Send your job application for
Profilo Regolazione

vedi in italiano

Personal Data
Address
Personal studies
Social network
Work experience

Current place of employment

Foreign languages (* at least one)
CV UPLOAD
Warning! Only file .doc / .docx / .pdf are permitted
CHANGE CODE

We guarantee the confidentiality of your personal details and will only use these for matters concerning you and us.
The information will not be made available or sold to any third party for their own uses.

Information Privacy Notice for the acquisition of CVs and information about candidates (by website or other means) pursuant to Article 13, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, respectively, the “Information Notice” and the “Regulation” or the “GDPR”)

In accordance with the provisions set forth by the Regulation, Aegis S.r.l., in person of its pro tempore legal representative, having its registered office in Via Gaetano Negri 8, 20123 Milan, tax code/VAT no. 03516140963, certified e-mail address: aegishr@legalmail.it, in its capacity as controller of your personal data (hereinafter, the “Controller”), which may possibly act also through Aegis UK - Recruiting & Consulting Ltd., in person of its pro tempore legal representative, having its registered office in Marlborough House, 298 Regents Park Road, N3 2SZ, London, United Kingdom, tax code/VAT no. 255 7676 63, e-mail address: aegishr@legalmail.it, in its capacity as processor of your personal data, provides you with this information notice pursuant to Article 13, GDPR, in relation to the processing of your personal data concerning you and communicated, or to be communicated, to us by you or by third parties.

The processing of personal data will be carried out under the following conditions.

  1. Identity and contact details of the Controller:

Aegis S.r.l. in person of its pro tempore legal representative, having its registered office in Via Gaetano Negri 8, 20123 Milan, tax code/VAT no. 03516140963, certified e-mail address: aegishr@legalmail.it (hereinafter, the “Controller”).

  1. Contact details of the Data Protection Officer (DPO)

Aegis S.r.l. has appointed a “Data Protection Officer” (“DPO”) in the person of Avv. Antonio Virgallita, who can be contacted at the following email address: privacy@aegishcg.com.

You may freely contact the DPO for any matter related to the processing of your personal data and/or should you wish to exercise your rights, as indicated and described below, by sending a written communication to the email address provided in this section.

Candidates may also report any discriminatory, unlawful or otherwise non-compliant conduct arising in the context of the selection process through the company whistleblowing channel available on the website https://www.aegishcg.com/. The personal data contained in such reports will be processed in compliance with the applicable legislation and with the specific privacy notice relating to the whistleblowing channel.

  1. Purposes of the processing for which the personal data are intended and legal basis of the processing:

Your personal data will be processed:

(i) without your consent (Article 6, letters b, c, f, GDPR), for the following purposes:

-           activities related or instrumental to carrying out recruitment and selection activities for candidates and updating such searches, for current and future job positions, to be included within the organization of companies or other third-party entities for which the Controller operates, as well as to benefit from free services offered by the Controller such as, by way of example, active labour policies, courses, training, sector studies on an anonymous basis, aimed at the provision of informative and educational services by the Controller;

- communication to candidates, during the selection process and where available and/or communicated by client companies, of the initial remuneration or the salary range/band envisaged for the position subject to selection, as well as any further essential elements of the remuneration package, in line with the principles of transparency and equal treatment;

- processing of market benchmarks, statistical analyses and remuneration or sector studies, through the use of anonymized and aggregated data, so as not to allow the identification of individual candidates. Personal data may be processed only for the time strictly necessary for their anonymization or aggregation;

-           compliance with obligations provided for by Italian or foreign laws, by regulations applicable to the Controller’s business sector, by the applicable National Collective Bargaining Agreement or by other binding rules (in particular, in tax, social security and welfare, hygiene and safety at work, health protection, public order and security matters), as well as to ascertain, exercise or defend the Controller’s rights in extrajudicial and/or judicial proceedings, for the entire duration of the dispute, until the time limits for appeal actions have expired;

