Privacy Notice
pursuant to Article 13 of the GDPR
Who is the Data Controller?
Nebulab S.r.l., in the person of its legal representative pro tempore, with registered office at Strada Comunale Piana 3, 65129 Pescara (Italy), VAT No. 02112180688 (hereinafter, the "Controller").
How can I contact the Controller?
The company can be contacted at:
- Certified email (PEC): [email protected]
- Address: Strada Comunale Piana 3, 65129 Pescara (Italy)
Data Protection Officer (DPO) contact details
The company has appointed as its Data Protection Officer (DPO) Avv. Angela Lo Giudice, who can be contacted at the following email address: [email protected]
1. Introduction
Pursuant to the European General Data Protection Regulation (GDPR), legal entities are not considered data subjects and therefore the Regulation does not apply to them. However, if, in the context of collecting company data, personal data relating to a natural person is provided, such person shall be deemed a data subject within the meaning of the GDPR, and the relevant data protection provisions shall accordingly apply.
2. What processing activities are carried out through the website? What are the legal bases, purposes and retention periods?
| Newsletter / Direct Email Marketing (DEM) | |
|---|---|
| Purpose | The purpose of the processing is to send you newsletters, promotional communications (DEM), or commercial information. |
| Legal Basis | The processing is based on the data subject's consent. |
| Retention Period | Data will be retained for one (1) year from the date of the last communication sent. |
| Additional Information | Consent may be withdrawn at any time. The user is entirely free to provide the requested data, as there is no legal obligation to do so. However, if the user chooses not to provide the data marked as essential, the Controller will not be able to pursue the purpose indicated above. |
| Contact Us | |
|---|---|
| Purpose | The purpose of the processing is to enable users to send requests for information and to allow the Controller to manage and respond to such requests. In the event of a dispute, the data may also be processed in order to establish, exercise, or defend legal claims. |
| Legal Basis | The processing is necessary for the performance of pre-contractual measures taken at the request of the data subject. In the event of a dispute, the data may also be processed in order to establish, exercise, or defend legal claims, which constitutes the legitimate interest of the Controller. |
| Retention Period | Personal data is processed for the time strictly necessary to respond to the request and subsequently retained for a maximum of twenty-four (24) months from the date of the last interaction. Data may be kept for a longer period only in the event of potential disputes, for the purpose of exercising or defending legal rights based on the Controller's legitimate interest. |
| Additional Information | The user is entirely free to provide the requested data, as there is no legal obligation to do so. However, if the user chooses not to provide the data marked as essential, the Controller will not be able to fulfil the stated purpose. |
| Download the Guide | |
|---|---|
| Purpose | The purpose of the processing is to enable you to receive the requested guide. |
| Legal Basis | The processing is based on the consent provided by the data subject. |
| Retention Period | Personal data will be retained for six (6) months from the date the guide is sent. |
| Additional Information | The user is entirely free to provide the requested data, as there is no legal obligation to do so. However, if the user chooses not to provide the data marked as essential, the Controller will not be able to fulfil the stated purpose. |
| Work With Us | |
|---|---|
| Purpose | The purpose of the processing is to allow users to submit unsolicited job applications. |
| Legal Basis | The processing is necessary for the performance of pre-contractual measures taken at the request of the data subject. Consent is required in order to retain the CV beyond the period strictly necessary for the recruitment process. |
| Retention Period | Personal data will be stored for six (6) months after the closure of the recruitment process for which the application was submitted and will then be deleted. CVs may be retained for an additional twelve (12) months subject to the applicant's explicit consent. |
| Additional Information | The user is entirely free to provide the requested data, as there is no legal obligation to do so. However, if the user chooses not to provide the data marked as essential, the Controller will not be able to fulfil the stated purpose. |
| Browsing Data | |
|---|---|
| Purpose | To ensure the security and proper functioning of the website. |
| Legal Basis | Data is processed on the basis of the Company's legitimate interest in maintaining IT security and in order to comply with legal obligations. The legal basis for processing cookies other than those strictly necessary is the user's consent. |
| Retention Period | Twenty-four (24) months. |
| Additional Information | For details on the use of cookies, please refer to the dedicated Cookie Policy. |
3. What else should I know?
Personal data will be processed lawfully, fairly, and with the utmost confidentiality, in compliance with appropriate security measures as required by the GDPR and applicable national legislation. Processing will be carried out using digital tools.
Personal data will not be subject to public disclosure. Furthermore, the user will not be subject to automated decision-making, including profiling, unless they have given consent through the installation of cookies or other tracking tools, as regulated in the dedicated Cookie Policy.
4. Who will my data be shared with?
The Controller may disclose personal data to all parties to whom such disclosure is required by law in order to comply with legal obligations. In addition, the Controller makes use of certain companies or IT tools that process personal data on its behalf and in its exclusive interest. All such entities have been duly appointed as Data Processors pursuant to Article 28 of the GDPR.
The full list of Data Processors is available at the Controller's registered office.
5. Where is personal data stored and transferred?
The management and storage of personal data may take place on servers located in countries outside the European Union. The Controller ensures that any transfer of personal data outside the EU is carried out in compliance with Articles 44–47, Chapter V of the GDPR, by means of the signing of Standard Contractual Clauses and/or in favour of companies that have adhered to the EU–U.S. Data Privacy Framework, pursuant to the European Commission's adequacy decision of 10 July 2023.
6. What are my rights and how can I exercise them?
a) Data subject rights
As a data subject, you are entitled to exercise the rights provided for in Articles 15 et seq. of the GDPR, namely:
Right of Access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, even if not yet recorded, and to receive such data in an intelligible form.
Right to Rectification (Article 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you, as well as the completion of incomplete data.
Right to Erasure (Article 17 GDPR)
You have the right to obtain the erasure of your personal data in specific cases, such as withdrawal of consent, objection to processing, when the data is no longer necessary for the purposes for which they were collected or processed, or in cases of unlawful processing.
It may not always be possible to comply with the request for erasure; however, the Controller will provide adequate justification in such cases.
Right to Restriction of Processing (Article 18 GDPR)
You have the right to obtain restriction of processing in specific circumstances, for example when you contest the accuracy of the data or have objected to the processing pending verification of your request.
Right to Data Portability (Article 20 GDPR)
Where the processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to request that such data be transmitted directly to another controller.
Right to Object (Article 21 GDPR)
You have the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
- to the processing of personal data for purposes not covered by the above.
You may submit an objection pursuant to Article 21 of the GDPR, explaining the reasons that justify your request. The Controller reserves the right to assess the request and may reject it if there are compelling legitimate grounds for continuing the processing which override your interests, rights, and freedoms.
Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing of your personal data infringes applicable data protection law.
b) How to exercise your rights
You may exercise your rights at any time by contacting the Data Controller using the contact details provided above.
Latest version: October 9, 2025
This privacy notice has been drafted by Polimeni.Legal