Privacy Policy
Last updated: February 18, 2026
1. Data Controller
Sede legale: Via Tanaro 11, 00012 Guidonia Montecelio (RM), Italy
P.IVA / C.F.: 18036721001
REA: RM-1757950
PEC: 🔒 Click to reveal
Privacy contact: 🔒 Click to reveal
Aurora SRL ("we", "us", "our") is the data controller for all personal data processed through the VeryEasy Platform ("Platform"), accessible at myveryeasy.com.
2. Data We Collect
We collect the following categories of personal data depending on your use of the Platform:
2.1 Account data
Email address, password (encrypted with bcrypt hashing), first name, last name, and phone number provided during registration.
2.2 Company data
Company name, legal name, VAT number (P.IVA), fiscal code, registered address, SDI code, PEC email, website, description, and company logo uploaded by authorized representatives.
2.3 Application data
CVs, cover letters, portfolio documents, certifications, quiz responses, work experience details, education, language skills, and any information submitted through job applications or work profiles.
2.4 Payment data
Billing information (name, address, email, VAT number for companies, fiscal code for individuals). Payment card details are processed exclusively by Stripe and are never stored on our servers. We retain only transaction references, amounts, and payment status.
2.5 Technical data
IP address, browser type, device information, and session identifiers collected automatically for security and service delivery.
3. Purpose of Processing
We process your personal data for the following purposes:
- Providing and maintaining the Platform services and your account
- Facilitating the job application process between applicants and companies
- Processing payments and managing subscriptions
- Sending service-related communications and notifications (e.g., application status, interview invitations)
- Issuing invoices and complying with fiscal obligations
- Ensuring security, preventing fraud, and detecting unauthorized access
- Complying with legal obligations under Italian and EU law
4. Legal Basis (GDPR Art. 6)
We process your data based on:
- Performance of the contract (Art. 6.1.b) — providing Platform services, managing your account, processing applications
- Your consent (Art. 6.1.a) — where explicitly given (e.g., optional communications, marketing)
- Legitimate interests (Art. 6.1.f) — security, service improvement, fraud prevention
- Legal obligations (Art. 6.1.c) — tax/fiscal compliance, anti-money laundering
5. Data Sharing and Third-Party Processors
We share your data only as necessary to provide our services:
| Recipient | Purpose | Data shared |
|---|---|---|
| Companies you apply to | Job application processing | CV, application materials, quiz answers, work profile |
| Stripe, Inc. (USA) | Payment processing | Billing name, email, address, payment card (processed directly by Stripe) |
| Aruba S.p.A. (Italy) | Hosting, email delivery | All data stored on Platform (encrypted at rest) |
| Google LLC (USA) | reCAPTCHA (anti-spam) | IP address, browser data, interaction patterns |
Stripe and Google are certified under the EU-US Data Privacy Framework. Adequate safeguards (Standard Contractual Clauses) are in place for any data transfer outside the EEA.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
6. Data Retention
- Account data: retained for the duration of your active account, plus 12 months after deletion request for legal compliance
- Application data: retained for 24 months after the application, or as specified by the hiring company's retention policy
- Payment/billing data: retained for 10 years as required by Italian fiscal law (Art. 2220 Codice Civile)
- Technical logs: retained for up to 6 months for security purposes
7. Your Rights (GDPR Chapter III)
You have the following rights regarding your personal data:
- Access (Art. 15) — obtain a copy of your personal data
- Rectification (Art. 16) — correct inaccurate or incomplete data
- Erasure (Art. 17) — request deletion ("right to be forgotten"), subject to legal retention requirements
- Restriction (Art. 18) — limit processing in certain circumstances
- Portability (Art. 20) — receive your data in a structured, machine-readable format
- Object (Art. 21) — object to processing based on legitimate interests
- Withdraw consent (Art. 7.3) — at any time, without affecting prior lawfulness
To exercise your rights, contact us at: 🔒 Click to reveal. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures including: password encryption (bcrypt), HTTPS/TLS encryption for all connections, secure session management (HttpOnly, Secure, SameSite cookies), access controls and role-based permissions, regular backups, and hosting within the EEA (Aruba S.p.A., Italy).
9. Cookies
The Platform uses strictly necessary session cookies for authentication and service delivery. For complete information, please see our Cookie Policy.
10. International Transfers
Your data is primarily stored within the EEA (Italy). Where transfers to the USA occur (Stripe, Google), they are covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (Art. 46.2.c GDPR).
11. Children's Privacy
The Platform is not intended for individuals under 16 years of age. We do not knowingly collect data from minors. If we discover such data has been collected, we will promptly delete it.
12. Automated Decision-Making
We do not use fully automated decision-making or profiling that produces legal effects. Any pre-scoring or matching features are advisory only and do not replace human decision-making by hiring companies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. The revised version will be posted here with an updated date.
14. Contact & Complaints
For questions, requests, or complaints regarding this Privacy Policy or the processing of your data:
Email: 🔒 Click to reveal
PEC: 🔒 Click to reveal
You have the right to lodge a complaint with the Italian Data Protection Authority:
Garante per la protezione dei dati personali
www.garanteprivacy.it