PRIVACY POLICY

Extended Information

1. What is the privacy policy about?
2. Who is the Data Controller?
3. What Personal Data do we collect?
   1. What type of Personal Data do we process?
4. What Personal Data do we not collect?
5. Why do we process the user’s Personal Data?
6. To whom are the user’s Personal Data communicated?
7. What are the user’s rights in relation to the processing of Personal Data, how can they be exercised?
8. How long do we keep Personal Data?
9. What transfers can we make?
10. How do we protect the user’s Personal Data?
11. Deletion of services
12. Applicable law
13. Complaint to the Guarantor Authority for the Protection of Personal Data

1. What is the privacy policy about? This privacy policy ("Privacy Policy") describes how this website ("Site") and our application ("App") manage the processing of personal data ("Personal Data" or simply "Data") of users who consult our web page and use our application. The policy is only applicable to the Site https://www.joinrs.com/ ("Site") and the Joinrs App, a brand owned by Joinrs S.r.l., and not to other websites and applications that may be consulted and used by the user. Following the consultation of this Site and the use of our App, Personal Data relating to identified or identifiable individuals may be collected. The Data will be processed in full compliance with the legislation on the protection of personal data pursuant to Regulation (EU) 2016/679 ("GDPR") and Directive 2002/58/EC ("e-privacy Directive").
2. Who is the Data Controller? The Data Controller is Joinrs S.r.l. ("Joinrs" "We" "Company" or "Controller") with registered office at Via Marsala 29H, Rome - 00185. The Controller has appointed a Data Protection Officer ("DPO" or "RPD") who can be contacted at the address dpo@joinrs.com.
3. What Personal Data do we collect? We collect and process Personal Data in various ways:
   • Personal Data voluntarily provided by the user: we collect personal information about the user when it is actively provided, for example when the user contacts us for immediate assistance or decides to join our community and registers on our website or downloads our App and uses our services.
   • Personal Data collected through the use of the Site and the App: we automatically collect certain personal information during the user’s navigation and use of our Site and App.
4. Why do we process user’s Personal Data?

   If the user uses our App, Personal Data is processed for the following purposes:

   1. To allow the user to register on the Joinrs App
      

      We may process the user’s data to enable registration on our App and to access Joinrs’ services. By clicking the “Register” button in our App, the user may enter the following data:

      • first and last name;
      • email address;
      • password chosen for registration.

      Companies or other entities are not allowed to conduct scouting or direct searches in the database.
      A company may only contact a user if the user has previously submitted their application. Users cannot be contacted solely based on their characteristics (e.g., education path) or indicated preferences/skills.

      Legal basis for processing: the fulfillment of our pre-contractual and contractual obligations to provide services to the user.

   2. To enable user contact with potential employers and profile visibility
      

      After creating an account and based on the information provided in their CV (e.g., education, experience, job preferences), the user may be contacted by potential employers or directly by Joinrs through:

      • the email address provided during registration;
      • contact details present in the uploaded CV.

      When a user creates or updates their profile, it is set to “searchable” by default, meaning it can be viewed by employers and agencies using the Joinrs platform.
      The user can enable or disable this option at any time through the “Settings” section of their profile. If disabled, the user’s contact details will no longer be visible to companies, and direct contact will only be possible if the user has submitted applications or shared their CV.

      The system includes a direct chat feature between the company and the user. Companies can send a connection request, which the user may accept or reject:

      • If accepted, a chat is initiated and the company can view the user’s contact details.
      • If rejected, no chat is activated, and contact details remain confidential.
   3. Online Experiences
      

      Online experiences are webinars organized by client companies in collaboration with us to showcase work environments, specific job roles, technologies, and tools used daily.
      The user registers via the platform, and the live session is held on Zoom. The company receives the user’s name, surname, email address, and field of study, along with their engagement (live participant, registered only, watched later via stream).
      After the live session, a thank-you email is sent, which may include links to the company’s job offers. The company may recontact users registered for the webinar strictly for recruiting purposes.

      Legal basis for processing: fulfillment of our contractual obligations to ensure user participation in webinars organized by companies we collaborate with.

   4. To respond to questions and handle user requests
      

      To respond to questions and service-related inquiries submitted by users via the contact details in the App.

      Legal basis for processing: proper and timely handling of user requests and ensuring the services provided by the Controller.

   5. To ensure the App’s technical functioning
      

      We collect and use user’s Personal Data to technically manage the App and ensure it works properly. We may use personal information to respond to bug reports or system issues.

      Legal basis for processing: our legitimate interests in ensuring the App functions correctly from a technical/IT standpoint.

   6. Profiling activities
      

      With specific user consent, given by voluntarily setting filters to define preferences for job offers, the data may be used for profiling purposes aimed at delivering personalized marketing messages and/or services. Profiling may also use data collected via cookies, as explained in the cookie policy.

      Legal basis for processing: prior explicit consent of the user.

   7. Marketing communications
      

      After filling out a form in the App, we may send—or have our IT service providers send—marketing emails to the user.

      Legal basis for processing: prior explicit consent of the user.

      The user can always opt out of direct marketing communications, including those already consented to, by unsubscribing from newsletters or notifying us via email.
      If the user has already used Joinrs’ services, we may email them about similar services or updates.

      Legal basis for processing: our legitimate interest in promoting the company’s services to our customers.

      The user can object to this specific marketing processing at any time by email or using the unsubscribe link at the bottom of our newsletters.

   8. To inform the user about changes to the App’s terms and this Privacy Policy
      

      To send updates about changes to the terms and conditions of the App’s use and to provide this Privacy Policy.

