CANDIDATE PRIVACY NOTICE FORM

With this notice, as required by current legislation on the protection of personal data (Art. 13 of the General Data Protection Regulation, hereinafter also GDPR), BKT Europe Srl (hereinafter also the "Data Controller" or "Company") provides job seekers ("data subjects") with information relating to the processing of their data.

WHO IS THE CONTROLLER AND HOW TO CONTACT THEM

The Processing Controller is Balkrishna Industries Limited, BKT HOUSE, C/15, Trade World, Kamala Mills Compound, Senapati Bapat Marg, Lower Parel, Mumbai – 400013, India. The Company can be contacted by email at asia@bkt-tires.com.

WHAT DATA IS PROCESSED

The data to be processed is identification and resume data provided by the data subject using the form on the website and the file upload system that is made available. The collection will only cover common data. Therefore, the candidate must not indicate sensitive personal data – such as data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing state of health and sex life – which, if provided, will be immediately deleted.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

The data provided by the data subject is processed only for the purpose of evaluating the application.

More specifically, the data is used to:

• examine the data subject's application form;
• proceed with the verification of hiring conditions and/or the start of a collaboration.

The legal basis for the processing of the data that is collected is the execution of pre-contractual measures, preparatory to the establishment of employment or a working relationship.

Should it be necessary, the data may also be used given the Controller's legitimate interest in undertaking defensive initiatives or enforcing or defending a right in court.

WHO CAN SEE THE DATA?

The data will be processed by employees of the Controller who are authorized to process it.

The data may be disclosed by companies of the Group to which the Data Controller belongs, in view of the Data Controller's legitimate interest in collaborating with other companies of the Group with respect to open positions and the advantages, for the data subject, of contacts aimed at evaluating the proposed application.

The data can be seen by the competent Authorities in cases of specific requests with which the Controller is required by law to comply, by consultants or by companies which provide IT supply and assistance services for the activities undertaken on behalf of the Controller and by consultants to manage disputes and for legal assistance in the case of any disputes which make their involvement necessary.

Please note that some of the indicated subjects act as data processors and that communication to those who operate as independent controllers is carried out since prescribed by legal obligations or is necessary to fulfil the obligations arising from the contractual relationship or the legitimate interest of the Controller in maintaining the security of the IT systems with maintenance work by competent personnel and in adopting defensive initiatives through legal consultants.

The data subject may request a detailed list of data recipients from the Data Controller, to the extent to which they can be identified specifically.

Communication is in any case limited to the sole categories of data the transmission of which is necessary to undertake the activities and purposes being pursued.

HOW IS THE DATA MANAGED?

The collected data is processed with IT instruments and on paper, in compliance with the security obligations required by the laws in force to prevent the loss of data, illegal or incorrect use and unauthorized access.

Storage period

The data shall be retained by the Data Controller for the time necessary to fulfill the requirements for candidate selection and evaluation and, in any event, no longer than one year from its collection, unless an employment and/or working relationship is established.

There is no prejudice to any defensive needs for which the data can be kept also beyond the indicated deadlines.

Transferring data abroad

The web hosting service does not entail any transfer of data outside the EU, but the data controller will process data outside the European Union and the European Economic Area pursuant to Article 3 of the GDPR.

The data shall be transferred to Canada on the basis of the EU Commission's adequacy decision.

The data shall be transferred outside the European Union and the European Economic Area for the email service in the absence of adequacy decisions by the EU Commission, but the transfer shall be accompanied by appropriate safeguards; in specific, standard contractual clauses shall be used, backed by supplementary contractual measures.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?

The provision of data is optional and is left to the will of the candidate who decides to submit his/her CV and application. Failure to provide the data will make it impossible to verify the conditions for recruitment and/or the start of a working relationship and, therefore, the possible establishment of a relationship with the Data Controller.

WHAT ARE THE DATA SUBJECT'S RIGHTS?

The law recognizes the data subject's right to ask the Processing Controller for access to the personal data and its rectification or cancellation or limitation of the processing regarding them or to object to its processing, as well as the right to data portability.

The data subject may enforce their rights at any time, without a formal process, by informing the Processing controller.

Here below is a breakdown of the rights recognized by the law in force on the protection of personal data.

