GILBI Menu
Free Audit

Write Us

[email protected] [email protected]

Call Us

+39 035 0391097

Hours

Mon - Fri: 9:00 AM - 6:00 PM
  • Home
  • Legal
  • Privacy Policy

Privacy Policy

Privacy Notice

The purpose of this document is to inform the natural person (hereinafter “Data Subject”) regarding the processing of their personal data (hereinafter “Personal Data”) collected by the data controller, GILBI Srl, with registered office at Via Monte Sabotino 2, Bergamo 24121, Tax Code/VAT Number 04598080168, e-mail address [email protected], (hereinafter “Controller”), through the GILBI website (hereinafter “Application”).

Amendments and updates shall be binding as soon as they are published on the Application. In the event of non-acceptance of the amendments made to the Privacy Notice, the Data Subject is required to cease use of this Application and may request the Controller to delete their Personal Data.

1. Categories of Personal Data Processed

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

  • Contact data: name, surname, address, e-mail, telephone, images, authentication credentials, any additional information sent by the Data Subject, etc.
  • Tax and payment data: tax code, VAT number, credit card data, bank account details, etc.
  • Employment-related data: data included in the curriculum vitae, data relating to spouse or children, social security data, etc.
  • Special categories of data (sensitive): Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation, collected with the prior consent of the Data Subject. The Data Subject may revoke consent at any time.

The Controller processes the following types of Personal Data collected automatically:

  • Technical data: Personal Data produced by devices, applications, tools and protocols used, such as information about the device used, IP addresses, browser type, Internet Service Provider (ISP) type. Such Personal Data may leave traces that, particularly when combined with unique identifiers and other information received from servers, may be used to create profiles of natural persons.
  • Browsing and Application usage data: such as pages visited, number of clicks, actions performed, session duration, etc.
  • Precise location data of the Data Subject: for example, geolocation data that precisely identify the position of the Data Subject, which may be collected via satellite network (e.g. GPS) and other means, collected with the prior consent of the Data Subject. The Data Subject may revoke consent at any time.

Failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or where such data constitutes a necessary requirement for the conclusion of a contract with the Controller, will result in the inability of the Controller to establish or continue the relationship with the Data Subject.

The Data Subject who communicates third-party Personal Data to the Controller is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.

2. Cookies and Similar Technologies

The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect Personal Data of the Data Subject regarding pages, links visited and other actions performed when the Data Subject uses the Application. They are stored to be transmitted on the Data Subject’s subsequent visit. The complete Cookie Policy can be viewed at the following address: Cookie Policy

3. Legal Basis and Purposes of Processing

The processing of Personal Data is necessary:

For the performance of the contract with the Data Subject, specifically:

  1. Fulfilment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
  2. Registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access and be identified also through external platforms
  3. Support and contact with the Data Subject: to respond to the Data Subject’s requests
  4. Payment management: to manage payments via credit card, bank transfer or other instruments

For legal obligations, specifically:

  1. Fulfilment of any obligation required by applicable regulations, laws and rules, particularly in tax and fiscal matters

Based on the legitimate interest of the Controller, for:

  1. E-mail marketing of the Controller’s products and/or services
  2. Management, optimisation and monitoring of the technical infrastructure
  3. Security and anti-fraud
  4. Statistics with anonymous data

Based on the consent of the Data Subject, for:

  1. Profiling of the Data Subject for marketing purposes
  2. Retargeting and remarketing
  3. Marketing of the Controller’s products and/or services
  4. Detection of the precise location of the Data Subject

The Data Subject’s Personal Data may also be used by the Controller to protect its rights in court before the competent judicial authorities.

4. Methods of Processing and Recipients of Personal Data

The processing of Personal Data is carried out using paper-based and electronic tools with organisational methods and logic strictly related to the stated purposes and through the adoption of adequate security measures.

Personal Data are processed exclusively by:

  • Persons authorised by the Controller who have committed to confidentiality
  • Entities operating as separate data controllers or data processors
  • Entities or bodies to whom Personal Data must be communicated by legal obligation

Personal Data shall not be indiscriminately disclosed in any way.

5. Location

If necessary, Personal Data may be transferred outside the EEA. The Controller will adopt all necessary contractual measures to ensure an adequate level of protection. For information: [email protected].

6. Personal Data Retention Period

Personal Data will be retained for the period necessary for the purposes for which they were collected:

  • For contractual purposes: the entire duration of the relationship + 10 years statute of limitations
  • For legitimate interest: until the fulfilment of such interest
  • For legal obligation: in compliance with the prescribed timeframes
  • For consent: until consent is revoked

7. Rights of the Data Subject

The Data Subject has the right to:

  • Be informed about the processing of their Personal Data
  • Revoke consent at any time
  • Restrict the processing of their Personal Data
  • Object to the processing of their Personal Data
  • Access their Personal Data
  • Verify and request the rectification of their Personal Data
  • Obtain the erasure of their Personal Data
  • Transfer their Personal Data to another controller
  • Lodge a complaint with the supervisory authority

To exercise your rights: [email protected]. Requests will be handled within 30 days.

Last updated: 08/01/2024