Privacy Policy

Users and Talent Companies

Privacy Policy

This privacy policy is provided pursuant to art. 13 of the Regulation EU 2016/679 (the “Regulation”) and refers to any visitor of the websites https://www.wearecosmico.com/ and https://experience.wearecosmico.com or any landing page thereto (the “Website”) and to those who want to join Cosmico’s community to access our contents and services and to find professional opportunities ("Talent").

We will process your personal data in accordance with this privacy policy.

This privacy policy does not apply to personal data processed by the entities with whom you will work as a Talent, websites owners to which any content published on the Website may refer, or by third parties’ social networking platforms where you might share your information. Please refer to such data controllers’ privacy policy as to the processing of your data by them.

1. Data Controller
   

   The data controller is Cosmico S.r.l. (the “Data Controller” or “Cosmico”) with registered office in Milan, via Francesco Restelli no. 1, VAT no. 11186440969.

   The Data Controller appointed a data protection officer that can be addressed at any time with reference to this privacy policy and for any question regarding data processing by sending an email to the following email address: privacy@wearecosmico.com.

2. Which personal data are processed?
   

   When you visit the Website, we process your browsing data. Our Website is designed to capture certain personal data as part of its function and the transmission of such details is implicit as part of the protocols of Internet communication. Data is not collected in order to identify you but it is possible that, if it is combined with third party data, you could be identified. Such browsing data may include your IP address, the name and domain of your device, the addresses in URI format (Uniform Resource Identifier) of requested resources, the time a request was made, the method used to make such request, the size of any file received in response to your request, the numerical code that indicates the status of the server response and other parameters related to your operating system. The Website also uses different kind of cookies together with other technologies that read and archive information on your device so that we can carry, for instance, statistical analysis. Please refer to our cookie policy for more information.

   When you register as a Talent, we process your log in data, first and last name, your address and email, data relating to your professional skills and experience, the additional data in your CV. When you join the community, we may also process data related to your preferences, your opinions or reviews of our services, your image if you attend our events and any additional data you may wish to share with us. Once you start working as a Talent, we will process your billing data and the data needed for the administrative activities.

   Unless you believe it is strictly necessary, please do not enter information that may fall within the special categories of personal data referred to in Art. 9 of the Regulation “([...]personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data capable of uniquely identifying a natural person, data concerning a person's health or sex life or sexual orientation)”.

3. What is the purpose of the processing of your Personal Data? Is the data processing lawful, compulsory, or optional?
   
   Your personal data will be processed, with your consent where necessary, for the following purposes:
   1. to ensure the security of navigation and registration on the Website and to retain, for a limited time, the data of your account following your request of closure of the account so that they are available in case you change your mind. The legal basis for this data processing is our legitimate interest to provide efficient and secure service;
   2. allow you to have access to professional opportunities aligned with your needs, request any content or purchase any service we provide including access to events and initiatives, and to carry out administrative and accounting activities. Please note that if you register, your profile will be screened and clustered by our staff and by automated selection systems. Your data may be shared with companies which are looking for a Talent or which offer the service you request (e.g. trainings, workspaces). The legal basis for the data processing described herein is represented by art. 6(1)(b) and 22(2)(a) of the Regulation since the data processing is necessary to provide you with the service you request;
   3.  fulfill any obligations under applicable laws and regulations or to comply with requests from authorities. Such processing is legitimized by the existence of a legal obligation to which we, as Data Controller, are subject;
   4. if you register or if you sign up to our newsletter, we will use your e-mail to send you invites to Cosmico’s events, offers and promotion available to Cosmico to give you updates on our progresses and services. This data processing will be carried out pursuant to Article 130, paragraph 4 of Legislative Decree No. 196/2003, unless you expressly refuse to receive such communications;
   5. with your prior consent, send you promotional and marketing communications (via email and automated means such as SMS, MMS, automated calls, web messages or by mail or calls with operators). We collect one consent for the marketing purposes described herein, pursuant to the General Provision of the Garante per la Protezione dei Dati Personali "Linee guida in materia di attività promozionale e contrasto allo spam" of 4 July 2013. Should you wish withdraw your consent to any of such means or object to all of the processing of your personal data, you may do so at any time by contacting us via email;
   6. with your prior consent, revocable at any time, to analyze and profile your preferences, skills, needs and achievements in order to offer you, directly or through external companies, experiences, activities and other offers in line with your attitudes;
   7. with your consent, revocable at any time, we may collect and share on the Website and on our social accounts your reviews of your experiences with Cosmico. We may also share on the Website a picture of you, associated with your name, your areas of expertise and the companies for which you have worked; and
   8. for statistical purposes. This processing is performed on anonymous data, and not on personal data, but for sake of completeness it is listed herein.

      There is no obligation to provide us with any data, however, please note that without the information requested upon registration we might not be able to process your request.