• The right of access, i.e. the right to obtain from the processing controller the confirmation that data processing is or is not taking place which regards them and, if so, to obtain access to personal data and to the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or the categories of recipients to whom the personal data has been or will be communicated, in particular if recipients in other countries or international organizations; d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period; e) the existence of the data subject's right to ask the Processing controller to rectify or cancel personal data or to limit the processing of the personal data regarding them or to oppose its processing; f) the right to lodge a complaint to a supervisory authority; g) should the data not be collected from the data subject, all the information available on its origin; h) the existence of an automatic decision-making process, including profiling and, at least in these cases, significant information on the approach used, as well as the importance and consequences envisaged of this processing for the data subject. Should the personal data be transferred to another country or international organization, the data subject then has the right to be informed of the existence of adequate guarantees relating to its transfer.
• The right of rectification, i.e. the right to obtain from the processing controller the rectification of inexact personal data regarding them without unjustified delay. Taking account of the purposes of processing, the data subject has the right to integrate incomplete personal data, also by providing an additional statement.
• The right of cancellation, i.e. the right to obtain from the processing controller the cancellation of inexact personal data regarding them without unjustified delay if: a) the personal data is no longer necessary in regard to the purposes for which it was collected or otherwise processed; b) the data subject withdraws their agreement on which the processing is based and if there is no other legal basis for the processing; c) the data subject opposes the processing undertaken because necessary to carry out a public service or connected to the exercise of public powers with which the Controller is invested or to pursue a legitimate interest and there is no prevailing legitimate reason to proceed with the processing, or opposes the processing for direct marketing purposes; d) the personal data was illegally processed; e) the personal data must be cancelled to fulfil a legal obligation envisaged by the law of the European Union or of the Member state to which the Processing controller is subject; f) the personal data was collected in relation to the company's offer of services for information to minors. The request for cancellation cannot, however, be accepted if the processing is necessary: a) to exercise the right to freedom of expression and information; b) to fulfil a legal obligation which requires processing as envisaged by the law of the European Union or of the Member state to which the Data Controller is subject or to execute a task undertaken in the public interest or in the exercise of public powers with which the Data Controller is invested; c) for reasons of public interest in the public health sector; d) for the purposes of archiving in the public interest, scientific or historic research or statistical purposes, to the extent to which cancellation risks making impossible or seriously compromising achieving the goals of such processing; or e) for verifying, exercising or defending a right in the courts.
• The right of limitation, i.e. the right to obtain that data is processed, except for its conservation, only with the agreement of the data subject or to verify, exercise or defend a right before the courts or to protect the rights of another natural person or corporation or for reasons of relevant public interest of the European Union or of a member State if: a) the data subject challenges the preciseness of the personal data, for the period necessary for the Data Controller to verify the exactness of this personal data; b) the processing is illegal and the data subject opposes the cancellation of the personal data and instead asks that its use is limited; c) although the Data Controller no longer needs it for processing purposes, the personal data is necessary for verifying, exercising or defending a right in the courts; d) the data subject has opposed the processing undertaken because necessary to carry out a public service or connected to the exercise of public powers with which the Controller is invested or to pursue a legitimate interest of the Data Controller or of third parties, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the data subject. 

• The right to portability, i.e. the right to receive the personal data regarding them provided to the Controller in a structured form, for shared use which can be read by an automatic device and has the right to transmit this data to another controller without impediment by the Controller to whom they have provided the data, as well as the right to obtain direct transmission of the personal data from one controller to another, if technically feasible, should the processing be based on agreement or on a contract and the processing is carried out with automated means. This right will not affect the right to cancellation.

Please note  the right to object, in particular, i.e., the data subject's right to object at any time, on grounds relating to their particular situation, to the processing of their personal data as required for the performance of a task carried out in the public interest or in connection with the exercise of the official authority vested in the controller or for the furtherance of the legitimate interests of the Data Controller or of a third party. Should the personal data be processed for direct marketing purposes, the data subject has the right to oppose at any time the processing of the personal data regarding them undertaken for these purposes, including profiling to the extent this is connected to such direct marketing.

The data subject is then informed that if they believe that the processing of their personal data is violating the provisions of the GDPR, they have the right to file a complaint with a Supervisory Authority (Art. 77 of the Regulation) or to take appropriate legal action (Art. 79 of the Regulation).

This privacy notice is updated to March 30, 2023