Privacy Policy

Privacy Notice for the Processing of Personal Data of Candidates pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)1

1. Contact Details of the Data Controller and Data Protection Officer

Data Controller Data Protection Officer (DPO)
Pirate Rocket S.r.l. (P.IVA 02644170033), with registered office at 20125, Milan, Via Giovanni Battista Sammartini, 33, email address [email protected], hereinafter referred to as the “Controller [email protected]

Pirate Rocket S.r.l. is committed to protecting the personal data of users of the website www.piraterocket.com (hereinafter the "Data Subjects"), in compliance with the current regulations on the protection of personal data.

The Data Controller is aware of the importance of processing the personal data of the Data Subjects and, for this reason, is concerned to indicate which data are processed and how they are processed. By browsing the Website or indicating the desire to use the services offered by the Website, the Data Subject declares to have read and accepted this privacy policy (hereinafter referred to as the "Policy").

2. Categories of Data Processed and Data Source

The Data Controller proceeds to collect and process personal data such as identification and contact data (including but not limited to first name, last name, email, telephone number), within the limits and purposes set out in this policy.

The Controller may collect, use and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from the Data Subject's personal data, but once aggregated does not constitute personal data under the GDPR, as it cannot directly or indirectly identify the Data Subject. However, if the Controller combines or links aggregated data with the Data Subject's personal data in a way that allows the Data Subject to be identified, directly or indirectly, the Controller will process the resulting data in accordance with the provisions of this Policy.

The Controller does not process special categories of data relating to the Data Subject (sensitive data means data relating to racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), nor does it process data relating to the Data Subject's criminal convictions and offences.

1 Note: The information pursuant to Article 14 of the GDPR may be used in case of data collection from third parties.

3. Purposes of Processing and Legal Bases

The Processing of personal data is aimed exclusively at achieving the purposes associated with the provision of the services offered by the site, the management of user requests, compliance with legal and regulatory obligations to which the Data Controller is subject, and the protection of the rights and legitimate interests of the Data Controller. The legal basis for the Processing is based on the consent of the Data Subject, the execution of pre-contractual and contractual measures, and the need to comply with legal obligations.

4. Obligatory provision of data

4.1 The provision of data is compulsory for the activity of research and selection of personnel as well as to benefit from the services offered by the Company. Refusal to provide the data will prevent the Owner from carrying out these activities and will not allow your application to be taken into consideration.

4.2 The provision of data for the purposes set out in point 2 above is optional.

5. Categories of Data Recipients

5.1 Data may be disclosed to entities acting as independent data controllers (including companies within the Controller's Group, professionals, public entities, supervisory or auditing bodies), also to comply with legal obligations, or processed on behalf of the Controller by designated data processors who are provided with appropriate operational instructions.

The processed personal data will be used and shared with third parties engaged to perform ad measurement services on behalf of the Joint Controllers. The third parties will only have access to the personal data strictly necessary for the performance of their functions and will be bound to process such data in compliance with this policy and with the current legislation on the protection of personal data.

6. Transfer of Data Abroad

6.1 Personal data are stored in computerized archives located both within the European Union and outside it if this is instrumental to achieving the purposes indicated in point a). In the latter case, the Controller ensures that companies outside the European Union are processing personal data with the utmost confidentiality in compliance with the European Commission's adequacy decisions or, if necessary, by entering into agreements ensuring an adequate level of protection.

7. Links to Third Party Sites

This policy applies exclusively to the www.piraterocket.com website. For third-party sites accessible via links, the Data Subject is invited to consult the relevant privacy policy.

8. Data Subject Rights

8.1 You may request from the Controller access to the data concerning you, their rectification or erasure, the restriction of processing in cases provided for by Article 18 of the GDPR; to receive the data concerning you in a structured, commonly used, and machine-readable format, and, if technically feasible, to transmit them to another controller without hindrance where the conditions for the exercise of the right to data portability under Article 20 of the GDPR are met (the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR).

8.2 For proper handling of the request, the Controller may request further specifications from the Data Subject. The Controller will process the request within 30 days of receiving it; if this deadline cannot be met, it is the responsibility of the Controller to inform the Data Subject and keep them updated on the progress of the communication sent.

8.3 These rights can be exercised by writing to [email protected] and/or [email protected].

9. Changes to the Policy

The Data Controller reserves the right to make changes to this Policy. The Data Subject is therefore invited to consult this page periodically to be informed of any updates or changes.

This notice is dated 23/09/2024, and any changes will take effect from the date of publication on the Data Controller's website.