Skip to main content

Data Protection Policy pursuant to art. 13 and 14 of EU Regulation 679/2016 ( “GDPR “)

MAFG S.r.l. with registered office in Milan (MI) - Via Caio Secondo Plinio n. 11 - 20129 ("MAFG"), in the terms provided for in this policy, informs the user  (“Data Subject" or "User") pursuant to art. 13 and 14 of EU Regulation 679/2016 ("GDPR") and the applicable legislation on the protection of personal data represented by Legislative Decree 196/2003, as subsequently amended by Legislative Decree 101/2018 and subsequent amendments (hereinafter, "Privacy Code"), as well as any further regulations issued by the Italian Data Protection Authority (e.g. provisions, guidelines, general authorisations, etc.) (hereinafter, "Applicable Legislation"), that your personal data will be processed in accordance with the methods and purposes set out in this policy.

1) Premises

As a preliminary point, we inform you that MAFG processes your personal data in two ways. On the one hand, MAFG will collect and process on behalf of the organization interested in interacting with you (the "Organization") and on the basis of the instructions given by the same a series of personal data attributable to you and as specified below ("Personal Data" or "Data"). With respect to such Personal Data, MAFG acts as a data processor pursuant to Article 28 of the GDPR and this to allow an assessment of your professional profile to be carried out. Personal Data will be processed by evaluating your behavioural styles and for the purposes of management, professional growth, training and/or development of new business opportunities that the Organization, as data controller pursuant to Article 4.7 of the GDPR, intends to pursue.

In this respect, MAFG does not offer, through its own technology - as specified below - intermediation services in the context of the labour market or any other reserved activity pursuant to Legislative Decree 276/2003. MAFG, therefore, acts as an entity equipped with a specific technology capable of providing the Organization with a potential interlocutor and generating new business opportunities functional to the strategic and development structures of the Organization.

Personal Data will be processed through the Nexthire.AI platform, which uses software based on artificial intelligence ("Platform"). Through the Platform, an interview conducted by an avatar will be carried out and will be recorded in audio and video format (the latter only if activated by you) and transcribed to develop an assessment of your soft skills ("Interview"). The evaluation will be carried out by the Platform according to the "STAR process" method (Situation, Task, Action, Result), taking into account 11 categories of soft skills (emotional stability; communication; people management; potential; relationship - collaboration, pleasantness, accessibility; conscientiousness - organization, structuring; leadership; analytical and strategic thinking; flexibility; customer orientation; innovation and creativity) and the related results will be shared with you in summary form and with the Organization. Likewise, MAFG through the Platform may analyse the information that can be inferred from the professional profile contained in the curriculum vitae provided by the Organization or present on recruiting channels or on public or publicly accessible sources.

The purposes of this processing will be specified and described in the appropriate data protection policy pursuant to Article 13 of the GDPR of the Organization and provided to you on the first useful contact with MAFG. Therefore, for more information on the processing of your Personal Data relating to the Interview, we invite you to read the data protection policy provided by the Organization.

2) The role of MAFG

With this document, MAFG intends to explain to you how it will process the Personal Data you provide during the Interview, found on recruiting channels or on public or publicly accessible sources and/or made available by the Organization for its own purposes and other than those of the Organization.

a) Data Controller

MAFG, in its capacity as data controller (hereinafter "Data Controller"), will process your Personal Data in accordance with the provisions of the Applicable Legislation, only for the purposes and in the manner described in this Data Protection Policy. In all other cases, MAFG will process your Personal Data as a data processor pursuant to Article 28 of the GDPR on behalf of the Organization, to whose data protection policy reference is expressly referred.

The Data Controller may designate one or more data processors pursuant to Article 28 of the GDPR, who, on behalf of the Data Controller, provide specific processing services or connected, instrumental or support activities by adopting all those technical and organizational measures appropriate to protect the rights, freedoms and legitimate interests that are recognized by law to the Data Subjects.

b) Description of processing

The Data Controller will process your Personal Data for the achievement of specific purposes and only in the presence of a specific legal basis provided for by the Applicable Legislation. The following table lists the purposes for which your Personal Data are processed by the Data Controller and the legal basis on which the processing is based. Personal Data are collected by the Data Controller during the Interview, found on recruiting channels or on public or publicly accessible sources and/or made available by the Organization, for the purposes of the evaluation process carried out by MAFG.

