logo gellify

This information is provided in accordance with the Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”) and describes the methods for processing the personal data of users who consult and use this website, accessed at https://www.gellify.com/ (hereinafter also “Site”).


The Data Controller GELLIFY ITALIA S.r.l. with registered office in Casalecchio di Reno (BO), via Isonzo n. 55/2, 40033, P.I. 03561101209. The Data Controller can be contacted at the e-mail address: privacy@gellify.com

The processing will be carried out in mixed mode with the use of both electronic and paper means as better explained below.


As part of the activities and services offered, the Data Controller will carry out certain data processing activities as better specified below:


Data collected: IP addresses or the domain names of the computers used by users who connect to the site, the URL addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and platform used by the user.

Purpose: The computer systems and software procedures used to operate this site acquire, in the course of their normal operation, some personal data whose transmission is implicit in the navigation of the websites. This information is not collected to be associated with identified interested parties, however, by its very nature could, through processing and association with data held by third parties, allow users to be identified.

The provision of this data is mandatory, and the information is acquired independently in order to ensure access and navigation on the Website. The above data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning.

Legal Basis: the legitimate interest of the Data Controller and other group companies in making the Site usable and the navigation on the Site safe. Exclusively for the specific profiling activity the express consent of the data subject (art. 6, par. 1 lett.f EU Regulation 2016/679).

Retention: Navigation Data are deleted after processing as they are only used to obtain anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Site: except for this contingency, as of now the data on web contacts do not persist for more than 7 (seven) days.


The optional, explicit, and voluntary sending of communications by means of contact forms on the Site or electronic mail to the addresses indicated on this site, implies the subsequent acquisition of the data communicated by the user, including his or her e-mail address, and consent to receive any messages in response to his or her requests.  

This site uses Active Campaign and Microsft Dynamics for contact forms, read their Privacy Policy here: Active Campaign and Microsoft Dynamics.  

Data collected: common data, first name, last name, e-mail address.  

Purposes: The provision of the email address and other data that may be indicated is optional, explicit, and voluntary. The provision of this data is essential to use the service and to receive a response to your request or be contacted by email or telephone, otherwise, in their absence, we will not be able to proceed with the processing. The personal data thus provided are used for the sole purpose of fulfilling or responding to the transmitted requests and are disclosed to third parties only if this is necessary for that purpose. 

Legal Basis: the provision of services requested by the data subject and thus the fulfillment of a contractual and pre-contractual obligation assumed by the Data Controller and other group companies (Art. 6, par. 1 lett.b EU Regulation 2016/679).  

Retention: The Data voluntarily provided by the user is retained for the period necessary for the purpose of fulfilling the request and as permitted by the applicable legislation and any contractual obligations that may have arisen.


Data collected: common data, contact data, work experience, education.  

Purpose: The optional, explicit, and voluntary sending of CVs for the purpose of submitting one 

Legal Basis: the processing is carried out for the fulfillment of a contractual and pre-contractual obligation assumed by the Owner with the service (art. 6, par. 1 lett.b). The processing may, in some cases, be carried out by us as data controllers ex art. 28 on behalf of third party companies that are disclosed in the announcement and that entrust us to proceed with the selection and evaluation of candidates/ applicants.  

Retention: The data are retained for the period necessary for the purpose of processing the request and in accordance with current regulations, and in any case no longer than 2 years after receipt of the data.


Data collected: contact and identification data.  

Purpose: Where requested, you may provide your contact data in order to receive communications of a commercial and/or informative nature with regard to the Holder’s business. The provision of such data is optional but essential in order to proceed with the provision of the promotional information service described above.

This site uses Active Campaign and Microsft Dynamics for contact forms, read their Privacy Policy here: Active Campaign and Microsoft Dynamics.  

Legal Basis: for sending newsletters and commercial/promotional communications, exclusively for commercial purposes, the processing is carried out on the basis of the explicit consent of the data subject (Art. 6, par. 1 lett.a EU Regulation 2016/679).  