      Legal basis for processing: our legitimate interest in informing users in advance about such changes.

   9. Compliance with legal obligations
      

      To comply with legal obligations or government orders, including those issued by authorities outside your country of residence, where disclosure of personal data is strictly necessary.

      Legal basis for processing: compliance with our legal obligations.

   10. Data analysis to improve the App
       

       We collect certain information to perform analyses that help improve our services and the App. This data is used in aggregate and for statistical purposes only.

       Legal basis for processing: our legitimate interest in improving our services and enhancing the user experience.

   11. To prevent fraud and abuse
       

       We use information related to fraudulent or criminal activity to detect and prevent fraud or abuse.

       Legal basis for processing: our legitimate interests in protecting our organization from fraudulent activities.

   12. Legal protection of our interests
       

       To legally enforce our terms and conditions, protect our business operations, our rights, privacy, safety, or property—and that of our affiliates—and to pursue available legal remedies or limit potential damages.

       Legal basis for processing: our legitimate interests in legally protecting our organization.

5. To whom are the user’s Personal Data communicated?
   The user’s Personal Data may be shared, for the purposes mentioned above, with:
   1. subjects who typically act as data processors pursuant to art. 28 of the Regulation, i.e.: i) individuals, companies, or professional firms that provide assistance and consultancy services to Joinrs in accounting, administrative, legal, tax, financial, and debt collection matters relating to the provision of Services; ii) subjects with whom it is necessary to interact for the provision of services (e.g. hosting providers, platforms, and companies through which it is possible to access with one’s own account); iii) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks); (collectively "Recipients"); the list of data processors who process data can be requested from the Controller or the DPO by writing to the following addresses: dpo@joinrs.com
   2. subjects, entities, or authorities, autonomous data controllers, to whom it is mandatory to communicate Personal Data pursuant to legal provisions or orders from authorities;
   3. recruitment companies that collaborate with Joinrs or that use the Site to post job offers;
   4. persons authorized by Joinrs to process Personal Data pursuant to art. 29 of the Regulation, necessary to perform activities strictly related to the provision of Services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality (e.g. Joinrs employees).
   5. The Data may be accessible to other companies and temporary employment agencies that use Joinrs to receive resumes and spontaneous applications. By applying to a job offer within Joinrs, providing contact information to show interest in a job offer, responding to a message from an employer, you consent to the disclosure of your information to that employer and/or the referring temporary employment agency and to be contacted by that employer and that temporary employment agency for employment-related purposes.
6. What are the user’s rights regarding the processing of Personal Data, and how can they be exercised? Individuals whose Personal Data is being processed have the right to obtain confirmation of whether or not the same Data exists and to know its content and origin, verify its accuracy, or request its integration, updating, or correction (Articles 15 and 16 of the Regulation), specifically:
   • Right of access. The right to access personal information concerning the user along with some related information;
   • Right to Data portability. The right to receive personal information in a common format and to have it transferred to another data controller;
   • Right to rectification. The right to obtain the rectification of Personal Data without undue delay if the Personal Data is inaccurate or incomplete;
   In accordance with Articles 17, 18, and 21 of the Regulation, individuals have the right to request the erasure, restriction of processing, anonymization, or blocking of Data processed unlawfully, as well as to object, for legitimate reasons, to their processing, specifically:
   • Right to erasure. The right to obtain the erasure of their Personal Data without undue delay in certain circumstances, such as when the Personal Data is no longer necessary for the purposes for which it was collected or processed;
   • Right to restriction of processing. The right to obtain, in specific circumstances identified by applicable law, a restriction of the processing of their Data for a certain period of time, for example, when contesting the accuracy of the Personal Data, for the time needed to verify its accuracy and correctness;
   • Right to object. The right to object, for reasons relating to their particular situation, to the processing of Personal Data, and to object to the processing of Personal Data for direct marketing purposes, to the extent that it is related to such direct marketing.
   The data subject has the right to withdraw their consent at any time, where this constitutes the legal basis for the processing of Personal Data. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. These rights can be exercised by contacting the Data Controller and/or the Data Protection Officer at the following addresses: • email: dpo@joinrs.com • Mailing address: Via Marsala 29H, Rome - 00185.
7. How long do we retain Personal Data?
   We intend to retain the user’s Personal Data for as long as the data subject has not requested its erasure. The Data Controller undertakes, in accordance with the terms of service indicated on our Website and App, to keep the Data entered by the user and make it available to the user for processing through the tools offered by our services.
8. What transfers can we make?
   In the context of the aforementioned processing activities, we may communicate information and Personal Data to recipients located outside the territory of the European Union (particularly in the US). In the event of the transfer of Data outside the European territory, we ensure from now on that the transmission will take place in compliance with applicable legal provisions by entering into, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
9. How do we protect the user’s Personal Data?
   Information security is very important to the Data Controller, and we have implemented safeguard measures to preserve the integrity and security of the information we collect and share with our Website and App providers. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised due to a security breach, we will take reasonable measures to investigate the situation and, if necessary, notify individuals whose information may have been compromised and take other measures in accordance with applicable laws and regulations.
10. Service cancellation
    To no longer receive commercial and promotional information from Joinrs, the user can send an email to the Data Controller at the addresses indicated in this notice or unsubscribe from our newsletter by clicking the link at the bottom of our marketing emails.
11. Applicable law
    This Privacy Policy is governed by and will be interpreted in accordance with provisions and any other mandatory regulations applicable in the European Union.
12. Complaint to the Italian Data Protection Authority
    The data subject has the possibility to lodge a complaint with the Italian Data Protection Authority, which can be contacted through the website https://www.garanteprivacy.it/.