ITECHWISE Legal & Compliance Framework

Privacy Policy

1) Controller and Contact. Controller: ITECHWISE. Contact: privacy@itechwise.store. For legal service of process, use legal@itechwise.store. Where required under Art. 27 GDPR, details of our EU/UK representative will be published here; where required under Art. 37 GDPR, our DPO details will be published here.

2) Scope and Interpretation. This policy applies to personal data processed in relation to websites, apps, customer portals, candidate pipelines, communications, and offline touchpoints. Terms have the meanings assigned in Art. 4 GDPR and comparable statutes. Where we publish a service-specific notice, it supersedes this policy to the extent of conflict.

3) Categories of Personal Data

• Identity and contact: name, employer, role, email, phone, address.
• Account: identifiers, credentials (hashed), preferences, logs, permissions.
• Commercial: proposals, orders, invoices, payment status, tax IDs.
• Recruitment: CVs, portfolios, references, interview notes, assessment results.
• Usage/technical: IP, device IDs, user agent, language, referrer, session IDs, timestamps, page interactions, approximate geolocation, cookies and similar IDs.
• Communications: support tickets, emails, chat transcripts, call metadata.
• Special categories: processed only where a lawful condition under Art. 9(2) GDPR or analogous law is met, and minimized.

4) Sources

We collect data directly from you; automatically from your device; and from third parties such as analytics vendors, payment providers, anti-fraud services, recruiters, and publicly available sources (e.g., professional networks, company websites, official registries).

5) Purposes and Legal Bases

• Service delivery and administration (Art. 6(1)(b) GDPR; Art. 6(1)(f) legitimate interests in reliable operations).
• Recruitment and candidate management (Art. 6(1)(b); Art. 6(1)(f); Art. 6(1)(a) for jurisdictions requiring consent).
• Security, abuse, and fraud prevention (Art. 6(1)(c) legal obligations; Art. 6(1)(f)).
• Analytics and product improvement (Art. 6(1)(f) with opt-out where required by ePrivacy).
• Marketing communications (Art. 6(1)(a) consent where required; otherwise Art. 6(1)(f) with opt-out; PECR/ePrivacy observed).
• Compliance and dispute management (Art. 6(1)(c) and 6(1)(f)).

We document legitimate interest assessments and will provide key points to supervisory authorities upon request.

6) Retention

We retain personal data only for as long as necessary for the purposes above, with specific schedules: contractual and accounting records up to 10 years, routine support logs up to 24 months, recruitment files 24 months unless consented otherwise, and security logs up to 12 months unless needed for investigations. We anonymize or aggregate where feasible.

7) Disclosures and International Transfers

We disclose data to processors (hosting, security, analytics, messaging, payment) under Art. 28 GDPR-compliant contracts with confidentiality, subprocessor controls, and incident notice clauses. For transfers outside the EEA/UK/CH, we rely on adequacy, the EU/UK SCCs, and supplementary measures; Transfer Impact Assessments are maintained in line with Schrems II guidance. Onward transfers require our prior written authorization.

8) Your Rights

You may request access, rectification, erasure, restriction, portability, or object to processing. Where consent is the basis, you may withdraw it at any time. We respond within one month (extendable per Art. 12(3) GDPR). You may complain to your competent supervisory authority.

9) Data Security

We employ technical and organizational measures reasonably designed to protect personal data: TLS 1.3, encryption at rest, RBAC, MFA, logging and monitoring, least privilege, periodic penetration testing, vendor due diligence, incident response, and staff training. Security controls are reviewed at least annually.

10) Automated Decisions

We do not make decisions based solely on automated processing that produce legal or similarly significant effects without appropriate safeguards. If introduced, we will provide a specific notice and enable human review.

11) Children

Services are not directed to children under the applicable digital age of consent. If we learn that such data was provided, we will delete it without undue delay.

12) Updates

We may update this policy to reflect legal or operational changes. Material updates will be signposted at the top of this page.

GDPR Notice

Transparency (Arts. 12–14). We provide concise, intelligible information using layered notices. Where data is not obtained directly, we disclose source categories and provide notice within the applicable timeframe unless an exemption applies.

Records (Art. 30). We maintain records of processing activities, including purposes, categories, recipients, transfers, retention schedules, and TOMs. These are available to authorities on request.

