In accordance with the provisions of Articles 13 and 14 of Regulation (EU) 2016/679 on the Protection of Personal Data (hereinafter also referred to as GDPR), the text below indicates how we respect the privacy of visitors to this site, describing how we collect, use and protect personal information, the rights granted to them and how you can contact us.

Joint Controllers

Personal Data will be processed by Dils S.p.A. established in Piazza Armando Diaz, 7 – 20123, Milano (MI), Italy.

Pursuing Article 24 GDPR, the Controllers will jointly determine the purposes and means of Personal Data processing.

Purposes of Data Processing

We collect through our website personal information, which users are free to provide through our website:

  • By filling in the dedicated contact request form;
  • By filling in the dedicated Job Application form;

for the following purposes:

  1. Satisfying the specific request submitted by the User through the contact channels;
  2. Managing the submitted job applications in order to sort and select potentials candidates;
  3. Complying with contractual obligations and/or obligations provided for by laws, regulations and Community legislation, by provisions issued by authorities legitimated to do so and by supervisory and control bodies;
  4. Prior data subject’s consent, sending Newsletters, advertising communications and carrying out market researches or commercial communications through automated or traditional means of contact.


Legal Basis

The processing of personal data referred to purposes 1-3 is based on the principle expressed in Art. 6 of GDPR, according to which the processing is lawful when necessary for the execution of a contractual obligation or for the execution of pre-contractual measures taken at the request of the data subject. The provision of data, for these purposes, is necessary to meet the user’s request, or to improve the relationship between the parties.

The processing of personal data for the purposes described in point 4 is based, pursuant to Art. 6 of the GDPR, on the specific consent, if any, expressed by the data subject. The provision of data for these purposes is optional, the refusal does not imply any consequence, except for the impossibility to carry out the above listed activities.

Categories of Personal Data collected

The personal data collected through the website concern precisely personal, contact data and the personal CVs.

The Joint Controllers do not deliberately collect any special category of personal data through this website.

In addition to the data provided directly and intentionally by the user, the computer systems and software procedures used to operate this website acquire, during their normal operation, some navigation data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of requests, the methods used to submit requests to the server, the size of the files obtained in response, the numerical codes indicating the status of the responses given by the server (successful, error, etc.) and other parameters relating to the operating system and computer environment of users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. They could be used to ascertain responsibility in case of crimes.

For further information on this subject, please refer to the Cookie Policy.

Processing Methods

The processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

As far as security is concerned, we inform you that the database is accessible only by personnel formally authorised to do so by the Controllers, as well as the related operations described above, and that your data will be processed using methods and instruments suitable to guarantee its confidentiality and may be carried out by electronic or automated and non-automated means (paper files), both of which are provided with adequate security measures, as provided for by the GDPR, in order to prevent the loss of data, unlawful or incorrect use and unauthorised access.

Communication to Third Parties

Without prejudice to any communications to comply with legal obligations, the Controllers will communicate the personal data provided by users with attention only to third parties selected for the support of the service requested, or for the performance of the purposes listed above, appropriately designated data processors, such as:

  • external companies for the management of the information system, website or databases and telecommunications networks;

Finally, the data of the users may be transmitted, in compliance with the law, to the police forces and to the judicial and administrative authorities, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow the Controllers to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

Links to third party sites and use of Social Media

We invite users to consider that the site contains links to other web sites/social media that are not covered by this privacy policy. Visitors to our site may be redirected to third party sites to obtain more information; the Controller do not guarantee how user data is stored or used by third party servers. The Controllers do not make any representations or accept any responsibility for the accuracy or any other aspect of the information available on such sites. A link to a third party’s site cannot be understood as a validation, either by the Controllers or such third party, of the products and services of others or such third party.

Users are invited to carefully examine the third party websites’ privacy policy in order to have a complete understanding of the possible use of your personal data.

Data retention

We retain the data provided voluntarily by the person concerned for a period of time necessary in relation to the performance of the services requested, except for the right of the person to request the deletion of his/her personal data at any moment.

Rights of the data subject

In accordance with the GDPR, the Data Subject is entitled to: the right to ask the Data Controllers for access to personal data (art. 15), rectification (art. 16), cancellation (art. 17), limitation of the processing of personal data concerning him/her (art. 18), the right to portability of data (art. 20) or to object their processing (art. 21), in addition to the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the subject or which significantly affects him/her in the same way (art. 22).

Where the processing of personal data is based on the express consent given by the person concerned, pursuant to art. 7 paragraph 3 of the Regulation, the possibility of revoking the consent given for the sending of communications and updates for promotional and commercial purposes, as well as for the publication of the professional profile in the Community section of the website, is recognized.

There is also the right to lodge a complaint with the relevant Supervisory Authority (art. 77 of the Regulation) should the users consider that the processing carried out by the Controller does not comply with the provisions of the law on the protection of personal data. In Italy, the complaint may be submitted to the local Data Protection Authority. More information on how to submit complaints is available on the website of the DPA, at

Requests may be made to the Controllers in the following ways:

  • by writing to the following e-mail address: ;
  • by registered mail to the address: Piazza Armando Diaz, 7 – 20123, Milano (MI), Italy

Changes to this policy

The Controllers reserve the right to modify this privacy policy as they deem necessary. We encourage our visitors to check this page periodically to keep track of any changes.

Last Policy Update: December 2021