Privacy Policy
This disclosure governs how the personal information you provide by using the website at www.gelq.it is processed by Gelq S.r.l., with registered office at Via Giuseppe Revere 16, 20123 Milan, Italy, VAT number IT10344380968, email info@gelq.it, hereafter the “Controller,” in accordance with current laws on data protection, in particular EU Regulation 2016/679 (hereafter “GDPR”).
1. Data Controller’s identity and contact information
The Data Controller is Gelq S.r.l. As the Controller is headquartered in Italy, no representative has been appointed.
2. Data protection manager’s contact information
The Controller has not appointed a data protection manager.
3. Data processing methods
3.1 Cookies and environment data
3.1.1 TECHNICAL COOKIES
- Browser, functional, session cookies: These permit the site to function properly. The use of session cookies (which are not permanently stored on the data subject’s device and are automatically deleted when the browser is closed) is strictly limited to transmitting identification information for single sessions, and the cookies are utilized to permit secure and efficient use of the site.
Statistical cookies: The site uses statistical cookies created directly by the Controller internally, or provided by third parties. In the latter case, appropriate steps have been taken to make identification less likely, including by masking significant portions of the IP addresses handled this way. The use of these third party statistical cookies is also subject to contractual restrictions that require the third party to use them solely to provide the service, to store them separately, and not to “enrich” them or “cross-reference” them with other available information.
With specific regard to Google Analytics cookies, the information obtainable from these cookies on how users are utilizing the site will be transmitted from the data subject’s browser to Google Inc., with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and filed with that company’s servers.
Google’s privacy provisions, which we ask you to read, are available at the following address: http://www.google.com/intl/it/privacy/privacy-policy.html Privacy
Information on Google Analytics services is available at the following address: http://www.google.com/intl/en/analytics/privacyoverview.html
Browser data and environment variables: During their normal operation, certain IT systems and procedures responsible for site functioning automatically acquire personal data related to the data subject’s browsing, including environment variables. Examples of this category of data include:
The IP addresses of the computers of those who utilize the services;
Number of accesses;
Pages viewed;
Date and time of access;
The URL where the browser was before viewing our page;
The type of browser;
The operating system used.
3.1.2 NON-TECHNICAL COOKIES
Profiling cookies: The site uses profiling cookies provided by third parties.
Delete and deactivate cookies
As cookies are normal text files, it is possible to access them using text processing programs. In each case it is possible to configure your browser in order to prevent it from processing cookies.
Delete/deactivate cookies using Firefox:
http://support.mozilla.com/it/kb/Eliminare%20i%20cookie
Delete/deactivate cookies using Edge:
https://support.microsoft.com/it-it/help/4027947/windows-delete-cookies
Delete/deactivate cookies using Chrome:
http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647
Delete/deactivate cookies using Safari:
https://support.apple.com/kb/ph21411?locale=it_IT
3.1.3 SOCIAL PLUGINS
This type of service permits interactions with social networks or other external platforms directly from Gelq pages. The interactions and information acquired by Gelq are in all cases subject to the individual user’s privacy settings for each social network.
If a service for interacting with social networks is installed, it is possible that, even if the service is not used, it may collect data traffic related to the pages on which it is installed.
- Twitter The Tweet button and Twitter social widgets are services for interacting with the Twitter social network, provided by Twitter, Inc. Personal data collected: cookies and usage data. Place of processing: USA – Privacy (https://twitter.com/it/privacy)
- Facebook The “Like” button and Facebook social widgets are services for interacting with the Facebook social network, provided by Facebook, Inc. Personal data collected: cookies and usage data. Place of processing: USA – Privacy (https://www.facebook.com/privacy/explanation)
- Google+ The +1 button and social widgets of Google+ are services for interacting with the Google+ social network, provided by Google Inc. Personal data collected: cookies and usage data. Place of processing: USA – Privacy (https://policies.google.com/privacy?hl=policies)
- Instagram The Instagram social widgets are services for interacting with the Instagram social network, provided by Instagram Inc., a service of Facebook Inc. Personal data collected: cookies and usage data. Place of processing: USA - Privacy (https://help.instagram.com/519522125107875)
4. Purposes of processing and legal basis for processing
With regard to technical cookies in point 3.1.1 and browser data, the data subject’s personal data are processed in order to permit proper use of the website; they must be used in order to browse the website www.gelq.it.
In this case, the legal basis for processing is the Controller’s legitimate interest. Personal data processing through non-technical cookies pursuant to point 3.1.1 makes it possible to offer a personalized browsing experience by means of profiling. In this case the legal basis is the data subject’s consent, expressed in accordance with current law.
5. Manner of expressing consent
Consent to processing personal data through non-technical cookies may be expressed by clicking on a specific box presented within a banner.