Retention: the Data provided for the sending of newsletters and promotional communications are retained for the period necessary for the performance of the activity for which they were conferred and in any case, specifically for the purposes described above, no longer than two years for as expressly provided by law (unless renewed consent by the data subject use for other purposes as provided for by the regulations in force).


Purposes: The Controller may process, without the User’s consent, personal data collected in the following cases:

– in the case of extraordinary operations of merger, sale, or transfer of a business branch, in order to allow the implementation of the operations necessary for the due diligence activity and prodromal to the sale. It is understood that exclusively necessary data will be processed for the aforementioned purposes, in the most aggregate/anonymous form possible.

Legal Basis: Legitimate interest of the Data Controller and the other group companies (art. 6, par. 1 lett.f EU Regulation 2016/679).

Retention: Data will be retained for a period not exceeding that necessary for the purposes for which they were collected or subsequently processed in accordance with legal obligations.


For some of the purposes indicated, the User’s personal data may be transferred outside the EU, including by means of inclusion in databases shared and managed by third companies that may or may not be part of Gellify Italia S.r.l.’s perimeter of control (Gellify Iberia S.I.; Gellify Middle East FZ LLC).

The management of the database and the processing of such data are bound to the purposes for which they were collected and take place with the utmost respect for the standards of confidentiality and security set forth in the applicable data protection laws.

Whenever the User’s personal data is subject to international transfer outside the territory of the EU, the Data Controller will take all appropriate and necessary contractual measures to ensure an adequate level of protection of personal data in accordance with the provisions set out within this Privacy Policy, including, among others, the Standard Contractual Clauses approved by the European Commission.




The personal data collected are processed by the personnel of the Data Controller or other group companies, who act with appropriate authorization, based on specific instructions given regarding the purposes and methods of such processing. In addition, subjects designated as data processors pursuant to Article 28 of the GDPR or sub-processors, which the Data Controller uses for the provision of services and the performance of activities within its competence, as well as Public and Judicial Authorities at the request of the same or for legal obligations.  

By way of example:

– to other companies in the Company’s group to enable them to carry out specific activities and/or the provision of specific services covered by the contract entered with the Customer.  

– to persons, companies, associations, or professional firms that provides assistance and consulting services or activities or that provides services to the Company, with particular but not exclusive reference to issues in accounting, administrative, legal, tax and financial matters.  

– to subjects whose right to access the data is recognized by provisions of the law or provisions issued by authorities empowered to do so by law.  

Subjects belonging to the above-mentioned categories will use the data as autonomous data controllers or data processors, in the latter case subject to appointment agreement pursuant to Article 28 of the Regulations.



According to current legislation (Art. 15 et seq. of EU Reg 2016/679), the data subject is recognized the right to ask the Data Controller for access to personal data, rectification of data, deletion of data, limitation of processing concerning him/her, as well as the right to portability.

The appropriate request should be submitted to the Data Controller through the following email address: dpo.privacy@gellify.com  

Interested parties who believe that the processing of personal data relating to them occurs in violation of the provisions of Regulation (EU) 2016/679 and subsequent amendments and additions have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as provided for in Article 77 of the aforementioned Regulation, or to take appropriate legal action (Article 79 of the Regulation).

Data subjects – the identified or identifiable natural persons to whom the data refer – may exercise specific data protection rights, set forth in the following list:

a) right of access: right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and if so, to obtain access to personal data and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or transfer of data and more.

b) right to rectification: right to obtain from the Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary statement.

c) right to erasure (“oblivion”): right to obtain from the Controller the erasure of personal data without undue delay if: i. the necessary data are no longer required in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased to comply with a legal obligation.

d) right to object to processing: right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller.

e) right to restriction: right to obtain from the Data Controller the restriction of processing, where the accuracy of personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing.

f) right to data portability: right to receive in a structured, commonly used and machine-readable format personal data and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and for data processed by electronic means only.

g) right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing concerning him or her is in breach of the Regulation has the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged breach occurred.


Where processing is to be carried out for purposes other than those indicated above, or in the case of processing based on different and/or additional legal bases to those identified above, specific indication will be provided in any referenced disclosures.  

This policy was updated on 03/11/2023.