Thank you for your interest in Ferrari S.p.A. and/or in one of its subsidiary as indicated below (jointly “Companies”, “we”, “our”, “us”). This Privacy Notice will explain our practices in connection with the collection, use, and sharing of your personal data through your application process with the Companies. 

1. DATA CONTROLLERS AND DATA PROTECTION OFFICER
The companies listed below act as the data controller of your personal data, depending on the job position for which your application is considered:
- Ferrari S.p.A., with registered office in Via Emilia Est, n. 1163, Modena, Italy.
- Ferrari N.V. with registered office at Slough UK Branch - 275 Leigh Road, Slough SL1 4HF, United Kingdom.
- 410 Park Display Inc. with registered office at Englewood Cliffs, 250 Sylvan Avenue, New Jersey, United States of America.
- Ferrari Australasia Pty Limited with registered office at Sydney, Suite 12, Level 12 37 Bligh Street, Australia.
- Ferrari Central Europe GmbH with registered office at Stielstraße 3b, 65201 Wiesbaden, Germany.
- Ferrari Far East PTE LTD. with registered office at Singapore, 38 Beach Road #29-11 South Beach Tower, Singapore.
- Ferrari Japan KK with registered office at Roppongi Hills Mori Tower 37F, 6-10-1 Roppongi, Minato-ku, Tokyo, Japan.
- Ferrari North America Inc. with registered office at Englewood Cliffs 250 Sylvan Avenue, New Jersey, United States of America.
- Ferrari South West Europe S.A.R.L. with registered office at Levallois-Perret 49, Avenue Georges Pompidou, France.
- Ferrari Cars International Trading (Shanghai) Co. Ltd. with registered office at Shanghai, Room 202 Building A - 459, Fu Te Xi Yi Road, Mainland China.
- Ferrari (HK) Limited, with registered office at Suite 3002, 30/F, Prosperity Tower, 39 Queen’s Road Central, Hong Kong.
- Ferrari Middle East & Africa B with registered office at Office No. 3602 - Tower A - 36th fl Business Central Towers, Dubai, United Arab Emirates.
- Mugello Circuit S.p.A., with registered office at via Senni, 15, 50038 Scarperia e San Piero (FI), Italy.

You can contact Ferrari Group Data Protection Officer at the email address e-mail privacy2@ferrari.com.

2. COLLECTION OF PERSONAL DATA
Through your application process with the Companies, we collect personal data from you for a variety of purposes. We collect personal data from you directly, from third party sources (e.g. companies aimed at facilitating the entry of workers into the job market, etc.), and automatically as you use “Careers” section on our website.

(A)  Information Collected Directly From You

As an applicant, we collect the following personal data from you: 

• Personal Identifiers. Name, email address, date of birth. 
• Professional or Employment information. Resume/CV, certifications, qualifications, employment history, and educational history, including your university, degree, major, and graduation date. 
• Protected Classifications. Unless the recruitment process is dedicated to protected categories of workers, to participate it is not necessary to provide special categories of personal data (e.g. data relating to your health, sexual orientation or political or trade union opinions). We therefore ask you not to provide such data, except where deemed necessary for a better assessment of your position or, in case of disability, to obtain suitable support during the recruitment process.
• Visual Information. This includes video of you if you opt to submit your video Resume/CV.
• Inferences. This includes any information drawn from any of the above categories to create a profile about an applicant reflecting the applicant’s characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

If we make you a conditional offer of employment, we will ask for additional personal data so that we can carry out our pre-employment checks. This personal data includes: 

• Personal Identifiers. Your Social Security number, driver’s license number, and passport number.

(B) Information Collected From Third Party Sources

Subject to legal requirements, we may use a third-party vendor to conduct a background check on you during the application process. In doing so, we collect the following personal data from our background check vendor:

• Personal Identifiers. Your name, physical address, telephone number, and Social Security number. 
• Professional or Employment Information. Your employment and educational history.

For specific job tasks, we may also use a third-party vendor to conduct drug-screening during the application process. In doing so, we will collect the following personal data from our drug-screening vendor:

• Personal Identifiers. Your name and surname.
• Medical and Health Information. Your drug testing paperwork and results, only in terms of your suitability to work.
   