6. Source of the personal data
The only data processed are those provided by the data subject in accordance with this disclosure, collected through the website or through an email from the data subject. Data from sources accessible to the public will not be processed.
7. Recipients and any categories of recipients of personal data
The following may receive the data subject’s personal data:
• The communications companies that engage in commercial communication and profiling activities on behalf of the Controller and act in the capacity of data processors;
• Companies that offer information society services, in particular those which offer hosting services.
8. Data categories
The data subject’s personal data will be processed.
9. Transfer of data
The Controller intends to transfer the personal data to another country or to an international organization. These parties could be represented, for example, by:
• Communications companies that engage in communication activity on behalf of the Controller;
• Companies that offer information society services, in particular those which offer hosting services;
• Suppliers of communications company services;
Transfer of personal data to those parties, if they are established in another country or are an international organization, is based on a decision of adequacy by the European Commission, which verifies how the other country, the territory, or one or more specific sectors within the other country or the international organization guarantee adequate protection for their rights. In each case the Controller (if it considers this appropriate) reserves the right to enter into specific separate agreements that require these parties to adopt adequate security measures, including organizational measures, that appropriately guarantee their rights. Google Inc., in particular, is contractually bound to ensure appropriate protection of the data subject’s rights. Data may thus be transferred to the following countries: United States of America. To obtain a copy of these data or the place where they were made available, simply send the relative request to the following email address: info@gelq.it
-
10. Length of time personal data may be stored
Personal data processed and stored in order to permit proper use of the website are processed and stored for no more than 12 months after the date of the individual collection. The Controller always reserves the right to ask the data subject to renew their consent to processing and/or to verify any consent already given.11. Optional nature of consent and consequences of non-consent
There is no contractual obligation to communicate personal data processed through technical cookies to permit proper use of the website. Rather, this is based on the Controller’s legitimate interest, as without this processing it could not provide a perfectly functioning website. Consent is optional for non-technical cookies. In this case, failure to communicate these data will simply make it impossible to provide personalized service. For data provided voluntarily via email, personal data processing makes it possible to respond to data subjects’ requests. The Controller’s legitimate interest in responding to data subjects constitutes the legal basis for processing.12. Rights of the data subject
12.1 Right to oppose
Pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR, the data subject has the right to oppose the processing of their personal data at any time based on their particular situation, including profiling based on the aforesaid provisions. The Controller will not process the personal data further unless it demonstrates the existence of cogent legitimate reasons to proceed with processing that override the interests, rights, and liberties of the data subject, or to ascertain, assert, or defend a right before the courts.12.2 Other rights
The Controller also advises data subjects that they have the following rights:
• Data subject’s right of access: the data subject has the right to obtain confirmation from the Controller of whether or not his or her personal data are being processed, and in that case, to obtain access to the personal data and specific information, in accordance with Art. 15 of the GDPR;
• Right of rectification: the data subject has the right to have the Controller rectify any inaccuracies in his or her personal data without unjustified delay. Taking into account the purposes of the processing, the data subject has the right to supplement incomplete personal data, including by providing a supplementary declaration, in conformity with Art. 16 of the GDPR;
• Right to delete data, including the right to revoke consent: the data subject has the right to have the Controller delete his or her personal data without unjustified delay (and the Controller is obligated to delete the personal data without unjustified delay), or to revoke consent, for the reasons set out in Art. 17 of the GDPR. With regard to the right of revocation, the data subject also has the right to revoke consent at any time without prejudice to the lawfulness of the processing based on consent given prior to the revocation;
• Right to restrict processing: the data subject has the right to have the Controller restrict processing when the situations set out in Art. 18 of the GDPR arise;
• Right of data portability: the data subject has the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him or her provided to the Controller and has the right to transmit this data to another controller without hindrance from the Controller under the conditions specified by Art. 20 of the GDPR.13. Exercise of rights
Requests to exercise the rights indicated in this disclosure, in particular the right to delete and the right to revoke consent, must be emailed directly to the Controller at info@gelq.it. In the alternative, these rights may be exercised in a registered letter with advice of receipt sent to the above-captioned address.14. Where to find the disclosure
The disclosure can be found at www.gelq.it/content/2-privacy-policy, and from the Controller. If the data subject expressly requests, the information can also be provided verbally by telephone call to the Controller, provided the data subject’s identity is verified.15. Privacy and newsletter
If the data subject has agreed, through a consent flag, to receive commercial communications, his or her data will be processed in order to send direct marketing communications, newsletters, advertising materials, and market surveys, via traditional contact systems and automated IT systems, including commercial or promotional messages via email or text message; the legal basis for this is the data subject’s consent, expressed in accordance with this disclosure.In this case, there is no contractual obligation to provide personal data. The data subject has the discretion to provide personal data, but if this data is not provided, it will not be possible to engage in any marketing activity. Personal data thus processed are stored for no more than 24 months after the date of the individual collection.