Arrow left Close icon
Solutions Chevron right
Events and News Chevron right
Solutions Arrow pointing up right
Tissue Chevron right
Paper & Board Chevron right
Nonwovens Chevron right
Services Chevron right
Digital Solutions Chevron right
Events and News Arrow pointing up right
News Events
Tissue Arrow pointing up right
Tissue plants Chevron right
Machine sections and rebuilds Chevron right
Paper & Board Arrow pointing up right
Machine section and rebuilds Chevron right
Nonwovens Arrow pointing up right
End Line Chevron right
Services Arrow pointing up right
Product support Chevron right
Digital Solutions Arrow pointing up right
Digital Solutions Chevron right
News Arrow pointing up right
Events Arrow pointing up right
Tissue plants Arrow pointing up right
Stock preparation Arrow pointing up right
Tissue Machines Arrow pointing up right
Rewinder Arrow pointing up right
Machine sections and rebuilds Arrow pointing up right
Forming section Arrow pointing up right
Press section Arrow pointing up right
Drying section Arrow pointing up right
Calender section Arrow pointing up right
Reeling section Arrow pointing up right
Machine Auxiliary Systems Arrow pointing up right
Electric heating solutions Arrow pointing up right
Energy Pack Arrow pointing up right
Water Pack Arrow pointing up right
Fiber Pack Arrow pointing up right
Machine section and rebuilds
Stock preparation Arrow pointing up right
Paper Machine Arrow pointing up right
Winders
End Line Arrow pointing up right
Winders Arrow pointing up right
Rewinders Arrow pointing up right
Packaging system Arrow pointing up right
Product support
Product support Arrow pointing up right
Technical support Arrow pointing up right
Training Arrow pointing up right
Spare parts Arrow pointing up right
Performance Audit Arrow pointing up right
S.To.R.I. Arrow pointing up right
Recard Machines Assistance
Digital Solutions
Digital Solutions Arrow pointing up right
Stock preparation Arrow pointing up right
Pulping
TT MDP TT HDP TT MBP
Cleaning
TT HDC
Mixing Area
TT ComMix
Approach Flow Area
TT AFS TT V TT SAF TT HydroMix
Tissue Machines Arrow pointing up right
AHEAD Line
AHEAD 1.6 AHEAD 1.8 AHEAD 2.2 AHEAD 2.2L
TADVISION Line
TADVISION TADVISION L
INGENIA Line
INGENIA
Rewinder Arrow pointing up right
OPTIMA Line
OPTIMA SHAFTLESS OPTIMA 1800 OPTIMA 2200 OPTIMA 2600
Forming section Arrow pointing up right
TT LowMistFormer TT Headbox TT D-Profiler
Press section Arrow pointing up right
TT SPR (Suction Press Roll) TT NextPress
Drying section Arrow pointing up right
TT SYD TT Hood Steam and condensate system
Calender section Arrow pointing up right
TT Calenders
Reeling section Arrow pointing up right
TT Reel-P TT Reel-L TT BulkyReel EcoChange/TT TurnUp
Machine Auxiliary Systems Arrow pointing up right
TT Mist TT Dust TT H&V
Electric heating solutions Arrow pointing up right
TT e-Powered Hood TT ElectricProfiler TT ElectricBoiler
Energy Pack Arrow pointing up right
TT TurboDryer TT SteamBooster TT Heat Recovery System TT Swing TT DryingEquilibrium
Water Pack Arrow pointing up right
TT WaterPack
Fiber Pack Arrow pointing up right
TT FiberPack
Stock preparation Arrow pointing up right
Approach Flow Area Pulping
Paper Machine Arrow pointing up right
Headbox Forming section Press section Drying section Sizing section Calender section Reeling Section Tail Feeding System
Winders Arrow pointing up right
Winders Arrow pointing up right
OPTIMA Winder NW 2500 OPTIMA Winder NW 3500 S OPTIMA Winder NW 3500 F
Rewinders Arrow pointing up right
OPTIMA Rewinder NW 800 OPTIMA Rewinder NW 1200 OPTIMA Rewinder NW 1800
Packaging system Arrow pointing up right
OPTIMA Packaging integrated system
Product support Arrow pointing up right
Headboxes Press Rolls Shoe Presses System Yankee Dryers Rewinders Steam Systems Burner Systems Hood & Air Systems Dryer Cans Winders Packaging Nonwovens Services
Technical support Arrow pointing up right
Papermaking Babysitting and technical assistance Process optimization Maintenance 24/7 remote Assistance
Training Arrow pointing up right
Knowledge and Skill Development
Spare parts Arrow pointing up right
Spare Parts Spare parts for Recard machinery
Performance Audit Arrow pointing up right
Energy Audit Plant Automation
S.To.R.I. Arrow pointing up right
Rolls Maintenance Expert roll grinding solutions Vibration analysis Dynamic balancing Run Test Gearbox overhauling Spare parts services Testing (NDT)
Recard Machines Assistance Arrow pointing up right
Digital Solutions Arrow pointing up right
QCS dataPARC TT Brain Vibration Monitoring MillOne
Arrow pointing up right
Contact us
Arrow pointing up right

