Skip to main content
Human Capital Strategy
Home & Office
ACCESSORIES AND OBJECTS
BENCHES AND POUFS
CHAIRS AND ARMCHAIRS
TABLES AND SIDE TABLES
HOME & OFFICE
INTERIORS IN MOTION
ARCHITECTS & DESIGNERS
in accordance with Articles 13 and 14 of EU Regulation no. 2016/679 (“GDPR”)
Version dated 15 February 2021
") of applicants who send their
to one of the companies forming part of or that, in another way, participate in selection procedures aimed at establishing employment or collaboration relationships with one of the Joint Controllers (hereafter, the "
" or the "
Joint Controllers - DPO (Data Protection Officer)
The Joint Controllers are:
Poltrona Frau S.p.A. with single member,
with registered office at Via Busnelli 1, 20821 Meda (MB), Italy, VAT no. 05079060017.
Cap Design S.p.A. with single member,
with registered office at Via Busnelli 5, 20821 Meda (MB), Italy, VAT no. 04311900965.
Cassina S.p.A. with single member,
with registered office at Via Busnelli 1, 20821 Meda (MB), Italy, VAT no. 00976180968.
Ceccotti Collezioni S.r.l.
with registered office at Viale Sicilia, 4/a, 56021 Cascina (PI), Italy, VAT no. 01452600503.
Janus et Cie S.r.l. with single member,
with registered office at Via Busnelli 5, 20821 Meda (MB), Italy, VAT no. 09873360961.
with registered office at 8950 NW 33rd St Doral, FL 33172, United States.
with registered office at Gammel Lundtoftevej 1C, 2800 Kongens Lyngby, Denmark.
with registered office at 128 Utah St, San Francisco, CA 94103, United States.
Luxury Living Group S.r.l.
, with registered office at Via Balzella, 5647122 Forlì (FC), Italy, VAT no. 10046911003.
Club House Italia S.p.A. with single member
, with registered office at Via Balzella, 5647122 Forlì (FC), Italy, VAT no. 06271501006.
Luxury Living S.r.l. with single member
, with registered office at Via Durini 23, 20122 Milan (MI), Italy, VAT no. 03341380404.
The Joint Controllers have entered into an agreement for joint control of the Data, as defined below, in accordance with Art. 26 of the GDPR, whose essential contents can be viewed by the data subjects.
The companies Poltrona Frau S.p.A., Cap Design S.p.A. and Cassina S.p.A. have appointed a DPO who is responsible for supervising
with the personal data protection regulation and, insofar as is of interest here, the processing carried out under the regime of joint control with the other companies of the Lifestyle DESIGN Group mentioned above.
The Data Subject may contact the DPO securely and privately, at any time, if there are any general questions on the personal data, or to exercise the rights as specified below and, finally, to request information on the organisational structure of the Lifestyle DESIGN Group, by email to the address
Which Data are processed and on what occasion?
The Joint Controller(s) will process the personal data of Applicants (“
”) as described below:
Data provided voluntarily for the creation of a user profile and registration to the reserved area
: applicants can create a profile on the website
("Website"), specifying their name, surname, age, date of birth, residence (State, street, county/province), and contact details (telephone number, email address);
Data provided voluntarily via the "open positions" section of the Website to apply for a specific position or to make a spontaneous application
. On this point, applicants must complete the online application, specifying:
For open positions in Italy
: name, surname, age, date of birth, residence (State, county/province) contact details (telephone number, email address), information on training and education (qualifications and related subjects
; information on professional experience (role and years of experience therein; and upload, using the specific function, their CV and cover letter (if any).
For open positions in the rest of the world
: name, surname, age, date of birth, residence (State, county/province) contact details (telephone number, email address), information on training and education (qualifications and related subjects); information on professional experience (role and years of experience therein; and upload, using the specific function, their CV and cover letter (if any).
The Data processed will be all those provided by applicants in that section. Alternatively, applicants can apply via the "Apply with LinkedIn" function; in that case, the Joint Controllers will have access to the Data contained in the Data Subject's LinkedIn profile.
