Política de Dados de Candidatos
Última atualização: 14/05/2026
Last updated: May 2026
1. Introduction
This policy, provided pursuant to Articles 13-14 of Regulation EU 2016/679 (GDPR), describes how JobFlow processes the personal data of candidates who use the platform to search for jobs and apply to posted positions.
This policy supplements the platform's General Privacy Policy.
2. Data Controller
GiaNet Media di Francesco Giannetta, based in Otranto (LE), Italy. For inquiries: support system.
3. Data Collected
When using the platform as a candidate, the following data is processed:
- Identification data: first name, last name, email, phone number
- Professional data: CV, work experience, skills, certifications, portfolio
- Application data: positions applied for, cover messages, application status
- Availability: availability calendar, work preferences (hours, areas, types)
- Languages: spoken languages and proficiency level
- Documents: uploaded CVs, certificates, portfolio documents
- Reviews: reviews received and sent regarding collaborations
4. Purposes and Legal Basis
| Purpose | Legal basis | Retention |
|---|---|---|
| Candidate profile management | Contract performance (Art. 6.1.b) | Account duration + 12 months |
| Job matching | Contract performance (Art. 6.1.b) | Account duration |
| Sending applications to companies | Contract performance (Art. 6.1.b) | 12 months from application |
| Application-related communications | Contract performance (Art. 6.1.b) | Account duration + 12 months |
| Aggregate statistics and service improvement | Legitimate interest (Art. 6.1.f) | Anonymized data, unlimited |
5. Data Sharing with Companies
When a candidate applies to a job posting, the following data is shared with the posting company:
- First and last name
- CV and documents attached to the application
- Cover message
- Relevant skills and experience
- Public profile reviews
Not shared: personal email, phone number (communication occurs through the platform's internal chat), browsing data, search preferences.
6. Data Subject Rights
Candidates have the right to:
- Access: obtain a copy of their personal data
- Rectification: correct inaccurate or incomplete data
- Erasure: request data deletion (subject to legal limitations)
- Portability: receive data in a structured, machine-readable format
- Objection: object to processing on legitimate grounds
- Restriction: request processing limitation
To exercise these rights, use the support system.
7. Account Deletion
Candidates can request account deletion at any time. Deletion includes:
- Removal of the public profile
- Withdrawal of all active applications
- Deletion of uploaded documents
- Anonymization of reviews (text remains, identifying data is removed)
Some data may be retained for legal or contractual obligations (e.g., fiscal data related to purchases).
8. Security
Candidate data is protected with appropriate technical and organizational measures, including: encryption in transit (TLS), need-to-know access controls, regular backups, access monitoring.
9. Supervisory Authority
Candidates have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali — www.garanteprivacy.it).
