Privacy Policy


Pharma Point Srl, with registered office at Via G. Modena 2/A, 20129 Milan (MI), Tax Code and VAT no. 10589850154, in its capacity as data controller (hereinafter “Controller“) and in accordance with Regulation (EU) 2016/679 (“GDPR“) and legislation, including at a national level, on protection of personal data in force (“Privacy Legislation“), hereby informs you that your data will be processed according to the following methods and purposes:

  1. Subject of the processing

The Controller processes identifying personal data (in particular, name, surname, e-mail, phone number, IP address, image, etc.) and any sensitive/special data (e.g. inclusion in a protected category, etc.) hereinafter “Data” or “Personal Data” provided by you at the time of registering on the “Work with Us” platform of the website (hereinafter “Website”)

  1. Purposes and legal basis for processing
  1. Our Data are processed, without your prior consent, for the following Service Reasons:

    1. to perform the contract or comply with pre-contractual obligations, in particular:

      • to participate in the selection process for which you applied;
      • to ensure proper performance of the personnel selection process (e.g. application management and evaluation);
      • to contact you to invite you for a job interview;
      • to contact you with feedback on the outcome of the application evaluation processes;
      • where relevant, to enable compliance with pre-contractual and contractual obligations required to establish the employment relationship;
      • to store your CV in the relevant database, including for the purposes of considering it for future positions that may be of interest and that match your experience and professional qualifications;
    2. to pursue a legitimate interest of the Controller, and in particular:

      • to include your application in the statistical analysis we perform in relation to the selection process;
      • to prevent or detect fraudulent activity or abuse that could damage the Website;
      • to comply with obligations provided for by law, a regulation, EU legislation, or an order by the Authority;
      • to exercise the rights of the Controller, e.g. the right to a defence in court.
  1. Methods of processing

Your Data are processed – using electronic means – by way of collection, recording, updating, organising, storage, consultation, arrangement, alteration, selection, retrieval, alignment, use, combination, restriction, erasure or destruction of the Data.

  1. Retention of the Data

The Controller processes the Data for the time required to respond to your request and comply with the purposes referred to above, and in any case:


Personnel selection purposes

24 months

  1. Access to the Data

For the purposes referred to above, the following persons may access your Data:

  • employees and/or collaborators of the Controller in their capacity as persons appointed to perform the processing and/or in-house processors and/or system administrator
  • third-party companies or other parties (e.g. website providers, suppliers, technicians tasked with hardware and software support, professional firms, etc.) that perform work for the Controller on an outsourcing basis, in their capacity as external data processors.
  1. Disclosure of the Data

Your Data may also be disclosed, including without your consent, for the purposes referred to above, for example to oversight bodies, law enforcement officers, or the judiciary, who will process them, at their express request, in their capacity as independent data controllers for institutional purposes and/or as required by law over the course of investigations and inspections.

  1. Transfer and location of the Datai

The Data are not disseminated and will not be transferred to non-EU countries. The personal data will be managed and stored on servers located within the European Union. It is in any case understood that, if necessary, the Controller shall have the right to transfer the data outside of the EU and/or change the location of the servers within Italy and/or the European Union and/or non-EU countries. In that situation, to ensure a proper degree of protection of the Personal Data, the transfer of data to non-EU countries will take place based on a request for the subject’s consent, adequacy decisions by the European Commission, or adoption by the Controller of Standard Contractual Clauses prepared by the European Commission.

  1. Provision of the Data

Provision of the Data is required to enable the Controller to process your Data for the Service Reasons. If you choose not to provide the Data, we will be unable to include you in the selection process and provide you with our services.

  1. Rights of the data subject

In your capacity as data subjects, the Controller hereby informs you that, unless legal restrictions apply, you shall have the right:

  • to receive confirmation as to whether or not Personal Data concerning you exist, even if they have not yet been recorded, and for such Data to be made available to you in intelligible form;
  • to obtain specification and, if appropriate, a copy of: a) the source and category of the Personal Data; b) the logic applied in the event of processing with the aid of electronic tools; c) the purposes and methods of processing; d) the identity of the Controller and processors; e) the persons or categories of persons to whom the Personal Data may be disclosed or that may gain access to them, particularly if the recipients are based in third countries or international organisations; f) whenever possible, the Data retention period or criteria used to determine that period; g) the existence of an automated decision-making process and, in that case, the logic used, importance, and expected consequences for the data subject; h) the existence of adequate guarantees in the event that the Data are transferred to a non-EU country or an international organisation;
  • for inaccurate Data to be updated and rectified without undue delay or, if you wish, for incomplete Data to be supplemented;
  • to obtain the deletion, restriction or anonymisation of the Data, where possible, if: a) they have been processed unlawfully; b) they are no longer needed for the purposes for which they were collected or subsequently processed; c) the consent on which the processing was based is withdrawn and no other legal basis exists; d) you object to the processing and there is no prevailing legitimate reason to proceed with the processing; e) required to comply with a legal obligation; f) the Data refer to minors. The Controller may refuse to delete the Data: a) if exercising the right to freedom of expression and information; b) if complying with a legal obligation, performing a task in the public interest, or exercising public powers; c) for public health reasons; d) for public interest archiving, scientific or historical research, or statistical reasons; e) if exercising a right in court;
  • to obtain restriction of processing in the event of: a) a dispute concerning the accuracy of the Personal Data; b) unlawful processing by the Controller to prevent deletion; c) exercising your right in court; d) verifying whether the legitimate interests of the Controller prevail over those of the Data Subject;
  • if the processing is performed using automated means, to receive the Personal Data that concern you without obstruction and in a structured, commonly used and legible format, to be sent to another controller or – if technically feasible – for such Data to be sent directly by the Controller to another controller;
  • to object, in whole or in part: a) for legitimate reasons, to the processing of the Personal Data that concern you, even if relevant to the purpose for which they were collected; b) to the processing of the Personal Data that concern you for the purposes of sending advertising or direct sales material or to perform market research or sales communications, using an automated call system without an operator, by e-mail and/or using traditional marketing means by telephone and/or the postal service;
  • to submit a complaint to the Italian Data Protection Authority.

In the cases referred to above, where necessary, the Controller shall notify the third parties to whom your Personal Data are disclosed of any rights exercised by you, with the exception of specific cases (e.g. when doing so is impossible or involves the use of resources that are clearly disproportionate to the right protected).

  1. Methods of exercising the rights

You can exercise such rights at any time:

  • by sending a registered letter with notification of receipt to the address of the Controller;
  • by sending an e-mail to;
  • by phoning 02 89013167;
  1. Data controller and processor

The data controller is Pharma Point Srl

The in-house data processor is:

  • Maurizio Mantovanelli

The external processor responsible for managing the “Work with Us” platform is ALTAMIRA S.R.L., with registered office at Via G. Marradi 1, 20123 Milan.

The up-to-date list of in-house and external data processors, as well as system administrators, is kept at the Controller’s registered office at Via G. Modena 2/A, 20129 Milan (MI).

Pharma Point Srl

Previous versions

Pharma Point Srl 08 jannuary 2020   YES
Pharma Point Srl 25 may 2018 08 gennaio 2020