Type Purpose of the processing Legal basis of the processing Data Retention
1. Data contained in the recordings and transcripts of the Interviews and the assessments of soft skills resulting from the Interview.
Anonymize and use Personal Data for training activities of the algorithm on which the operation of the Platform is based.
Legitimate interest of the Data Controller in the improvement of its services (Article 6, paragraph 1, letter f) of the GDPR).
Your data will be stored for a period of time equal to 24 months from collection. After that, your data will be anonymised and aggregated in order to conduct the required analyses. After your data is irreversibly anonymized, as it is no longer personal data, the Applicable Legislation will no longer be applicable to the processing of such data.
2. Data contained in the resume, in any cover letters, in public professional profiles, in the sources consulted (e.g. age, professional category, professional experience), data contained in the recordings and transcripts of the Interviews and the assessments of soft skills resulting from the Interview.
Anonymize and use Personal Data for statistical analysis purposes.
Legitimate interest of the Data Controller in the improvement and development of services (Article 6, paragraph 1, letter f) of the GDPR).
Your data will be stored for a period of time equal to 24 months from the collection or the last update requested by the Data Subject. After that, your data will be anonymised and aggregated in order to conduct the required analyses. After your data is irreversibly anonymized, as it is no longer personal data, the Applicable Legislation will no longer be applicable to the processing of such data.
Use Personal Data for new professional and business opportunities.
Legitimate interest of the Data Controller in the development of new professional and business opportunities (Article 6, paragraph 1, letter f) of the GDPR).
Your data will be stored in the Data Controller's database for a period of 24 months from collection or from the last update requested by the Data Subject.
3. Data contained in the recordings and transcripts of the interviews (e.g. professional experience).
To comply with current legal and administrative obligations.
Compliance with a legal obligation (Art. 6 (1) (c) GDPR)
Your data will be stored for the time necessary to comply with specific legal and administrative obligations.

4. User identification data

– name, surname, e-mail address, telephone number, residential address, job title, industries of affiliation and length of service, etc.

– additional optional data provided by the User for chat assistance while using the Platform.
Use of the Platform by the User in compliance with the Terms and Conditions of Use prepared by the Data Controller.
Performance of a contract between the User and the Data Controller (Art. 6, par. 1, lett. b) of the GDPR).
Your personal data will be stored for a period of 10 years from the conclusion of the contract with the Data Controller.
To respond to the User's requests in relation to the use of the Platform and its services.
Legitimate interest of the Data Controller in the use of its services (Article 6, paragraph 1, letter f) of the GDPR).
Your data will be stored for the time necessary to follow up on your requests. If these take place within the framework of a contract between you and the Data Controller, please refer to the definitive information in the relevant section of this Table.
5. Data relating to the degree of satisfaction in the use of the Platform through the administration of a questionnaire at the end of the Interview.
Improvement of the Platform and user experience.
Legitimate interest of the Data Controller in the improvement of its services (Article 6, paragraph 1, letter f) of the GDPR).
Your data will be stored for the period of time necessary to improve the Platform and in any case no longer than 5 years from collection.

As a rule, the Data Controller will not process data belonging to special categories (e.g. health-related data), but this may happen if you provide such data during the Interview, within the curriculum vitae transmitted or in the event that the Interview is addressed to people belonging to Protected Categories. In such cases, your particular data will be processed within the scope of the purposes envisaged by the Organization, subject to identification of a suitable legal basis pursuant to art. 9, par. 2 of the GDPR. In any case, we invite you – where not requested – not to provide data belonging to special categories.

c) Source of your personal data

Your Personal Data has been collected from the following sources and by different methods:

  1. may have been provided to MAFG by the Organization that has a service contract in place with MAFG for the use of the Platform prior to performing the Interview; or
  2. may have been collected through recruitment channels (e.g. Linkedin, Indeed etc.) or from other public or publicly accessible sources by MAFG; or
  3. will be collected during the Interview.

d) Consequences of failing to provide Personal Data

Where the relevant legal basis is the fulfilment of a legal obligation or the performance of a contract with the Data Controller for the use of the Platform, the provision of your Personal Data is mandatory. In these cases, failure to provide them may make it impossible for the Data Controller to carry out the Interview.

In other cases, their provision is optional and any refusal and/or provision of incomplete data will make it impossible for the Data Controller to use your Personal Data for the purposes of statistical analysis and training of the Platform algorithm, for the development of new business opportunities or to correctly follow up on your requests on the use of the Platform and the services provided therein.

e) Automated decisions

MAFG, as a data controller, does not use your personal data in any automated decision-making (in which decisions are made solely by creating and applying technologies without any human intervention) or profiling (processing personal data with a range of technologies that reduce human intervention to assess certain conditions with respect to an individual) that produces a legal or other effect as well significant that you are interested.

