pittogramma bianco

Legal Basis: the processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Owner with the service (art. 6, par. 1 lett.b). The processing may, in some cases, be carried out by us as data controllers ex art. 28 on behalf of third party companies that are disclosed in the announcement and that entrust us to proceed with the selection and evaluation of candidates/ applicants. 

Retention: The data are retained for the period necessary for the purpose of processing the request and in accordance with current regulations, and in any case no longer than 2 years after receipt of the data. 




Data collected: contact and identification data. 

Purpose: Where requested, you may provide your contact data in order to receive communications of a commercial and/or informative nature with regard to the Holder's business. The provision of such data is optional but essential in order to proceed with the provision of the promotional information service described above. 

This site uses Active Campaign to send the newsletter, read their Privacy Policy here. 

Legal Basis: for sending newsletters and commercial/promotional communications, exclusively for commercial purposes, the processing is carried out on the basis of the explicit consent of the data subject (Art. 6, par. 1 lett.a EU Regulation 2016/679). 

Retention: the Data provided for the sending of newsletters and promotional communications are retained for the period necessary for the performance of the activity for which they were conferred and in any case, specifically for the purposes described above, no longer than two years for as expressly provided by law (unless renewed consent by the data subject use for other purposes as provided for by the regulations in force). 



Purposes: The Controller may process, without the User's consent, personal data collected in the following cases: 

- in the case of extraordinary operations of merger, sale, or transfer of a business branch, in order to allow the implementation of the operations necessary for the due diligence activity and prodromal to the sale. It is understood that exclusively necessary data will be processed for the aforementioned purposes, in the most aggregate/anonymous form possible. 

Legal Basis: Legitimate interest of the Data Controller (art. 6, par. 1 lett.f EU Regulation 2016/679). 

Retention: Data will be retained for a period not exceeding that necessary for the purposes for which they were collected or subsequently processed in accordance with legal obligations. 



For some of the purposes indicated, the User's personal data may be transferred outside the EU, including by means of inclusion in databases shared and managed by third companies that may or may not be part of Gellify Italia S.r.l.'s perimeter of control (Gellify Iberia S.I.; Gellify Middle East FZ LLC). 

The management of the database and the processing of such data are bound to the purposes for which they were collected and take place with the utmost respect for the standards of confidentiality and security set forth in the applicable data protection laws. 

Whenever the User's personal data is subject to international transfer outside the territory of the EU, the Data Controller will take all appropriate and necessary contractual measures to ensure an adequate level of protection of personal data in accordance with the provisions set out within this Privacy Policy, including, among others, the Standard Contractual Clauses approved by the European Commission. 




The personal data collected are processed by the personnel of the Data Controller, who act with appropriate authorization, based on specific instructions given regarding the purposes and methods of such processing. In addition, subjects designated as data processors pursuant to Article 28 of the GDPR or sub-processors, which the Data Controller uses for the provision of services and the performance of activities within its competence, as well as Public and Judicial Authorities at the request of the same or for legal obligations. 

By way of example: 

- to other companies in the Company's group to enable them to carry out specific activities and/or the provision of specific services covered by the contract entered with the Customer. 

- to persons, companies, associations, or professional firms that provides assistance and consulting services or activities or that provides services to the Company, with particular but not exclusive reference to issues in accounting, administrative, legal, tax and financial matters. 

- to subjects whose right to access the data is recognized by provisions of the law or provisions issued by authorities empowered to do so by law. 

Subjects belonging to the above-mentioned categories will use the data as autonomous data controllers or data processors, in the latter case subject to appointment agreement pursuant to Article 28 of the Regulations. 




According to current legislation (Art. 15 et seq. of EU Reg 2016/679), the data subject is recognized the right to ask the Data Controller for access to personal data, rectification of data, deletion of data, limitation of processing concerning him/her, as well as the right to portability. 

The appropriate request should be submitted to the Data Controller through the following email address: dpo.privacy@gellify.com 

Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of Regulation (EU) 2016/679 and subsequent amendments and additions have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in Article 77 of the aforementioned Regulation, or to take appropriate legal action (Article 79 of the Regulation). 


Data subjects - the identified or identifiable natural persons to whom the data refer - may exercise specific data protection rights, set forth in the following list: 


a) right of access: right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and if so, to obtain access to personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or transfer of data and more.

b) right to rectification: right to obtain from the Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary statement.

c) right to erasure ("oblivion"): right to obtain from the Controller the erasure of personal data without undue delay if: i. the necessary data are no longer required in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased to comply with a legal obligation.

d) right to object to processing: right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller.

e) right to restriction: right to obtain from the Data Controller the restriction of processing, where the accuracy of personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing.

f) right to data portability: right to receive in a structured, commonly used and machine-readable format personal data and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and for data processed by electronic means only. 

g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing concerning him or her is in breach of the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged breach occurred. 




Where processing is to be carried out for purposes other than those indicated above, or in the case of processing based on different and/or additional legal bases to those identified above, specific indication will be provided in any referenced disclosures. 



This policy was updated on 27/03/2023. 

' >