Privacy Statement pursuant to art. 13 GDPR


Who is the data controller? 

Your personal data will be processed as Data Controller by inovaLab S.r.l., located in Padova, Vicolo Bellini 10F, VAT and tax code 03890870284. You can contact us at any time and for any request related to this notice at this address:

Why are we providing you with this notice?

We provide you with this notice in compliance with the obligations imposed by art. 13 of EU Regulation 2016/679 (hereinafter, the “GDPR”) and it concerns the data we will process when you interact with our website (hereinafter, “the website”). The notice is valid only for our website and not for other pages that can be accessed through links.

What data will be processed on our website?


  • Navigation Data


These are all the data that computer systems acquire while you browse our website. Navigation data cannot identify you; however, if processed or associated with other data, they could have an identifying function. These are anonymous or aggregated data such as IP addresses, URI addresses (Uniform Resource Identifier, such as requested resources, request time, device characteristics, file sizes), which ordinarily do not allow your identification and serve to identify anomalies and issues. The website also uses technical cookies (which are used to facilitate navigation or to provide a service requested by the user and are not used for other purposes) and third-party cookies. For more information, please consult our cookie policy [click here].


  • Voluntarily provided data


During navigation, you can provide us with your data if you wish to apply for a position within inovaLab. In this case, the data you will need to provide us with are personal data (name, surname, date of birth, city and country of residence), your email address, data related to your qualifications, your academic credentials, and the data you have entered in the Curriculum Vitae to be attached.


  • Special categories of personal data


When using the “Join us” section of the website, it may happen that the Curriculum Vitae contains data that falls within the special categories of personal data listed in art. 9.1 of the GDPR:

  • Data suitable for revealing racial or ethnic origin;
  • Political opinions, religious or philosophical beliefs;
  • Membership of a trade union;
  • Data related to the person’s health, sexual life, or sexual orientation.

We invite you to communicate such data only where strictly necessary, specifying that in the absence of specific consent to process such data, inovaLab cannot be held responsible in any way, nor can it receive objections, as in such cases, the processing will be allowed as it concerns data made manifestly public by the data subject in accordance with art. 9.1 of the GDPR. It is therefore emphasized, as indicated above, the importance of giving explicit consent to the processing of such special categories of personal data where you decide to share such information.

Purpose and Legal Basis

Below we list the reasons why we process your data (processing purposes) and the legal basis that allows us to do so (legal basis).

Purpose Legal basis Activity Data retention
Job application 6.1 (b) of the GDPR

Processing of pre-contractual measures

We will process your data to evaluate your professional profile and eventually contact you for collaboration. 1 year
Maintenance and improvement of service 6.1 (f) of the GDPR

Legitimate interest of the controller

We will use your data in an aggregated form for maintenance activities and offer you a smoother browsing experience. 10 years
Detecting or preventing fraudulent activities and defending the rights of the controller in court 6.1 (c) of the GDPR

Compliance with a legal obligation

We may need to process your personal data in case of attacks by third parties on our computer systems or website. 10 years
Compliance with the order of the Judicial Authority 6.1 (c) of the GDPR

Compliance with a legal obligation

We may have to provide your data to the Judicial Authority or other Public Authorities in accordance with legal obligations or express requests. 10 years

How do we process your data?

We process and handle your data using computer and/or telematic tools and adopting a series of security measures that prevent access, disclosure, modification, or destruction of your data.

Who has access to your data?

Internal subjects of inovaLab (administrative, commercial, marketing, legal staff) or external subjects (such as third-party technical service providers, hosting providers, computer companies, communication agencies) may have access to your personal data. All these subjects have been appointed, where appropriate, as Data Processors or Data Controllers for the purpose of providing the service and have received clear and precise instructions on how to handle your data.

Do we transfer your data to third countries?

No personal data is transferred outside the European Union territory.

What are your rights and how can you exercise them?

The GDPR guarantees you the exercise of a series of rights at any time in relation to the processing of your personal data. In particular, you may request:

  • access to your data (Art. 15 GDPR);
  • rectification of your data (Art. 16 GDPR);
  • erasure of your data (Art. 17 GDPR);
  • restriction of processing (Art. 18 GDPR);
  • portability of data concerning you (Art. 20 GDPR)

We remind you that, under Art. 7 GDPR, you have the right to withdraw your consent at any time; withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You may submit a request for objection to the processing of your data on the basis of Art. 21 GDPR, in which you provide evidence of the reasons justifying the objection. We reserve the right to evaluate your request, which will not be accepted if there are legitimate reasons for processing that outweigh your interests, rights, and freedoms. You can exercise your rights by writing to the email address indicated above.

In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali) pursuant to Art. 77 of the GDPR if you believe that the processing of your personal data is in breach of the applicable regulations.

What happens in case of changes to this notice?

InovaLab reserves the right to make changes to this notice at any time, publicizing them to the interested parties on this page. Therefore, please consult this page referring to the date of the last modification indicated at the bottom. If you do not accept the changes made to this notice, you are required to stop using this website.