Privacy Policy
We are Bending Spoons S.p.A. (“we” or “us”). This privacy policy explains how we use the personal data of an individual (“candidate” or “you”) who participates in our selection process (“selection process”) by applying for a job or an event, or by being listed as a professional reference.
We provide this privacy policy in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”), the Italian Legislative Decree 196/2003, and other applicable local laws, as amended or replaced (collectively, “applicable privacy laws”).
Last updated: October 20, 2025
Bending Spoons S.p.A. is the data controller. We’re a technology company headquartered at via Nino Bonnet 10, Milan, Italy, MI 20154.
Here, we briefly describe why we need this data and the legal grounds for doing so:
- To run the selection process. When you apply, we need to use your data to evaluate your application and, if successful, prepare an employment contract or the event participation.
Legal basis: Contractual relationship (Art. 6.1(b) GDPR). - For our legitimate interest. Your data may help with some activities considered in our legitimate interests. For example, improving the fairness and efficiency of the selection process, preventing misuse of our tools, managing internal operations, or contacting professional references to support candidate evaluation. We balance our interests with your rights.
Legal basis: Legitimate interest (Art. 6.1(f) GDPR). - To comply with the law. We may need to use your data to meet legal requirements.
Legal basis: Legal obligation (Art. 6.1(c) GDPR).
Additionally, we may request explicit consent for your data to be used for specific optional activities, as specified below. Declining or withdrawing consent doesn’t affect your evaluation or the outcome of your selection process.
Legal basis: Consent (Art. 6.1(a) GDPR).
In some scenarios, you may choose to share sensitive personal data (such as health information, if requesting an accommodation). We use this data only with your additional consent and only to provide the support requested. Sharing it is always optional and doesn’t affect your evaluation or the outcome of your selection process.
Legal basis: Explicit consent for sensitive data (Art. 9.2(a) GDPR).
When you apply for a job or event, we run a selection process to assess your suitability. Depending on how far you progress, some or all of the activities below will take place.
Evaluation of candidates
We evaluate your profile, qualifications, and skills to decide whether to offer you a job or invite you to an event.
Legal basis. These activities are based on our contractual relationship. If you don’t provide the requested data, you can’t participate in the selection process.
Automated assessments
To keep the process fair, consistent, and efficient, we use internally developed automations—such as machine learning—to help identify candidates who may move forward, and to score certain tests. Talent managers always remain in charge. They can review, adjust, or disregard algorithmic suggestions.
Our proprietary tools combine rule-based algorithms and machine learning. They analyze only the data you provide (such as academic results, experience, or test answers) and assign values to estimate potential success at later stages. They don’t have access to sensitive data such as gender, ethnicity, or religion. They’re audited regularly and used only when we have evidence that they improve accuracy or efficiency.
Legal basis. These activities are based on our contractual relationship. If you don’t provide the requested data, you can’t participate in the selection process.
Recording of interviews and tests
We may record some activities to support an accurate process:
- Interview recordings and transcripts. These help interviewers focus on your answers and allow talent managers to recall discussions precisely.
- Proctored tests. Some assessments may be monitored with your camera, microphone, and screen to guard against cheating. This helps to ensure that every candidate is evaluated on their own merit.
Legal basis. These activities are based on our legitimate interest to support fair, accurate, and efficient assessment. You may opt out at any time. Opting out doesn’t affect your evaluation or the outcome of your selection process.
References
During the selection process, a candidate may be asked to provide the contact information of professional references. If you’re one of these references, we may contact you to ask for feedback about the candidate’s qualifications and suitability for the role. It’s the candidate’s responsibility to notify you that we may get in touch. Sometimes, we might also reach out to you to ask for additional references of individuals who, in your view, could be a good fit for our company.
Legal basis. This activity is based on our legitimate interest—and that of the candidate—to verify qualifications and suitability through professional references and obtaining valuable references relevant to our job positions. You may opt out at any time.
If relevant, we may use your data to arrange logistics such as travel for an event or an in-person interview.
If you request an accommodation, we will use only the sensitive information you choose to share, and only to provide the support requested.
Legal basis. These activities are based on our contractual relationship. If you don’t provide the requested data, you can’t participate in the selection process.
