INFORMATION FOR TREATMENT OF PERSONAL AND PARTICULAR DATA

Information document pursuant to and for the purposes of art. 13, 14 and 15 of the GDPR (General Data Protection Regulation) – Regulation UE 2016/679

1. Controller

Controller of the personal data is Villa & Partners Executive Search S.r.l., with registered office in Corso di Porta Romana n. 6, 20122 Milano, PIVA and VAT 07737080965 Email:info@vpex.it
(company for research and selection of personnel authorized by the Ministry of Labor and Social Security with Prot. No. 80005/25-06-2014, authorized for professional relocation by the Ministry of Labor and Social Policies with prot. nr 80005/25-06-2014).
Villa & Partners Executive Search S.r.l. is committed to the protection of personal data entrusted to it through their website www.villaandpartners.com. Therefore, their management and their security are guaranteed with the most care, in accordance with the requirements of the privacy legislation in force and in particular the GDPR-EU Regulation 2016/679.
In this sense, the Controller wishes to inform his / her candidate about the purposes, methods and scope of communication and dissemination of personal data spontaneously received, following a personal search and / or during the evaluation and selection phase. Please carefully examine the contents of this information.

2. Categories of personal data

The data processed are personal data (personal and curricular) you have given / conferred and collected through the website, and related to your person or third parties, or otherwise treated in the conduct of relations with the owner. No particular data or data relating to criminal convictions and offenses should be given, without prejudice to the candidate’s right to confer certain personal data of particular categories (former “sensitive” categories, as defined in Article 9 of the Regulation, including for example data suitable to reveal the ethnic and racial origin, political opinions belonging to protected categories and, more generally, the state of health). Should they still be conferred, they can be canceled, unless the treatment is expressly provided / authorized by the rules.
In any case, all personal data provided to the Data Controller will be treated in strict compliance with the rules of confidentiality and security provided for in the regulation.
The Personal Data processed through the Website and not yet explicitly indicated are the following:

a. Navigation data
The computer systems and software procedures used to operate the website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the site or third parties: except for this possibility, the data on web contacts do not persist for more than seven days.

b. Cookie
Definitions, characteristics and application of the legislation
Cookies are small text files that the sites visited by the user send and record on his computer or mobile device, to be then re-transmitted to the same sites at the next visit. Thanks to cookies, a site remembers the user’s actions and preferences (such as login data, the chosen language, font size, other display settings, etc.) so that they do not have to be re-indicated when the user returns to visit said site or browse from one page to another. Cookies, therefore, are used to perform computer authentication, monitoring sessions and storing information regarding the activities of users accessing a site and may also contain a unique identification code that allows you to track the user’s navigation inside of the site itself for statistical or advertising purposes. During navigation on a site, the user can also receive on his computer cookies from websites or web servers other than the one he / she is visiting (c.d. “third party” cookies).
Some operations could not be performed without the use of cookies, which in some cases are therefore technically necessary for the same functioning of the site.
There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer for different periods of time: c.d. session cookies, which are automatically deleted when the browser is closed; CD. persistent cookies, which remain on the user’s equipment until a pre-established expiry date.
According to the applicable law, for the use of cookies it is not always required an express consent of the user. In particular, “technical cookies” do not usually require this consent, ie those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are cookies that are essential for the operation of the site or necessary to perform activities requested by the user.
For “profiling cookies”, vice versa, ie those aimed at creating profiles related to the user and used to send advertising messages in line with the preferences expressed by the same in the context of surfing the net, usually a prior consent is required of the user, to the extent that it depends on the applicable legislation.

Types of cookies used by the Site and the possibility of (de-) selection
The Website uses the following cookies that can be de-selected, except for third-party cookies for which you will have to refer directly to the relative methods of selection and de-selection of the respective cookies, indicated by means of links:

• Technical navigation or session cookies, strictly necessary for the operation of the Site or to allow you to use the content and services requested.
• Analytical cookies, which allow us to understand how the site is used. With these cookies we do not collect information about your identity or any Personal Data. The information is treated in aggregate and anonymous form.
• Functionality cookies, that is used to activate specific functions of the Site and a series of selected criteria (for example, the language) in order to improve the service rendered.
• Profiling cookies used to send advertising messages in line with the preferences expressed by you in the context of surfing the net.

Villa also uses third-party cookies, ie cookies of sites or web servers other than that of the owner, used for the purposes of these third parties, including profiling cookies. It should be noted that these third parties, listed below with the related links to privacy policies, are typically independent data controllers collected through the cookies they serve, or act as data controllers for the Data Controller.

Cookies on the Site
In detail, the cookies sent via the Site are indicated in the document “Lista coockie” which is an attachment to this Information.

Cookie settings
You can block or delete (in whole or in part) technical and functional cookies through the specific functions of your browser. We inform you, however, that not allowing technical cookies may make it impossible to use the site, view the contents and take advantage of the related services. Inhibiting cookies of functionality could mean that some services or certain functions of the Site are not available or do not work properly and you may be forced to change or manually enter certain information or preferences each time you visit the Site.
The choices made in reference to cookies on the Site will be in turn registered in a special cookie. This cookie may, however, in some circumstances not work properly: in such cases, we advise you to delete unwanted cookies and to inhibit their use through the functionality of your browsers.
Your preferences regarding cookies will be reset if you use different devices or browsers to access the site.

