This notice is provided to users who wish to receive the product brochure offered by the website www.lizardnet.it by LIZARD, in accordance with Article 13 of the European Regulation (EU) 2016/679 on the protection of personal data (GDPR).
DATA CONTROLLER
The data controller (hereinafter “Controller”) is LIZARD S.R.L., with its registered office at Via Antonio Detassis 23A – 38121 Trento (TN) – VAT and Tax Code 01867040220. The Data Protection Officer (DPO) is Uomo & Ambiente S.r.l. Benefit Company, whose representative, Engineer Gianluigi Carbone, can be contacted at the email address privacy@lizardnet.it.
SOURCE AND TYPE OF DATA
Personal data, such as identification (company or name and surname) and contact details (other personal identification elements, such as email address), are voluntarily provided by the interested party through the form provided on the website.
PURPOSE OF PROCESSING
Personal data of data subjects, users who fill in the fields provided by this form, are collected and processed to the extent strictly necessary to enable them to take advantage of telematic services having the following purposes:
- to receive, upon request, the brochure that LIZARD uses as a tool to develop its image and promote a business or services;
- to promote activities of an informative and promotional nature or direct marketing aimed at allowing the sending of newsletters and commercial communications and/or promotional material, by telephone or through electronic communications such as e-mail, messaging, social networking and other automated systems available for the purpose.
LEGAL BASIS
The legal basis for the processing of personal data is the receipt of a request from the user. The personal data of the interested party, spontaneously provided by filling in the appropriate online form (form), are in fact legitimately collected and processed to satisfy the requests for information received by e-mail. In this context, the processing of data for the above-mentioned purposes is necessary for the pursuit of the legitimate interest of the Data Controller. On the other hand, the processing of data to pursue promotion and direct marketing purposes is lawful to the extent that the data subject has expressed, by means of an unequivocal statement or positive action, consent to the processing of his or her personal data: it is understood that, pursuant to Article 7 of the GDPR, the data subject may revoke at any time any consent given, by sending simple communication to the references indicated in this information notice. Revocation of consent does not affect the lawfulness of the processing based on the consent prior to the revocation.
MANDATORY OR OPTIONAL NATURE OF PROVIDING DATA
The interested party may refuse to provide the Data Controller with his or her personal data since the provision of such data is optional. However, the completion of the indicated fields is essential in order to be able to fulfill the requests received. Any refusal to provide the data will therefore prejudice the successful outcome of the request and will not allow the aforementioned service to be used. Failure to consent to their use for purposes attributable to direct marketing activities or, more generally, commercial promotion, will not have any consequence on the possibility of using the service itself, but will result in the impossibility of carrying out the sending of commercial communications to promote its services or to illustrate new opportunities of possible interest.
PROCESSING METHODS
Personal data will be processed by electronic means, including automated means, in accordance with the principles of lawfulness, necessity and relevance, taking safeguards to identify adequate security measures at any stage of the processing, having regard to the specific purposes of processing. In this regard, the anonymization of personal data and the removal of identifying data shall be carried out if there is no need to process the data in an identifiable form for the aforementioned processing purposes and, in any case, upon expiry of the retention period indicated in the following paragraph. The Data Controller does not carry out processing that consists of automated decision-making processes (such as profiling) on the data of users who intend to use this service. Personal data will be processed by individuals expressly authorized and trained in personal data protection. Data may be accidentally accessed by ICT personnel and computer technicians (including outsourced) who oversee the operation of the computer system.
DATA RETENTION
The Data Controller will retain personal data for the time necessary to pursue the purposes indicated in this information and, in any case, until any request for restriction and/or opposition by the data subject. Thereafter, the data can only be kept for the time established by the relevant provisions in force. In addition, in the case of any consent given for marketing purposes, the data will be retained, subject to the possibility of revocation of consent, for a period of time not exceeding that necessary to achieve the purposes pursued (twenty-four months) after which the data will be deleted or anonymized and processed only for statistical analysis (without prejudice to a further retention period imposed by law or explicit request by the Authority).
