Privacy Policy

Paideia Group S.r.L., with registered office at Via Antonio Dugnani, 1 – 20144 – Milan (MI), VAT No. 09844580960, as Data Controller (hereinafter, the “Controller”), informs you pursuant to Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter, the “Privacy Code”) and Articles 13 and 14 of EU Regulation 2016/679 (hereinafter, the “GDPR”) that your data will be processed according to principles of fairness, lawfulness, and transparency, in compliance with the purposes and methods described below, collecting only the necessary and accurate data for processing.

The contact details of the Data Protection Officer (DPO) are as follows: dpo@professionalrecruitment.it, to whom you may write to exercise the rights provided for under Articles 15 et seq. of the GDPR.

1. Purpose of Processing

This privacy notice provides detailed information about the protection of your personal data as processed by the Controller during your navigation on this website.

Please note that this Privacy Policy refers exclusively to this website https://professionalrecruitment.it/ (hereinafter referred to as the “site”) and does not apply to other websites you may visit through links from this site.

Further information may be provided, if necessary, at the time of requesting a specific service.

2. Types of Data Collected

We collect and process the following categories of personal data concerning you:

1. Data provided voluntarily: through specific sections of the website (e.g., “Contact” forms) you may voluntarily provide personal data such as:

  • identifying and personal data (e.g., first name, last name, tax code);
  • contact information (e.g., email address and phone number). This information may also be provided through emails you send to the addresses indicated on this site;
  • any other personal data you provide directly (e.g., information entered in the notes/comments fields of forms);
  • data related to your professional career and CV in response to a job posting published by us on the site. For more information on the processing of data related to the recruitment process, please refer to the Personal Data Processing Notice and Consent published below.

2. Browsing Data: The IT systems and software procedures used to browse this website acquire, during their normal operation, some identifying data whose transmission is implicit in the use of Internet communication protocols. These are information that is not collected to be associated with identified individuals, but which, by their nature, could, through processing and association with data held by third parties, allow the identification of users.

The category of data includes IP addresses or domain names of the computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. Data collected in this way may be used to determine liability in case of potential cybercrimes against the site.

3. Data collected using cookies or similar technologies: for more information about the types of cookies used and how to disable them, please refer to the Cookie Policy published on the site.

3. Purpose of processing and legal basis

Except for browsing data, which are necessary to carry out IT and telecommunication protocols, we process your personal data in order to:

  • allow you to request information;
  • allow you to submit your CV through the “Job Announcements” form;
  • perform the requested service or activity.

For processing data for these purposes, your consent is not required, as the legal basis is the execution of contractual or pre-contractual measures at your request (Art. 6, para. 1, letter b GDPR).

We may also process your data to:

  • comply with legal obligations, regulations, and orders of the Authorities (e.g., prescriptions imposed by national and EU laws as well as provisions from supervisory bodies, including for the purpose of determining liability in case of hypothetical cybercrimes against the site).

Even in this case, your consent is not required because we process your data to fulfill legal obligations (Art. 6, para. 1, letter c GDPR).

Moreover, your data may be processed to:

  • collect statistical information about site usage (most visited pages, number of visitors by time of day, geographic areas of origin, etc.) and improve usability for users.

The legal basis in this case is the legitimate interest of the Controller to ensure a service that meets your expectations (Art. 6, para. 1, letter f GDPR).

Finally, your data may be processed to:

  • send you – including via email, SMS, and MMS – advertising materials, newsletters, and communications with informational and/or promotional content regarding products or services provided and/or promoted by the Controller, unless you object via the unsubscribe links included at the bottom of our communications. We may use both traditional tools (postal mail, telephone operators) and automated tools (email, SMS, MMS, fax, unattended calls); any refusal to process personal data via automated means will also apply to all contact methods, unless otherwise specified by you, and you can object partially (e.g., limited to SMS only).

In this case, your explicit consent is required pursuant to Art. 6, para. 1, letter a GDPR. Consent is free and optional and may be revoked at any time.

4. Methods of processing

Your personal data are processed using the operations indicated in Art. 4, no. 2 GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are processed both on paper and electronically and/or automatically.

5. Access to data and communication

Your data may be accessible for the purposes outlined in point 3 to:

  • employees and collaborators of the Controller in their capacity as authorized personnel and/or system administrators;
  • third-party companies or other entities (e.g., ICT companies, website providers, consultants, etc.) performing outsourced activities on behalf of the Controller, in their capacity as external data processors or independent Controllers.

The Controller may also communicate your data for the purposes above to:

  • Supervisory bodies, judicial authorities, police authorities, public entities, and all subjects to whom communication is legally required to fulfill the above purposes. These entities will process the data as independent Controllers.

