This information is provided to users who fill in the form (form) of spontaneous application to a job position proposed by the site www.lizardnet.it of LIZARD, in accordance with Article 13 of the European Regulation (EU) 2016/679 on the protection of personal data (GDPR).
DATA CONTROLLER
The Data Controller (hereinafter “Controller”) is LIZARD S.R.L., with registered office in Via Antonio Detassis 23A – 38121 Trento (TN) – C.F. and P. IVA 01867040220. The data protection officer (DPO) is Uomo & Ambiente S.r.l. Benefit Society, whose contact person Ing. Gianluigi Carbone can be contacted at the e-mail address privacy@lizardnet.it.
SOURCE AND TYPE OF DATA
The personal, identifying (name and surname or other elements referable to personal information) and contact data (e-mail address, etc.) as well as pertaining to one’s professional profile (education and work experience, qualification, etc.) as well as possibly of a “particular” nature (where, for example, suitable to reveal the belonging to protected categories) are conferred spontaneously by the interested party through the form (form) proposed by the website (on which to upload one’s curriculum vitae).
PURPOSES OF PROCESSING
The personal data of data subjects, users who fill in the fields provided by the “work with us” form, are collected and processed to the extent strictly necessary to enable them to take advantage of telematic services having the following purposes:
- submit their spontaneous application and/or send their curriculum vitae;
- select candidates for a job position;
- propose possible job offers consistent with the professional profile of the person concerned.
LEGAL BASIS
The legal basis for the processing of personal data is the receipt of a request or spontaneous application from the user. The personal data of the interested party, freely given by filling in the appropriate form (form) and/or sending their CV, are in fact legitimately collected and processed for the execution of measures taken (evaluation of the application and selection of candidates) at the explicit request of the interested party. Useful legal basis for the processing of any data of a “particular” nature (so-called sensitive data) spontaneously conferred by the user, is constituted by explicit consent, manifested by declaration or unequivocal positive action (such as checking the box at the bottom of the form) by the person concerned.
MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA
The interested party may refuse to provide the Data Controller with his/her personal data since the provision of such data is optional. However, the completion of the indicated fields is essential in order to be able to fulfill the requests received. Any refusal to provide all or part of the requested data may therefore jeopardize the successful outcome of the application and may result in our inability to select and evaluate the submitted application.
PROCESSING METHODS
Personal data will be processed by electronic means, including automated means, in accordance with the principles of lawfulness, necessity and relevance, taking safeguards to identify adequate security measures at any stage of the processing, having regard to the specific purposes of the processing. In this regard, the anonymization of personal data and the removal of identifying data is carried out if there is no need to process the data in an identifiable form for the aforementioned processing purposes and, in any case, upon expiration of the retention period specified therein. The Data Controller does not carry out processing that consists of automated decision-making processes (such as profiling) on the data of users who interact with our website to take advantage of this service. The data will be processed by individuals expressly authorized and trained in the protection of personal data. Data may be accessed incidentally by ICT personnel and computer technicians (including outsourced) who oversee the operation of the computer system.
DATA RETENTION
The Data Controller will retain personal data for as long as is strictly necessary to pursue the purposes set out in this information notice, as long as the position for which you have sent your application is available and even beyond, if there are further conditions and interests in the search and selection for a job position, however, for a period not exceeding twelve months after receipt.
RECIPIENTS OF THE DATA
The personal data processed by the Data Controller will not be disseminated, i.e., it will not be disclosed to unspecified parties, in any possible form, including making it available or mere consultation. Personal data may, on the other hand, be communicated, to the extent strictly necessary to perform services or services on our behalf, to third parties (we mention, by way of example, companies that provide IT services, companies specializing in the management, development and maintenance of websites, etc.) that we use exclusively for the provision of services related to the purpose pursued, which our organization, to ensure greater protection, has from time to time appointed as Data Processors (art. 28 of the GDPR) of the processing operations carried out by them. The list of data processors, identified and appointed in writing, is available from the Data Controller. Finally, personal data may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, and EU legislation.
CROSS-BORDER TRANSFER OF DATA
There are no plans to transfer personal data to a third country or international organization (Art. 13(1)(f) GDPR) outside the European Union (or the European Economic Area). However, the Data Controller reserves the option to use cloud services, in which case, service providers will be chosen from those companies that can provide specific guarantees following a regulatory framework recognized through an adequacy decision of the European Commission (such as the one of July 10, 2023 that officially approved the “EU-US Data Privacy Framework” i.e., the new agreement on the transfer of data to the United States) or, in its absence, suitable guarantees of a contractual or covenantual nature (including Binding Corporate Rules “BCRs” and Standard Contractual Clauses “SCCs”). The Microsoft 365 Business solution, containing the email service adopting the “Office 365” software platform, is owned by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) residing within the European Union (EU).
RIGHTS OF THE DATA SUBJECT
The data subject, to whom the personal data refer, is entitled to exercise his or her rights at any time (pursuant to Articles 15-22 of the GDPR) in order to obtain:
- confirmation as to whether or not personal data concerning him/her are being processed, as well as access to the data and to the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, storage period);
- the rectification of inaccurate personal data concerning him/her and/or the integration of incomplete personal data, including by providing a supplementary declaration;
- the cancellation of personal data, in the cases provided for by current legislation;
- the restriction (as a means of reaction to unlawful or incorrect processing) and/or opposition (as a manifestation of willingness to have a given data processing cease) to the processing of personal data (it being understood that this right is applicable only if there are no legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a right in court) in the cases provided for by the current legislation
- the portability of the data, pertaining to the data subject and provided by the data subject, in order in particular to request from the data controller the personal data concerning him/her and/or to request from the data controller the direct transmission of his/her data to another data controller (it being understood that this right applies only if the processing is based on contract or consent and is carried out through electronic processing) in the cases provided for by the regulations in force.
Regarding the exercise of their rights, the data subject may address their requests through specific communication by mail addressed to the Data Controller (at the above address) or by sending communication to the e-mail address privacy@lizardnet.it, specifying the subject of their request and the right they intend to exercise.
RIGHT TO COMPLAIN
Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulations, have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) in the manner provided on the website www.garanteprivacy.it (pursuant to art. 77) or to take appropriate legal action pursuant to art. 79 of the Regulations themselves (GDPR).