18.12.2025 | NHOA Energy achieves Great Place To Work Certification in Italy, the United States and Australia
Footer Menu Bar - Figma Specs
Technology Delivery Service Contact us
Contact us

APPLICANT PRIVACY POLICY

The following Privacy Policy – according to Article 13 of General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and   repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) – aims at informing how personal data of     applicants (hereinafter also referred as “you“) are processed.

 

NHOA ENERGY S.r.l. (hereinafter “NHOA” or we” or “Data Controller“) subject to the direction and coordination of NHOA S.A., with registered office in Milan, Piazzale Lodi, 3 – 20137, Tax Code and VAT No. 09315030966, is the Data Controller of the personal data the any applicant (“you“) sends for a specific job opening or in case of a spontaneous application. You can obtain more information about the data processing by contacting the Ethics & Compliance Officer at the following email address: privacy@nhoa.energy.



  1. PERSONAL DATA PROCESSED

 

NHOA processes the following personal data:

  • data provided during the recruiting process, such as: name, surname, e-mail, address, telephone number, data relating to your studies and professional experience indicated on the CV transmitted or subsequently communicated; 
  • interview notes;
  • sensitive information (“special categories of data“) that we collect consists only of the fact that you have a specific health or medical conditions, so that we can ensure that we comply with our legal obligations, such as those in relation to the hiring of individuals with disabilities (such as, equal opportunity employment laws).



  1. PURPOSES OF THE DATA PROCESSING AND LEGAL BASIS OF THE DATA PROCESSING

 

The following table summarizes the purposes of the processing carried out by NHOA and the corresponding legal basis.

 

Purpose

Legal basis

To evaluate your CV and put in place all interview activities and procedures to hire you.

Processing is necessary to take steps at your request prior to entering into a contract. The processing of these data is mandatory, therefore a failure to provide these data would prevent NHOA from evaluating your application.

To comply with NHOA’s duties and obligations under the applicable law (such as, equal opportunity employment laws). 

Processing is necessary to comply with a legal obligation to which NHOA is subject. The processing of these data is mandatory, therefore a failure to provide these data would prevent NHOA from evaluating your application.

In connection with legal claims relating to your application, compliance, regulatory, auditing and investigative processes (including disclosure of personal data in connection with legal process or litigation), and other ethics and compliance reporting requirements.

Processing is based on the legitimate interests pursued by NHOA to follow up legal claims, investigative processes and other ethics and compliance reporting requirements, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

Creation of a CV database with candidates that can fit future job openings at NHOA and contact them in relation to them.

Processing is based on the legitimate interests pursued by NHOA in creating a database of valuable candidates to be considered and contacted for future job openings.

Handling any corporate events (sale of the company or going concerns) or due diligence exercises.

Processing is based on the legitimate interests pursued by NHOA in managing corporate events.

 

  1. HOW WE PROCESS PERSONAL DATA

 

The data processing is carried out with information system and organizational and logical methods strictly related to indicated purposes and are implemented with all technical and procedural security measures to ensure the confidentiality, integrity, availability and resilience of data processing, in compliance with Article 32 of GDPR.

 

  1. HOW WE SHARE PERSONAL DATA

 

NHOA ENERGY could authorize internal or external parties to perform the processing of the personal data described above for the purposes therein. The internal parties are “people in charge of data processing” involved in the business organization like as Human Resources, Ethics & Compliance and Legal department, system administrator, member of Supervisory Board, etc. 

Moreover, NHOA ENERGY can disclose the personal data to these following categories of third parties:

  1. where requested, public authorities and entities;
  2. other companies of the NHOA’s group;
  3. service suppliers (e.g. accountant consultant, legal consultants);
  4. information technology suppliers (e.g. cloud and SaaS suppliers and the supplier of the online recruiting platform).

 

All these entities act as autonomous data controllers or have been authorised by the Data Controller where they act on its behalf (as data processors).

 

  1. DATA RETENTION

 

NHOA retains your personal data as long as necessary to perform the purpose for which the data are collected. Your data will be kept for the time strictly necessary to conduct the processing activities, also by taking into account legal obligations, legitimate interests and limitation periods.

In any case, data relating to unsuccessful candidates and spontaneous applicants shall be retained for a period of 36 months from the application. 

However, the data may be retained for a later period in the event of possible litigation, requests by the competent authorities or pursuant to applicable legislation.

At the end of the storage period, the data will be deleted, anonymised or aggregated in such a way that the user cannot be identified.

 

  1. WHERE WE PROCESS PERSONAL DATA 

 

NHOA also reserves the right to transfer your personal data to third countries. Transfers of data outside the European Economic Area are subject to a special regime under the GDPR, and will only be made to countries that ensure an adequate level of protection of personal data, on the basis of an adequacy decision by the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have effective rights of action and remedies.



  1. DATA SUBJECTS RIGHTS

 

The Data Controller shall provide you with the exercise of the following rights:

 

  1. confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data, as provided by Article 15 of the GDPR (Right to access);
  2. rectification of your inaccurate personal data or integration of incomplete personal data (Right to rectification);
  3. erasure of your personal data, in accordance with the reasons described in Article 17 of the GDPR (Right to erasure);
  4. restriction of processing, when one or more of the cases provided by Article 18 of the GDPR (Right to restriction);
  5. receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Right to data portability);
  6. object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Right to object).

 

To exercise your rights, you can send an email with the following subject “PRIVACY”, to privacy@nhoa.energy.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

The exercise the rights referred above can be delayed, limited or excluded if this could result in some limited circumstances. Such reasonable delay, limitation or exclusion must be communicated to the relevant data subject without undue delay, unless such communication might jeopardise the purpose of the limitation, for the time and within the limits in which this constitutes a necessary and proportionate measure, considering the fundamental rights and legitimate interests of the data subject. In such cases, the data subject’s rights may also be exercised through the Garante per la Protezione dei Dati Personali (namely, the Italian Data Protection Supervisory Authority) pursuant to Article 160 of the Personal Data Protection Code (namely, Legislative Decree no. 196/2003). In such cases, the Garante per la Protezione dei Dati Personali shall inform the data subject that the necessary checks or a specific review has been carried out, as well as of the data subject’s right to lodge a judicial remedy.

 

Without prejudice to any other administrative or judicial appeal, you shall also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement (as for Italy, the supervisory authority is Garante per la protezione dei dati personali – further information is available on the website http://www.garanteprivacy.it), if you consider that the processing concerning your data is done in violation of the GDPR. Further information about the supervisory authorities is available on the website https://edpb.europa.eu/about-edpb/about-edpb/members_en.

 

In any case, NHOA is interested in being informed of any grounds for complaint and invites you to use the above-mentioned contact channels before referring to a supervisory authority, so as to be able to prevent and resolve any disputes in a friendly and timely manner, with the utmost courtesy, seriousness and discretion.

 

UPDATE ON JANUARY 2024