(C) Information Collected Automatically 

When you apply for employment through our careers website, we automatically collect internet or other electronic network activity information via cookies. These cookies collect data regarding your interaction with our careers website, your usage and browsing history, IP address, and device information. We use this data to prevent fraudulent use of the careers website, to enable the careers website to function properly, to provide enhanced functionality, diagnose server errors, and in cases of abuse, mitigate and track the abuse. We also use cookies to conduct analytics and to provide you with internet-based advertising. To disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. For more information on the cookies we use on the careers website, and how to opt-out, please review our Cookie policy. 

3. HOW WE USE YOUR PERSONAL DATA

As an applicant, we use your personal data for a variety of purposes. These purposes include:

• To process, manage, and review your application.
• To recruit applicants for positions. 
• To communicate with you about your application or to respond to any questions you may have. 
• To conduct reference and background checks.
• To assess your suitability for the position for which you have applied.
• To monitor compliance with equal opportunities and non-discrimination policies, where permitted by applicable law, in particular by Italian laws no. 903/1977 and no. 125/1991.
• To assess your working capacity. 
• To conduct pre-employment screening. 
• To comply with the law, to pursue legal rights, defend litigation, or comply with requests from law enforcement or regulatory authorities.

The legal basis we rely on for processing your personal data is Article (6)(1)(b) of the General Data Protection Regulation (“GDPR”), which relates to processing necessary to perform a contract and to take steps at your request, before entering a contract, Article (6)(1)(c) that is the need to comply with a legal obligation applicable to us, as well as Article (6)(1)(f) that is our legitimate interest. The legal basis we rely on to process any information you provide as part of your application, which is special category data, such as health, religious, or ethnic information, is Article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights, and Article 9(2)(h) for assessing your work capacity as an employee as well as the General Authorization no. 1/2016 on the processing of special category data within employment relationships, issued by the Italian Supervisory Authority.

3.1 Automated decision-making (if applicable)

In order to evaluate the candidates, depending on the specific job role, Ferrari may use an automated decision-making (hereinafter “Screening System). 
The Screening System:

i. is aimed to value the relevant applications for specific vacant job position available or jobs you possibly selected from those available on the website;
ii. is never based on special categories of personal data and Ferrari makes efforts to ensure any automated decision-making is non-discriminatory;
iii. will process the personal data you have provided directly to Ferrari during the creation of your job profile.

At any time, you can access, review, correct, update or delete your personal data or your job profile.

In case Screening Systems applies, you have the right to insist on human intervention in the recruitment process, express your point of view or contest the decision. However, you have the right not to be subject to automated decision-making and you can request to stop the processing of personal data via the Screening Systems. Ferrari has implemented systems that audit algorithms and regular reviews of the accuracy and relevance of Screening System.

The Screening System uses an algorithm that allows Ferrari to:

- scans and filter the CV in order to obtain a shortlist of candidates;
- evaluate the online assessment (interview with the chatbot and answer given on the online test, video interview of the applicants).

During the recruitment procedure, a score will be assigned to the applicants; such score may change, in real time, and that will permit the final value of professional profile of the applicants.

If you have any questions about the screening system, the logic involved and/or the result of the screening system, please email us at privacy2@ferrari.com.

4. HOW WE SHARE YOUR PERSONAL DATA

General Sharing

From time to time, the Company may need to make your personal data identified in this Privacy Notice available within the Company, to our service providers, or other third parties. These instances include:

To Validate Your Applicant Information. Subject to legal requirements, we may use external providers to process, and/or validate your personal data. You will also be asked to provide equal opportunities information. This is not mandatory. If you do not provide this data, it will not affect your application.  Any personal data you provide will be used to produce and monitor equal opportunities statistics. The legal basis for this is that the processing is necessary to perform a contract or to take steps at your request, before entering a contract.

With Ferrari Group Companies. Your personal data collected may be used by all Companies depending on the job position for which your application is considered. No other Company will receive your personal data to the extent that it is not involved in the recruitment process. In this regard, we inform you that Ferrari S.p.A. provides the online platform dedicated to job applications through a third party company with which it has concluded contractual agreements. The legal basis for this is given by the fact that the processing is necessary for the execution of a contract or for the performance of activities at your request, before the conclusion of a contract.

With Third-Party Service Providers. We share personal data with our service providers that assist us in managing our application process. These service providers include our background screening provider, our drug-screening, and our application software provider. The legal basis for this is our legitimate interest in assessing your work capacity and our legitimate interest in offering the application process efficiently. 

During a Corporate Reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share your personal data. The legal basis for this is our legitimate interest in carrying out our business operations.   

