This Privacy Policy contains information on the methods for managing the website www.hrcapital.it (the “Site”) with reference to the processing of the personal data of users who visit it.

We therefore invite users to carefully read this Privacy Policy before providing any personal information and/or completing an electronic form on the Site.

1. Data Controller

The Data Controller of the data collected on the Site, pursuant to EU Regulation no. 679/2016 – General Data Protection Regulation – (the “Regulation”) is HR Capital S.r.l (the “Company”), with registered office in Galleria San Babila, 4/B Milan, Tel. +39 02 365 930 1, fax +39 02 365 930 00, email: info@hrcapital, PEC: hrcapital@legalmail.it


 2. Data Protection Officer

The Data Protection Officer (“DPO”) can be contacted:

– by email at dpo@hrcapital.it; or

– by ordinary mail at Data Protection Officer, c/o HR Capital S.r.l, Galleria San Babila, 4/B, 20122 Milan.



3. Purpose and legal basis of the processing carried out on the Site

The Site collects and processes personal data for the following purposes:

  1. Request for services: the personal data voluntarily provided by the user through the completion of the form in the “Contacts” section (name, surname, email address and additional information indicated therein) are processed by the Company to meet the user’s requests.
  2. Personnel search and selection: the personal data provided directly by the user in the “Work with Us” section (name, surname, date of birth, sex, email address and telephone number, role and curriculum vitae) are processed by the Company to evaluate the application submitted.
  3. Subscription of daily newsletter: the personal data voluntarily entered by the user in the “Subscribe to the Newsletter” section of the HOME PAGE are processed by the Company to automatically send the daily newsletter, through the Salesforce platform.
  4. Social log-in: the registration and access via a social profile involves the communication of certain data (including name, surname, email account) by the chosen social network and requires prior specific log-in authorisation to proceed. Some social networks require obtaining feedback and information on how to use the log-in. For more information, please refer to the relative privacy policy on LinkedIn (https://www.linkedin.com/legal/privacy-policy) and Google+ (https://policies.google.com/privacy);
  5. Cookies: in addition to the data expressly provided, other data deriving from the user’s navigation may be recorded on the Site. In fact, when users access it, the Site may send them a “cookie.” “Cookies” are small text files that are stored on the user’s computer when visiting the pages of the Site. “Cookies” are used to give users the best navigation experience, and to allow the operation of certain services that require identification of the user’s path through different pages of the Site. For any access, regardless of the presence of a “cookie”, the Site records the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g. Windows, Macintosh) and the host and last requested URL of the user, as well as data of the page requested. This data can be used in aggregate and anonymous form for statistical analysis on Site usage. In this regard, please read the specific Cookie Policy.

Personal data collected and processed by the Company are provided directly by the user, except for navigation data referred to the “Cookies” section of point 3(e) above which are regulated by the Cookie Policy and for data collected in the event of registration and access via social profile referred to in the “Social log-in” section of point 3(d) above.

The legal basis of the processing of the user’s personal data is:

  1. for the purposes referred to in point 3(a) above, in the legitimate interest of the Company to meet the user’s requests for services;
  2. for the purposes referred to in point 3(b) above, on the specific consent given by the user and in the legitimate interest of the Company to evaluate the application within the process of personnel recruitment;
  3. for the purposes referred to point 3(c) and 3(d) above, on the specific consent given by the user.

For the purposes referred to in point 3(e) however, refer to the appropriate Cookie Policy.


4. Categories of recipients of personal data

The Company communicates the personal data of users of the Site only to the extent permitted by law and in accordance with what is described below. In particular, the user’s personal data may be processed or known by:

  1. employees of the Company, who operate as people authorised to process data and in this sense are instructed by the Company;
  2. companies that provide the Company with specific technical and organisational services connected to the Site, in their capacity as Data Processors pursuant to article 28 of Regulation;
  3. police or judicial authorities, in accordance with the law and upon formal request by them, or if there are well-founded reasons to believe that the communication of such data is reasonably necessary to: (a) investigate, prevent or take action against suspected illegal activities or to assist the state supervisory and control authorities; (b) defend itself against any claims or allegations by third parties, or protect the security of its website and the Company; or (c) exercise or protect the rights, property or safety of the Company, its customers, employees or any other person.

Personal data will not be disclosed and will not be transferred outside the European Union.


5. Methods of processing personal data and retention period

Personal data collected through the Site are processed using mainly computerised and electronic methods, adopting the security measures in such a way as to minimise the risk of destruction or loss, even accidental, of the data themselves, of unauthorised or unlawful access or processing that does not comply with the collection purposes indicated in this Privacy Policy. However, due to the nature of the online transmission means, these measures cannot limit or absolutely exclude any risk of unauthorised access or dispersion of data. To this end, we recommend that you periodically check that your computer is equipped with software devices suitable to protect the online transmission of data, both incoming and outgoing (such as updated antivirus systems), and that the Internet service provider has taken appropriate measures for the security of online data transmission (such as firewalls and spam filters).

Personal data provided by the user during navigation of the Site will be kept for a period not exceeding 12 months. Personal data processed to provide a service will be kept for the time strictly necessary to provide the requested service to the user. The data collected following the submission of the application by the user will be kept for the period of time necessary to evaluate said application. The data collected for sending the newsletter will be kept in line with the user’s interest in receiving them.


6. Compulsory or optional nature of data provision

Except for navigation data regulated by the Cookie Policy, the provision of personal data collected through the Site is optional. The failure to provide this data does not limit the use of the Site, but may make it impossible for it to meet the requests for the service or to send the daily newsletter or proceed with the recruitment of the user.


7. Rights of the user

The user has the right to:

  • access personal data concerning them and to obtain confirmation of the existence of such data, their communication in intelligible form, and their integration;
  • request the updating, rectification or, where relevant, integration of personal data;
  • limit the processing that concerns them, cancel, transform into anonymous form or block personal data processed in violation of the law, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
  • oppose, in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
  • obtain the transmission of data concerning them to another data controller (so-called right to data portability).

If the processing is based on consent, pursuant to article 7, paragraph 3 of the Regulation, the user may withdraw the consent given at any time, without prejudice to the lawfulness of the processing carried out before withdrawal.


The rights listed above may be exercised by contacting the DPO at the email address dpo@hrcapital.it.



8. Right to lodge a complaint

Pursuant to article 77 of the Regulation, the user has the right to lodge a complaint with the National Supervisory Body (for Italy, the Data Protection Authority: www.garanteprivacy.it ).


9. Final clause

Considering the current state of the evolution of the data protection laws, we inform you that this Privacy Policy may be updated at any time.