Scroll Top


Disclosure pursuant to Art. 13 of the European Regulation no. 16/679

The Companies ACTL and Recruit Srl (hereinafter the Companies), in their capacity as Joint Data Controllers, with registered offices at Via Duccio Di Boninsegna, 21 Milan, Italy, and Via Alvise Cadamosto 7, Milan, Italy, through the sites, , e, have as their objective the protection of the privacy of their users and are committed to ensuring that the processing of personal data is carried out in accordance with principles of fairness, lawfulness, transparency and with respect for the rights, fundamental freedoms and dignity of persons, with particular reference to confidentiality and personal identity.

In providing our services, we necessarily come into possession of personal information and data: we intend, therefore, below, to outline an appropriate disclosure in accordance with Art. 13 GDPR 679/16 – “European Data Protection Regulation.”

It should be noted, from the outset, that, at any time, it may be requested to change or delete the data entered by writing to the e-mail and

1.What data we deal with:

The personal data processed are master and contact data provided or received by the data subject in connection with:

  • Enrollment in the job on cloud portal within the above sites;
  • Phone or email;
  • Direct contacts obtained as a result of attending events, etc;
  • Direct contact as a result of sending inquiries via the e-mail address on the websites;
  • Business inquiries;
  • Requests through the above websites or through the website of suppliers, customers, partners, other parties;
  • Transmissions and transactions following the order to provide the service or good (supplied/purchased);
  • Invitations to events related to business initiatives, fairs, events, etc.

2.For what purposes:

The Companies, through the sites, , and collect information and personal data when registering on the sites and when subsequently changing them (such as first name, last name, e-mail address, telephone number, residence/domicile address, Tax Code and professional qualification), for the following purposes:

  • Collection and dissemination of resumes for matching supply and demand for internships/jobs;
  • Information and registration for training courses;
  • Sending information materials and about the services provided by ACTL and Recruit;
  • Subscription to specific services (including but not limited to newsletters).

The provision of personal data is necessary in order to take advantage of the services provided by the Companies (collection and dissemination of resumes for matching internship and job supply and demand, training, sending newsletters and informational materials). In all cases, registration for the services presupposes acknowledgement and acceptance of the Companies’ terms of use and privacy policy.

A data subject may refuse to give the Companies his or her personal data. Any refusal to provide, and consequently failure to register, will result in the inability to provide services.

3.Legal basis:

The data will be disclosed to the employees/collaborators of the Companies, the supplier, the client, the partner, other parties who will have to contact the data subjects in order to enable, in accordance with Art. 6.1, lett. b), (c) of the GDPR:

  • Service delivery;
  • The execution of the contract to which each party is a party;
  • The execution of pre-contractual or post-contractual measures taken at the request of the supplier, customer, partner, other parties or the Companies pursuant to Art. 6.1(b) of the GDPR;
  • The fulfillment of a legal obligation under Art. 6.1(c) of the GDPR)
  • All related tax and accounting requirements, as well as managing portals in order to promote research activities.

4.How we handle data:

The data of the interested parties will be processed in accordance with the principles of lawfulness correctness and transparency, using manual or automated tools, including through the inclusion in databases, lists and lists suitable for the storage, management and transmission of data, in the manner and to the extent necessary for the pursuit of the aforementioned purposes.

Processing will be carried out in the following ways:

  • Operations of recording, organization, storage, processing, modification, use, dissemination and deletion of data;
  • Communications and data releases.

The Companies have provided adequate security measures in order to protect the data of individuals acting on behalf of suppliers, customers, partners and others, such as: firewalls, antivirus, high complexity passwords with periodic change.

The personal data being processed will be kept in such a way as to minimize, through the adoption of appropriate technical and organizational measures, as well as suitable and preventive security measures, the risks of destruction or loss, even accidental, of the data themselves, of unauthorized access or processing that is not permitted or does not conform to the purposes of the collection previously explained.

Data will be processed only by authorized persons within the Companies, in relation to the purpose of processing.

5.Because the nature of data provision is mandatory:

The provision of such data is mandatory in order to take advantage of the services offered by the Companies provided in point 2.

