INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

Pursuant to and for the purposes of Article 13 of EU Regulation 2016/679 (General Data Protection Regulation – hereinafter referred to as "GDPR"), the company Certego S.r.l. ("Certego" or the "Company"), as Data Controller, provides the following information regarding the processing of personal data voluntarily provided by you through the completion of the “Work with Us” form.

Data Controller and Data Protection Officer

The Data Controller is Certego S.r.l. ("Certego"), with registered office in Modena, Via Ferruccio Lamborghini 81 – 41121 – Modena (Tel. 059735 950 93+ – email: ten.ogetrec@ofni) - website: www.certego.net The Data Controller has appointed, pursuant to Articles 37 and following, a Data Protection Officer (DPO), who can be contacted at the following email address: ten.ogetrec@opd.

Categories of Data

In order to manage applications and select personnel, Certego S.r.l. will process the following personal data:

• Personal and contact data (name, surname, email address, phone number);
• Any additional personal data provided by the applicant, including data falling into special categories under Article 9 of the GDPR (e.g., health data), as contained in the curriculum vitae or cover letter submitted.

In order to verify the existence of the conditions and the modalities for the exercise of the aforementioned rights, please refer to the full text of the above-mentioned provisions, available on the website:

Requests should be addressed to the Data Controller or the Data Protection Officer through the contact details set out in the begging. Certego inform you that, if you believe that the above rights have been violated, the current legislation allows you to lodge a complaint with the National Supervisory Authority where you live, where you work and where the violation took place following the instructions specified on the institutional website of the Authority. In Italy, the national supervisory authority is the Garante per la protezione dei dati personali located in Piazza Venezia n. 11 - 00187 Roma, tel 177696 60 93+, email: ti.pdpg@ollocotorp, PEC ti.pdpg.cep@ollocotorp

Purpose and legal basis for data processing

In the case of a spontaneous application or an application for specific open positions, Certego will process personal data solely for the purpose of evaluating and selecting personnel. This processing is carried out based on the candidate's explicit and voluntary consent pursuant to Articles 6, par.1, letter a, and 9, par.2, lett. a of the GDPR.

Methods of Processing and Retention Period

The processing will be carried out using paper, IT, and telematic tools in compliance with the principles set out in Article 5 of the GDPR, particularly those of lawfulness, fairness, transparency, relevance, non-excessiveness, and in a manner that ensures adequate security of personal data. The data being processed will be made available to individuals specifically appointed and/or expressly designated as data processors by the Data Controller according to their respective authorization profiles. The data collected during the personnel evaluation and selection process, if deemed of interest, will be retained until the final assessment of the candidate and, in any case, no longer than 1 year from the receipt of the application.

Nature of the Provision of Personal Data

The provision of personal data by the data subject is essential for assessing their application. If the applicant refuses to provide such data, the Company will not be able to evaluate their application.

Categories of Data Recipients

The data may be disclosed to individuals appointed by the Company (e.g., administrative staff, legal advisors, system administrators) or to external entities (e.g., third-party technical service providers, hosting providers, IT companies, companies responsible for personnel search and management) expressly appointed as Data Processors by the Data Controller and specifically trained in compliance with data protection regulations. The data will not be subject to dissemination and, at present, their transfer to countries outside the European Economic Area is not foreseen.

Rights of the data subjects

Under the conditions provided by GDPR, you may exercise the following rights:

• Art. 7: Right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
• Art. 15: Right of access to the personal data processed;
• Art.16: Right to rectification the personal data;
• Art. 17: Right to erasure the personal data;
• Art. 18: Right to restriction of processing;
• Art. 20: Right to data portability;
• Artt. 21, 22: Right to object and Automated individual decision-making, including profiling.

In order to verify the existence of the conditions and the modalities for the exercise of the aforementioned rights, please refer to the full text of the above-mentioned provisions, available on the website:

To exercise these rights, the data subject may contact the Data Controller directly at the above-mentioned contacts, or reach out to its staff or the Data Protection Officer by writing to the following address

The data subject also has the right to lodge a complaint with the supervisory authority of the EU country where they reside, work, or where the violation occurred. In Italy, the national supervisory authority is the Garante per la protezione dei dati, located at Piazza Venezia 11 – 00187 Rome (RM),tel 177696 60 93+, fax 5873 77696 60 93+, email: ti.pdpg@etnarag, PEC ti.pdpg.cep@ollocotorp