Privacy Policy


Privacy policy Pinpoint  |  Taco Family of Companies Europe

Status: 12 September 2023

In the following, we inform you in accordance with the applicable data protection regulations about which personal data we or third-party providers used by us process in the context of the use of the Pinpoint Applicant Platform (hereinafter "Website"), for which purposes and on which legal basis we use this data, to whom we pass on this data as well as about your rights.

Where you apply for an opportunity posted by us, these Privacy Notice provisions will apply to our processing of your personal information. The other Taconova Privacy Policy is available on the Taconova website.


A. General

1. Name and contact details of data controllers  

Data controllers under Art. 4(7) of Regulation EU 2016/679 (hereinafter the “GDPR”) are

Taconova Group AG
Neunbrunnenstrasse 40
8050 Zurich
Switzerland
Tel. +41 (0)44 735 55 55
group@taconova.com

and, if you apply for a job position within Taco Italia S.r.l.,

Taco Italia S.r.l.
Via Galileo Galilei 89
36066 Sandrigo (VI)
Italy
Tel. +39 0444 666800
privacy@tacoitalia.com

Please note that Taconova Group AG and Taco Italia S.r.l. (hereinafter also referred to as "we" or "us") process personal data through the Website as autonomous data controllers.

Further information about Taconova Group AG can be found here.

2. Types of data processed, categories of data subjects 

2.1 Nature of data processed
Application documents and documents within the scope of correspondence, in particular: 
  • Your master data (such as first name, last name, name affixes, nationality)
  • Contact details (such as home address, (mobile) phone number, e-mail address)
  • Driving license
  • Residence permit data 
  • Data on the content of former/current employment relationships, e.g. work tasks, performance data, positions filled. (This data may be derived from your cover letter/resume/attached job references)
  • In addition, we collect and process various other details in the case of applications, such as earliest entry date, regional mobility, desired number of hours and duration of employment, desired salary, previous employment, additional qualifications, references or information about how you became aware of the position
  • Other voluntary information such as data on non-professional interests: Hobbies, voluntary work
  • Other data that you voluntarily provide to us in the application process by uploading it or otherwise providing it to us, such as in your cover letter, resume or credentials, passport photograph 
2.2  Categories of data subjects  
  •  Visitors and users of the Website 
  • Applicants
  • Issuers of diplomas, certificates, attestations
  • Referrers
  • Other communication partners
(Hereinafter, we also refer to the data subjects collectively as "Users").

3. Purpose of processing, legal basis

We use your personal data:
  • to contact you; and
  • to assess the initiation and establishment of employment relationships. 
The processing of your personal data for the purpose above does not require your consent as it is necessary to fulfil pre-contractual and contractual obligations pursuant to Art. 6(1)(b) of the GDPR.  
Furthermore, we may process personal data about you to the extent necessary to defend asserted legal claims against us arising from the application process. The legal basis is the legitimate interest, for example a duty of proof in (threatened) proceedings pursuant to Art. 6(1)(f) of the GDPR.
Should we rely on consent to process your personal data for the above-mentioned purposes or for any further purposes, the legal basis for the processing will be Art. 6(1)(a) of the GDPR.

4. Data recipients 

We provide access to your personal data to those persons who need it to fulfill our contractual and legal obligations or to protect legitimate interests. 
Furthermore, service providers and vicarious agents engaged by us may receive data for these purposes. We may only pass on information about you if this is required by law, you have consented, we are legally authorized to provide information or to pass it on and/or order processors commissioned by us equally ensure compliance with confidentiality and the requirements of data protection.
Your personal data may also be communicated to companies of the group to which we are part of (controlling, controlled, affiliated companies), our employees and/or collaborators and employees and/or collaborators of the companies of the group.

5. Storage period  

We process and store your personal data as long as it is necessary for pursuing the purposes indicated above. We delete your personal data as soon as they are no longer required for the above purposes. In this context, personal data may be retained for the period during which claims can be asserted against our company (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to retain data arise in particular from commercial, tax and social security regulations. Operational data containing personal data (e.g. system protocols, logs) are automatically deleted 90 days after creation. Applicants’ data is deleted no later than 12 months after your application, unless you consent to longer storage. 

6. Automated decision making, profiling  

For the initiation and establishment of employment relationships, we generally do not use fully automated decision findings in accordance with Article 22 GDPR. We may use Pinpoint's technology to help us select suitable candidates to consider based on the criteria we set. The process of finding suitable candidates is automatic. However, the decision on who we hire to fill the vacancy is made by our team.

Profiling does not take place.


B. Data processing by third parties

7. Pinpoint 

(1) Pinpoint is a cloud-based application workflow solution that helps us manage job listings, review and evaluate application files, and communicate with applicants.

(2) Third Party Provider is Pinpoint

(3) There is a data processing agreement with Pinpoint according to Art. 9 DSG (Swiss Data Protection Act) and Art. 28 GDPR. The privacy policy of Pinpoint can be found here: privacy-policy. The Cookie Policy can be found here: cookie-policy.

(4) The data we collect from you and process using the Pinpoint Services will be transferred to and stored at one of several data center locations in Amsterdam (Netherlands) and may be synchronized with one of several data center locations in London (United Kingdom) for backup and redundancy purposes. By submitting your personal data, you declare to be aware of this transfer, storage and processing. The transfer of your personal data to the United Kingdom will be made on the basis of the European Commission's Adequacy Decision.


C. Rights of data subjects

8. Your rights 

a) Rights according to Art. 15 et seq. of the GDPR
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If this is the case, he or she has a right to information about this personal data and to the information listed in detail in Art. 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Art. 16 of the GDPR, the right to restriction of processing under Art. 18 of the GDPR and the right to erasure ("right to be forgotten") under Art. 17 of the GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machine-readable format (right to data portability) according to Art. 20 of the GDPR, provided that the processing is carried out with the help of automated processes and is based on consent according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR or on the condition laid down by Art. 6(1)(b) of the GDPR.

b) Revocation of consent pursuant to Art. 7 (3) GDPR
If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

c) Right of appeal
You have the possibility to contact us or a competent data protection supervisory authority with a complaint (Art. 77 of the GDPR). If you are an Italian resident, the competent authority is “Garante per la protezione dei dati personali”. Here you can find the link to the procedure to follow and the complaint form to fill in. 

d) Right of objection according to Art. 21 of the GDPR
In addition to the aforementioned rights, you have the right to object as follows:
  • Right to object on a case-by-case basis
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(f) of the GDPR (data processing on the basis of a legitimate interest); this also applies to a profiling based on this provision within the meaning of Arti. 4 (4) of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

  • Right to object to processing of data for advertising purposes
    In individual cases and subject to your consent, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.


D. Final provisions

9. Security 

(1) We have taken technical and organizational security measures in accordance with Art. 24, 32 GDPR (in Switzerland: Art. 8 DSG) to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are bound by obligation to comply with the requirements under the GDPR and to handle personal data confidentially.

(2) SSL or TLS encryption: This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Changes to our privacy policy 

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Please therefore note the current version of our data protection declaration.