This Privacy Policy (the “Policy”) explains how the relevant Softengi group entity acting as data controller (“Softengi”, “we”, “us”) collects and processes Personal Data when you visit or use softengi.com (the “Website”), including when you submit an inquiry via the contact form and when you submit a CV or other materials via the Website.
1. Key concepts
“Personal Data” / “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) to an individual.
“Processing” means any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion).
“Controller” means the entity that determines the purposes and means of Processing.
“Processor” means a service provider that processes Personal Data on behalf of a Controller under contract.
2. Who controls your Personal Data (Controller allocation by jurisdiction)
Softengi operates through different legal entities in different regions. The Controller for Website-related processing depends on your location and/or which Softengi office you contact or select. If you contact us without specifying a region, we will route your request to the appropriate Controller internally.
Contact and identification details (such as name, email address, phone number, company, job title, country).
Inquiry content and any information you choose to include in your message.
Files you upload via the Website (for example, a CV/resume, portfolio, cover letter, or other attachments).
Communication records (for example, our email correspondence with you).
3.2 Candidate / recruitment data (CV submissions)
If you submit a CV or apply for a role, we may process information such as employment history, education, qualifications, skills, language proficiency, professional references (if provided), and publicly available professional profile links you include.
Please do not include sensitive information (e.g., health data, biometric identifiers, or information about religious beliefs) unless it is strictly necessary and specifically requested for a lawful purpose.
3.3 Technical and usage data
When you use the Website, we may collect technical information such as IP address, browser type, device information, operating system, referring/exit pages, date/time of access, and similar log data. We may also derive an approximate location from IP address for security and analytics purposes.
4. How we use your Personal Data (purposes)
We process Personal Data for the following purposes:
To respond to inquiries and communicate with you about services, proposals, and business discussions.
To receive, review, and administer CVs and recruitment applications; to assess suitability for roles; and to manage recruitment communications.
To operate, maintain, and secure the Website (including preventing fraud/abuse and investigating security incidents).
To improve Website functionality and performance and to develop analytics and reporting at an aggregate level.
To comply with legal obligations and to establish, exercise, or defend legal claims.
5. Legal bases (where the GDPR applies)
Where EU/EEA or Italian data protection law applies, we rely on one or more of the following legal bases, depending on context:
Contract / pre-contract steps: to take steps at your request prior to entering into a contract (e.g., responding to service inquiries).
Legitimate interests: to operate our business, communicate with stakeholders, protect the Website, and prevent fraud (balanced against your rights).
Consent: where required (typically for non-essential cookies or certain marketing communications). You may withdraw consent at any time.
If you voluntarily provide sensitive Personal Data (e.g., within a CV attachment), we will process it only where legally permitted and only to the extent necessary for the relevant purpose, applying appropriate safeguards.
6. Who we share Personal Data with
We may disclose Personal Data to:
Softengi group entities and internal teams, on a need-to-know basis, to handle your request or application.
Service providers (processors) that support Website hosting, email delivery, security, IT operations, customer relationship management, or recruitment workflows, under contractual obligations.
Professional advisers (e.g., legal, audit) where necessary.
Authorities or other third parties where required by law or to protect rights, safety, and integrity.
We do not sell Personal Data as a business model.
6A. Marketing communications
We may use your contact details (such as your business email address and name) to send you information about Softengi’s services, events, industry insights, or updates that we believe may be relevant to you.
You can control marketing communications as follows:
You can opt out at any time by using the unsubscribe link in marketing emails or by contacting us at the email address in Section 15.
If you submit a contact request or otherwise communicate with us, we may send non-marketing administrative messages (for example, responding to your inquiry); these are not affected by marketing opt-out.
Where required by law (including in certain EU/EEA and Italian contexts), we will obtain your consent before sending marketing communications.
If you opt out of marketing, we may still retain minimal information to record your preference and comply with applicable law.
7. International transfers
Because Softengi operates internationally, your Personal Data may be transferred to and processed in countries other than your country of residence. Where required by law, we implement safeguards for international transfers (for example, contractual safeguards and appropriate technical and organizational measures).
For EU/EEA transfers, where applicable, we use recognized transfer mechanisms and assess the level of protection for transferred data.
8. Cookies and similar technologies
The Website may use cookies and similar technologies for essential operation, preferences, security, and (where enabled) analytics. For detailed information, please see our separate Cookie Policy, which describes cookie categories and how to control them.
Where required by applicable law (including in the EU/EEA and Italy), we obtain consent for non-essential cookies and provide the ability to refuse or withdraw consent.
