Privacy & Cookie policy
Command Srl provides this notice regarding the processing of personal data (Policy) under Article 13 of Regulation (EU) 2016/679 (GDPR) for individuals who interact with this website (Website) by consulting or using its services. Users must review this policy before submitting any personal data to Command Srl.
This notice does not apply to other websites that may be accessed through links on this Website.
The services provided by the Website are intended for individuals aged 18 and over. Therefore, if Command Srl verifies that data has been sent by a minor, it will proceed with its deletion. Data Controller: Command Srl, VAT/Tax Code 13421120968, registered office at C.so Indipendenza n. 5, 20129 Milan, Italy. Email: marketing@commandstudio.it.
1. Browsing Data: The computer systems and software procedures responsible for the functioning of the Website may, during their normal operation, acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category of data may include IP addresses or domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters related to the user's operating system and computing environment.
These data may be used to obtain anonymous statistical information on the use of the Website and to verify its proper functioning and are deleted shortly after processing. The data may be used to ascertain liability in case of potential cyber crimes against the Website and Command Srl; except for this eventuality, the web contact data are generally not retained for more than 20 days. Please refer to the following sections of the Policy for further details.
2. Data Provided Voluntarily: By using certain services of the Website, users may provide data relating to third parties. In such cases, users act as independent data controllers, assuming the obligations and responsibilities established by law. Therefore, they must: 1) ensure that the processing is based on one of the legal grounds provided by Article 6 of the GDPR; 2) indemnify Command Srl in the event of complaints or claims for compensation due to the processing of third-party data by the user using the functions of the Website in violation of data protection regulations. The data (name, address, contact details, etc.) voluntarily shared, for example, in a request sent via email to the addresses indicated on the Website, are processed to respond to users' requests.
The legal basis for processing is Article 6(1)(b) of the GDPR, as the processing is necessary to provide services and/or respond to user requests (pre-contractual and/or contractual performance). Users are required to provide only the data strictly necessary. Providing data for these purposes is optional, and failure to do so will result in the inability to activate the requested services. If users provide their own data falling under "special categories of data" (Article 9 of the GDPR: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sexual life or sexual orientation), they must only provide such data if strictly necessary.
It should be noted that if special category data are communicated without explicit consent to process such data (although sending a CV is, of course, permitted), Command Srl cannot be held responsible or subject to any claims, as such processing will be permitted based on the manifestly public nature of the data provided by the individual (Article 9(2)(e) of the GDPR). In any case, users are reminded of the importance of providing explicit consent for the processing of special category data should they choose to submit them. Data will be retained for 1 year. Please refer to the following sections of the Policy for more details.
3. Job Offers and Submission of CVs: Data collected through Command Srl’s job offers and the data contained in CVs submitted to the addresses indicated on the Website are processed to assess candidates' professional profiles and arrange potential interviews. Candidates are required to provide only the necessary data.
Data processing is based on the execution of pre-contractual measures taken at the request of the candidates (Article 6(1)(b) of the GDPR). In the case of transmission of special category personal data (as described in the previous section 2) without explicit consent to process such data, Command Srl cannot be held responsible or subject to any claims, as in such cases, processing is lawful due to the manifestly public nature of the data (Article 9(1)(e) of the GDPR).
In any event, the importance of providing explicit consent for the processing of special category personal data is emphasised if candidates decide to share them. The communication of data is at the discretion of the candidates, and refusal to provide it will result in the inability to evaluate their profiles. If Command Srl is not interested in the candidate's profile, the data will be deleted immediately or after the interview. If the profile is of interest, but no employment relationship is established, the data will be retained for 2 years to potentially contact the candidate for future interviews.
This retention period is based on Command Srl’s legitimate interest in contacting candidates whose professional profiles are deemed interesting (Article 6(1)(f) of the GDPR). Please refer to the following sections of the Policy for further details.
4. Cookies: Cookies are data files that websites send to users' internet access devices (usually browsers), where they are stored and retransmitted to the same websites upon subsequent visits by users.
Cookies may be: 1) technical (ensuring the usability of websites, allowing navigation settings and logins); 2) profiling (used to send promotional messages based on users' browsing preferences); 3) third-party (not installed by the websites visited by users but by third-party sites that install them through the former). Cookies can expire when the browser is closed (session cookies) or remain on users' devices until their predetermined expiration (persistent cookies).
Users can always choose which cookies to authorise on their devices via browser settings:
If technical cookies are disabled, users may experience difficulties accessing or using some services of the Website. The use of technical cookies does not require user consent as they are necessary to transmit communication over an electronic communication network or to provide a service requested by the user.
Command Srl’s Website uses Google Analytics cookies, which provide Command Srl with aggregated and anonymous reports on how often users visit the Website’s pages, how long they stay, etc. Google acts as the data processor through this system. Users can review Google Inc.'s privacy policy regarding the Google Analytics service at this link: Google Analytics Cookie Policy. To opt out of Google Analytics cookies, as indicated on the Google website, users must modify their browser settings by downloading the opt-out add-on for Google Analytics JavaScript at this link: Google Analytics Opt-Out Add-On. Disabling Google Analytics cookies will only prevent Command Srl from compiling the aforementioned aggregate and anonymous statistics (IP addresses are anonymised and masked). N.B. Command Srl is not required to seek user consent for the use of Google Analytics cookies as described since they fall within the category of technical cookies. Please refer to the following sections for further details.
5. Recipients of the Data: Users' data may be shared with: 1) entities with whom it is necessary to interact to provide services (e.g., hosting providers); 2) entities, bodies or authorities, independent data controllers, to whom users' data must be disclosed under legal provisions or authorities’ orders; 3) persons authorised to process the data under Article 29 of the GDPR who are required to carry out activities related to the provision of services (e.g., Command Srl’s staff).
6. Transfer of Data to Non-EU Countries: Data may be transferred to non-EU countries (e.g., the United States) based on the standard contractual clauses, which are standard contractual conditions provided by the European Commission that may be used to transfer data outside the European Economic Area in compliance with the GDPR.
7. Data Retention: Data is processed for the time necessary to fulfil contractual and legal obligations. The specific retention periods are detailed in the relevant privacy notices.
8. User Rights: Under Articles 15 and following of the GDPR, users have the right to request access to their data, rectification or erasure of the same, restriction of processing in the cases provided for by Article 18 of the GDPR, and to obtain their data in a structured, commonly used, and machine-readable format in the cases provided for by Article 20 of the GDPR. In the cases provided for by Article 21 of the GDPR, users have the right to object to the processing of their data, and in the cases provided for by Article 77 of the GDPR, users can lodge a complaint with the competent Supervisory Authority.
9. Amendments: Command Srl reserves the right to modify the content of this policy, including in response to legislative changes, and invites users to review it periodically in order to stay informed about the data collected and how Command Srl uses it