For Legal Purposes. We may need to disclose your personal data to third parties, such as legal advisors, law enforcement agencies, or governmental/regulatory bodies in order to protect our legal interests and other rights, protect against fraud or other illegal activities, for risk management purposes, and to comply with our legal obligations. The legal basis for this processing is compliance with a legal obligation applicable to us and our legitimate interest in compliance with other laws applicable to the Company. 

Sharing In The Past Twelve (12) Months 

For a Business Purpose. To the extent the California Consumer Privacy Act (“CCPA”) applies to the processing of your personal data, we inform you that in the preceding twelve (12) months, the Company has disclosed the following categories of personal data for a business purpose to the following categories of third parties:

• We have disclosed your personal identifiers, protected classifications, and professional or employment related information, to our service providers that help us perform application-related services and functions. These service providers include our application software provider, background screening provider, and our drug screening provider. 
• We have disclosed your internet or other network activity information collected by cookies to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair career website errors. 

For Sale. To the extent the CCPA applies to the processing of your personal data, we inform you that, under the CCPA, certain disclosures we engage in are considered a sale. In the preceding twelve (12) months, we have disclosed your internet or other electronic network activity information collected via cookies to data analytics providers and ad networks. You may opt-out of these cookies by following the instructions in our Cookie-policy.

5. PERSONAL DATA TRANSFER OUTSIDE OF THE EUROPEAN ECONOMIC AREA 

Within its contractual relations, your personal data may be transferred to countries outside of the European Economic Area (“EEA”). Personal data processing are bound to the purposes of the processing and are carried out according to applicable data protection law. In case personal data is transferred outside of the EEA, the Companies will use appropriate contractual measures to guarantee an adequate protection of the personal data including – among the others – agreements based on the standard contractual clauses adopted by the EU Commission to rule the transfer of personal data outside of the EEA.

6. DATA RETENTION

Your personal data will be retained by the Companies for three (3) years. 

Personal data may be retained for a longer period in order to comply with the provisions of the law, to meet any specific requests from the public authority and in relation to any needs related to the exercise of the Companies’ right of defense in the event of disputes.

7. RIGHTS OF INDIVIDUAL UNDER THE GDPR

You have the following rights with respect to your personal data: 

• Right to Access. You have the right to ask the Company for copies of your personal data. This right has some exceptions, which means you may not always receive all personal data we process.
• Right to Rectification. You have the right to ask the Company to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Right to Erasure. You have the right to ask the Company to erase your personal data in certain circumstances.
• Right to Restrict Processing. You have the right to ask the Company to restrict the processing of your personal data in certain circumstances. 
• Right to Object to Processing. If you have legitimate reasons, You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal data. 
• Right to Data Portability. You have the right to ask that we transfer the personal data you gave us from one organization to another, or give it to you in a structured, ordinarily used, and readable format. 
• Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority based in the country in which Companies have their legal seat. 

To exercise your rights, you may submit a request in writing to the above indicated Companies and/or by email at privacy2@ferrari.com. 

8. RIGHTS OF INDIVIDUALS UNDER THE CCPA

To the extent the CCPA applies to the processing of your personal data you would be entitled to the following rights:

• Right to Access. You have the right to request what personal data the Companies has collected, used, disclosed, and sold about you within the preceding twelve (12) months. You may make a request for access twice within a twelve (12) month period.
• Right to Deletion. You have the right to request the deletion of your personal data that the Companies collects or maintains, subject to certain exceptions. 
• Right to Opt-Out. You have the right to opt-out of the sale of your personal data to third parties. The Companies do not have actual knowledge that they sell personal data of minors under the age of sixteen (16) years. 
• Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA. 

To exercise your right to access or delete your personal data, you may submit a verifiable consumer request by email at privacy2@ferrari.com or by telephone at 1-877-933-7727. To opt-out of the sale of your personal data via cookies, please follow the instructions in our Cookie policy.

For requests submitted via telephone or email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal data and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal data. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.

9. INFORMATION SECURITY

To protect your personal data from unauthorized access, destruction, use, modification, or disclosure, we have implemented technical, administrative, and physical security measures. These security measures include encryption, access controls, and anti-virus and anti-malware protection. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal data we have collected from you.

10. DO NOT TRACK

We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your browser. 

11. CHANGES TO THIS PRIVACY NOTICE

We may change this Privacy Notice from time to time. We will post the changes to the “Careers” section of our webiste. We encourage you to review our Privacy Notice to stay informed. This Privacy Notice was last updated on March 18, 2022.

12. CONTATTI

If you have any questions about this Privacy Notice, please contact us at privacy2@ferrari.com.