EDiM / Privacy policy for recruitment

Privacy policy for candidates

1 august 2023

Privacy policy for candidates

In accordance with EU Data Protection Regulation no. 679/2016 (“GDPR”), EDiM S.p.A. (hereinafter, the “Company” or the “Data Controller“), which is part of the Bosch group of companies (hereinafter, the “Bosch Group“), as Data Controller, wishes to provide you with information regarding the collection and consequent processing of your personal data carried out when managing your application.

1. Bosch respects your right to privacy

Respect for your right to privacy when processing personal data is a matter of great concern to us. We process personal data confidentially and only in accordance with the legal provisions in force.
Data protection and information security are an integral part of our company policy.

2. Data Controller

The Data Controller is EDiM S.p.A., with registered office in Villasanta (MB), Via Giuseppe Saragat no. 1.

3. Categories of data processed

By way of example, the following categories of personal data are processed:

  • Biographical data (e.g. name, date of birth, nationality, place of residence)
  • Documents (e.g. references, certificates, CVs)
  • Identifying images (e.g. photograph included in CV)
  • Information on education and training (e.g. data on school education, university, vocational qualification)
  • Communication data (e.g. e-mail address, mobile phone number)

The data processed could also include so-called “special categories of data”, as per Article 9 section 1 of the GDPR, such as data relating to health or religious beliefs or trade union membership.

4. Purposes of data processing and legal basis

We process your personal data in a manner that complies with the EU General Data Protection Regulation No. 679/2016 (GDPR), as well as applicable national data protection legislation as well as any other applicable domestic legislation.
Your personal data is processed for personnel recruitment purposes.
The primary legal basis for these purposes is Article 6 section 1.b of the GDPR.
The processing of special categories of personal data within the meaning of Article 9, section 1 of the GDPR in combination with specific national data protection legislation (e.g. data relating to health, religion, or trade union membership) is carried out in order to fulfil obligations and exercise specific rights in the field of labour and social security law and social protection, based on Article 9, section 2b of the GDPR in combination with specific national data protection legislation. In addition, it may be necessary to process your health-related data in order to assess your fitness for work on the basis of Article 9, section 2.h of the GDPR in combination with specific national data protection legislation.

5. Personal data collection

As a rule, your data are collected directly from you during the recruitment process, in particular through the documents you send to the Company (e.g. CVs, cover letters) and during interviews.

6. Recipients of your personal data

a. Within the Company
Only authorised persons and organisations (e.g. supervisors, HR, worker representatives) within the company may receive your personal data for the purposes listed above.

b. Other companies within the Bosch Group
The other companies in the Bosch Group are themselves data controllers. The above-mentioned persons involved in the recruitment process may belong to different Bosch Group companies.

c. Data Processors
Furthermore, we make use of service providers for the pursuit of the above-mentioned purposes. Insofar as these providers process personal data on our behalf, we have entered into contractual agreements with them, as required by the data protection legislation in force.
We have chosen these service providers carefully and monitor them regularly, especially with regard to the diligent handling and protection of the data they keep. All service providers are obliged to maintain confidentiality and comply with all legal requirements. These service providers may also be other Bosch Group companies.
You can request from the HR Department ufficio.personale@edim-it.com the list of all our contractors and service providers (with whom we have a contractual relationship in place) with regard to the data being processed.

7. Duration and retention periods

We will delete your personal data as soon as they are no longer necessary for the purposes for which they were collected or processed, as well as when the retention periods required under applicable national law have expired.
If you are not hired, we will delete your personal data 6 months after the recruitment process has been completed.

8. Security during data processing

Our employees, and companies providing services on our behalf, are obliged to maintain confidentiality and to comply with the applicable data protection legislation. We take all necessary technical and organisational measures to ensure an appropriate level of security and thus to protect your data that we administer, especially from the risk of unintentional or unlawful destruction, or unauthorised manipulation, loss, modification or disclosure or access. Our security measures are constantly being improved and updated in line with technological progress.

9. Rights of candidates

In order to assert your rights (provided for in Article 15 of the GDPR, and as below), please use the information in the section ‘Data Protection Officer contact details’. Please make sure that we can identify you unequivocally. If you want to report a breach of your privacy, you can use the following link:
For more information on the processing activities described in this document and to exercise the rights described above, please use the following link:

a. Right to be informed and right of access
You have the right to obtain confirmation from us as to whether or not we process your personal data and, if we do in fact process it, you have the right to access that personal data.

b. Right to correction and deletion
You have the right to have any inaccurate personal data corrected. Insofar as the legal requirements are fulfilled, you also have the right to have your data completed or deleted. This does not apply to data that are subject to a statutory retention period. If access to such data is not requested, however, the processing of such data is restricted (see next point).

c. Restriction of the processing
If the legal requirements are met and fulfilled, you may ask us to restrict the processing of your data.

d. Opposition to data processing based on the legal basis of ‘legitimate interest’
You have the right to object to the processing of your personal data at any time, insofar as such processing is based on legitimate interest. We will therefore cease the processing of your data, unless we are able to demonstrate compelling legitimate reasons based on legal requirements, which override your rights.

e. Revocation of consent
If you have consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of the data processing that took place prior to revocation is not in any case affected by the revocation.

f. Data portability
Insofar as the legal terms are complied with, you may request that the data you have provided to us be delivered to you in a structured, commonly used and machine-readable format or, if technically feasible, request that the data be passed on to third parties.

g. Right to know the identifying details of systems administrators
You may request to know the contact details of the administrators of the management systems and applications in which candidates’ personal data are stored.

h. Right to complain to the supervisory authority
You have the right to lodge a complaint with a supervisory authority. You may appeal to the supervisory authority, which is competent for your place or state of residence, or to the supervisory authority competent for us as a Group.

The competent supervisory authority for the Bosch Group is the “State Representative for Data Protection and Freedom of Information in Baden Wuerttemberg” / “Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Baden Wuerttemberg”.
Contact details of the supervisory authority:
Address of offices:
Koenigstraße 10a
70173 Stuttgart
Postal address:
Postfach 10 29 32
70025 Stuttgart
Tel: 0711/615541-0
Fax: 0711/615541-15
email: poststelle@lfdi.bwl.de
The competent supervisory authority for Italy is as follows:
Italian Data Protection Authority
Piazza Venezia no. 11
00187 – Rome
Fax: (+39) 06.69677.3785
Tel: (+39) 06.696771
email: garante@gpdp.it
Certified email: protocollo@pec.gpdp.it

10. Amendments to the data protection policy

We reserve the right to adapt our data security and protection measures. In such cases, we will amend our data protection policy accordingly. Please therefore refer to the current version of the policy published on the Company’s website in the “Work with us” section.

11. Data Protection Officer contact details

You may contact our Data Protection Officer (“DPO”) using the following contact details:
Data Protection Officer
Information Security and Privacy (C/ISP)
Robert Bosch GmbH
Postbox: 30 02 20
70442 Stuttgart
email: DPO@bosch.com
To assert your rights, please use the following link: https://request.privacy-bosch.com/.
If you believe that your rights have been breached, you may appeal to the competent authority in accordance with Art. 77 of the GDPR, without prejudice to the possibility of appealing directly to the courts. For any communication needs regarding the processing of your personal data, you may contact the Data Privacy Officer (DPO) at the following email address: DPO@bosch.com.