If you choose to share sensitive personal data (for example, health-related information, which is considered a special category under GDPR, Art. 9.2(a)), we’ll use it only with your explicit consent and solely to provide any requested support or accommodations. Sharing this type of information is completely optional. We may consider it only to make sure you can safely perform the role and to provide any necessary adjustments. (Legal basis: Art. 9.2(a) GDPR).
We may use your personal data, mainly in aggregated form, for statistical analysis that helps us improve the accuracy, fairness, efficiency, and overall experience of the selection process.
For example, this analysis may help us:
- Refine how we evaluate applications and conduct interviews
- Foster diversity and inclusion initiatives
- Make our tools and platform more user-friendly
Legal basis. These activities are based on our legitimate interest to support fair, accurate, and efficient assessment.
You may opt out at any time. Opting out doesn’t affect your evaluation or the outcome of your selection process.
If you choose to share sensitive personal data (for example, health-related information, which is considered a special category under GDPR, Art. 9.2(a)), we’ll use it only with your explicit consent and solely to provide any requested support or accommodations. Sharing this type of information is completely optional. We may consider it only to make sure you can safely perform the role and to provide any necessary adjustments. (Legal basis: Art. 9.2(a) GDPR).
Even if you don’t receive an offer, we may keep your profile in mind for future opportunities that match your background, interests, and skills. We may then contact you inviting you to apply.
We may receive your contact details directly from you or, if you were referred, from a trusted third party such as a referral program participant.
Legal basis. These activities are based on our legitimate interest in identifying other opportunities that may be a good fit for you. You may opt out at any time. Opting out doesn’t affect your evaluation or the outcome of your selection process.
Some activities take place only if you give us your explicit consent. It's always your choice, and you can withdraw consent at any time.
Using your data to improve our machine learning algorithms
We may ask for your permission to use your application data to improve the machine learning algorithms that we developed to support our talent managers in evaluating candidates.
These algorithms are designed to:
- Check how well a candidate's profile aligns with a specific role
- Learn from past evaluations and outcomes
- Make the process more consistent and objective
See Automated assessment for details on how these tools work.
Legal basis. This activity is based on your explicit consent. Saying no—or withdrawing consent later—will not affect your evaluation or the outcome of your selection process.
In rare cases, we may use your personal data outside the normal selection process.
Compliance with legal obligations
We may need to use your personal data to comply with laws or regulations. This can include responding to requests from public authorities or showing proof that we've met our legal duties.
Legal basis. Where required by a specific legal obligation, your personal data may be used to the extent required to comply with it. Where the applicable law leaves us some discretion in assessing the appropriate way to comply, your personal data is used based on our legitimate interest to prove our compliance.
Defense, fraud prevention, and corporate transactions
We may use your personal data to establish, exercise, or defend our rights and those of our employees. For example, we may use your data to prevent fraud, such as applications submitted with fake identities or false qualifications. We may also need to use it if the company goes through a corporate transaction like a merger, reorganization, or sale of assets. For example, if you joined us through an acquired business, your data may be processed as part of that transaction.
Legal basis. This activity is based on our legitimate interest to establish, exercise, or defend our rights, and to carry out corporate transactions or operations.
Depending on the activity, we may use one or more of the following categories of data:
- Personal information. Your name, contact details, ID or passport number, qualifications, education, transcripts, skills, professional history, country of origin, country where you apply or intend to work, and similar data.
- Image and voice. If you take part in online interviews or assessments, your image or voice may be recorded to support accurate and fair evaluation (for example, in a recorded video interview).
- Public information. Relevant data from sources like LinkedIn profile.
- Assessments. Results from interviews, online tests, tasks, and similar.
- References. Name, surname, email address, telephone number, professional role, LinkedIn profile, and any other information the reference or the candidate chooses to share with us (if you are a candidate and share a third party’s information with us, it’s your responsibility to inform them).
- Sensitive information. Any special category data you choose to share (for example, health information for accommodations).
- Documents. Relevant documents like your CV, cover letter, and academic transcripts.
- Application questionnaires. Your answers to questions we ask (for example, work and location preferences).
- Interview recordings. Video recordings and transcripts of interviews.
- Test session recordings. Video, audio, and screen activity captured during proctored tests.
- Usage data. How you interact with our platform.
