Skip to main content

Data Protection Policy for the Processing of Personal Data on the Website

MAFG S.r.l. in its capacity as data controller, hereby informs you pursuant to Article 13 of EU Regulation no. 2016/679 ("GDPR") that the data provided through the https://nexthire-ai.com/ website (the "Website"), regardless of the methods and tools used, will be processed in the following ways and for the following purposes.

This information applies to the personal data that MAFG S.r.l. collects from you as a user of the Site (the "User") or as a potential client/client or contact person of a potential client/client in the event that you act on behalf of a legal entity (respectively the "Potential Client" and the "Client") or as a candidate for open positions at MAFG S.r.l. or in the event of the submission of your spontaneous application (the "Candidate") (jointly and without distinction, the "Data Subjects").

This information is provided for the Website as a whole, and not for other sites, pages or online services that can be reached via hypertext links that may be published or present on the Website but refer to resources outside the domain of the Data Controller, which may be consulted by the Data Subject.

  1. Il Titolare del trattamento dei dati personali

The data controller is MAFG S.r.l. with registered office in Milan (MI) - Via Caio Secondo Plinio n. 11 – 20129 (hereinafter, the "Data Controller" or the "Company").

The Data Controller provides the following e-mail address for all communications: info@nexthire-ai.com.

The Data Controller may designate one or more Data Processors pursuant to Article 28 of the GDPR, who, on behalf of the Data Controller, provide specific processing services or related, instrumental or support activities by adopting all those technical and organizational measures appropriate to protect the rights, freedoms and legitimate interests that are recognized by law to the Data Subjects.

  1. Descrizione del trattamento

The processing will concern individual operations, or a set of operations, of the following personal data provided by the Data Subject when he/she uses the services rendered by the Data Controller, through the Website, as described in the following table (the "Personal Data" or the "Data"):

Type Purpose of the Processing Legal basis Data Retention

a. Dati di accesso del Cliente alla Piattaforma:

username and password.
• to allow the Clients to access the account and use the services available.
Performance of a contract to which the Client is a party or execution of pre-contractual measures taken at the request of the Client (Article 6(1)(b) of the GDPR).
For the duration of the account's validity.
• To comply with the obligations established by law, by a regulation, by EU law or by an order of the Authority, including anti-fraud and anti-money laundering control and prevention activities.
Compliance with a legal obligation to which the Data Controller is subject (Article 6(1)(c) of the GDPR).
For as long as is required by law. In any case, for a maximum period of ten (10) years.
b. Dati identificativi del Potenziale Cliente forniti attraverso il form di contatto presente sul Sito: nome, cognome, e-mail, numero di telefono, azienda di riferimento, ruolo ricoperto e ulteriori dati spontaneamente forniti dal Cliente attraverso il form di contatto.
• To respond to requests from Potential Clients, who may be contacted by e-mail or by means of other communication systems, if provided by them.
Execution of pre-contractual measures taken at the request of the Potential Client (Article 6(1)(b) of the GDPR).

For the time necessary to satisfy the requests of Potential Client. In any case, this data may not be kept for a period exceeding ten (10) years from the satisfaction of the requests received from the Prospect.

In the event of a dispute, the Data may be stored until the expiry of the ordinary appeal periods.
• Exercise the rights of the Data Controller, for example to exercise a right in court.
Legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) of the GDPR).
c. Email del Potenziale Cliente forniti attraverso il form di contatto sul Sito.
• Direct marketing activities;

Express consent of the Potential Client (Article 6(1)(a) GDPR).

Il Potenziale Cliente potrà revocare il consenso in qualsiasi momento tramite l’invio di un messaggio o una mail al Titolare al numero di telefono o all’indirizzo mail da cui riceve la comunicazione di marketing o all’indirizzo email indicato nella presente informativa.
Until the Potential Client's consent is revoked and in any case for a period not exceeding (2) two years from collection.
• sending of informative newsletters.

Express consent of the Potential Client (Article 6(1)(a) GDPR).

The Potential Client may withdraw consent at any time by sending a message or email to the Data Controller at the telephone number or email address from which he/she receives the marketing communication or at the email address indicated in this policy.

d. Dati del Candidato contenuti in candidature spontanee inviate attraverso il Sito o per posizioni aperte sul Sito.

