People who may use the websites include:
- our clients and prospective clients (organisations that contract us to provide services)
- our customers (the end users of our services, for example, Italian citizens or our clients’ employees)
Information we collect from you
When you contact us about our services or to get information available on the website, we collect only the information we need, including:
- any questions, queries or feedback you send us about using the website
- your email address if you send an email to us
- details you send to us about our services, such as:
- your name, address and email address
- your work and education history
- information about your health or disability which is required as part of any relevant process
- information on how you use the website or online services collected automatically using cookies; this includes the internet browser you used, the site you came to our site from and your IP address (please see our Cookies Policy for more information).
How we use the information we collect
We use the information we collect to:
- improve the website by monitoring how you use it (we might also use aggregated or non-identifiable information to help with this)
- respond to any feedback or questions you send us, if you’ve asked us to respond
- give you information you request about other services we provide
- provide services to you if you are a customer (including by providing you with user account access to our online systems or portals)
- also, as an accredited operator for employment policy services in the Lombardy Region, pursuant to art. 28 of the GDPR, Maximus Srl is Maximus S.R.L. in the person of its pro tempore legal representative, in relation to all the processing of personal data, is appointed by the LOMBARDY REGION as the Data Processor for the processing of personal data and the databases referred to in the supply procedures treated by the General Management of which to Attachment A.1.1 of this deed, pursuant to art. 28 of the GDPR. In this context, Maximus S.R.L. REGIONE LOMBARDIA will process the personal data of which it is the owner of the D.G.R. n. IX / 2412 of 26 October 2011, concerning "Procedures and requirements for the accreditation of public and private operators for the provision of vocational education and training services as well as services for work and subsequent implementation decrees.
Sending us information about your health or disability
If you expressly allow us an send us any sensitive personal data, including information about your health (such as a medical condition) or your disability, we may use that information to provide the services to our client/s. We will do this in line with any notices provided or consent that Maximus Srl or our client obtains from you and otherwise in compliance with relevant legislation, including data protection and equality laws; and, where appropriate, relevant ethical guidelines.
Disclosing your information
We will not share your information with any other organisations for their own marketing, market research or commercial purposes. We may pass on the information we collect about you:
- in an anonymised way to our client
- if we need to disclose your personal information to any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party
- to other parties where we identify serious concerns about your wellbeing
- to any third party or supplier for the purposes of providing the services, where you have provided consent (where appropriate)
Keeping your information secure
We store all customer information on secure servers in line with our data retention policies, client requirements and data protection legislation. We take extensive technical and operational steps to protect the data we keep against unauthorised access, unlawful processing, accidental loss or destruction, damage, or misuse. We have documented Information Security & Privacy policies to address data protection. We regularly provide information security and privacy awareness training to our employees.
Although we do our best to protect the information we collect and store about you, we cannot guarantee the security of any information sent to us via the internet.
We do not provide services directly to children or proactively collect their personal information.
Links to other websites
Under data protection laws, you have a number of rights. For example, you can ask us:
- for a copy of the information we hold about you
- to delete information or correct any inaccuracies
- to update any out-of-date information
If we hold your information for the purposes of services we provide on behalf of another organisation, any request you make may be more relevant to them and we may ask you to contact them directly. If you do send your request to us and we pass it to another organisation, we will tell you.
When making your request you should provide us with enough information to allow us to confirm your identity. We may ask for more information, for example to allow us to locate that information or if someone else makes the request to us on your behalf we may ask for a specific form of authority by which you allow them to receive your information from us on your behalf.
If you ask us to delete all data we hold about you, and we hold the information based on:
- Your consent – we will delete it and you will be receiving a confirmation about the deltion. Where we do agree to delete your data this may result in the termination of our services;
- Another legal basis – we will consider your request on a case by case basis, establish if the legal basis still applies and whether we can otherwise delete the information. If it is not necessary for us to keep it, we will delete it.
If you want to receive information about who the data controller is for one of our services, you should contact us.
Changes to this policy
How to contact us
Data Protection Officer
via di Porta Tenaglia 1/3, Milan IT
When contacting our Data Protection Team (including our Data Protection Officer), please let us know:
- Your request relates to Maximus Srl and Maximus Italia Srl
- What your request relates to – e.g. right of access request
- Any other information we might require – e.g. time period you were involved in one of our programmes
Last Updated: 31 December 2019