- Background checks. For certain roles, and only where permitted by law, we may carry out background checks (for example, to confirm your employment history, education, or professional qualifications). If a background check is required, we’ll inform you in advance and request any additional consent needed under applicable laws. Criminal record checks are only performed when legally required for the role.
For activities aimed at improving our machine learning algorithms, we may also use:
- Your personal information (qualifications, education, transcripts, skills, professional history)
- Assessments collected during the process, including from interviews, tests, and tasks
For activities carried out in extraordinary circumstances, we may use:
- Any data required by law or requested by public authorities
- Any data needed to carry out those activities correctly
As a rule:
- We keep your personal data for up to 1 year from your most recent application.
- If you progress beyond the first screening (for example, by participating in interviews, tests, or tasks), we may keep your data for up to 3 years from your most recent application, even if the process ends without an offer.
Some items follow different timelines:
- Proctored test recordings: Deleted as soon as your selection process ends.
- Transfers and trips, and accommodations: Kept for up to 3 months following the event or trip.
- References: Kept for up to 3 months after the conclusion of the recruiting process of the candidate who requested the reference.
- Compliance with legal obligations: Kept for up to 5 years from the most recent application, or longer if the law requires.
- Defense, fraud prevention, and corporate transactions: Kept for up to 10 years from the most recent application. Data used only for fraud prevention is kept for 1 year (or 3 years if you progressed beyond the first screening).
When the relevant period ends, and unless the law requires us to keep it longer, we delete or anonymize your data so it's no longer linked to you.
If you're hired, some of your data will be kept under our Employee Privacy Policy.
We don't sell your data to third parties under any circumstances.
We use your personal data with high security standards, and share it only when necessary for the selection process or when required by law.
Recipients may include:
- Service providers. Trusted partners who support us with the selection process, such as IT or storage providers. In rare cases, this may include independent entities like professional advisors.
- Advisors and new owners. If a corporate transaction takes place, such as a merger, acquisition, reorganization, or sale of assets, we may need to share personal data as part of due diligence.
- Authorities. Public, judicial, or police authorities when the law requires.
- Other parties, if necessary. For instance, competent authorities if we believe you've broken the law, or if sharing is needed to protect the rights, property, or safety of our employees, the public, or others.
Bending Spoons is based in Italy. Sometimes your personal data may be shared with trusted third parties that help us operate, such as cloud providers or software platforms. This means your data may be transferred outside the European Economic Area (EEA).
We always make sure your data is protected with proper safeguards. These may include:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions adopted by the European Commission
- Binding corporate rules
These are safeguards approved by the European Commission to make sure your data gets the same protection abroad as in the EEA. If you'd like more information about these safeguards, contact privacy-recruitment@bendingspoons.com.
You stay in control of your personal data. You have the following rights, as specified in the GDPR, that can be exercised at any time:
Right of access
You can ask for a copy of your personal data and how we use it.
Right to rectification
You can ask us to update or correct your data.
Right to erasure
You can ask us to delete your data.
Right to data portability
You can ask for an electronic copy of the personal data you provided to us, in a format you can reuse or share with others.
Right to object
If we use your data based on our legitimate interests, you can object to that use in whole or in part.
Right to withdraw consent
If we rely on your consent to use your personal data, you have the right to withdraw your consent. If you do so, the usage carried out before your withdrawal will remain valid, but thereafter we’ll no longer use your data for that purpose.
Right to request a human review
If automated tools helped assess your application, you can ask for a human to review any related decision.
Right to make a complaint
You can complain to your national data protection authority or another relevant regulator if you believe we’ve broken privacy laws or haven’t resolved your request.
To exercise your rights, email privacy-recruitment@bendingspoons.com.
If you ask us to delete your data, we’ll erase it or irreversibly anonymize it unless the law requires us to keep it longer.
If you have any questions about your data, email us at privacy-recruitment@bendingspoons.com or contact our data protection officer at dpo@bendingspoons.com.
We may update this privacy policy to reflect changes in the applicable laws or in the way we use personal data (for instance, when updating parts of our selection process). Whenever we do so, we’ll update the “last updated” date shown at the top of this page. We invite you to check this page regularly to stay up-to-date with the latest version.
Can't find what you're looking for?
Contact us.