processor have no influence. Once this data has been anonymised, processing for our purposes is completed and we no longer store this data for our purposes.

11. Your rights as a data subject

If the legal requirements are met, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure/right to be forgotten (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR) and a right to data portability (Art. 20 GDPR).

You also have a special right to object (Art. 21 GDPR) if the personal data concerning you is processed on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR). In this case, you can object to the processing at any time for reasons arising from your particular situation. If the legal requirements are met, we will then no longer process your data.

To exercise these rights, please contact us using the above contact details.

12. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR. In Italy, this is the Garante per la protezione dei dati personali (GPDP) in Rome.

13. Amendments

This notice may be amended at any time. The latest version can be found on our website. For older versions, please contact us.

 

Version: 22/01/2025