English

Contact us

Contact us

English

Contact us

Information on the processing of personal data


Pursuant to Art. 13 of Regulation (EU) 2016/679 ("GDPR")



1. Data Controller


The Data Controller for the processing of personal data is Irnerius S.r.l., with registered office in Corso Magenta 63, 20123, Milan VAT number 14400790961 (hereinafter, the "Data Controller" or "Irnerius").




2. Categories of data subjects and scope of application


This information notice is addressed to:

  • visitors to the Irnerius website;

  • individuals who spontaneously contact Irnerius through the contact details published on the website (e-mail, telephone, LinkedIn);

  • candidates who send their curriculum vitae for professional opportunities.




3. Categories of personal data processed


3.1 Website visitors


The Data Controller processes the following categories of personal data:

  • navigation data automatically collected by IT systems (IP address, browser type, operating system, pages visited, date and time of access, duration of stay);

  • data collected through technical and navigation cookies (for more details, please refer to the Cookie Policy).




3.2 Individuals who contact Irnerius


The Data Controller processes the following categories of personal data:

  • personal details and contact information (name, surname, email address, telephone number);

  • content of the communications sent;

  • any additional personal data spontaneously provided by the data subject in the body of the communication.



3.3 Candidates


The Data Controller processes the following categories of personal data:

  • personal details and contact info; 

  • data contained in the curriculum vitae (work experience, educational qualifications, professional certifications, language and IT skills, photograph if provided).




4. Purposes of processing and legal bases


4.1 Processing relative to website visitors


Purpose

Legal basis (Art. 6 GDPR)

Technical operation of the site and guarantee of cyber security

Legitimate interest of the Data Controller (Art. 6, par. 1, let. f). 

Management of technical cookies necessary for navigation

Legitimate interest of the Data Controller (Art. 6, par. 1, let. f) – consent is not required under Art. 122, paragraph 1, Legislative Decree 196/2003 and the Guidelines of the Privacy Guarantor of June 10, 2021



4.2 Processing relative to individuals who contact Irnerius


Purpose

Legal basis (Art. 6 GDPR)

Nature of the provision

Response to requests for information and management of spontaneous contacts

Legitimate interest of the Data Controller (Art. 6, par. 1, let. f), for responding to generic requests for information; execution of pre-contractual measures (Art. 6, par. 1, let. b)

Optional, but necessary to receive feedback

Eventual establishment of a professional relationship

Execution of pre-contractual measures upon request of the data subject (Art. 6, par. 1, let. b)

Necessary

Fulfillment of legal obligations (e.g. anti-money laundering obligations, where applicable)

Legal obligation (Art. 6, par. 1, let. c)

Mandatory

Defense of the rights of Irnerius in judicial or extrajudicial venues

Legitimate interest (Art. 6, par. 1, let. f)



4.3 Processing relative to candidates

Purpose

Legal basis (Art. 6 GDPR)

Nature of the provision

Evaluation of candidacies and personnel selection, including retention of the CV for potential future contact regarding professional opportunities

Execution of pre-contractual measures upon request of the data subject (Art. 6, par. 1, let. b) for evaluation of the candidacy; consent of the data subject (Art. 6, par. 1, let. a) for the retention of the CV beyond 24 months for the purpose of future professional opportunities

Necessary for evaluation of the candidacy




5. Methods of processing


Personal data are processed using electronic and, where necessary, paper instruments, adopting adequate technical and organizational measures to guarantee data security and prevent unauthorized access, loss, destruction, or unlawful disclosure. 

The processing is carried out in compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. 




6. Recipients and categories of recipients


Personal data may be communicated to:

  • Professionals and collaborators of Irnerius: personnel duly authorized for processing;

  • IT and hosting service providers: for the management of the website and IT systems;

  • External consultants: accountants and labor consultants, for accounting and labor law compliance;

  • Public authorities: where required by law or upon request by the same.

Third parties processing personal data on behalf of the Data Controller are appointed Data Processors pursuant to Art. 28 GDPR. Entities not processing data on behalf of the Data Controller operate as autonomous data controllers or as entities authorized by the Data Controller.




