Candidates Information

Policy for the Processing of Personal Data in accordance with Art. 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter "GDPR")

This information is provided by Pirate Rocket S.r.l. (VAT number 02644170033) and by Finanth S.r.l. (VAT number 13191250961), with legal address in Milan at Via Giovanni Battista Sammartini, 33, as Joint Controllers (hereinafter the "Joint Controllers") of the processing of personal data (hereinafter the "Processing").

a) The Processing in which you are listed as a "Data Subject" shall be carried out for the following purposes:

  • the management of the candidature and the performance of personnel search and selection activities carried out by the Joint Controllers on their own behalf, for group companies or on behalf of clients, on the basis of Article 6.1 (b), of the GDPR;
  • the management of future applications or search and selection activities, on the basis of article 6.1 (b) of the GDPR, i.e. the legitimate interest of the Joint Controllers to process the data in relation to their own activity.

Category of data processed Data types
Identification data Name, surname, residence/address, e-mail address, telephone number, tax code, e-mail, CV, photo, current salary
Special data Be part of the so-called protected categories under Law 68/99

b)The provision of data, including special categories of data within the limits indicated above, in accordance with current legislation on the protection of personal data, must be considered necessary in order to allow the Joint Controller to fulfil the requirements of knowledge and assessment of candidates in the context of the search and selection of personnel as well as obligations imposed by law, rules and regulations. Failure to provide such data may result in the impossibility of carrying out the personnel search and selection process and the impossibility of establishing an employment relationship.

c) the Joint Controllers may communicate personal data to the following parties:

Category of recipients Purpose
Data controllers, persons authorised to process data Search and selection on own account or on behalf of clients
Clients of the Joint Controllers Search and selection on behalf of Clients

d) the period of conservation of personal data is as follows:

  • for the management of applications and the performance of personnel search and selection activities by the Joint Controllers or by the Clients, the data will be kept for the period necessary for recruitment;
  • for the management of future applications or search and selection activities, the data shall be kept for a period of 10 (ten) years, in compliance with the reasonable expectations of the data subjects.

e) personal data is stored in computer files located both inside and outside the European Union, if this is decisive for the achievement of the purposes set out in point (a). In the latter case, the Joint Controllers shall ensure that personal data is treated with the utmost confidentiality by undertakings outside the European Union in compliance with the adequacy decisions of the European Commission, or, if necessary, by concluding agreements ensuring an adequate level of protection;

f) personal data shall be processed in paper form, as well as by digital and telematic means of communication, without involving automated decision-making;

g) personal data shall not be disclosed to third parties not authorised to process them;

h) the Joint Controllers, in compliance with art. 32 of the GDPR, provide themselves with the appropriate security measures in relation to the Processing carried out, so as to guarantee the confidentiality, integrity and availability of the personal data, and requires the parties to whom such data is communicated to adopt the appropriate security measures in turn;

i) Data Subjects affected by the Processing, in accordance with art. 15 et seq. of the GDPR, are entitled to exercise the following rights:

  • right to be informed that data processing is in progress concerning him/her and, if so, to have access to the personal data processed;
  • right to rectification of personal data;
  • right to erasure (right to be forgotten) of personal data concerning him/her;
  • right to the restriction of the processing of personal data concerning him/her;
  • right to data portability to receive, or have transmitted to another Controller, personal data concerning him/her in a structured, commonly used and machine-readable format;
  • right to object to the processing of personal data;
  • right to lodge a complaint with the competent authorities about a personal data processing breach.

Requests for the exercise of rights before the Joint Controllers, as well as any request relating to the Processing, may be made by e-mail to: [email protected]
The Data Subject may also, at any time, contact the DPO by sending an e-mail to the following address: [email protected]