4. Are the data disclosed to any third party?
   

   We do not disclose your personal data to third parties for commercial purposes. For the purposes set forth under art. 3, your personal data may be shared with the following recipients:

   1. selected companies, institutions, groups looking for professional profiles in line with your qualifications and providing the services requested or purchased by you (training, travel experiences, co-working services, co-living);
   2. parties that typically act as data processors pursuant to art. 28 of the Regulation, i.e.: i) persons, companies or professional firms that provide assistance and consultancy to Cosmico in accounting, administrative, legal, tax and financial matters; ii) parties delegated to carry out technical maintenance of the Website, the platform and the IT system; iii) service providers used by the Data Controller to achieve the purposes set out in art. 3 (e.g. Website developers and providers of server hosting services, mailing lists, electronic communication systems);
   3. persons, entities or authorities to which we are under the legal obligation to communicate your personal data under applicable laws or court order;
   4. persons authorized by the Data Controller, pursuant to art. 29 of the Regulation, to process personal data in order to carry out activities strictly related to the provision of services and products offered on Cosmico, which are under the obligation to keep your personal data confidential

      Some of your personal data may be shared with recipients outside the European Economic Area. The transfer of your personal data to these recipients is subject to the safeguards set out in Articles 44 - 49 of the Regulation.

   
   
   
5. For how long will the data be retained?
   

   Personal data processed for the purposes referred to in art. 3(i) will be stored for the period of time strictly necessary to achieve those purposes and in any case no later than 12 months from your request to close your account.

   Personal data processed for the purposes set out in art. 3(ii) will be stored for the period of time strictly necessary to achieve those purposes. In any case, since the processing is carried out for the provision of services, Cosmico will keep your personal data for the period of statutory limitation permitted under Italian law to protect its interests (Art. 2946 c.c. and following). When data are transferred to the entities mentioned in Section 3(ii), retention periods are determined by those entities. Therefore, please refer to their privacy policies.

   Personal data processed for the purposes referred to in art. 3(iii) will be stored for the time required by applicable law.

   For the purposes of art. 3(iv), your personal data will be processed until you object to the processing for those specific purposes.

   For the purposes set out in art. 3(v) and art. 3(vi), your personal data will be processed until you withdraw your consent to the processing for such purposes and in any case up to a maximum of 24 months after your last interaction with Cosmico.

   This is without prejudice to the Data Controller right to retain your personal data for the period of statutory limitation permitted by Italian law to protect its interests (Art. 2947(1) and (3) of the Civil Code).

6. Which are the rights of the data subjects?
   
   

   Pursuant to Articles 15 to 22 of the Regulation, you have the right to withdraw at any time the consent given without prejudice to the lawfulness of the processing carried out before the withdrawal, to obtain confirmation of the existence or non-existence of the personal data processing and to have access to the personal data, verify their accuracy or request their integration or update, or rectification; to request the erasure of personal data in the cases provided for by Art. 17 of the Regulation; to request the restriction of data processing in the cases provided for by Art. 18 of the Regulation, where technically possible; to obtain in a structured, commonly used and machine-readable format your personal data, in the cases provided for by Art. 20 of the Regulation; and to object to the processing in the cases provided for by Articles 21 and 22 of the Regulation.

   You always have the right to file a complaint with Italian Personal Data Protection Authority, pursuant to Art. 77 of the Regulation, if you believe that the processing of the personal data is not compliant with law.

7. Amendments
   

   Cosmico reserves the right to change or update this privacy policy at any time. Please refer to the latest version posted on the Website for a description of the processing performed by Cosmico on your personal data.

Privacy policy for companies benefitting of Cosmico’s services

This privacy policy is provided pursuant to art. 13 of the Regulation EU 2016/679 (the “Regulation”) and is referred to the processing of data of the contact person of companies using services provided by Cosmico S.r.l., who fill-in their information on behalf of the companies through the websites https://www.wearecosmico.com and https://experience.wearecosmico.com or any landing page thereto (the “Website”) when requesting a service and information or creating an account for the company (the “Data Subject”). In accordance with the principles of the Regulation, the processing of personal data is carried out in accordance with the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, minimization and confidentiality as set out in art. 5 of the Regulation. This privacy policy does not apply to personal data processed by websites or platform owners to which the Website may link, or by third parties’ providers who act as data controllers (i.e. online payment system providers). Please refer to such third parties’ privacy policy as to the processing of your data by them. This privacy notice is integral part of the Privacy Policy, which is applicable, among others, to visitors of the Website. The provisions of the Privacy Policy specifically applicable to the visitors of the Website (including data processing concerning cookies), shall also apply to the Data Subject.