RECIPIENTS OF THE DATA
The personal data processed by the Data Controller will not be disseminated, i.e., it will not be disclosed to unspecified parties, in any possible form, including making it available or mere consultation. Personal data may, on the other hand, be communicated, to the extent strictly necessary to perform services or services on our behalf, to third parties (we mention, by way of example, companies that provide IT services, companies specializing in the management, development and maintenance of websites and companies specializing in the management of electronic communications services) that we use exclusively for the provision of services related to the purpose pursued, which our organization, to ensure greater protection, has from time to time appointed as Data Processors (art. 28 of the GDPR) of the processing operations they put in place. The full list of data processors, identified and appointed in writing, is available from the Data Controller. In all cases, these subjects will process the data in accordance with the instructions received from the Owner, according to operational profiles attributed to them in relation to the functions performed, limited to what is necessary and instrumental for the execution of specific operations within the scope of the services requested. Personal data may, finally, be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations.
DATA TRANSFER
There are no plans to transfer personal data to a third country or international organization (Art. 13(1)(f) GDPR) outside the European Union (or the European Economic Area). However, the Data Controller reserves the option to use cloud services, in which case, service providers will be chosen from those companies that can provide specific guarantees following a regulatory framework recognized through an adequacy decision of the European Commission (such as the one of July 10, 2023 that officially approved the “EU-US Data Privacy Framework” i.e., the new agreement on the transfer of data to the United States) or, in its absence, suitable guarantees of a contractual or covenantual nature (including Binding Corporate Rules “BCRs” and Standard Contractual Clauses “SCCs”). The Microsoft 365 Business solution, containing the email service adopting the “Office 365” software platform, belongs to Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) residing within the European Union (EU). The data, limited to the e-mail address, may also be used for sending electronic communications (e-mails or newsletters) via the marketing automation web platform Indaco (Italy) residing within the European Union (EU).
RIGHTS OF THE DATA SUBJECT
The data subject, to whom the personal data refer, is entitled to exercise his or her rights at any time (pursuant to Articles 15-22 of the GDPR) in order to obtain:
- confirmation as to whether or not personal data concerning him/her are being processed, as well as access to the data and to the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be disclosed, storage period);
- the rectification of inaccurate personal data concerning him/her and/or the integration of incomplete personal data, including by providing a supplementary declaration;
- the deletion of personal data or the restriction of the processing of personal data (as a means of reaction to unlawful or incorrect processing) in the cases provided for by current legislation;
- The opposition to the processing (so-called. “opt-out”) of the processing of personal data (as a manifestation of willingness to have a given data processing cease) in the cases provided for by the regulations in force (it is understood that this right does not exist where the legitimacy of the processing is based on consent since in this case the right to revocation prevails); it may extend to the processing of one’s own data for purposes related to marketing activities carried out by automated contact or through traditional means, being able to be exercised in whole or in part (e.g., to e-mail or telephone communications only or by objecting only to the sending of promotional communications carried out by automated means, etc. ) or to processing that consists of automated decision-making processes (such as profiling, insofar as it is related to direct marketing purposes);
- the portability of data, pertaining to the data subject and provided by the data subject, in order in particular to request from the data controller the personal data concerning him/her and/or to request from the data controller the direct transmission of his/her data to another data controller (it being understood that this right applies only if the processing is based on contract or consent and is carried out through electronic processing) in the cases provided for by the regulations in force.
Regarding the exercise of his or her rights, the data subject may address his or her requests through specific communication by mail addressed to the Data Controller (at the above address) or by sending communication to the e-mail address privacy@lizardnet.it, specifying the subject of his or her request and the right that is to be legitimately exercised.
RIGHT TO COMPLAIN
Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of the Regulations, have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) in the manner provided on the website www.garanteprivacy.it (pursuant to art. 77) or to take appropriate legal action pursuant to art. 79 of the Regulations themselves (GDPR).