-           any personal data you provide that falls under special categories of data pursuant to Article 9, GDPR will be processed by the Controller, only where necessary and relevant, to evaluate your application for job positions falling within the scope of targeted employment. In this case, the legal basis for the processing is the need to fulfil the obligations and exercise the specific rights of the Controller or of the Data Subject in the field of labour law and social security and social protection, to the extent authorized by Union or Member State law or by a collective agreement pursuant to Member State law, where there are appropriate safeguards for the fundamental rights and interests of the data subject (Article 9.2, letter b, GDPR);

-           the Controller may process public information concerning your profile available on professional social networks in order to verify that the data you have provided correspond to what you have declared, limited only to professional information necessary for the sole purpose of assessing the specific risks related to the type of activity to be carried out according to the profile sought, adopting all necessary measures to ensure the proper balancing of your interests, fundamental rights and freedoms with our legitimate interest.

In application of the principles of minimization, relevance and transparency of processing, as well as the rules on pay transparency, Aegis will not ask candidates for information on remuneration received in current or previous employment relationships, nor will it carry out investigations into their salary history. Any such information spontaneously communicated by the candidate will not be used to determine the remuneration conditions of the position subject to selection, unless this is strictly necessary and permitted by the applicable legislation.

(ii) with your consent (Article 7, GDPR), for the following purposes:

-           communication of your data, including special categories of data pursuant to Articles 9 and 10 GDPR other than those relating to membership of “protected categories” that may be provided by the Data Subject, as well as any individual reports, with a concise descriptive profile drafted by the Controller following one or more interviews and the results of the assessment activities performed, to third parties that make use of the Controller’s professional services for personnel recruitment and selection;

The provision of data for the purposes referred to in section (i) above is mandatory. Failure to provide the data and/or any express refusal to processing will make it impossible for the Controller to carry out the activities for which it has been contacted or has contacted the candidate, including those related to the recruitment and selection process. As regards sector studies on an anonymous basis, the Data Subject may obtain the suspension of the sending of any questionnaires by email by making an express request to privacy@aegishcg.com.

In relation to market benchmarks and statistical studies, the results will be processed and used exclusively in anonymous and aggregated form, without identifying references to individual candidates.

The provision of data for the purposes referred to in section (ii) is optional; consequently, you may decide not to provide your consent or to withdraw it at any time. In such case, however, the Controller will not be able to provide most of the services that it normally provides to candidates, since it will not be able to communicate the personal data to third parties that make use of the Controller’s professional services for personnel recruitment and selection. If consent is given, the Controller informs you that, pursuant to Article 7, GDPR, such consent will be considered valid and effective for a period of 48 months from the date on which it was given and/or renewed, without prejudice to the Data Subject’s right to request erasure at any time and to all rights provided for by the Regulation. This term has been set by the Controller on the basis of the average duration of recruitment and selection mandates received from its clients.

  1. Categories of personal data processed

The personal data processed by the Controller include, by way of example and without limitation, first name, last name, place and date of birth, tax identification number, residence, gender, company identification number, location data, an online identifier or one or more characteristic elements of your physical, physiological, genetic, mental, economic, cultural or social identity, telephone contacts, educational qualifications, work experience, any additional data you entered in the CV and/or in the questionnaire completed via web.

The data that may be processed also include information relating to the position subject to selection, including the salary range/band, job level and other remuneration elements or benefits envisaged for the role, where communicated by the client company or otherwise necessary for carrying out the selection process. It remains understood that Aegis does not request information on the candidate’s past or current salary history.

In order to achieve the above-mentioned processing purposes, in accordance with the data minimization principle set forth in Article 5, paragraph 1, letter (c), GDPR, the Controller does not need to process special categories of data, as defined by Articles 9 and 10, GDPR, concerning you and, where applicable, your family members, except for the sole sensitive data relating to membership or non-membership of so-called “protected categories”. We therefore invite you to refrain from sending to the Controller any further personal data of any kind that are not necessary for the performance of the selection procedure. If you do send such data, they will not be taken into consideration and will be immediately erased by the Controller.