• Dati comuni: nome e cognome, numero di telefone, email, paese e provincia di residenza, Curriculum Vitae allegato, eventuali ulteriori dati spontaneamente forniti nel form di invio della candidatura;
• eventuali dati particolari ex Articolo 9, par. 1 del GDPR, quali a titolo esemplificativo dati relativi alla salute, all’orientamento sessuale, alle convenzioni religiose etc.
• Evaluate new potential collaborators and employees;
• interview candidates.
Execution of pre-contractual measures adopted at the request of the Candidate (Article 6, paragraph 1, letter b) of the GDPR and Article 111-bis of the Data protection Code) and, with regard to any special data provided, the need to fulfil the obligations attributed to the Data Controller or the exercise of rights recognised to the Candidate, in the field of labour law and social security or protection, pursuant to Article 9(2)(b) GDPR.
For twelve (12) months after receipt of the application by the Candidate.

e. Dati di navigazione degli Utenti del Sito:

• information about the device used (e.g. mobile network system, unique device identifiers), hardware and browser settings, IP address;
• web pages visited, duration of the visit, interactions with the page (e.g. scrolling, clicking, etc.), date and time of visits;
• other parameters relating to the operating system and IT environment used by the Data Subject.
• Monitoring of the operation of the Site, also for the purpose of improving the user experience and security.
Legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) of the GDPR).
For a period of two (2) years.

f. User data relating to the use of the Website:

• IP address, date and time of access, date and time of requests made.
• To provide the services available on the Website.
Performance of a contract to which you are a party or execution of pre-contractual measures taken at your request (Article 6(1)(b) of the GDPR).
For the time necessary to manage the User's request, not exceeding 5 years, except for any need for verification by the competent authorities.
• Improve services based on the experience of the Users.
Legitimate interest of the Data Controller in the improvement of its services (Article 6, paragraph 1, letter f) of the GDPR).
For the time necessary to manage the User's request, not exceeding 5 years, except for any need for verification by the competent authorities.
g. Cookie e altre tecnologie di lettura/archiviazione di informazioni sul terminale dell’Interessato
Please refer to the “Cookie Policy”, available at the following link: https://nexthire-ai.com/cookie-policy/.

It should be noted that, with reference to browsing data, the information collected, although not in-tended to be associated with identified subjects, by its nature, if associated with other Data held by third parties (e.g. internet service provider), could allow the identification of the Data Subjects (e.g., IP addresses, domain names of the PCs used, URL addresses of the requested resources, time of the re-quest, numerical code relating to the status of the response given by the server).

  1. Modalità del trattamento

The processing of Personal Data:

  • è realizzato per mezzo delle operazioni indicate all’Articolo 4, co. 1, n. 2 del GDPR e precisamente: raccolta, registrazione, organizzazione, conservazione, consultazione, elaborazione, modificazione, selezione, estrazione, raffronto, utilizzo, interconnessione, blocco, comunicazione, cancellazione e distruzione dei Dati;
  • è effettuato anche con l’ausilio di mezzi elettronici o comunque automatizzati;
  • è svolto anche mediante l’utilizzo di posta elettronica o di altre tecniche di comunicazione a distanza.
  1. Trasferimento dei Dati Personali

The management and storage of Data will take place primarily in the European Economic Area, on the servers of third-party companies appointed and duly appointed as data processors.

The Data Controller may also provide access to the Site and the services indicated therein in other countries, in which case the transfer of Data to such countries is strictly limited to the actual need to be aware of them. The Data Controller will take the necessary measures to protect the Personal Data of the Data Subjects and prevent unauthorized access.

In the event that Personal Data are transferred to the systems used by the Data Controller and/or third party companies appointed and duly appointed as Data Processors also outside the European Un-ion, the Data Controller ensures the application of the European Commission's standard contractual clauses to ensure a secure international transfer of personal data, on the basis of art. 44, 45 and 46 of the GDPR.

In the event that such transfer takes place to countries that do not provide the same level of protection provided for by the GDPR or applicable legislation, or in any case an adequate level of protection of personal data, the Data Controller will ensure that each of these recipients assumes specific contractual obligations in accordance with the applicable regulations on the protection of personal data (including the signing of the Standard Contractual Clauses "SCC" approved by the European Commission) or in the absence of an adequacy decision pursuant to Article 45, paragraph 3 GDPR, or adequate safeguards pursuant to Article 46 GDPR, including binding corporate rules, will request, pursuant to Art. 49 of the GDPR, the possibility of transferring personal data to a third country subject to the acquisition of specific consent from the Data Subject. In any case, the Data Subject may request more information regarding the transfer of Personal Data, by writing to the e-mail address: info@nexthire-ai.com.

  1. Misure di sicurezza

The Data Controller has adopted a variety of security measures to protect the Data against the risk of loss, misuse or alteration, consistent with the measures expressed in Article 32 of the GDPR. The processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated.

