Privacy

Last updated: July 2024

1. Introduction

Andrea Vincenzi, Tax Code VNCNDR93L16G388T VAT No. 02959810181, as data controller (hereinafter "Controller") provides, pursuant to Article 13 of European Regulation No. 2016/679, concerning the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR"), information relating to the processing of personal data of users of the Controller's website (hereinafter the "Site") in order to allow users to utilize the Personnel recruiting services offered by the Controller (hereinafter the "Services") to its clients and candidates hereinafter ("User/s").

The User's personal data is information capable of identifying them as a natural person ("Personal Data" or "Data").

Below we provide information about the type of Data that will be processed, the methods of processing, the purposes, and the retention periods of the same. We therefore advise you to carefully read this privacy policy (hereinafter "Policy").

This Website is not intended for minors, and therefore no data relating to minors is intentionally collected. If the User is a minor, parental or guardian supervision is required to use the services of this Website.

2. What data is collected?

The Personal Data we may collect from all Users of the Site and from Users interested in the Services include:

  • First and last name;
  • Gender;
  • Contact details (email address, mobile or home phone number, LinkedIn);
  • Curriculum Vitae (including data on the candidate's current professional role; educational, training and professional background, any certifications, academic qualifications and qualifications, references, profile photo, date of birth, domicile, etc.);
  • IP address.

3. How is your Data obtained and processed?

The Personal Data we process is obtained directly from Users interested in the Controller's Services:

  • through the contact area of the Site and/or:
  • via email and/or
  • via LinkedIn.

The Data will be processed by the Controller with confidentiality, adopting all available technical and organizational measures and the necessary levels of protection to ensure the security of Data processing. In this way, the Controller diligently commits to avoid any alteration, loss, theft, unauthorized processing or access, in accordance with the state of the art and technology and the nature of the stored data.

The Controller also guarantees that manual and digital processing, file storage, use of programs, systems or equipment, comply with the requirements and conditions of integrity and security established by current legislation.

4. For what purpose will your Data be processed?

In general, Personal Data is used to provide the Services and to allow the Controller to fulfill contractual obligations undertaken towards Clients.

In particular, the Data will be processed to:

  • provide the Services to the User of the Site;
  • negotiate commercial terms between Clients and the Controller;
  • allow the Controller to receive the User's CV, allow the latter to apply online for job offers, or to subscribe to alerts on job offers that may be of interest;
  • transmit Candidate Data to Clients in execution of the contract signed with them;
  • Improve customer service and make services more satisfactory for the User;
  • allow the User to receive updates on job offers and possible notifications of new job offers that may be of interest to the User;
  • Update records to remove or modify personal information;

5. Where and for how long will your Data be stored?

Personal Data provided by the User through this Website will be hosted on Microsoft Cloud (OneDrive) and on CRM (Giig Hire) located in the United Kingdom, England.

Personal Data will be retained for as long as deemed necessary to achieve the purposes of the Processing, and in particular for as long as you maintain an active account on the Website and for as long as you do not request the deletion of your Data.

If the data subject believes, for any reason, that the purpose of the processing has been exhausted, they must give written notice to the Controller at the address indicated in paragraph 8 of this Policy. Following the aforementioned communication, the Controller will proceed with the immediate deletion of the data provided.

In exceptional cases and in accordance with the provisions of applicable law, the Data will be retained even after the usual retention period, until the proper fulfillment of rights, legal requirements and contractual obligations assumed by the Controller for the provision of the Services.

The Controller periodically performs an analysis of the Data retention periods, deleting Data on its own initiative if it believes that the information has become obsolete or not up to date.

6. Legal basis

The legal bases that legitimize the processing of Data are the following:

  1. contractual and/or pre-contractual obligations (pursuant to Art. 6, par. 1, letter b), GDPR). The Controller receives and transmits information necessary to execute contracts signed with its Clients, interested in the provision of the Services.
  2. Compliance with legal obligations, regulations and/or European legislation as well as compliance with provisions issued by authorities legitimated by law and/or by supervisory and control bodies (pursuant to Art. 6, par. 1, letter c), GDPR). The transfer of Data is necessary and any refusal by the User will result in the impossibility for the Controller to provide the Services.
  3. Ascertain, exercise or defend a right in court (pursuant to Art. 6, par. 1, letter f), GDPR).

7. Transfer or Transfers

The Controller may transfer the Data to Clients who are located outside the country where you provided your Personal Data to the Controller and the country of Data collection.

In such case, the Controller will take reasonable measures to ensure that the Data is protected and processed in accordance with this Policy pursuant to Art. 46 of the GDPR and following.

8. Your Rights

As a User or data subject, you can request the exercise of your rights by sending an email to andrea@keywordsrec.com, indicating as Subject: "DATA PROTECTION: EXERCISE OF RIGHTS", proving your identity by any means permitted by law.

Right of access: you can know and obtain information about your Data being processed.

Right to rectification: allows you to correct errors and modify inaccurate or incomplete Data.

Right to erasure or deletion / right to be forgotten: allows you to request the deletion of Data

Right to complaint: right to lodge a complaint with the Data Protection Authority.

Limitation of processing: you can mark stored Data in order to limit its future processing, for the exercise or defense of rights.

Data portability: your Data will be processed in such a way that it can be transmitted to another data controller without unjustified impediments.

The right to object: you have the right to object to the processing of your Data based on a public or legitimate interest.

The right to withdraw: you have the right to withdraw your consent at any time.

Additional rights: you have the right not to be subject to automated decision-making processes and profiling; and any other right recognized by applicable law.

9. Automated decision-making process

The Controller declares that the Data will not be processed according to automated decision-making processes pursuant to Art. 22 of the GDPR, and therefore, decisions concerning the data subject will not be made in any way using said processes.