Policy & Privacy

This English information is being upgraded, you can refer to the Italian version of the website for the complete report.

Personal data is processed in full compliance with EU Regulation 2016/679 and D.Lgs 196/03 and

Who handles the data?
Personal data of identified or identifiable persons are collected and may be handled following the visit to this site. The Data Controller is FourStars Impresa Sociale S.r.l., with registered offices in Via M. Buonarroti 18 - 20145 Milan (Italy).

For all questions or concerns about personal data practices or privacy rights, you may contact us at:
For further information send an email to:
Who is the data protection officer? How to contact the DPO?
An internal Data Protection Officer has been appointed by FourStars. To communicate with the DPO, please send an e-mail to the following address:
What personal data is collected?
By surfing the website or registering to the various services we offer, the user confers the following personal data and more specifically:
  • Personal data;
  • Contact details;
  • CV and other data connected to their personal training, education, and past working experiences as well as all other necessary data to evaluate their soft skills;
  • Eventual images;
  • Eventual information belonging to personal data in the framework of a particular or judicial inquiry in accordance with Union or Member State law shall be processed in compliance with the applicable data protection rules according to the purpose of the processing (WARNING: we ask the user to please disclose the information only if strictly necessary, “caution for the processing of particular and judicial enquiries”);
  • Navigation data such as the IP addresses or the names of the dominiums of the computers used by the users that connect to the website, the addresses noted in the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method employed in making the request to the server, the dimension of the of the file obtained as answer, the numerical code indicating the state of the answer given by the server (successfully processed, error, etc.) and other parameters pertaining to the operative system and the IT environment of the user.
What is the purpose of the data processing?
Personal data is processed by the data controller to:
  • Allow access to the platform on behalf of the users, upon registration (please note it can only take place on the Italian version of our website), for the provision of services (better described on the pages dedicated to registration), based on the contract and the pre-contractual measures betwen the parties or on the basis of the same user's consent;
  • Consent access to the “NEWSLETTER” service, that allows to receive articles from our blog on work and internships (newsletter). The data processing is done on the basis of the consensus given by the user, expressed through the specific subscription request made from the user;
  • Allow the user to download material made available on the website from the data cotroller; done on the basis of the consensus given by the user, expressed through the specific request of the user;
  • Answer user requests received through the optional and voluntary mailing of electronic mail at the addresses indicated on this website. Data is processed based on the contract or pre-contractual agreements between the parties or based on the user’s consent;
  • Be compliant with all legislative obligations;
  • Manage and organize activities for the data controller, based on the legitimate interest of the data controller himself;
  • Allow the defense/exercise of a right of the Data controller;
  • Procedure done through Cookies, for which the procedure is found in the specific area “Cookie policy”
Is the provision of data mandatory?
Without prejudice to the processing of navigation data that occurs automatically, the user is free to provide his personal data in the appropriate request forms to request the dispatching of informative material or other communications. Failure to provide such data may make it impossible to obtain what is requested. How is data processed?
Personal data is processed by automated tools. The Data Controller has adopted specific security measures to prevent the loss of data, illicit or incorrect use and unauthorized accesses.

Where and by whom is the data processed?
The processing operations connected to the web services of this site take place at the FourStars premises. Should the transfer of data outside the European Union be necessary or appropriate, it will be the responsibility of the Data Controller to ensure that the transfer and subsequent storage take place in compliance with the conditions established by EU Regulation 2016/679.

Who is the Data communicated to?
The personal data referred to above is processed from specially appointed FourStars personnel and external parties, the so-called "Data Processors", that operate on behalf of the Data Controller as (consultants, IT service providers, shippers, etc.).
It is also possible that the Data Controller, in relation to the aforementioned purposes, must communicate user data to third parties based on:
  • the user's consent;
  • fulfillment of the contract between the parties;
  • the fulfillment of a legal obligation or a specific request of the Judicial or Public Security Authority;
  • the need to exercise / defend a right.
Outside of these cases the data processed through the web will not be communicated or disseminated.

How long is the data stored for?
Without prejudice to what is indicated in the specific information, the data is stored for the time necessary to fulfill the indicated purposes and, in any case, based on the following criteria:
  • any terms identified by specific rules;
  • art. 2220 c.c.;
  • term identified for the ordinary prescription of rights.
When can particular and/or judicial data be processed?
Particular data is all data indicated in art. 9 comma 1 of the EU Reg. 2016/679, for example: health data, political, religious, or labor opinions, data concerning racial or ethnic origins; whereas judicial data refers to any data relating to criminal offenses and convictions pursuant to art. 10 of the EU Reg. 2016/679.
Some job offers and/or internships might require some particular “status”, and hence, require that some of the information in the aforementioned categories above, be voluntarily inserted in the CV, by the user himself.

