Privacy Policy

Information data on personal data processing pursuant to Articles 13 – 14 of Regulation (EU) 2016/679 – GDPR

The data controller is Studio ITS di Barbara Ceruti (VAT n°. 04151670967) (“Studio ITS”). Any inquiry concerning personal data protection may be mailed to the address of the registered office in Vedano al Lambro (20854), Via Schiatti 20, or emailed to, by sending the relevant application form for the specific purposes.

Users’ Data will be collected to allow the Data Controller to deliver its services, and for the following purposes:

  • to reply to inquiries;
  • to contact Users;
  • to fulfil contractual obligations;
  • to fulfil such legal obligations as the Data Controller is subject to;
  • to assess CVs, in case of both unsolicited applications and solicited applications through third-party subjects involved with personnel search and selection;
  • to take security measures;
  • to collect browsing statistics.

For the above services to be received, it is mandatory to provide the data; the refusal to provide the data will prevent Studio ITS from supplying the requested service or product.

Such personal data as is provided may also be processed for the following purposes:

  • promotional activities carried out by Studio ITS;
  • sending newsletters and/or information circulars concerning regulatory updates by email.

For these particular processing activities, you will be requested to give your specific consent, which may be withdrawn at any time.

The Personal Data collected by this Website, independently or via third parties, includes: personal particulars, user’s contact data, email address, CV, IP address, usage data, cookies.
Personal Data may be collected further to contractual or pre-contractual relationships or automatically while using this Website.
Where not specified otherwise, cookies – or other tracking tools – used by this Website, or the providers of third-party services used by this Website will be used to identify Users and enter their preferences for purposes strictly linked to the provision of the services requested by Users.

The Data Controller will process Users’ Personal Data in a proper manner and shall take appropriate security measures to prevent unauthorised access to, or the disclosure, loss, modification or destruction of Personal Data.
Data will be processed using computer and/or telecom tools, with organizational methods and logic strictly related to the purposes indicated.
Without prejudice to communications made in compliance with legal and contractual obligations, as well as the Data Controller, in some cases, other parties involved in the organization of the Data Controller (administrative, sales, and marketing staff as well as systems administrators) or external parties (such as providers of third-party technical services, hosting providers, IT companies, communication agencies) may also have access to the Data. If necessary, they will be appointed as Data Processors by the Data Controller. The updated list of Data Processors may be requested from the Data Controller at any time.
Personal data will not be disseminated under any circumstances.

The data will be processed for as long as necessary to carry out the existing precontractual and/or business relationship and for the next ten years from the date of acquisition of the same in compliance with such tax and accounting obligations to be fulfilled by the Data Controller as provided for by the law.

Under Regulation (EU) 2016/679 (GDPR) and current national provisions, the data subject may – in accordance with the procedures and within the limits established by current legislation – exercise the following rights:

  • request confirmation of the existence of personal data concerning the data subject (right of access for data subject – Article 15 of Regulation 679/2016);
  • know its origin;
  • receive intelligible communication;
  • have information about the logic, methods and purposes of the processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected (right of rectification and erasure – Articles 16 and 17 of Regulation 679/2016);
  • right to limit and/or object to the processing of personal data concerning the data subject (Article 18 of Regulation 679/2016);
  • right of revocation;
  • right to data portability (Article 20 of Regulation 679/2016);
    in the case of consent-based processing, receive their data provided to the Data Controller, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
  • the right to lodge a complaint with the supervisory authority (right of access for the data subject – Article 15 of Regulation 679/2016).