PRIVACY POLICY FOR THE “JOB OFFERS/CAREER” SECTION OF THE TOSCOTEC WEBSITE

PREAMBLE

Toscotec S.p.A. (hereinafter also the “Company” or the “Controller”), with registered office at Viale Europa 317/F, 55014 Marlia (LU), Italy, Tax Code and VAT number 02094670466, operates in strict compliance with European and Italian legislation on personal data protection, in particular Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018 (“Italian Privacy Code”).

This notice governs, pursuant to Articles 13 and 14 GDPR, the processing of personal data relating to candidates who submit an unsolicited application or apply for open positions through the “Job Offers/Career” section of the corporate website.

1. DATA CONTROLLER AND CONTACT DETAILS

The Data Controller is:

Toscotec S.p.A.
Registered Office: Viale Europa, 317/F - 55014 Marlia (LU), Italy
Tax Code and VAT number: 02094670466
Dedicated privacy email: privacy@toscotec.com
Certified Email (PEC): info@pec.toscotec.biz

The Company has established a Privacy Committee, an internal body responsible for overseeing and monitoring compliance with data protection legislation and company policies. For specific information, communications and requests to exercise rights concerning personal data, the Privacy Committee may be contacted at the dedicated email address indicated above.

2. CATEGORIES OF DATA PROCESSED AND COLLECTION METHODS

The personal data processed in the selection procedure include, by way of example and without limitation:

a. Identification and contact data: first name, last name, date and place of birth, residence or domicile address, tax code, telephone numbers and email address.

b. Curriculum and professional data: school and university education, qualifications, professional certifications, previous work experience, language and IT skills, and registration with professional registers and/or professional associations.

c. Special categories of personal data (Article 9 GDPR), where voluntarily provided by the candidate, such as:

  • health information (membership of protected categories);
  • information relating to religious, political or trade-union orientation/views, included only where voluntarily provided.

Data are collected directly from the candidate by completing the dedicated form in the “Job Offers/Career” section and/or by voluntarily sending a curriculum vitae to the email address or through the dedicated management platform.

3. PURPOSES OF PROCESSING

The personal data collected are processed exclusively for:

a. Management of personnel selection procedures, in response to specific job advertisements published on the website or for the assessment of unsolicited applications. In particular:

  • Screening the curricula received in order to verify their correspondence with the required profile.
  • Contacting the candidate to schedule introductory interviews, technical tests or aptitude/psychometric tests.
  • Preparing assessment profiles for personnel selection purposes.

b. Creation and management of a corporate candidate database, with retention of applications that do not immediately match the profiles sought, for potential subsequent career opportunities.

4. LEGAL BASIS OF PROCESSING

The legal basis on which Toscotec relies for the processing is as follows:

  • For common data (identification and curriculum data): the need to perform pre-contractual measures taken at the request of the data subject (Article 6(1)(b) GDPR).
  • For any special categories of personal data under Article 9 GDPR: processing based on the candidate’s explicit and specific consent (Article 9(2)(a) GDPR). Refusal to give consent does not prejudice the application, except where such data are essential to assess requirements that are mandatory by law (e.g., protected categories).

5. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL

Providing the data requested for the application is optional. However, refusal to provide data necessary to verify the required professional requirements prevents the proper assessment of the application and makes it impossible to continue the selection procedure.

The provision of any special categories of personal data is neither requested nor solicited by Toscotec. Any voluntary provision of such information is subject to the candidate’s explicit consent, as required by the GDPR.

6. PROCESSING METHODS AND SECURITY MEASURES

Personal data are processed using IT and paper-based tools, with organisational and logical methods strictly related to the purposes indicated above. Processing is carried out in accordance with the principles of lawfulness, fairness, transparency, data minimisation and confidentiality, as provided for by Article 5 GDPR.

Toscotec ensures the adoption of appropriate technical and organisational security measures (pursuant to Article 32 GDPR), aimed at preventing and mitigating the risks of destruction, loss, alteration, unauthorised disclosure of, or accidental or unlawful access to, the personal data processed. Such measures include, among others:

  • A data authorisation system based on privilege levels;
  • Use of authentication procedures and access traceability;
  • Periodic training of internal staff on IT security and privacy procedures;
  • Secure management and filing procedures for the personal information collected.

7. DATA RETENTION PERIOD

Personal data acquired during the selection procedure will be retained for the period necessary to complete the related selection activities and, in any case, for no longer than 12 months from data collection, unless the candidate gives explicit authorisation to retain the application for potential future opportunities.