  1. Conseguenze della mancata comunicazione dei Dati Personali

Without prejudice to the Data Subject's right to provide Personal Data to the Data Controller, the provision of Personal Data may be:

  • obbligatorio ai fini dell’erogazione dei servizi accessibili tramite il Sito e per finalità connesse all’adempimento di obblighi previsti dalle leggi e/o regolamenti applicabili, nonché da disposizioni impartite dalle competenti autorità/organi di vigilanza e/o controllo;
  • facoltativo con riferimento ai dati forniti spontaneamente dell’Interessato, per finalità di marketing diretto e per l’invio della newsletter

Any refusal by the Data Subject to provide Personal Data to the Data Controller may make it impossible for the Data Controller to provide the requested services and make access to the Website available.

In addition, please consider that the revocation of one or more permissions and/or consents not granted by the Data Subject may have consequences on the proper functioning and/or on the possibility of accessing and/or using the Website correctly and/or providing the services by the Data Controller.

With regard to the provision of special data, in the event that he/she provides personal data that are not relevant and/or revealing – pursuant to the applicable legislation (e.g. regulations on protected categories and compulsory recruitment, etc.) – the selection process, the Data Controller will not process such data and will delete them immediately. In this regard, unless strictly necessary, we ask you not to provide this type of information.

  1. Conservazione e cancellazione dei Dati

The retention period of Personal Data is indicated in the table in point 2 above.

At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to portability of Personal Data can no longer be exercised by the User.

Personal Data will be stored by means of computer archives, including portable devices, adopting appropriate measures to ensure their security and to limit access only to personnel authorized by the Data Controller and within the strict scope of the purposes indicated above.

  1. A chi possiamo comunicare i Dati Personali

For the purposes indicated above, Personal Data may be made accessible or communicated to:

  • dipendenti e collaboratori del Titolare del Trattamento, nella loro qualità di addetti autorizzati al trattamento, nell’ambito delle rispettive mansioni e in conformità alle istruzioni ricevute. Tali individui sono comunque soggetti agli obblighi di confidenzialità e riservatezza;
  • a terzi soggetti che svolgono attività in outsourcing per conto del Titolare del Trattamento la cui attività sia connessa, strumentale o di supporto a quella del Titolare (ad es. software gestionali);
  • a tutti quei soggetti pubblici e/o privati, persone fisiche e/o giuridiche (quali a titolo esemplificativo, studi di consulenza legale, amministrativa e fiscale, fondi o casse anche private di previdenza e assistenza, Uffici Giudiziari, Camere di Commercio), qualora la comunicazione risulti necessaria o funzionale al corretto adempimento degli obblighi contrattuali assunti, nonché degli obblighi derivanti dalla legge;
  • a tutti quei soggetti (ivi incluse le Pubbliche Autorità) che hanno accesso ai Dati Personali in forza di provvedimenti normativi o amministrativi;

In any case, the Personal Data collected will not be disseminated.

  1. Diritti dell’Interessato

The Data Subject may exercise the rights provided for in Chapter III of the GDPR within the limits and under the conditions provided therein:

  • access to the Data (art. 15): the Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her is being processed and, if so, to obtain access to the Personal Data in a commonly used electronic format and certain information on the processing (e.g. purposes, categories of Data processed, recipients, extra-EU transfers, implementation of profiling activities, etc.);
  • rectification of Data (art. 16): the Data Subject has the right to obtain the rectification of inaccurate Personal Data concerning him or her without undue delay and/or the integration of incomplete Personal Data, including by providing a supplementary statement;
  • erasure of Data or “right to be forgotten “ (art. 17): the Data Subject has the right to obtain from the Data Controller the erasure of Personal Data concerning him/her without undue delay and the Data Controller has the obligation to erase Personal Data without undue delay;
  • limitation of processing (art. 18): the Data Subject has the right to obtain from the Data Controller the limitation of processing;
  • Data portability (art. 20): the Data Subject has the right to receive the Personal Data concerning him or her provided to a Data Controller in a structured, commonly used and machine-readable format and has the right to transmit such Data to another Data Controller without hindrance from the Data Controller to whom he or she has provided them;
  • Revoca del consenso (art. 7, par. 3): l’Interessato ha diritto di revocare il consenso prestato in qualsiasi momento. La revoca del consenso non pregiudica la liceità del trattamento basata sul consenso prima della revoca.

Objection to processing (Art. 21): The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her pursuant to Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of these provisions.

  1. Modalità di esercizio dei diritti

The Data Subject may exercise the rights at any time by sending:

  • una e-mail all’indirizzo: info@nexthire-ai.com;
  • una raccomandata A/R a MAFG S.r.l. con sede legale in Milano (MI) – Via Caio Secondo Plinio n. 11 – 20129.

The Data Controller undertakes to provide the Data Subject with information relating to the action taken regarding a request to exercise rights without undue delay and, in any case, at the latest within a period of 30 (thirty) days from receipt of the request itself, extendable up to 3 (three) months only in cases of particular complexity.