9. Data retention
We retain Personal Data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Typical retention periods (unless local law requires otherwise):
Contact inquiries and related correspondence: up to 24 months after the last interaction.
Recruitment and CV data: typically up to 12 months after closure of the recruitment process for the relevant role, unless extended for legitimate reasons (e.g., legal claims) or where you request earlier deletion.
Security logs: retained for a proportionate period to support security monitoring and incident investigation.
10. Security
We maintain reasonable technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include access controls, encryption where appropriate, network security controls, and vendor due diligence.
10.1 Incident response and personal data breaches
Softengi maintains internal procedures designed to detect, assess, contain, investigate, and remediate security incidents that may affect Personal Data. These procedures are proportionate to the nature of our operations and the risks presented by the processing.
If we become aware of a Personal Data breach, we will, as appropriate:
promptly assess the incident and take steps to contain it and reduce potential harm;
investigate the scope, root cause, and impacted systems and data;
implement remediation measures and, where appropriate, additional safeguards to prevent recurrence;
document the incident and our response actions; and
notify relevant regulators, affected individuals, and other parties where required by applicable law or where we determine notification is appropriate.
Notification timing, content, and method depend on the applicable legal requirements and the nature of the incident. Where we use service providers, our contracts typically require them to notify us without undue delay of incidents affecting the services they provide to us, so that we can evaluate and comply with our notification obligations where applicable.
If you believe your interaction with the Website may be affected by a security incident, please contact us using the details in Section 15.
11. Your rights and choices
Your rights depend on your location and the Controller responsible for the relevant processing. The following summary is intended to be clear and practical; legal conditions and exceptions may apply.
11.1 EU/EEA and Italy
If the GDPR applies, you may have the right to:
Access: request confirmation and obtain a copy of your Personal Data.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion in certain circumstances.
Restriction: request limitation of processing in certain circumstances.
Portability: receive certain data in a structured, commonly used format and transmit it to another controller (where applicable).
Object: object to processing based on legitimate interests and object at any time to direct marketing.
Withdraw consent: where processing is based on consent, withdraw it at any time.
Automated decision-making: where applicable, request information and safeguards in relation to certain automated decisions.
You also have the right to lodge a complaint with a supervisory authority in your habitual residence, place of work, or place of the alleged infringement.
11.2 United States
For the USA, the controller for this Website (as requested) is Softengi Inc. (the “US Controller”). The rights available to you depend on the state where you reside and whether the applicable law applies to Softengi’s processing.
California (CCPA/CPRA) – where applicable, you may have:
Right to know/access the personal information collected, used, disclosed, and (where applicable) sold/shared;
Right to delete personal information (subject to exceptions);
Right to correct inaccurate personal information;
Right to opt out of “sale” or “sharing” (as defined under California law);
Right to limit the use and disclosure of sensitive personal information (where applicable);
Right to non-discrimination for exercising privacy rights.
Authorized agents (California): you may be able to designate an authorized agent to submit requests on your behalf, subject to verification requirements and permitted procedures.
11.3 Canada
Where PIPEDA (and/or a substantially similar provincial law) applies, you generally have rights to:
request access to your personal information;
request correction of inaccuracies; and
challenge compliance and complain via available complaint mechanisms.
11.4 Australia
Where the Privacy Act 1988 applies, you may request:
access to personal information;
correction of personal information; and
lodge complaints consistent with APP obligations and complaint procedures.
11.5 New Zealand
You may request:
access to personal information; and
correction of personal information; and you may complain to the Privacy Commissioner where relevant.
11.6 UAE
Where the UAE PDPL applies, data subjects generally have rights that may include:
access;
correction/completion;
erasure in certain cases; and other rights depending on the implementing framework and context.
11.7 Ukraine / Rest of world
Where Ukrainian law applies, individuals have rights regarding personal data consistent with the Law of Ukraine “On Protection of Personal Data” No. 2297-VI, including access and rectification mechanisms subject to legal conditions.
the context (contact form, CV submission, general browsing);
sufficient details to identify the relevant interaction; and
the specific right you wish to exercise (e.g., access, deletion).
We may request reasonable verification to protect you from unauthorized access, consistent with applicable law. We respond within legally required timeframes; where none apply, we aim to respond within a reasonable period.
12. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the Policy, we will revise the “Last updated” date at the top of this document.
13. Jurisdiction-specific notes
13.1 EU/EEA (excluding Italy) – Softengi Sp. z o.o.
Applicable legislation (non-exhaustive):
Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).
Poland: Act of 10 May 2018 on the Protection of Personal Data (and related implementing/amending acts).