If the Data Subject inserts text contents containing personal data of other persons (e.g., referee contact details), the Data Subject declares to accept all legal obligations and responsibilities, indemnifying the Joint Controllers from any dispute, demand, or compensation claim for damages in that sense.
Data provided voluntarily by sending an email or by post
: the Data processed will be those contained in the communication sent by Applicants and contained in their CV and/or cover letter.
Data communicated to the Joint Controller by third parties, such as employment agencies,
the Data processed will be those contained in the CV and/or cover letter of the Applicant provided by the third party.
Data provided voluntarily by Applicants during the interview whether in person or remotely:
the Data processed will be all those additional personal data that must be provided by Applicants during the selection phase, therein including data that are collected during remote selection.
Any Special Categories of Data, known as "Sensitive Data" (e.g. data revealing mental-physical suitability for certain jobs, relating to handicaps or invalidating pathologies, allergies or membership of certain protected categories, as well as membership of and any roles covered in trade unions and associations, even philanthropic, any institutional roles covered, whether elective or not), will be processed exclusively to examine the application and only where this is strictly necessary, in accordance with applicable legislation.
do not process
in any way, so-called "Judicial Data" of the Applicants during the selection; therefore, please do not attach this information to the application (e.g., do not attach to the
an extract of the criminal record).
: the IT systems and software procedures that run the Website acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but that, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user. These Data are used for the sole purpose of obtaining anonymous statistical information on use of the Website and to control its correct functioning, to identify anomalies and/or misuse, and they are erased immediately after processing.
For what purposes are the Data processed and on what legal basis?
The Data of the Data Subjects will be processed for the following purposes:
Creation of a user Profile and registration in the personal area of the Website:
creation of the profile relating to the Applicant within the Website, for the purposes of sending the application. The legal basis for processing of the Data is Art. 6 paragraph 1) letter b) of the GDPR, to perform a contract to which the Data Subject is party.
Selection and assessment of the professional profile of the Applicant:
to execute the pre-contractual obligations of which the Applicant is party, for the purposes of possibly establishing the employment relationship, therein including, merely by way of example, the assessment of the professional profile of the Applicant and the conduct of administrative/accounting duties in the phase preparatory to signing the employment/collaboration contract. The legal basis of the Data processing is Art. 6 paragraph 1) letter b) of the GDPR, to perform a contract to which the data subject is party or in order to take steps at the request of the same prior to entering into a contract; for Special Categories of Data, the legal basis is Art. 9 paragraph 2) letter b) namely the need to carry out the obligations and to exercise the specific rights of the controller or of the data subject in relation to employment law.
(the purposes indicated above are jointly known hereafter as the "
to comply with any obligations of law or regulations
. The legal basis of the Data processing is Art. 6 paragraph 1) letter c) of the GDPR, to comply with a legal obligation to which the Joint Controller(s) is/are subject (hereafter the "
to store the
of the Applicant
: if the application has been unsuccessful, to assess the suitability to cover positions other than that for which the Applicant had sent the application, in view of the opening of new employment positions, both at the respective Joint Controller and at the other Joint Controllers. The legal basis of the Data processing is Art. 6 paragraph 1) letter f) of the GDPR, pursuit of the legitimate interest of the Joint Controller(s) (hereafter, the "
Legitimate Interest Purposes
What is the nature of the Personal Data processing (optional or mandatory)?
The processing of the Applicant's Data is mandatory with reference to the Contractual Purposes and the Legal Purposes. If the Applicant does not wish his/her Data to be processed for those purposes, the Joint Controller will not create the user profile on the Website and/or will not assess his/her profile or the outcome of the application may be prejudiced.
The processing for Legitimate Interest Purposes is not mandatory and the Applicant may object to that processing by the methods indicated in paragraph 9 below, but if the Applicant objects to that processing, his/her Data may not be used for storing the application with a view to possible similar open positions at other Joint Controllers.