7. Transfer of data to third countries


In the event that personal data is transferred to countries outside the European Economic Area, the Data Controller guarantees that such transfers take place in compliance with applicable legislation, adopting appropriate safeguards pursuant to Articles 45 and 46 GDPR (such as adequacy decisions of the European Commission or standard contractual clauses). The data subject can obtain more information about the safeguards adopted by contacting the Data Controller at the contact details provided.




8. Data retention period


Personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected:


Data category / Purpose

Retention period

Navigation data and system logs

90 days from collection.

Data of spontaneous contacts

For the time necessary to provide feedback and, subsequently, for a maximum period of 12 months from the feedback provided to the data subject, unless a continuous professional relationship is established.

Candidates' data

24 months from receipt of the candidacy, unless otherwise consented for longer periods

Technical cookies

Please refer to the Cookie Policy


Once the retention terms have expired, the data will be deleted or irreversibly anonymized. 




9. Rights of the data subject


As a data subject, the user can exercise the following rights towards the Data Controller, pursuant to Articles 15-22 of the GDPR:

  • Right of access (Art. 15 GDPR): obtain confirmation as to whether or not personal data concerning them is being processed and, if so, obtain access to the data and information concerning the processing; 

  • Right to rectification (Art. 16 GDPR): obtain the rectification of inaccurate personal data or the integration of incomplete data; 

  • Right to erasure (Art. 17 GDPR): obtain the erasure of personal data, where the grounds provided for by law exist. In particular, candidates can request the erasure of their curriculum vitae at any time by sending a request to the contact details provided; 

  • Right to restriction of processing (Art. 18 GDPR): obtain the restriction of processing in the cases provided for by law;

  • Right to data portability (Art. 20 GDPR): receive the personal data provided to the Data Controller in a structured, commonly used, and machine-readable format, where technically feasible;

  • Right to object (Art. 21 GDPR): object at any time to the processing of personal data based on the legitimate interest of the Data Controller. 

  • Right to withdraw consent (Art. 7 GDPR): withdraw consent at any time, without prejudice to the lawfulness of the processing based on consent prior to withdrawal.


To exercise their rights, the data subject can send a request to the following contact: info@irnerius.ai 

The Data Controller will provide feedback within one month of receiving the request, which may be extended by two further months in the case of complex or numerous requests.




10. Right to lodge a complaint with the Supervisory Authority


The data subject who believes that the processing of their personal data is carried out in violation of the GDPR has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

Garante per la protezione dei dati personali Piazza Venezia, 11 – 00187 Rome Website: www.garanteprivacy.it E-mail: protocollo@gpdp.it Certified Email (PEC): protocollo@pec.gpdp.it




11. Automated decision-making processes


The Data Controller does not carry out automated decision-making processes or profiling activities pursuant to Art. 22 GDPR.




12. Cookies


The site exclusively uses technical and functional cookies, which do not require prior consent from the user. For detailed information, please refer to the Cookie Policy.




13. Changes to this information notice


The Data Controller reserves the right to modify or update this information notice. Any changes will be published on this page.




Last update: May 7, 2026

We drive the adoption of artificial intelligence in the most complex professional contexts through specialized training, strategic support, and the development of advanced use cases.

Corso Magenta, 63 - 20123 - Milan

Tel. +39 02 367 47035

/irneriusai

info@irnerius.ai

Privacy policy

Cookies

Irnerius S.r.l. - VAT No. 14400790961

© 2026. IRNERIUS. All rights reserved

We drive the adoption of artificial intelligence in the most complex professional contexts through specialized training, strategic support, and the development of advanced use cases.

Corso Magenta, 63 - 20123 - Milan

Tel. +39 02 367 47035

/irneriusai

info@irnerius.ai

Privacy policy

Cookies

Irnerius S.r.l.

VAT no. 14400790961 

© 2026. IRNERIUS.

All rights reserved

We drive the adoption of artificial intelligence in the most complex professional contexts through specialized training, strategic support, and the development of advanced use cases.

Corso Magenta 63 - 20123 - Milan

Tel. +39 02 367 47035

/irneriusai

info@irnerius.ai

Privacy policy

Cookies

Irnerius S.r.l. - VAT No. 14400790961

© 2026. IRNERIUS. All rights reserved