EU ePrivacy framework (cookie consent and similar tracking), as implemented in Member States.
For EU/EEA users (excluding Italy), Softengi Poland acts as Controller for Website processing. We apply the GDPR framework, including lawful bases for processing, appropriate safeguards for transfers, and user rights described in Section 11.
Non-essential cookies and similar tracking technologies are used only with consent where required.
13.2 Italy – Softengi Italia S.R.L.
Applicable legislation and guidance (non-exhaustive):
Regulation (EU) 2016/679 (GDPR).
Italy: Legislative Decree No. 196/2003 (Italian Personal Data Protection Code), as amended (including amendments introduced by Legislative Decree No. 101/2018).
Italy: guidance and decisions of the Garante per la protezione dei dati personali (including on cookies and other tracking tools).
EU ePrivacy framework (cookie consent and similar tracking), as implemented in Italy.
For Italy, Softengi Italia S.R.L. acts as Controller. In addition to the GDPR, Italy has national rules and supervisory practice that may affect how certain topics are implemented in practice, notably cookies/tracking tools and specific transparency expectations. We provide cookie controls and, where required, obtain consent for non-essential tracking.
Recruitment/CV processing: if you submit a CV, we process it for recruitment and candidate administration purposes and provide appropriate information about how your data is used. If you prefer that we do not retain your CV for future roles, you may request deletion at any time.
13.3 UAE –Softengi Middle East
Applicable legislation (non-exhaustive):
United Arab Emirates: Federal Decree-Law No. (45) of 2021 Concerning the Protection of Personal Data (UAE PDPL) and its implementing decisions/regulations as applicable.
For the UAE, Softengi Middle East acts as Controller for Website processing in the UAE. We apply the applicable UAE data protection requirements, including transparency, appropriate safeguards for transfers, and handling requests through the contact channel in Section 15.
13.4 USA, Canada, Australia, New Zealand – Softengi Inc.
Applicable legislation (non-exhaustive; depends on your place of residence and applicability thresholds):
United States: applicable state privacy laws (including, where applicable, the California Consumer Privacy Act as amended by the CPRA – “CCPA/CPRA”).
Canada: Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, where applicable, substantially similar provincial private-sector laws.
Australia: Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
New Zealand: Privacy Act 2020.
For these jurisdictions, Softengi Inc. acts as Controller for Website processing. Applicable rights depend on your location. California residents should also review the Notice at Collection in Section 14.
Operational routing: depending on the substance of your inquiry or application, Softengi Inc. may share your submission within the Softengi group so that the most relevant office can respond.
13.5 All other jurisdictions – Softengi Ukraine
Applicable legislation (non-exhaustive):
Ukraine: Law of Ukraine “On Protection of Personal Data” No. 2297-VI (as amended).
Additionally, mandatory local privacy/data protection laws may apply based on the individual’s country/state of residence and the nature of the processing.
For all other jurisdictions, Softengi Ukraine acts as Controller for Website processing, while applying mandatory local rules as applicable to the individual’s residence.
14. California Notice at Collection (CCPA/CPRA) – Softengi Inc.
This Notice applies only to California residents where the California Consumer Privacy Act, as amended by the CPRA (CCPA/CPRA), applies to Softengi Inc.’s Website processing.
14.1 Categories of Personal Information collected
Depending on your interaction with the Website, Softengi Inc. may collect:
Internet or other electronic network activity information (e.g., IP address, browser and usage data).
Professional or employment-related information (e.g., employer, job title; and if you submit a CV, work history, education, qualifications).
Approximate geolocation data derived from IP address (for security and analytics).
14.2 Purposes for collection and use
Softengi Inc. collects and uses this information to:
Respond to inquiries and communicate with you.
Process CVs and manage recruitment activities (where you submit a CV).
Operate, maintain, secure, and improve the Website.
Comply with legal obligations and protect legal rights.
14.3 Disclosures and service providers
Softengi Inc. may disclose Personal Information to service providers/contractors that perform business functions on our behalf (e.g., hosting, security, communications) under contractual restrictions.
Softengi Inc. does not sell Personal Information.
Softengi Inc. does not share Personal Information for cross-context behavioral advertising as a business practice for this Website.
14.4 Retention
Retention is described in Section 9.
14.5 California consumer rights
Where applicable, California residents may request access/know, deletion, and correction, and may opt out of sale/sharing (if applicable). We do not discriminate against consumers for exercising their rights.
To submit a request, follow the process in Section 11.8.
15. Contact
For privacy questions or to exercise your rights, contact: [email protected]
