Privacy Policy

Last updated: February 18, 2026

1. Data Controller

Aurora SRL ("we", "us", "our") is the data controller for all personal data processed through the VeryEasy Platform ("Platform"), accessible at myveryeasy.com.

2. Data We Collect

We collect the following categories of personal data depending on your use of the Platform:

2.1 Account data

Email address, password (encrypted with bcrypt hashing), first name, last name, and phone number provided during registration.

2.2 Company data

Company name, legal name, VAT number (P.IVA), fiscal code, registered address, SDI code, PEC email, website, description, and company logo uploaded by authorized representatives.

2.3 Application data

CVs, cover letters, portfolio documents, certifications, quiz responses, work experience details, education, language skills, and any information submitted through job applications or work profiles.

2.4 Payment data

Billing information (name, address, email, VAT number for companies, fiscal code for individuals). Payment card details are processed exclusively by Stripe and are never stored on our servers. We retain only transaction references, amounts, and payment status.

2.5 Technical data

IP address, browser type, device information, and session identifiers collected automatically for security and service delivery.

3. Purpose of Processing

We process your personal data for the following purposes:

• Providing and maintaining the Platform services and your account
• Facilitating the job application process between applicants and companies
• Processing payments and managing subscriptions
• Sending service-related communications and notifications (e.g., application status, interview invitations)
• Issuing invoices and complying with fiscal obligations
• Ensuring security, preventing fraud, and detecting unauthorized access
• Complying with legal obligations under Italian and EU law

4. Legal Basis (GDPR Art. 6)

We process your data based on:

• Performance of the contract (Art. 6.1.b) — providing Platform services, managing your account, processing applications
• Your consent (Art. 6.1.a) — where explicitly given (e.g., optional communications, marketing)
• Legitimate interests (Art. 6.1.f) — security, service improvement, fraud prevention
• Legal obligations (Art. 6.1.c) — tax/fiscal compliance, anti-money laundering

5. Data Sharing and Third-Party Processors

We share your data only as necessary to provide our services:

Recipient	Purpose	Data shared
Companies you apply to	Job application processing	CV, application materials, quiz answers, work profile
Stripe, Inc. (USA)	Payment processing	Billing name, email, address, payment card (processed directly by Stripe)
Aruba S.p.A. (Italy)	Hosting, email delivery	All data stored on Platform (encrypted at rest)
Google LLC (USA)	reCAPTCHA (anti-spam)	IP address, browser data, interaction patterns

Stripe and Google are certified under the EU-US Data Privacy Framework. Adequate safeguards (Standard Contractual Clauses) are in place for any data transfer outside the EEA.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Retention

• Account data: retained for the duration of your active account, plus 12 months after deletion request for legal compliance
• Application data: retained for 24 months after the application, or as specified by the hiring company's retention policy
• Payment/billing data: retained for 10 years as required by Italian fiscal law (Art. 2220 Codice Civile)
• Technical logs: retained for up to 6 months for security purposes

7. Your Rights (GDPR Chapter III)

You have the following rights regarding your personal data:

• Access (Art. 15) — obtain a copy of your personal data
• Rectification (Art. 16) — correct inaccurate or incomplete data
• Erasure (Art. 17) — request deletion ("right to be forgotten"), subject to legal retention requirements
• Restriction (Art. 18) — limit processing in certain circumstances
• Portability (Art. 20) — receive your data in a structured, machine-readable format
• Object (Art. 21) — object to processing based on legitimate interests
• Withdraw consent (Art. 7.3) — at any time, without affecting prior lawfulness

To exercise your rights, contact us at: 🔒 Click to reveal. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures including: password encryption (bcrypt), HTTPS/TLS encryption for all connections, secure session management (HttpOnly, Secure, SameSite cookies), access controls and role-based permissions, regular backups, and hosting within the EEA (Aruba S.p.A., Italy).

9. Cookies

The Platform uses strictly necessary session cookies for authentication and service delivery. For complete information, please see our Cookie Policy.

10. International Transfers

Your data is primarily stored within the EEA (Italy). Where transfers to the USA occur (Stripe, Google), they are covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (Art. 46.2.c GDPR).

11. Children's Privacy

The Platform is not intended for individuals under 16 years of age. We do not knowingly collect data from minors. If we discover such data has been collected, we will promptly delete it.

12. Automated Decision-Making

We do not use fully automated decision-making or profiling that produces legal effects. Any pre-scoring or matching features are advisory only and do not replace human decision-making by hiring companies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. The revised version will be posted here with an updated date.

14. Contact & Complaints

For questions, requests, or complaints regarding this Privacy Policy or the processing of your data:

Email: 🔒 Click to reveal

PEC: 🔒 Click to reveal

You have the right to lodge a complaint with the Italian Data Protection Authority:
Garante per la protezione dei dati personali
www.garanteprivacy.it