For Direct Marketing purposes, the Controller – only with your consent – may communicate your personal data to third-party companies such as marketing and promotional companies, commercial partners, and event organizers, who will process the data as external data processors.

Your data will not be disseminated publicly.

6. Retention period

Data collected by the site during its operation are kept only for the time strictly necessary to carry out the specified activities. Upon expiration, data will be deleted or anonymized, unless there are further purposes for retention, e.g., for security reasons in case of abuse. In such cases, the Controller will retain personal data for the time necessary to fulfill legal obligations and/or to assert and/or defend a right in the appropriate forums. Data retained for Direct Marketing purposes will be kept for 2 years from registration.

7. Data transfer

Personal data may be transferred outside the European Union. Data transfer to non-EEA countries will comply with applicable legal provisions:

  • for international transfers of personal data from the European Economic Area (EEA) to a non-EEA country, the transfer can occur if the European Commission has recognized that the non-EEA country provides an adequate level of data protection; in this case, your personal data may be transferred on this basis;
  • for transfers to non-EEA countries without an adequacy decision by the European Commission, we may rely on a derogation applicable to the specific situation and/or adopt the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.

8. Nature of data provision

Providing data for the purposes described above is mandatory for all legal and contractual obligations, and refusal to provide them, in whole or in part, may make it impossible for the Controller to execute the service. For Direct Marketing processing, failure to provide data will prevent the user from receiving communications, invitations, promotions, or offers, while still allowing the use of contractual or requested services.

Regarding the consequences of not accepting and/or removing cookies, please refer to the details specified in the Cookie Policy.

9. Data subject rights and how to exercise them

You are informed that, at any time and where applicable, you may exercise your rights under Articles 15 et seq. of the GDPR:

  • obtain confirmation of the existence or non-existence of personal data concerning you and a copy of such data in an intelligible form;
  • obtain the updating, correction, or completion of your data;
  • request the deletion of your data, within the limits allowed by law;
  • object, in whole or in part, to the processing of your personal data;
  • restrict processing in the case of violations, requests for correction, or objection;
  • request the portability of data processed electronically, provided based on consent or contract;
  • withdraw consent to the processing of your personal data, where applicable;
  • in relation to fully automated profiling, request human intervention from the Controller to express your opinion and contest the decision.

If you deem it appropriate, you may also lodge a complaint with the Italian Data Protection Authority.

To exercise your rights, you may contact the Data Controller at the following email address: privacy@professionalrecruitment.it.

You may also contact the Data Protection Officer (DPO) at: dpo@professionalrecruitment.it.

Information and consent for the processing of personal data (Privacy Code – Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 – EU Regulation 679/2016 on personal data processing – Articles 13 and 14)

Paideia Group S.r.L., owner of Professional Recruitment, with registered office at Via Antonio Dugnani 1, 20144, Milan, tel. +39 02 39669392, email candidati@professionalrecruitment.it, as Data Controller (the “Controller”), provides, pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR), information on the purposes, methods, and scope of communication and dissemination of personal data provided by candidates during interviews, when submitting applications via third-party websites and social networks, via email, or through spontaneous submission of their curriculum vitae (the “CV”).

The contact details of the Data Protection Officer (DPO) are: dpo@professionalrecruitment.it, to whom you may write to exercise your rights under Articles 15 et seq. of the GDPR.

1. Purpose of processing

As Data Controller, we collect, record, consult, and generally process the personal data contained in your CV for purposes related to personnel search, selection, and recruitment, and to propose future professional opportunities.

Specifically, we will use your data for:

  • personnel search and selection on behalf of our clients;
  • creation of a database functional to achieving this purpose;
  • establishing, exercising, or defending our rights in court.

2. Types of data collected

The personal data processed for the purposes outlined above include, by way of example:

  • name, date and place of birth, contact details, qualifications (education, training courses, internships), documents proving your identity and right to work, and any other data listed on your CV;
  • if you contact us directly, we may keep a record of correspondence in some cases;
  • feedback about you provided by our staff or third parties;
  • if responding to a job posting on our website, we may also collect data regarding your online navigation limited to our website (e.g., IP address, browser, timestamp, location, national traffic data, geolocation data);
  • details regarding disabilities and workplace accommodations you require.

In some cases, we may also collect, if strictly necessary for selection purposes:

  • your special categories of data under Art. 9 GDPR, which reveal health status (e.g., membership in protected categories under Law 68/99, any disability, and workplace accommodations required).

Please do not include other special data in your CV (religious or philosophical beliefs, political opinions, party or union membership, sexual orientation), which will be deleted if not strictly necessary for our personnel search and selection purposes.