In any case, once that period has elapsed, the personal data will be permanently erased or anonymised in accordance with applicable law.

8. COMMUNICATION AND RECIPIENTS OF PERSONAL DATA

Personal data processed as part of the selection procedure will be accessible exclusively to persons duly authorised and formally appointed by the Company, in strict compliance with the “need-to-know” principle (access to data only where necessary to perform specific functions).

Specifically, data may be accessed by:

  • Authorised internal Toscotec personnel: employees and collaborators of the Human Resources Department, heads of the corporate functions involved in personnel selection and members of the corporate Privacy Committee, where relevant to the control and verification of the processing.
  • Authorised external consultants: companies specialised in recruiting, head-hunting, personnel selection and skills assessment, appointed as Data Processors pursuant to Article 28 GDPR by means of a specific contract containing precise processing instructions and mandatory security measures.
  • Judicial authorities and/or public supervisory bodies, where communication of the data is mandatory under laws, regulations or orders of the competent authorities.

All external parties that access candidates’ personal data receive specific instructions concerning the methods and limits of processing, as well as confidentiality obligations.

9. TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

Personal data relating to candidates collected through the “Job Offers/Career” website section will be processed mainly at the Controller’s corporate offices and stored on servers located within the European Union.

Where, due to specific operational requirements, it becomes necessary to transfer personal data outside the European Union (e.g., in the case of use of CV selection and management platforms or services managed by non-EU companies), the Controller ensures that such transfer will take place in full compliance with the safeguards required by the GDPR (in particular Articles 44 et seq. GDPR), ensuring the presence of appropriate legal instruments such as:

  • Standard Contractual Clauses approved by the European Commission;
  • Adequacy decisions issued by the European Commission;
  • International agreements or certifications recognised under the GDPR (e.g., EU-U.S. Data Privacy Framework certification).

In any case, candidates will be promptly informed by specific notice of any transfer and of the measures adopted to protect personal data.

10. RIGHTS OF THE DATA SUBJECT

Toscotec guarantees candidates the following rights, pursuant to Articles 15 to 22 GDPR:

  • Right of access (Article 15 GDPR): the candidate may request confirmation as to whether personal data concerning him/her are being processed and obtain a copy of such data, as well as detailed information on the processing methods and purposes.
  • Right to rectification (Article 16 GDPR): the candidate has the right to request correction or completion of inaccurate or incomplete data concerning him/her.
  • Right to erasure (“right to be forgotten”, Article 17 GDPR): in the cases provided for by the GDPR, the candidate may request the permanent erasure of personal data concerning him/her.
  • Right to restriction of processing (Article 18 GDPR): in particular circumstances (e.g., challenge to data accuracy, objection to processing), the candidate may request temporary restriction of processing.
  • Right to data portability (Article 20 GDPR): the candidate has the right to receive a copy of the personal data that he/she has provided to the Controller in a structured, commonly used and machine-readable format, and to transmit those data to another controller.
  • Right to object (Article 21 GDPR): on grounds relating to his/her particular situation, the candidate may object to processing based on the Controller’s legitimate interests.
  • Withdrawal of consent: where processing is based on the data subject’s consent, the data subject may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint with the Supervisory Authority: the data subject may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it) if he/she considers that the processing of personal data concerning him/her infringes applicable law.

Candidates may exercise these rights by contacting Toscotec directly using the contact details provided in this notice.

Toscotec undertakes to respond within one month of receiving the request, subject to any extension permitted by applicable law (Article 12 GDPR).

11. DATA RETENTION AND ERASURE PROCEDURE

Once the maximum retention period specified in Section 7 has elapsed (12 months), the personal data of candidates who have not been selected will be erased or anonymised in a definitive and irreversible manner.

For applications for which explicit consent has been given to retention for further future career opportunities, the retention period will in any event be limited to the time strictly necessary for the purpose pursued.

The Company has established specific internal procedures for the erasure and anonymisation of personal data, ensuring that such procedures are periodically verified by the corporate Privacy Committee and documented in order to ensure compliance with the relevant legislation.

12. UPDATES AND AMENDMENTS TO THE NOTICE

This notice is subject to periodic updates in light of developments in the relevant legislation, changes in the Company’s organisation and the implementation of new procedures and technologies for managing applications.

Any amendments will be promptly published on the corporate website, with an indication of the update date. In the event of material changes that significantly affect the rights of data subjects, they will be informed by appropriate communications (email or specific notices on the website).

13. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES ADOPTED

Toscotec S.p.A., aware of the importance and sensitivity of the personal data processed in application management, has adopted specific and rigorous technical and organisational security measures to ensure an adequate level of protection, in full compliance with Articles 25 and 32 GDPR and the guidelines of the Italian Data Protection Authority.

