Contact information form

This information is provided to users who fill in the contact form (form) offered by the site of LIZARD, in accordance with Article 13 of the European Regulation (EU) 2016/679 on the protection of personal data (GDPR).


The Data Controller (hereinafter “Controller”) is LIZARD S.R.L., with registered office in Via Antonio Detassis 23A – 38121 Trento (TN) – C.F. and P. IVA 01867040220. The data protection officer (DPO) is Uomo & Ambiente S.r.l. Benefit Society, whose contact person Ing. Gianluigi Carbone can be contacted at the e-mail address


Personal, identification (company or first and last name) and contact data (other elements of personal identification, such as e-mail address) are conferred spontaneously by the interested party through the form (form) proposed by the website.


The personal data of data subjects, users who fill in the fields provided by the “contact” form, are collected and processed to the extent strictly necessary to enable them to take advantage of telematic services having the following purposes:

  • to respond to requests for information from the same


The legal basis for the processing of personal data is the receipt of a request from the user. In fact, the personal data of the data subject, spontaneously provided by filling in the online contact form (form), are legitimately collected and processed to satisfy the requests for information received by e-mail. In this context, the processing of data for the above-mentioned purposes is necessary for the pursuit of the legitimate interest of the Data Controller.


The data subject may refuse to provide the Data Controller with his/her personal data as the provision of such data is optional. However, the completion of the indicated fields is essential in order to be able to fulfill the requests received. Any refusal to provide the data will therefore prejudice the successful outcome of the request and will not allow the aforementioned service to be used.


Personal data will be processed by electronic means, including automated means, in accordance with the principles of lawfulness, necessity and relevance, taking safeguards to identify adequate security measures at any stage of the processing, having regard to the specific purposes of processing. In this regard, the anonymization of personal data and the removal of identifying data shall be carried out if there is no need to process the data in an identifiable form for the aforementioned processing purposes and, in any case, upon expiry of the retention period indicated in the following paragraph. The Data Controller does not carry out processing that consists of automated decision-making processes (such as profiling) on the data of users who interact with our website to take advantage of this service. The data will be processed by individuals expressly authorized and trained in the protection of personal data. Data may be accessed incidentally by ICT personnel and computer technicians (including outsourced) who oversee the operation of the computer system.


The Data Controller will retain personal data for the time necessary to pursue the purposes indicated in this information and, in any case, until any request for restriction and/or opposition by the data subject. Thereafter, the data may only be kept for the time stipulated by the relevant provisions in force.


The personal data processed by the Data Controller will not be disseminated, i.e. it will not be made known to unspecified parties, in any possible form, including making it available or mere consultation. Personal data may, on the other hand, be communicated, to the extent strictly necessary to perform services or services on our behalf, to third parties (we mention, by way of example, companies that provide IT services, companies specializing in the management, development and maintenance of websites, etc.) that we use exclusively for the provision of services related to the purpose pursued, which our organization, to ensure greater protection, has from time to time appointed as Data Processors (art. 28 of the GDPR) of the processing operations carried out by them. The list of data processors, identified and appointed in writing, is available from the Data Controller. Finally, personal data may be communicated to the subjects entitled to access them by virtue of provisions of law, regulations, and EU legislation.


There are no plans to transfer personal data to a third country or international organization (Art. 13(1)(f) GDPR) outside the European Union (or the European Economic Area). However, the Data Controller reserves the option to use cloud services, in which case, service providers will be chosen from those companies that can provide specific guarantees following a regulatory framework recognized through an adequacy decision of the European Commission (such as the one of July 10, 2023 that officially approved the “EU-US Data Privacy Framework” i.e., the new agreement on the transfer of data to the United States) or, in its absence, suitable guarantees of a contractual or covenantual nature (including Binding Corporate Rules “BCRs” and Standard Contractual Clauses “SCCs”). The Microsoft 365 Business solution, containing the email service adopting the “Office 365” software platform, is owned by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) residing within the European Union (EU).


The data subject, to whom the personal data refer, is entitled to exercise his or her rights at any time (pursuant to Articles 15-22 of the GDPR) in order to obtain:

  • confirmation as to whether or not personal data concerning him/her are being processed, as well as access to the data and to the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, storage period);
  • the rectification of inaccurate personal data concerning him/her and/or the integration of incomplete personal data, including by providing a supplementary declaration;
  • the cancellation of personal data or the restriction of the processing of personal data (as a means of reaction to unlawful or incorrect processing) in the cases provided for by current legislation;
  • opposition to the processing of personal data (as a manifestation of willingness to have a given data processing cease) in the cases provided for by the regulations in force (it is understood that this right does not exist where the legitimacy of the processing is based on consent since in this case the right to revocation prevails); it may extend to the processing of one’s own data for purposes related to marketing activities carried out by automated contact or through traditional means, being able to be exercised in whole or in part (e.g., to e-mail or telephone communications only or by objecting only to the sending of promotional communications carried out by automated means, etc. ) or to processing that consists of automated decision-making processes (such as profiling, insofar as it is related to direct marketing purposes);
  • the portability of the data, pertaining to the data subject and provided by the data subject, in order in particular to request from the data controller the personal data concerning him/her and/or to request from the data controller the direct transmission of his/her data to another data controller (it being understood that this right applies only if the processing is based on contract or consent and is carried out through electronic processing) in the cases provided for by the regulations in force.

Regarding the exercise of his or her rights, the data subject may address his or her requests through specific communication by mail addressed to the Data Controller (at the above address) or by sending communication to the e-mail address, specifying the subject of his or her request and the right that is to be legitimately exercised.


Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulations, have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) in the manner provided on the website (pursuant to art. 77) or to take appropriate legal action pursuant to art. 79 of the Regulations themselves (GDPR).