Recruitment Privacy Notice

Last Updated: May 22, 2025

Working at Cubbit means being part of a team of innovators building the world’s first geo-distributed cloud enabler. If that sounds exciting, we’d love to hear from you - but first, please take a moment to carefully read this Recruitment Privacy Notice (the “Notice”).

At Cubbit, we are committed to protecting the personal data of everyone who engages with us during our recruitment processes, in full compliance with Regulation (EU) 2016/679 (“GDPR”), applicable national legislation, and all other relevant data protection laws.

This Notice applies to all candidates - whether applying for full-time, part-time, temporary, internship, freelance or consultancy roles - and regardless of their country of residence, whether within or outside the European Union.

WHO IS THE DATA CONTROLLER?

The data controller is Cubbit S.r.l., a company incorporated under Italian law, with its registered office at Via della Zecca 1, 40121 Bologna, Italy, listed in the Companies Register under no. 03562001200, Tax Code and VAT no. 03562001200 (“Cubbit”, “we” or “us”, “our”).

WHAT DATA DO WE COLLECT?

In the context of personnel selection, we collect and process personal data that you provide to us directly or that we obtain from authorised third-party sources. These may include:

  • Professional data: work experience, training, skills, certifications, language and computer skills, LinkedIn profile or link to portfolio.
  • CV data: any information you choose to include in your CV or other documents attached to your application (e.g. motivation letters).
  • Data collected during interviews: notes, evaluations, information shared during cognitive or technical interviews, including online.
  • Third party data: references or contacts of previous employers or professional references, if provided by you.
  • Any special categories of data: for example, membership of protected categories (L. 68/1999) or other sensitive information provided voluntarily and relevant to the selection process. These data will only be processed if strictly necessary and in compliance with the guarantees provided for by law.

HOW WE USE YOUR DATA.

We use your personal data exclusively for purposes related to the recruitment process, in compliance with the GDPR and current regulations. Below is a summary of the purposes, legal bases, categories of data processed and retention times:

Purpose of Processing Legal Basis Categories of Data Retention
Assessing applications and selecting candidates Execution of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR) Identification data, contact data, professional data, CV contents, interview notes, technical tests, video interviews, practical tests Up to 12 months after receipt of application
Verification of regulatory requirements (e.g. belonging to protected categories) Legal obligation (Art. 6.1.c GDPR) or explicit consent (Art. 9.2.a GDPR) if required Any special categories of data Limited to the time needed for selection, unless required by law.
Retention of applications for future job opportunities Legitimate interest of the Data Controller (Art. 6.1.f GDPR), balanced against the rights of the data subject As above Up to 24 months, unless the data subject objects.
Protection of the Data Controller's rights in the event of any disputes or litigation. Legitimate interest of the Data Controller (Art. 6.1.f GDPR) Data already processed in the context of recruitment For the period necessary for the defence in court, according to the terms of the law.

After the retention period has expired, personal data will be deleted or anonymised, if technically possible.

WHO WE SHARE YOUR DATA WITH?

Your personal data is primarily processed by Cubbit, acting as the data controller. However, for purposes strictly related to the recruitment process, your data may be shared with the following categories of internal tools used by our HR team:

  • Communication and storage tools: used to manage communication, documentation, and the storage of candidate-related information (e.g., Google Meet for conducting interviews).
  • Professional research and networking tools: used to gather information about candidates and support talent sourcing activities.
  • Contact and relationship management tools: used to manage communications and interactions with candidates throughout the recruitment process.

All such tools are managed internally and are subject to appropriate security measures to safeguard your data. No personal data will be shared with third parties, except where required to comply with legal obligations or to protect Cubbit’s legal rights.

WHERE DO WE TRANSFER YOUR DATA?

Your personal data is primarily stored in Italy or, in any case, within the European Union (EU) and the European Economic Area (EEA). We are committed to minimising data transfers to third countries and only carrying them out when strictly necessary for the purposes described in this Notice.

Where it is necessary to transfer your personal data outside the EU/EEA, we implement the safeguards required by European data protection law to ensure an adequate level of protection for your rights. In particular, we rely on legal mechanisms such as:

  • European Commission adequacy decisions
  • Binding Corporate Rules (BCRs), and
  • Standard Contractual Clauses (SCCs) pursuant to Commission Decision 2021/914/EU. 

Where appropriate, we also supplement these safeguards with additional technical, contractual, and organisational measures to ensure the security and integrity of personal data transferred internationally.

HOW DO WE PROTECT YOUR DATA?

We are committed to protecting your personal data by implementing appropriate technical and organisational measures to ensure the security, integrity, availability, and confidentiality of the information processed throughout the recruitment process.

Our security measures include, but are not limited to:

  • Access controls on recruitment systems and platforms, based on secure authentication and permission management.
  • Data encryption during transmission and, where possible, also at rest.
  • Activity monitoring and periodic audits to detect anomalies or unauthorised access.
  • Secure backups to prevent accidental data loss.
  • Training of personnel involved in recruitment on privacy and security best practices.
  • Vendor assessments and the signing of specific agreements with data processors to ensure they meet appropriate security standards.

Cubbit is certified to ISO/IEC 27001:2022 - the international standard for information security management - further demonstrating our commitment to safeguarding personal data.

WHAT ARE YOUR RIGHTS?

Under the GDPR, you have the right to exercise a range of actions concerning your personal data at any time. In particular, you can:

  • Access the personal data we hold about you and obtain confirmation of whether your data is being processed, as well as a copy of the data we hold.
  • Request the portability of your data, receiving it in a structured, commonly used, and machine-readable format, so that you can transmit it to another controller.
  • Request the rectification of inaccurate data or the completion of incomplete data.
  • Object to the processing of your data, particularly for direct marketing purposes or where there is no overriding legitimate interest.
  • Restrict the processing under certain circumstances, such as during the verification of data accuracy or if you contest the lawfulness of the processing.
  • Request the deletion of personal data when it is no longer necessary, you have withdrawn consent, you have objected to the processing, or the data has been processed unlawfully.
  • Withdraw consent at any time, where the processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a complaint with the competent supervisory authority, if you believe your rights under data protection laws have not been respected.

To exercise any of these rights, you can contact us by emailing privacy@cubbit.io 

We will respond within 30 days of receiving your request. In some cases, we may need to verify your identity before we can proceed.

If, after contacting us, you believe your request has not been handled correctly, you can file a complaint with the relevant data protection authority.

UPDATES TO THE NOTICE.

We reserve the right to update this Privacy Notice at any time, for example to reflect legal or regulatory changes or to adapt it to modifications in our recruitment processes.

In the event of significant changes, we will inform you through appropriate channels (such as email, our website, or the application portal).

We nevertheless encourage you to review this Notice periodically to stay informed about how we process your personal data.

Insert an email address to receive notifications about changes in our list of Subprocessor.