How to view and modify cookies through the Browser
You can authorize, block or delete (in whole or in part) cookies through the specific functions of your browser. For more information on how to set preferences on the use of cookies through the browser, you can consult the relevant instructions:

• Internet Explorer
• Firefox
• Chrome
• Safari

ATTENTION: by disabling technical and / or functional cookies, the Site may not be available or certain services or certain functions of the Site may be unavailable or may not work properly and you may be forced to change or manually enter certain information or preferences each time you visit the site.

3. Purpose of the processing and transfer of data

The processing of personal data is carried out for the pursuit of the following purposes:

1. research and selection of candidates commissioned by our customers;
2. consultancy both business and individual (for example orientation, career counseling, professional placement);
3. training activities;
4. processing in aggregate and anonymous form for statistical-comparative purposes;
5. marketing and communications activities, also through digital channels (such as e-mails, sms, WhatsApp), of any training initiatives, of information on the activities of Villa & Partners Executive Search S.r.l., on open research;
6. Purposes related to recording and processing the image: data such as images, photos, audio and video can be processed for sending records, interviews with customers and / or entities potentially interested in the application; promotion activities, also through digital channels (eg. Internet, Youtube, Facebook, LinkedIn, and other social media platforms).

Personal data will be processed, mainly using IT and telematic tools, directly by our staff and by our consultants, instructed in this sense and appointed. The entity and the adequacy of the data provided will be evaluated constantly, to determine the resulting decisions and to avoid the processing of data exceeding the purposes pursued.
The treatment will be carried out in an automated and / or manual way, with methods and instruments in compliance with the technical and organizational measures to guarantee the safety of the treatments (Article 32 of the regulation).
The data will not be subject to uncontrolled dissemination, will be treated with correctness and transparency and may be disclosed to other companies and / or companies (list available at our company) for the same purposes mentioned above. The Controller does not transfer
personal data in third countries outside the EU.

4. Provision of data, legal basis of processing and consequences in case of non-disclosure of data

The provision of personal data by the interested party, although optional, is necessary to allow the Controller to pursue the indicated purposes. Failure to provide the data partially or not may, in fact, make it impossible for it to carry out the activities described above.
Any particular data indicated above related also to the state of health are treated as the treatment is necessary to fulfill obligations and exercise rights in the field of labor law, safety and social protection according to the rules and the collective agreement.
Any data relating to criminal convictions and offenses are processed only and in so far as there is authorization of EU or national law with appropriate guarantees for the rights and freedoms of the interested parties.
In any case, personal and particular data are processed, in the cases in which the aforementioned conditions of lawfulness are not applicable, following the conferment of the previously agreed consents under request.

5. Mode of data processing

The processing of data will be mainly carried out with the aid of electronic or automated instruments, according to the methods and with suitable means to guarantee the security and confidentiality of the data, in compliance with the provisions of the GDPR. In particular, all technical, IT, organizational, logistic and procedural security measures will be taken, so that the level of data protection provided by law is guaranteed, allowing access only to persons authorized to process by the Data Controller or of the managers designated by the same.

6. Recipients

The personal data provided, for the purposes described in art. 3 above, may be brought to the attention of or communicated to the following persons:

• the owners, employees, collaborators and consultants of the Controller;
• any persons specifically designated as processor (such as, for example, persons who carry out selection activities or preparatory or consequent activities);
• any P.A. or organizations;
• any external processor to the treatment;
• any customers for the purposes related to the search and selection of the candidate.

7. Data retention

In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the regulation, the retention period of personal data is established for a period of time not exceeding the achievement of the purposes described above and in compliance with the times prescribed by law, and in any case no later than 10 years.
The Controller reserves the right to keep the data, unless otherwise indicated, for any future searches and assignments, to be carried out also on behalf of other clients, without prejudice to the right of the data subject to request at any time the deletion of data from the archives.

8. Rights (artt. 15 GDPR)

The interested party has the right – in the cases provided for by law: to obtain access to personal data, and their communication in an intelligible, clear and transparent (right to portability), an indication of their origin, purposes and methods of their processing, of the logic applied, of the identifying details of the owner, of the manager and of the subjects or categories of subjects to whom the data can be communicated or who can learn about it as manager or appointee, the update, the rectification and integration of data, the retention period and the criteria used to define this period, their cancellation (right to be forgotten), the limitation of their processing, the attestation that these operations have been brought to the attention of any subjects whose data had been communicated.
The interested party is also entitled to oppose the processing of personal data in the presence of justified reasons and to withdraw consent. However, the revocation does not affect the lawfulness of the processing based on consent given before the revocation and further processing of the same data based on other legal bases (eg contractual obligations).
To exercise these rights, the interested party may contact the Data Controller at the addresses indicated above.

9. Right to propose a complaint

The interested party has the right to lodge a complaint with the guarantor authority for the protection of personal data.

10. Different purposes

If the Data Controller intends to further process the data for a purpose other than that for which it was collected, it will provide the data subject prior to such further processing of information regarding this different purpose and any further relevant information.