Any rectification or erasure or limitation of processing carried out at the explicit request of the Data Subject, except where this proves impossible or involves a disproportionate effort, will be communicated by the Data Controller to each of the recipients to whom the Personal Data have been transmitted. The Data Controller may communicate to the Data Subject the references of the recipients, if requested.

  1. Diritto di reclamo

Data Subjects who believe that the processing of Personal Data is in violation of the provisions of the GDPR have the right to lodge a complaint with the Data Protection Authority: i) by e-mail, to the garante@gpdp.it address or urp@gpdp.it; ii) by fax to 06.696773785; or iii) by post to the registered office located in Rome (Italy), Piazza Venezia n. 11 – Cap 00187, or alternatively by appeal to the judicial authority.

  1. Responsabile e incaricati

The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.

  1. Modifiche alla presente informativa

This policy may be modified and/or updated at any time. If the Data Controller intends to process your Personal Data for purposes other than those indicated in this Data protection Policy, it undertakes to provide, before such further processing, adequate information regarding these different purposes and to carry out such further processing in compliance with current legislation, collecting the specific consent of the Data Subject where necessary.

Updated: August 2025

Innovation that makes the difference.

Shaping the next generation of Talent Acquisition.

LinkedIn

FAQ

How does the AI Interview work?

The AI Interview uses advanced artificial intelligence algorithms to conduct candidate interviews in an interactive and natural way, following the STAR methodology. The system evaluates 8 blocks of Soft Skills in an interview of about one hour and provides a detailed report on the candidate’s behavioral styles.

What is the implementation timeline?

Implementation is fast and supported by our team. For the Standard plan, the system is up and running within 24–48 hours. For the Business and Enterprise plans, we provide personalized training sessions and integration with your existing systems, with timelines varying based on the level of customization required.

How is data security ensured?

Data security is our top priority. We use advanced encryption protocols for both data in transit and data at rest. We strictly comply with GDPR and data protection regulations, ensuring the highest level of confidentiality for both candidate and company information.

What kind of support is included?

Each plan includes different levels of support. The Standard plan provides priority email support and basic training. The Business plan adds 24/7 support and full training. The Enterprise plan includes a dedicated account manager and personalized technical support.

Can the system be integrated with our ATS?

Yes, we offer custom integrations with leading ATS and HR systems. The Business plan includes standard integrations, while the Enterprise plan provides fully customized integrations and dedicated API development to fit seamlessly into your workflow.

How is the ROI of the service calculated?

ROI is measured primarily in terms of time saved in the recruitment process and the quality of hires. On average, our clients report a 60% reduction in time spent on initial screening and a 40% increase in the quality of candidates reaching the final interview stage.

About

Services

Plans

Blog

Book a demo

Login

Info

Work with us

Terms & Conditions

FAQ

How does the AI Interview work?

The AI Interview uses advanced artificial intelligence algorithms to conduct candidate interviews in an interactive and natural way, following the STAR methodology. The system evaluates 8 blocks of Soft Skills in an interview of about one hour and provides a detailed report on the candidate’s behavioral styles.

What is the implementation timeline?

Implementation is fast and supported by our team. For the Standard plan, the system is up and running within 24–48 hours. For the Business and Enterprise plans, we provide personalized training sessions and integration with your existing systems, with timelines varying based on the level of customization required.

How is data security ensured?

Data security is our top priority. We use advanced encryption protocols for both data in transit and data at rest. We strictly comply with GDPR and data protection regulations, ensuring the highest level of confidentiality for both candidate and company information.

What kind of support is included?

Each plan includes different levels of support. The Standard plan provides priority email support and basic training. The Business plan adds 24/7 support and full training. The Enterprise plan includes a dedicated account manager and personalized technical support.

Can the system be integrated with our ATS?

Yes, we offer custom integrations with leading ATS and HR systems. The Business plan includes standard integrations, while the Enterprise plan provides fully customized integrations and dedicated API development to fit seamlessly into your workflow.

How is the ROI of the service calculated?

ROI is measured primarily in terms of time saved in the recruitment process and the quality of hires. On average, our clients report a 60% reduction in time spent on initial screening and a 40% increase in the quality of candidates reaching the final interview stage.

© 2026 MAFG S.r.l. – Via Plinio 11, 20129 Milano – REA MI 2734110 – P. IVA 13612180961 – info@nexthire-ai.com – PEC mafgsrl@pec.it – Cap. soc. € 10.000,00 i.v. – Ultimo aggiornamento Cookie 03/2025 – Per modifiche clicca qui

Privacy Policy

User Privacy Notice

Cookie Policy