This Privacy Policy pursuant to art. 13 EU Reg. 679/2016 (hereinafter the “Policy”) is intended to inform about the management of the website www.carobene.com (hereinafter the “Website”) in relation to the processing and protection of personal data (hereinafter the “Data”) of the users who navigate on it (hereinafter “Users” or “Subjects”). This Policy applies only to the Website and not to other sites or web pages accessible by the User through links or other interactive links that may be activated through the Website. This Privacy Policy may be subject to changes (due to the implementation of Site functions and/or the introduction of new regulations): Users are invited to check this section periodically. This Privacy Policy does not exclude that further information on the processing of personal data may be given to the Data Subjects also in different ways (for example, during a consultation or a meeting).

Identity and contact details of the Data Controller
The Data Controller is CAROBENE & PARTNERS in the person of Lawyer Gianluca Carobene, f.c. CRBGLC72M13A001C with registered office in Padua, Corso V. Emanuele II, 150, Tel. +390498592249 Fax +390498594185 e-mail mail@carobene.com (hereinafter the “Data Controller” or the “Law Firm”).

For all questions relating to the processing of data, for the exercise of the rights arising from the Regulation as well as for any doubts or clarifications regarding this Policy, the interested party may contact the Data Controller by sending a registered letter with return receipt or an e-mail to the above addresses.

Purposes of the treatment
Any personal data acquired through the Site may be processed for the following purposes
(a) to ensure the proper functioning of the web pages and their contents;
b) to respond to requests for information/contact sent by the User by filling in one of the forms on the Site or by sending an e-mail from the address indicated on the Site;
c) evaluating applications for any job positions that may be open or spontaneous applications sent by Subject.

Lawfulness of processing
In relation to the purposes referred to above, the legal bases that justify the processing of personal data acquired through the Site are as follows:
in relation to the purposes referred to in letter a) above, the legal basis consists on the legitimate interest of the Data Controller (art. 6.1 lett. f) GDPR) to ensure the proper functioning of the Site and its improvement;
in relation to the purposes referred to in point b) above, the legal basis lies, depending on the case: in the need to implement pre-contractual measures taken at the request of the data subject (art. 6.1 lett. b) GDPR); in the legitimate interest of the Data Controller (art. 6.1 lett. f) GDPR).
in relation to the purposes referred to in letter c) above, the legal basis for the processing of your personal data lies mainly in the need to implement pre-contractual measures taken at the request of the Data Subject.

Treatment modalities
The processing of data acquired through the Site is carried out both on paper and electronically through the use of computer tools, according to the principles of fairness, lawfulness, transparency, relevance and not excessive in relation to the purposes of collection and subsequent treatment and after adopting appropriate security measures to prevent data loss, misuse or improper, unauthorized access and in general to ensure compliance with the provisions of the GDPR and the Privacy Code.

Recipients of data and Communication
Any personal data acquired is processed exclusively by the Data Controller and by the Law Firm’s collaborators, duly authorized to process it.
The data is not intended for third parties and will not be communicated or disseminated, unless otherwise provided by law or regulation (it may be communicated to supervisory bodies, judicial authorities and to all other subjects to whom disclosure is required by law for the fulfillment of the above purposes).

Nature of the conferment
The conferment of personal data is optional. However, failure to provide it may make it impossible to provide the service and therefore to obtain a response to the request for contact and/or information and/or evaluation of the candidature sent.

Period of conservation
The data will be processed and stored for the time strictly necessary to fulfill the purposes. With regard to the purposes referred to in letter b), the data will be kept for the time necessary to respond to the request for contact and information of the interested party and in any case no longer than 24 months from the processing of the request.
With regard to the purposes under letter c) the Data are kept for 12 months from the transmission of the Curriculum. 
A longer period of conservation could be determined by possible requests made by the Public Administration or other judicial, governmental or regulatory body.
Once the above terms have expired, the data will be deleted and/or made anonymous.

Type of data processed
In the pursuit of the above purposes, the following categories of data will be processed:
Navigation data;
Data provided by the user by filling in the contact form or sending e-mail: identification data (name, surname); contact data (telephone number, e-mail address, etc.). During the first contact we invite the user not to transmit data belonging to special categories such as data suitable for detecting the state of health and / or judicial data; where the user voluntarily transmits these types of data, will be treated according to the principles of fairness, lawfulness and transparency, and in accordance with the principle of “minimization”, ie acquiring and processing data only as necessary in relation to the purposes pursued.
Data provided by the user through the transmission of applications: identification data (name, surname, date of birth, place of birth, photo); contact data (telephone number, e-mail address, etc.), data relating to the training, educational qualification, professional experience, technical knowledge of the person concerned. The User is invited not to transmit data belonging to special categories such as data suitable for detecting the state of health and / or judicial data; where the User voluntarily transmits these types of data, they will be treated according to the principles of fairness, lawfulness and transparency, and in accordance with the principle of “minimization”, or acquiring and processing data only as necessary in relation to the purposes pursued.

Rights of the Data Subject
The User may exercise the rights under Art. 15 et seq GDPR including the right to access, rectify and delete data, the right to limitation and opposition to processing, the right to revoke any consent to treatment (without prejudice to the lawfulness of the treatment based on consent acquired before the revocation), as well as the right to complain to the Guarantor for the Protection of Personal Data if he believes that the treatment violates the GDPR. The above rights may be exercised in the manner indicated at the beginning.