3. Legal basis for processing

Processing data for purposes under points 1a) and 1b) is necessary for carrying out the selection process and, in general, for executing pre-contractual measures related to managing your professional relationship with us, pursuant to Art. 6, para. 1, letter b) GDPR.

Processing data for the purpose in point 1c) is necessary to pursue our legitimate interest, pursuant to Art. 6, para. 1, letter f) GDPR.

Regarding special categories of data revealing health status strictly necessary for selection, as indicated above, these may be processed without prior consent because processing is required to fulfill obligations or perform specific tasks under EU legislation, laws, regulations, or collective agreements, and to exercise specific rights of the Controller or data subject under labor, social security, and social protection law, pursuant to Art. 9, para. 2, letter b) GDPR. Reference is also made to the Italian Data Protection Authority’s General Authorization 1/2016, where compatible with the GDPR.

4. Methods of collection

Your data are collected through the following methods:

  • via email;
  • at our office;
  • through our website or third parties, including social networks.

Additional personal data may be collected during interviews using a specific evaluation form, which will be stored together with CVs under the same retention periods.

  • When the CV is submitted in response to a personnel search and selection advertisement published by us: in this case, only applications meeting the requirements for an evaluation interview will be considered.
  • When the CV is submitted following a spontaneous application: if the application is not of interest, the submitted CV will be immediately destroyed. Conversely, if we are interested, the office responsible for evaluating applications will provide appropriate information at the first opportunity when contacting the candidate.

Once your application is received, whether spontaneous or in response to an advertisement, your personal data may be entered by authorized personnel into our archives, both in paper and electronic formats.

5. Retention period

We will retain your personal data (CV and evaluation forms) for a period of 36 months from the last collection/update of data.

With your consent, we may retain your data (CV and evaluation forms) for up to 60 months in order to increase placement opportunities, since having the CVs and evaluation forms from previous interviews allows us to identify suitable candidates more quickly, ensuring greater efficiency in the selection process if another position becomes available.

Failure to provide this consent will have no impact on the outcome of the selection or future opportunities but will reduce the retention period of your data and CV to 36 months.

6. Obligation to provide data and consent

Providing data is voluntary, and it is up to the candidate whether to submit their CV. As for any additional data subsequently requested by the Controller, failure to provide them will make it impossible to verify eligibility for the selection process.

7. Methods of processing

Processing of personal data collected as described above will be carried out using both manual and electronic methods, ensuring maximum security to protect the rights and freedoms of the data subject. In particular, no processing will consist of automated decision-making based on the data.

8. Communication and dissemination of personal data

The Controller – without requiring your consent – may communicate your personal data to various categories of recipients, such as:

  • authorized personnel involved in evaluating and selecting applications;
  • external parties explicitly appointed as data processors (e.g., companies or individuals used by the Controller for website maintenance and management, data archiving activities);
  • judicial authorities, as well as other parties to whom communication is legally required. These parties will act as independent Controllers;
  • companies or professional firms, potential employers, acting as independent Controllers to allow them to evaluate you for possible job positions;
  • commercial partners acting as independent Controllers in the personnel search and selection process.

Collected data will not be publicly disseminated.

9. Transfer of personal data outside the EEA

Personal data may be transferred outside the European Union. Any transfer to non-EEA countries will comply with applicable legal provisions:

  • for international transfers of personal data from the European Economic Area (EEA) to a non-EEA country, the transfer may occur if the European Commission has recognized that the non-EEA country provides an adequate level of data protection; in this case, your personal data may be transferred on this basis;
  • for transfers to non-EEA countries without an adequacy decision by the European Commission, we may rely on a specific derogation and/or adopt the standard contractual clauses provided by the European Commission for transfers of personal data outside the EU.

10. Your rights and how to exercise them

You are informed that, at any time and where applicable, you may exercise your rights under Articles 15 et seq. of the GDPR:

  • obtain confirmation of the existence or non-existence of personal data concerning you and a copy in an intelligible form;
  • obtain updating, correction, or completion of your data;
  • request deletion of your data, within the limits allowed by law;
  • object, in whole or in part, to the processing of your personal data;
  • restrict processing in case of violations, requests for correction, or objection;
  • request portability of data processed electronically, provided based on consent or contract;
  • withdraw consent to the processing of your data, where applicable;
  • in relation to fully automated profiling, request human intervention from the Controller to express your opinion and contest the decision.

If you deem it appropriate, you may lodge a complaint with the Italian Data Protection Authority.

To exercise your rights, you may contact the Data Controller at: privacy@professionalrecruitment.it.

You may also contact the Data Protection Officer (DPO) at: dpo@professionalrecruitment.it.