1. Data controller
   The data controller is Cosmico S.r.l. (the “Data Controller” or “Cosmico”) with registered office in Milan, Italy, via Francesco Restelli no. 1, VAT no. 11186440969. The Data Controller can be addressed at any time with reference to this privacy policy and for any question regarding data processing by sending an email to the following email address: privacy@wearecosmico.com.
2. Which personal data are processed?
   The processing of personal data, carried out for the purposes indicated below, will concern the following categories of personal data: (i) contact data, email address and telephone number; (ii) personal data, such as name and surname; (iii) log-in credentials provided at the time of registration; (iv) data concerning the professional role held and the company to which the user belongs; (v) any additional personal data, information or request communicated to the Data Controller (collectively, the “Personal Data”).
3. What is the purpose of the processing of your Personal Data? Is the data processing lawful, compulsory, or optional?
   Your Personal Data will be processed for the following purposes: (i) to provide the services offered by Cosmico and to fulfil contractual obligations, for administration and accounting purposes related to the performance of the services. The processing is needed to provide the service to the Data Subject and finds is legal ground in Art. 6(1)(b) of the Regulation; (ii) fulfill any obligations under applicable laws and regulations or to comply with requests from Authorities. Such processing is legitimized by the existence of a legal obligation to which the Data Controller is subject (Art. 6(1)(c) of the Regulation); (iii) if you access Cosmico’s services, to send you by e-mail invitation to Cosmico’s events, offers and promotions and other marketing communications, including newsletters, pursuant to Article 130, paragraph 4 of Legislative Decree No. 196/2003, unless you expressly refuse to receive such communications; (iv) with your prior consent, send you promotional and marketing communications by automated means (sms, email, push notifications) and standard means (mail and phone calls); please note that we collect one consent for the marketing purposes described herein, pursuant to the General Provision of the Garante per la Protezione dei Dati Personali "Linee guida in materia di attività promozionale e contrasto allo spam" of 4 July 2013. Should you wish to withdraw your consent to any of such means or object to all of the processing of your Personal Data for marketing purposes, you may do so at any time by contacting us at the email address indicated under point 1 above, without prejudice to the lawfulness of the Personal Data processing prior to such objection; (v) for purposes related to customer satisfaction surveys. This processing is not performed on personal data since data are anonymous.
4. Are the data disclosed to any third party?
   With regard to the Data Controller's activity and exclusively for the purposes mentioned above and for the time strictly required, Personal Data may be shared with the following entities (the “Recipients”):
   1. talent benefiting from the services offered by Cosmico;
   2. parties acting as data processors pursuant to Article 28 of the Regulation or data controllers i.e.: i) persons, companies or professional firms providing assistance and consultancy to the Data Controller in accounting, administrative, legal, tax and financial matters; ii) parties delegated to perform technical maintenance activities; iii) credit institutions, insurance companies and brokers; iv) providers of services imbedded in Cosmico’s services, in particular with regard to the talent retention services (e.g. companies offering experiences, accommodations, training);
   3. persons, entities or authorities to whom Personal Data must be disclosed under provisions of the law or orders of the authorities;
   4. individuals authorized by the Data Controller, pursuant to art. 29 of the Regulation, to process Personal Data in order to carry out the activities strictly related to the provision of services offered by Cosmico, who are legally obliged to keep Personal Data confidential.
   Some of the Personal Data may be shared with Recipients outside the European Economic Area. The transfer of Personal Data to these Recipients is subject to the safeguards set out in articles 44 - 49 of the Regulation.
5. For how long will the Personal Data be retained?
   Personal Data will be retained, pursuant to Article 32 of the Regulation, in observance of the security measures adopted by the Data Controller with regard to data protection, and only the necessary individuals specifically involved and duly authorized to process the data will have access to them.Personal Data processed for the purposes set out in Article 3(i) will be retained for the time strictly necessary to achieve the aforementioned purposes. In any case, since the processing is carried out for the provision of the services, Cosmico will retain Personal Data for the period of time provided under Italian law in order to protect its own interests (Art. 2946 Italian Civil Code and following).Personal Data processed for the purposes mentioned under point 3(ii) will be kept as long as necessary in order to comply with the applicable legal obligation or rule of law.For the purposes mentioned under point 3(iii), Personal Data will be processed until the Data Subject objects to the processing.For the purposes described in point 3(iv), Personal Data will be processed until the Data Subject withdraws the consent given for data processing carried out for those purposes.
6. Which are the rights of the Data Subjects?
   Pursuant to Articles 15 to 22 of the Regulation, you have the right to withdraw at any time the consent given without prejudice to the lawfulness of the processing carried out before the withdrawal, to obtain confirmation of the existence or non-existence of the Personal Data processing and to have access to the Personal Data, verify their accuracy or request their integration or update, or rectification; to request the erasure of Personal Data in the cases provided for by Art. 17 of the Regulation; to request the restriction of data processing in the cases provided for by Art. 18 of the Regulation, where technically possible; to obtain in a structured, commonly used and machine-readable format your Personal Data, in the cases provided for by Art. 20 of the Regulation; and to object to the processing in the cases provided for by Articles 21 and 22 of the Regulation.You always have the right to file a complaint with Italian Personal Data Protection Authority, pursuant to Art. 77 of the Regulation, if you believe that the processing of the Personal Data is not compliant with law.