Finally, the Companies may use the personal data collected (with specific authorization) for statistical purposes or to conduct market research in order to better understand the needs of users and to be able to optimize the service offered. It should be noted that said market research and studies will be conducted using anonymous data.

6.What are the categories of persons to whom the data may be disclosed:

The data may be disclosed to companies, institutions, institutes and organizations that use the services offered by the Companies both in Italy and abroad for the purpose of selection and promotion of internships and jobs.

They may, then, be communicated to the workers of the Companies and to some external parties that collaborate with them, always in compliance with the indicated purposes mentioned in point 2. Specifically, these are employees/collaborators who, on the basis of their roles and work duties, have been legitimized to process personal data, trained to do so within the limits of their competencies and in accordance with the instructions given to them by the Controller.

The data could be accessed (for purposes of assistance on software applications, computer network and connectivity) by technicians, external consultants or appointees of external companies that provide such services; individuals who carry out control activities on the work of the Companies (by way of example: Auditors, Supervisory Board, personnel of certification bodies, etc. ). Finally, they may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, and EU regulations. The updated list of data processors, where required, is available at the offices of the above-mentioned Companies.

The Companies, through the sites and, may disclose to third parties personal data collected only for purposes strictly related to the services provided.

The data provided may therefore be disclosed to:

  • Professionals, companies or professional firms that, on behalf of the Companies, carry out consulting, assistance, accounting and tax management activities
  • Third-party companies to fulfill contractual obligations
  • Banking institutions for handling payments arising from the execution of the contract.
  • Other online recruiting portals with which the Companies have active partnerships in order to promote the search for required positions
  • Companies engaged in transmission, enveloping, transportation, sorting and delivery of communications and correspondence for third parties

7.Transfer of data abroad:

Although at present all entities that process data on behalf of the Companies as external data controllers are established within the European Union, in the future it may also be necessary to give such data to entities that may be established outside the European Union, in countries that do not guarantee personal data an adequate level of protection under the European Data Protection Regulation RE. EU 679/2016. The Companies will, if necessary, transfer data outside the European Union only after taking the precautions established by the European Regulation and after obtaining the necessary guarantees from the indicated parties and with the consent of the data subjects.

8.How long do we keep the data:

The Companies retain and process personal data for as long as necessary to fulfill the stated purposes. Thereafter, personal data will be stored, and not further processed, as documented in the Processing Record. The retention period can vary significantly depending on: the purposes, the type of data processed, and legal obligations. In the event that the data are processed as part of a funded project, retention times may be subject to the requirements of the funding body’s announcement.

When it is no longer necessary to retain personal information it will be deleted or de-indexed or securely destroyed in accordance with our privacy policy.

9.What rights can be exercised:

Pursuant to Articles 15 to 22 of the Regulations, the Data Subject is entitled to and may exercise the following rights:

(a) To request confirmation of the existence or otherwise of his or her personal data concerning him or her, even if not yet recorded, and its communication in intelligible form
(b) Obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, when possible, the retention period;
(c) Obtain rectification and deletion of data;
(d) Obtain restriction of processing;
(e) Obtain portability of data, that is, receive them from a data controller, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance;
f) Oppose the processing at any time and also in the case of processing for direct marketing purposes;
g) Oppose automated decision-making related to fixed individuals, including profiling.
(h) To request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her or to object to its processing, as well as the right to data portability;
(i) Withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.

The same, where exercisable by you may be enforced by writing to, specifying the subject of the request, the right that the interested party intends to exercise, and attaching a photocopy of an identity document attesting to the legitimacy of the request.

10.Proposition of complaint:

The data subject has the right to lodge a complaint with the supervisory authority of the state of residence. More information on the right to bring a complaint can be found at the following webpage:

11.Data Protection Officer:

Believing that the protection of personal data of data subjects is of paramount importance, the Companies have appointed a data protection officer (DPO) who can be contacted by writing to the email address and for any issues concerning the protection of personal data.

Marina Verderajme


President of Job Farm and Editor-in-Chief of Job Farm News, she has been involved in training, employment, human resources and innovation for more than 15 years. He heads SportelloStage partner of Recruit Ltd. a brokerage agency, and Ems HR consulting firm.