How are the Data processed?
In relation to the purposes indicated above, the Data will be processed by manual or automated methods, both in digital and paper form, by persons authorised to process within the company organisation of each of the Joint Controllers, in respect of all applicable existing legislation and so as to guarantee the security and confidentiality of the data.
The Data, therein including any "Sensitive Data" will not be subject to profiling.
To whom are the Data communicated?
The Data collected for the purposes indicated in paragraph 3 may be used by the Joint Controllers described herein.
The Data will not be disseminated and, again in relation to the purposes indicated in paragraph 3, they may be communicated to the following categories of entities:
providers of instrumental or support services to those performed by each Joint Controller and therefore, by way of example but without limitation, experts, consultants, lawyers, auditing companies, providers of technological services, in the capacity of autonomous controllers or processors.
transferees of businesses or business branches, companies resulting from mergers, demergers or other transformations of the Controller, as autonomous controllers; and
entities that may access the Data by virtue of legal provisions within the law of the European Union or the Member State to which the Controller is subject.
The list of those entities is available upon request by email to one of the Joint Controllers using the contact details indicated in paragraph 9.
Are the Data transferred abroad?
The Data may, in respect of applicable rules, be transferred abroad even to countries not belonging to the European Economic Area and, in particular, to the countries in which the other Joint Controllers are based (the updated list can be requested by email from the Joint Controller using the contact details indicated in paragraph 9). Any transfer of Data to countries located outside the European Economic Area will occur, in any case, in respect of the appropriate and adequate guarantees for the purposes of that transfer, in accordance with Articles 44 et seq. GDPR.
What is the Data storage period?
The Data will be stored for the period of time necessary to pursue the purposes for which those Data were collected. In any case:
The Data of Applicants collected for the Contractual Purposes
The Data of Applicants collected for the Legal Purposes
are stored for the period envisaged by specific legal obligations or by the applicable legislation.
The Data of Applicants collected for the Legitimate Interest Purposes
are stored for
two years after the end of the selection phase
, taking account of the frequency of the availability of new positions within the Group of the Joint Controllers, or for a period of
for purposes of defending legal claims of the Joint Controller.
In any case, upon the expiry of the storage period, the Data will be erased or made anonymous.
What are the rights of the Data Subject?
In relation to the above Data processing, the Data Subject may exercise, at any time and under the conditions and within the limits indicated in Articles 12 and 13 of the GDPR, the following rights:
(i) Right of access (Art. 15 GDPR); (ii) Right of rectification of inaccurate Data and completion of incomplete Data (Art. 16 GDPR); (iii) Right of erasure (Art. 17 GDPR); (iv) Right to restriction of processing (Art. 18 GDPR); (v) If the processing is based upon consent or on the contract and is carried out using automated tools, the right to receive the personal data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another controller without impediments in accordance with Art. 20 GDPR; (vi) Right to object to processing carried out in accordance with Art. 6, paragraph 1, letters
GDPR (Art. 21 GDPR);
The data subject will also have the right to lodge a complaint with the competent Supervisory Authority (Guarantor for the Protection of Personal Data in Italy) at the contact details indicated on the website www.garanteprivacy.it if the presuppositions are in place (Art. 77 GDPR).
Applicants can exercise their rights by writing to the email address of the DPO indicated in point 1 and/or to each Joint Controller which can be contacted at the following email address
Amendments and updates
fulfilments that may be necessary.
Poltrona Frau SpA
27 May 2021
Poltrona Frau SpA
24 July 2019
27 May 2021
Back to the top of the page
We use technical cookies, that are always enabled and necessary for the website to work correctly, and analytic and profiling cookies, including third party ones, to allow us to measure the usage and performance of the web site and send advertising, including targeted advertising. To accept all cookies, click
. To manage or disable cookies click on
. To refuse all cookies and close the banner click on
; in this case you can continue to navigate the site and only technical cookies will be used. If you would like to learn more, please read our