Any decision that may affect your rights and freedoms is in fact left exclusively to the Organization and is based on all the personal data and information in their possession and not solely on the information processed and communicated by MAFG.

f) Recipients of Personal Data

Your Personal Data may be made accessible, for the purposes mentioned above, to employees, consultants and collaborators of the Data Controller specifically appointed as Person Authorized pursuant to Article 2-quaterdecies of the Privacy Code or Data Processor pursuant to Article 28 of the GDPR or may be made accessible to subjects identified as independent Data Controllers.

In particular, your Data may be communicated to:

  • tax, accounting, and legal firms that provide tax, accounting and legal advice to us;
  • public or judicial authorities, in cases permitted by law;
  • service providers who, as data processors, provide IT, software and/or system administration services;
  • other Organizations that use the Platform and our services for the purposes of management, professional growth, training and/or development of new business opportunities.

You may request the updated list of recipients to whom the Personal Data will be communicated at any time to the Data Controller, by means of a specific request to be sent using the contact channels indicated in this Policy.

g) Transfer of Personal Data

Your Personal Data will be stored within the European Union on servers of third-party companies, appointed and duly appointed as data processors.

The Data Controller may also provide access to the Platform and the services indicated therein in other countries, in which case the transfer of Data to such countries is strictly limited to the actual need to be aware of it. The Data Controller will take the necessary measures to protect the Users' Personal Data and prevent unauthorized access. Personal Data may be transferred to the systems used by the Data Controller and/or third-party companies appointed and duly appointed as Data Processors even outside the European Union.

In the event that such transfer takes place to countries that do not provide the same level of protection provided for by the GDPR or applicable legislation, or in any case an adequate level of protection of Personal Data, the Data Controller will ensure that each of these recipients assumes specific contractual obligations in accordance with the applicable regulations on the protection of personal data (including the signing of the Standard Contractual Clauses “SCC “ approved by the European Commission) or in the absence of an adequacy decision pursuant to Article 45, paragraph 3 GDPR, or adequate safeguards pursuant to Article 46 GDPR, including binding corporate rules, will request, pursuant to Art. 49 of the GDPR, the possibility of transferring Personal Data to a Third Country subject to the acquisition of specific consent from the Data Subject. In any case, the User may request more information regarding the transfer of Personal Data, by writing to the e-mail address info@nexthire-ai.com.

h) Personal Data retention period and deletion

The retention period of your Personal Data is indicated in the table in paragraph b) above.

At the end of the retention period, Personal Data will be irreversibly deleted or anonymised. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to portability of Personal Data can no longer be exercised by the User.

Personal Data will be stored by means of computer archives, including portable devices, adopting appropriate measures to ensure their security and to limit access only to personnel authorized by the Data Controller and within the strict scope of the purposes indicated above.

i) Security measures

The Data Controller has adopted multiple security measures to protect the Data against the risk of loss, misuse or alteration, consistent with the measures expressed in Article 32 of the GDPR. The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.

j) Rights of the Data Subjects

Pursuant to the provisions of art. 15-21 GDPR, in relation to Personal Data, you have the right to:

  • access to the Data (art. 15): the Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her is being processed and, if so, to obtain access to the Personal Data in a commonly used electronic format and certain information on the processing (e.g. purposes, categories of Data processed, recipients, extra-EU transfers, implementation of profiling activities, etc.);
  • rectification of Data (art. 16): the Data Subject has the right to obtain the rectification of inaccurate Personal Data concerning him or her without undue delay and/or the integration of incomplete Personal Data, including by providing a supplementary statement;
  • erasure of Data or “right to be forgotten “ (art. 17): the Data Subject has the right to obtain from the Data Controller the erasure of Personal Data concerning him/her without undue delay and the Data Controller has the obligation to erase Personal Data without undue delay;
  • limitation of processing (art. 18): the Data Subject has the right to obtain from the Data Controller the limitation of processing;
  • Data portability (art. 20): the Data Subject has the right to receive the Personal Data concerning him or her provided to a Data Controller in a structured, commonly used and machine-readable format and has the right to transmit such Data to another Data Controller without hindrance from the Data Controller to whom he or she has provided them;
  • objection to processing (art. 21): the Data Subject has the right to object at any time, on grounds related to his or her particular situation, to the processing of Personal Data concerning him or her pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR, including profiling on the basis of these provisions.
  • In addition, we remind you that it is your right to lodge a complaint with the Data Protection Authority, if the conditions are met, at the following address(es): Piazza Venezia n. 11 00187 ROME, Fax: (+39) 06.69677.3785, Telephone switchboard: (+39) 06.696771, E-mail: garante@gpdp.it.
IMPORTANT: if you wish to object to the processing of your Personal Data for the purposes sub. 1., 2., 4 and 5 referred to in the table in paragraph b) based on the legitimate interest of the Data Controller, you may contact the Data Controller at the contact details indicated in paragraph k) below.