We point out that any processing of the data referred to above will also take place in compliance with Article 8 of the Workers’ Statute (Law no. 300/1970, as amended and supplemented), which imposes on the employer, for the purposes of recruitment and during the employment relationship, a prohibition on carrying out investigations into workers’ political, religious or trade-union opinions, as well as into facts not relevant to the assessment of their professional aptitude. In particular, the Controller will process the personal data contained in the CV received from the candidate and in individual reports, with a concise descriptive profile drafted by the Controller following one or more interviews.

  1. Categories of recipients of personal data

For the purposes referred to in paragraph 3, section (i) above, the data you provide may be made accessible to:

(i)        employees and collaborators of the Controller and/or of other subsidiaries or related entities, or entities belonging to the same corporate group to which the Controller belongs (Aegis UK, Aegis Human Consulting Group S.r.l.) and/or of other business lines of the Controller, in their capacity as persons authorized to process personal data or as processors;

(ii)       professionals and professional firms appointed by the Controller, law and consulting firms, providers of consulting and/or training and/or assessment services and, in general, third parties with which the Controller has entered into a contractual relationship for the performance of the activities referred to in paragraph 3 above, which have been duly appointed as processors pursuant to Article 28, GDPR;

(iii)      public authorities for legal compliance and supervisory purposes, public administrations, public entities and bodies (national and foreign).

  1. Processing methods of personal data

The processing of your personal data is carried out by means of the operations indicated in Article 4, no. 2, GDPR - whether or not by automated means - and in particular: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, any other form of making available, alignment or combination, restriction, erasure or destruction of data.

Personal data will be processed using both traditional tools (forms, questionnaires, etc.) and computer tools. In any case, their logical and physical security and, in general, their confidentiality will be guaranteed, and any dissemination of personal data is excluded.

  1. Transfer of personal data abroad

Your personal data will be processed, managed and stored on servers located within the European Economic Area and may be transferred, where necessary for the performance of the activities referred to in paragraph 3 above, to certain countries outside the European territory (UK, United States, United Arab Emirates and India). Should it be necessary to use the services of third parties located outside the European territory, we hereby inform you that:

-           the Controller has arranged to appoint these subjects as Processors pursuant to Article 28 of the Regulation, entering into a specific agreement that guarantees the transfer with adequate security safeguards and in compliance with the principles set forth by the Regulation; and

-           the transfer of your personal data to such subjects will be carried out in strict compliance with Articles 44 et seq. of the Regulation.

This ensures that all necessary measures will be adopted in order to guarantee the fullest protection of your personal data, since such transfer will be based on contractual agreements or other appropriate legal bases designed to protect your rights and interests.

Your personal data will not be disseminated.

  1. Personal data retention period

Your personal data will be retained for the entire duration of the mandate received from the client for the personnel recruitment and selection for which your data were collected by the Controller and, upon expiry of such mandate (for any reason and/or cause), the data will be retained for 48 months from the last activity performed on the data, without prejudice to the Data Subject’s right to request erasure at any time.

The data used for market benchmarks, statistical analyses or sector studies will be retained in personal form only for the time strictly necessary for their anonymization or aggregation; once anonymized, the results will not allow the identification of candidates.

  1. Rights of the Data Subject

In compliance with the provisions of Chapter III, Section I, GDPR, you, in your capacity as data subject, have the right to exercise the rights set out therein and in particular:

(i) access the personal data;

(ii) obtain the rectification or erasure of the same or the restriction of processing concerning them; in case of a request for erasure, the Data Subject also has the right to obtain that the Controller - taking account of available technology and the cost of implementation - takes reasonable steps, including technical measures, to inform controllers which are processing the personal data of the Data Subject’s request to erase any links to, or copy or replication of, those personal data;

(iii) object to the processing;

(iv) request data portability;

(v) withdraw consent, where provided, at any time, without, however, affecting the lawfulness of processing based on consent before its withdrawal;

(vi) lodge a complaint with the Supervisory Authority.

The Data Subject may submit a request to exercise such rights by sending an email communication to: privacy@aegishcg.com

 

Last update: June 2026