13.1 Internal organisational security measures

The Company has implemented a privacy and data security management system, supervised by the internal Privacy Committee, which includes:

  • Definition of clear and formalised internal privacy roles and responsibilities (formal designation of persons authorised to process data).
  • Continuous and documented training of employees and collaborators involved in recruiting, candidate management and personnel management activities, with particular attention to the proper management of sensitive or special categories of data.
  • Detailed procedures for managing applications, including restricted and controlled access to corporate candidate databases and traceability of such access (log management).
  • Periodic audits and documented internal checks carried out by the Privacy Committee to assess the effectiveness of the measures adopted and promptly correct any anomalies or vulnerabilities identified.

13.2 Technical and IT measures adopted

From a technical and IT perspective, the Company has implemented appropriate preventive and corrective security measures, in particular:

  • Use of strong authentication systems for access to databases and internal management systems containing personal data.
  • Access control and monitoring systems (log management and audit trails).
  • Encryption of electronic communications, with particular reference to the transmission of curricula vitae, sensitive data or documents containing confidential information.
  • Advanced firewall and intrusion detection/prevention systems, regularly updated to protect the servers hosting candidates’ personal data.
  • Continuously updated antivirus and antimalware systems.
  • Automatic periodic backups and detailed disaster recovery and business continuity procedures to ensure timely and secure data recovery.
  • Adoption of pseudonymisation and anonymisation systems for personal data processed for statistical purposes or for analysis of recruiting procedure performance.
  • Prior and periodic verification of the security level of the infrastructures and software used to manage applications (periodic security assessments).

13.3 Risk assessment and Data Breach Notification procedures

Toscotec has defined and documented, in accordance with Article 32 GDPR, formal procedures for the periodic assessment of the risk associated with personal data processing, with particular attention to data belonging to special categories (Article 9 GDPR).

The Company has also implemented a specific Data Breach management procedure pursuant to Articles 33 and 34 GDPR, which provides for:

  • Clear internal procedures for identifying, managing and documenting any incidents or personal data breaches.
  • Timely notification (within 72 hours) to the Supervisory Authority and to data subjects in the event of relevant breaches involving a high risk to the rights and freedoms of data subjects.
  • Immediate corrective measures and post-incident audits to prevent similar events from recurring.

14. INTERNAL ROLES AND PROCESSORS FOR PROCESSING

The processing of personal data within the selection and recruiting procedure is under the direct responsibility of Toscotec’s Human Resources Department, assisted by the internal Privacy Committee.

The Data Controller (Toscotec) has formally designated internal persons authorised to process data and external Data Processors, as applicable under Article 28 GDPR, defining through contracts and detailed instructions the processing methods, purposes, security measures and criteria for retention and erasure.

The internal privacy contact person is the preferred point of contact for managing applications, data subject requests and any issues relating to the management of personal data.

15. PERIODIC UPDATE AND REVIEW OF THE PRIVACY POLICY

Toscotec periodically reviews this privacy policy under the supervision of the internal Privacy Committee and, where necessary, with the support of legal advisers experienced in data protection matters, in order to ensure continuous compliance with the most up-to-date standards of data security and personal data protection.

Any significant amendment to this Policy will be communicated to candidates in advance through specific notices published on the corporate website, as well as through direct communication tools where applicable (for example, by sending an email notice to data subjects who have authorised the retention of their data for future selections).

16. LEGAL REFERENCES AND SOURCES

This privacy notice is drafted in compliance with the following legal references:

  • Regulation (EU) 2016/679 (GDPR), in particular Articles 5, 6, 9, 13, 14, 15-22, 25, 28 and 32-34;
  • Italian Legislative Decree no. 196/2003 and Legislative Decree no. 101/2018;
  • Guidelines of the Italian Data Protection Authority, in particular those concerning the management of personnel and candidates;
  • European Data Protection Board (EDPB) guidance on personal data protection in the employment context.

17. CONTACTS FOR INFORMATION AND REPORTS

For any further information or clarification regarding the methods of personal data processing, or to exercise the rights provided for by the GDPR, candidates may contact the Controller or the Company’s internal Privacy Committee using the following contact details:

Toscotec S.p.A.
Viale Europa 317/F, 55014 Marlia (LU), Italy
Email: privacy@toscotec.com
Certified Email (PEC): info@pec.toscotec.biz

The Controller undertakes to respond promptly to requests submitted by data subjects within the statutory deadline (one month, extendable in particular cases up to three months), pursuant to Article 12 GDPR.

18. NON-DISCRIMINATION

Toscotec guarantees that its selection procedures comply with the principles of equal opportunities and non-discrimination.

Job offers are addressed to candidates of all genders (Law no. 903/1977; Legislative Decree no. 198/2006), without discrimination based on racial or ethnic origin, religion, political opinions, disability, age, sexual orientation or other personal or social conditions.