k) How to contact us

If you have any doubts or questions about this data protection policy, the processing of Personal Data by the Data Controller, the exercise of rights as described in the previous paragraph, you can contact the Data Controller at the following e-mail address: info@nexthire-ai.com.

l) Modification

This policy may be modified and/or updated at any time. If the Data Controller intends to process the Data Subject's Personal Data for purposes other than those indicated in this Policy, it undertakes to provide, prior to such further processing, adequate information regarding these different purposes and to carry out such further processing in compliance with current legislation, collecting the specific consent of the Data Subject where necessary.

Last updated: July 2025

Innovation that makes the difference.

Shaping the next generation of Talent Acquisition.

LinkedIn

FAQ

How does the AI Interview work?

The AI Interview uses advanced artificial intelligence algorithms to conduct candidate interviews in an interactive and natural way, following the STAR methodology. The system evaluates 8 blocks of Soft Skills in an interview of about one hour and provides a detailed report on the candidate’s behavioral styles.

What is the implementation timeline?

Implementation is fast and supported by our team. For the Standard plan, the system is up and running within 24–48 hours. For the Business and Enterprise plans, we provide personalized training sessions and integration with your existing systems, with timelines varying based on the level of customization required.

How is data security ensured?

Data security is our top priority. We use advanced encryption protocols for both data in transit and data at rest. We strictly comply with GDPR and data protection regulations, ensuring the highest level of confidentiality for both candidate and company information.

What kind of support is included?

Each plan includes different levels of support. The Standard plan provides priority email support and basic training. The Business plan adds 24/7 support and full training. The Enterprise plan includes a dedicated account manager and personalized technical support.

Can the system be integrated with our ATS?

Yes, we offer custom integrations with leading ATS and HR systems. The Business plan includes standard integrations, while the Enterprise plan provides fully customized integrations and dedicated API development to fit seamlessly into your workflow.

How is the ROI of the service calculated?

ROI is measured primarily in terms of time saved in the recruitment process and the quality of hires. On average, our clients report a 60% reduction in time spent on initial screening and a 40% increase in the quality of candidates reaching the final interview stage.

About

Services

Plans

Blog

Book a demo

Login

Info

Work with us

Terms & Conditions

FAQ

How does the AI Interview work?

The AI Interview uses advanced artificial intelligence algorithms to conduct candidate interviews in an interactive and natural way, following the STAR methodology. The system evaluates 8 blocks of Soft Skills in an interview of about one hour and provides a detailed report on the candidate’s behavioral styles.

What is the implementation timeline?

Implementation is fast and supported by our team. For the Standard plan, the system is up and running within 24–48 hours. For the Business and Enterprise plans, we provide personalized training sessions and integration with your existing systems, with timelines varying based on the level of customization required.

How is data security ensured?

Data security is our top priority. We use advanced encryption protocols for both data in transit and data at rest. We strictly comply with GDPR and data protection regulations, ensuring the highest level of confidentiality for both candidate and company information.

What kind of support is included?

Each plan includes different levels of support. The Standard plan provides priority email support and basic training. The Business plan adds 24/7 support and full training. The Enterprise plan includes a dedicated account manager and personalized technical support.

Can the system be integrated with our ATS?

Yes, we offer custom integrations with leading ATS and HR systems. The Business plan includes standard integrations, while the Enterprise plan provides fully customized integrations and dedicated API development to fit seamlessly into your workflow.

How is the ROI of the service calculated?

ROI is measured primarily in terms of time saved in the recruitment process and the quality of hires. On average, our clients report a 60% reduction in time spent on initial screening and a 40% increase in the quality of candidates reaching the final interview stage.

© 2026 MAFG S.r.l. – Via Plinio 11, 20129 Milano – REA MI 2734110 – P. IVA 13612180961 – info@nexthire-ai.com – PEC mafgsrl@pec.it – Cap. soc. € 10.000,00 i.v. – Ultimo aggiornamento Cookie 03/2025 – Per modifiche clicca qui

Privacy Policy

User Privacy Notice

Cookie Policy