Privacy Policy

Work with us

The purpose of this information notice is to provide all the information on the processing of personal data carried out by the Data Controller when the user, browsing the website within the “Work with us” section, sends a job application (as better specified below).


Circularity s.r.l., with registered office in Via Giovanni Bensi 12/5 – 20152 Milan, VAT No. 10388780966 (hereinafter, “Owner”), owner of the website (hereinafter, the “Site”), in its capacity as the data controller of the personal data of the users browsing the site (hereinafter, “Users”) provides below the privacy policy pursuant to Article 13 of the EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, or “Applicable Legislation”).     


The Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users.  

For any information in relation to this privacy policy, Users may contact the Controller at any time, using the following methods:  

By sending a registered letter with return receipt to the Controller’s registered office: Via Giovanni Bensi 12/5 – 20152 Milan  

By sending an e-mail message to the address:  

The Data Controller has not identified the figure of the Data Protection Officer (DPO), as it is not subject to the obligation to designate one under Article 37 of the Regulation.  


By browsing the Site and, in particular, the “Work with Us” section, the User may submit job applications. In relation to the activities that may be carried out through the Site, the Data Controller collects personal data relating to Users.  

In particular, Users’ personal data will be lawfully processed for the following purposes  

to process the User’s request: the personal data of the Users are collected and processed by the Controller for the sole purpose of processing their request regarding the possibility of establishing a cooperation activity with the Controller. The User’s data collected by the Controller for this purpose include: name, surname, e-mail address, age, city of domicile, telephone number and all the User’s data that may have been voluntarily communicated to the Controller through the “Work with us” box and by uploading his/her curriculum vitae. No other processing will be carried out by the Controller in relation to Users’ personal data. Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties;  

legal obligations, i.e. to comply with obligations imposed by law, an authority, a regulation or European legislation.  

In case of failure to provide data, the possibility to use the Site will not be affected in any way.  

The provision of personal data for the above-mentioned processing purposes is optional but necessary, as failure to provide such data will make it impossible to apply to be part of the Data Controller’s team.  

Personal data which are necessary for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk within the application form.  


Fulfillment of the User’s request (as described in paragraph 3, lett. a) above): the legal basis consists of Article 6, paragraph 1, lett. b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the User’s request.  

Legal obligations (as described in Section 3(b) above): the legal basis consists of Article 6(1)(c) of the Regulation, insofar as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.  


The Data Controller will process the personal data of the Users by means of manual and computerized tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data.  

The personal data of the Users of the Site will be stored for the time strictly necessary to fulfil the primary purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Users and the Controller in civil law.  


The Controller’s employees and/or collaborators in charge of managing the Site and the Users’ requests may become aware of the Users’ personal data. These subjects, who have been instructed to do so by the Data Controller pursuant to art. 29 of the Regulations, will process the User’s data exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Regulations.  

Users’ personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, by way of example, providers of IT and logistical services functional to the operation of the Site, providers of outsourcing or cloud computing services, professionals and consultants.  

Users have the right to obtain a list of any Data Processors appointed by the Controller by making a request to the Controller in the manner indicated in paragraph 7 below.  

7. Rights of the Data Subjects  

Users may exercise the rights guaranteed to them by the Applicable Regulations by contacting the Data Controller in the following ways:  

By sending a registered letter with return receipt to the registered office of the Data Controller: Via Giovanni Bensi 12/5 – 20152 Milan, Italy  

Sending an e-mail message to the address:  

The Data Controller has not identified the figure of the Data Protection Officer (DPO), as it is not subject to the obligation to designate one under Article 37 of the Regulation.  

Pursuant to the Applicable Regulations, the Data Controller informs that Users have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of such data in their capacity as data processors or persons in charge of processing.  

Furthermore, Users have the right to obtain  

a) access, update, rectification or, when interested, integration of the data;  

b) the cancellation, transformation into anonymous form or limitation of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed  

c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.  

Furthermore, Users have:  

(a) the right to withdraw their consent at any time, if the processing is based on their consent;  

b) the right (where applicable) to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format)  

(c) the right to object  

(i) in whole or in part, on legitimate grounds to the processing of personal data concerning them, even if relevant to the purpose of collection.  

ii) in whole or in part, to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys   

iii) where personal data are processed for direct marketing purposes, at any time, to the processing of the data for such purposes, including profiling insofar as it is related to such direct marketing.   

d) if they consider that the processing concerning them is in breach of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based in Piazza Venezia n. 11, 00187 – Rome (  


The Data Controller is not responsible for updating all the links displayed in this Information Notice, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by said link.