Sensitive data processing
In the event a curriculum vitae, containing sensitive personal data (pursuant to Article 9 of EU Regulation 2016/679 and Article 4,letter D of Legislative Decree 196/2003), data concerning health status, political opinions, religious belief or union affiliation (membership to organization similar in nature), judicial information and data in connection with racial and ethnic origins), is sent without express written consent authorizing sensitive data processing, such consent will be specifically requested in writing. In absence of a written reply during the following 14 days, such data shall be deleted.
What are cookies?
Cookies are the information entered onto the browser when the user visits a website or uses a social network with his/her PC, smartphone or tablet. Each cookie contains various data such as, for example, the name of the server from which it comes, a numeric identifier, etc.
Cookies can remain in the system for the duration of a session (i.e. until the browser used to browse the web is closed) or for longer periods and may contain a unique identification code.
Cookies can be divided into different categories based on their characteristics and uses:
  • Strictly necessary cookies. These cookies are essential for the proper functioning of our site and are used to manage the login and access to the reserved functions of the site and to speed up, improve or customize the level of service for the users. The duration of the cookies is strictly connected to the working session and are deleted by closing the browser, or long-running, if aimed at recognizing the visitor's computer. Their deactivation may compromise the use of services accessible by login, while the open part of the site remains accessible;
  • Analysis and performance cookies. These cookies are used to collect and analyze web traffic and the anonymous use of the site. These cookies, even without identifying the user, allow, for example, the detection of the same user logging in at different times. They also check and improve the performance and usability of the system. The deactivation of these cookies can be done without the loss of any features;
  • Profiling cookies. These are permanent cookies used to identify (anonymously or not) user preferences and improve their browsing experience, in order to send advertising messages in line with the preferences expressed by the user itself while surfing the net;
  • Third-party cookies. These are cookies, usually used for profiling purposes, coming from other sites and contained in various elements hosted on the page itself, such as advertising banners, images, videos, etc. This type of cookie can be read by other parties, other than those who manage the web pages you visit.
Which cookies are present on this website?
This site uses:
  • Cookies linked to the platform, belonging to the category of technical cookies, necessary to manage login and access to the site's reserved functions. These cookies do not require user consent.
  • Google Analytics analysis cookies, necessary to collect and analyze site traffic and to allow aggregate statistical analysis regarding the use of the website visited and the use of the site. Since the anonymization function is activated, the user's consent is not required.
  • Advertising cookies (re marketing, segmentation and targeting) of Facebook, belonging to the category of third-party cookies. This is a web analysis service provided by Facebook that uses analytical cookies that are installed on the user's computer to perform aggregate statistical analysis on the use of the website visited, as well as to allow visitors to profile the Sites (which are identified by the "detection cookies") based on the information contained in their "advertising cookies", which concern three categories: age group, sex, marketing segments. On the web page you can find more information about the Facebook service, necessary to identify (anonymously) user preferences and improve the browsing experience, in order to send advertising messages in line with the preferences shown by the user while surfing the net for this type of cookie, user consent is required.
Cookies management
The user can decide whether or not to accept cookies, using their own browser's settings. Attention: the total or partial disabling of technical cookies could compromise the use of site features reserved for registered users. On the other hand, the usability of public content is also possible by completely disabling the cookies.
The disabling of "third-party" cookies does not affect the usability of the website in any way. The setting can be defined specifically for different websites and web applications. In addition, the best browsers allow you to define different settings for cookies "owners" and "third parties" cookies.

For example, with Google Chrome click on the wrench icon in the upper right corner and select “Settings”. At this point select 'Show advanced settings' and change the Privacy settings.

Internet Explorer:

To find out more about cookies:
Who to contact and how?
Without prejudice to the right to lodge a complaint with the Guarantor Authority or to refer to the competent Judicial Authority, at any time, if the prerequisites are fulfilled, the user can exercise the rights provided by the EU Reg. 2016/679 by contacting the Data Controller.
To allow the Owner to quickly take charge of the request, please indicate in the subject "EXERCISE OF GDPR FOURSTARS RIGHTS" and specify in the text:
  • what right it intends to exercise;
  • what is the service as object of the request;
  • which are the data object of the request.
In case of unclear information, the Owner may need to contact the user again.

How soon does the owner have to respond?
The deadline for responding to the user's request is, for all rights (including the right of access), 1 month, extendable up to 3 months in cases of particular complexity (determined according to the judgment of the Owner). The holder must in any case give a reply to the interested party within 1 month of the request, even in the case of refusal.

Rights of the person concerned
  • Right of access (Article 15 of the EU Reg.2016/679). Right of the person concerned to obtain access to his own data and to file a complaint with the supervisory authority;
  • Right of amendment (Article 16 of the EU Reg. 2016/679). Right of the person concerned to obtain the amendment of wrong personal data concerning him from the Data Controller;
  • Right to cancellation (oblivion right) (Article 17 EU Reg. 2016/679). The person concerned has the right to obtain the cancellation of his personal data from the Data Controller without unjustified delay;
  • Right to limitation of processing (Article 18 of the EU Reg.2016/679). Right of the person concerned to obtain a limitation of data processing;
  • Obligation to notice (Article 19 of the EU Reg. 2016/679). The Data Controller communicates to each of the recipients receiving personal data possible corrections or cancellations or limitations of the processing, carried out in compliance with articles 16; 17; 18;
  • Right to data portability (Article 20 of the EU Reg.2016/679). The person concerned has the right to receive personal data concerning him/her provided by the Data Controller and has the right to transmit such data to another data controller without impediment by the first one;
  • Right of opposition (Article 21 EU Reg. 2016/679). Right of the person concerned to oppose to the processing of his personal data;
  • Profiling (Article 22 of the EU Reg. 2016/679). The person concerned has the right to not be subjected to a decision based only on automated processing, including profiling or other procedures which affect his/her person.