DPIA (Art. 35). We perform assessments for high-risk processing, maintain mitigation plans, and consult supervisory authorities where residual risks remain high (Art. 36).

Security (Art. 32). We implement measures appropriate to risk, including encryption, resilience, and regular testing. We have a formal incident response plan.

Processors (Art. 28). We appoint processors under binding contracts including confidentiality, TOMs, subprocessing approval, assistance with rights requests, breach notification, and deletion/return of data upon termination.

International Transfers (Chapter V). We rely on adequacy, SCCs, BCRs, or other safeguards. TIAs are performed, and supplementary measures applied where necessary.

Children (Art. 8). We obtain guardian consent where required and apply age-gating controls as appropriate.

Supervisory Authorities. Data subjects may lodge complaints with their local authority without prejudice to other remedies.

Cookies Policy

We use cookies, local storage, SDKs, and similar technologies ("cookies"). Strictly necessary cookies are essential and set without consent. Non-essential cookies (analytics, personalization, advertising) are set only with prior consent via our consent banner and preference center. Consent signals are logged and can be withdrawn at any time.

Types of Cookies

• Strictly necessary: session management, security, load balancing, cookie consent state.
• Functionality: remembering choices such as language and region.
• Performance/analytics: measuring usage to improve services.
• Advertising: interest-based ads and campaign measurement, where used.

Managing Cookies

Use our banner or your browser settings to manage cookies. Blocking some cookies may impact functionality. Third parties may process data per their own policies; see their notices for details.

Retention

Session cookies expire when the browser closes. Persistent cookies have defined lifetimes (typically 1–24 months) and may be deleted at any time.

Terms of Use

1) Acceptance

By accessing itechwise.store or related services (the "Services"), you agree to these Terms. If you do not agree, do not use the Services.

2) Eligibility

You must have legal capacity in your jurisdiction. If you are using the Services on behalf of an entity, you represent that you are authorized to bind that entity.

3) Accounts

You are responsible for maintaining the confidentiality of credentials and for all activities under your account. Notify us promptly of unauthorized use.

4) Acceptable Use

• No unlawful, infringing, harmful, or abusive content or behavior.
• No reverse engineering or circumvention of security except as permitted by law.
• No automated extraction, scraping, or rate abuse without prior written consent.
• No use that interferes with the normal operation of the Services.

5) Intellectual Property

All content and technology are owned by ITECHWISE or its licensors and protected by law. A limited, revocable, non-exclusive, non-transferable license is granted to access and use the Services for their intended purpose.

6) User Content

By submitting content, you grant ITECHWISE a worldwide, non-exclusive, royalty-free license to host, store, reproduce, adapt, and display such content as necessary to provide and improve the Services. You represent that you have the necessary rights to your content.

7) Third-Party Services

Third-party links and integrations are provided for convenience. We do not control third-party content or policies.

8) Disclaimers

The Services are provided "as is" and "as available" without warranties of any kind, to the maximum extent permitted by law.

9) Limitation of Liability

To the fullest extent permitted, ITECHWISE shall not be liable for indirect, incidental, special, consequential, or punitive damages, or lost profits, revenues, or data. Our aggregate liability will not exceed the greater of EUR 100 or the amounts paid to us in the 12 months preceding the claim. Nothing excludes liability that cannot be excluded by law.

10) Indemnity

You will indemnify and hold harmless ITECHWISE and its personnel from claims arising out of your use of the Services or violation of these Terms.

11) Suspension and Termination

We may suspend or terminate access for suspected violations, legal requests, or risks to the Services, users, or third parties.

12) Governing Law and Forum

Unless a mandatory consumer law provides otherwise, these Terms are governed by the laws of Italy, and the courts of Rome have exclusive jurisdiction. The UN Convention on Contracts for the International Sale of Goods does not apply.

13) Force Majeure

ITECHWISE will not be liable for delays or failures due to events beyond reasonable control, including natural disasters, acts of government, labor disputes, and internet service failures.

14) Changes

We may update these Terms from time to time. Changes take effect upon posting. Continued use constitutes acceptance.

15) Miscellaneous

Severability, waiver, and entire agreement clauses apply. Assignment is permitted by us subject to law; you may not assign without our consent.

Contacts

Do not include sensitive information in emails. Request a secure channel for high-risk disclosures.