Privacy and cookie policy

Disclosure pursuant to EU Regulation 2016/679 ("GDPR")

WHAT TYPES OF DATA DO WE COLLECT?

When you use our services, you agree that our company collects some of your personal data. This page is meant to tell you what data we collect, why, and how we use it. We process two types of data:

Data provided by the user

When you register, post, or respond to an article or ad, we ask you to provide us with certain data that we need in order to use our service.
These are, for example, the data we ask from you:

• email address and password;
• Other data related to the type of content you are responding to.

You can also choose to provide us with the following information:

• name;
• date of birth;
• gender;
• city or municipality of reference;
• telephone number.

Third Party Data
If you provide personal data of third parties, such as those of your family members or friends, you must be sure that these individuals have been adequately informed and have consented to its processing in the manner described in this policy.

Data of minors under 16 years of age
If you are under 16 years of age, you may not provide us with any personal data nor may you register on our site, and in any case we do not assume responsibility for any false statements you provide: if we become aware of the existence of untrue statements, we will proceed with the immediate deletion of any personal data acquired.

Data we automatically collect and digital services in use

We collect the following data through the services you use:

• technical data: e.g. IP address, browser type, information about your computer, data about the current (approximate) location of the tool you are using;
• data collected using cookies or similar technologies: for more information, please visit the "Cookies" section.

These are the digital services currently in use on our site:

• Google reCAPTCHA
• Google Analytics 4
• Direct registration
• Google Fonts

Go to this link for more information about the Privacy Policy

1. HOW DO WE USE THE DATA COLLECTED?

We use the data collected to offer you our service every day, to inform you about our activities or to offer you a more personalized service in line with your interests.

1.1. To inform you about our business activities

We use the data collected, if you have expressly given us consent, to inform you about activities that may be of interest to you.

In particular, we use them for:

• communicating activities to you about events, initiatives or partnerships, via e-mail, text messaging or "push" notifications; only if you are a professional;
• do analytical and reporting activities related to promotional communication systems, such as tracking the number of emails opened, clicks made on links within the communication, the type of device used to read the communication and its operating system.

2. IS THE PROVISION OF DATA MANDATORY?

The provision of personal data is obligatory only for the processing necessary for the provision of the services we offer (any refusal, for purposes of providing our services, makes it impossible to use them); on the other hand, it is optional for promotional, profiling purposes and any refusal to give consent has no negative consequences on the provision of the services offered within the website and any related applications.

3. WHO ARE THE SUBJECTS OF THE TREATMENT?

3.1. Data controller

The data controller is Dr. Pierantonio Addis.

The data controller employs data processors to achieve the purposes specified in Section 1.

3.2. Persons to whom personal data may be disclosed

Data collected as part of service delivery may be disclosed to:

• companies that perform functions closely related and instrumental to the operation - including technical - of our services, such as suppliers that provide services aimed at the review and verification of ads, companies that provide archiving, administrative, payment and billing services, related companies that provide technical components for the provision of certain features of the services;
• entities and administrative and judicial authorities under legal obligations.

Your personal data may be transferred outside the European Union for processing by some of our service providers. In this case, we ensure that this transfer is done in compliance with applicable legislation and that an adequate level of personal data protection is guaranteed by relying on an adequacy decision, standard clauses defined by the European Commission or Binding Corporate Rules.

Under no circumstances do we give or sell personal data to third parties.

4. HOW CAN YOU GET INFORMATION ABOUT THE DATA, CHANGE IT, DELETE IT, OR GET A COPY OF IT?

4.1. Exercising your rights

Any individual using our service can:

• to obtain from the owner, at any time, information about the existence of their personal data, the origin of the data, the purposes and methods of processing and, if any, to obtain access to personal data and information referred to in Article 15 of the GDPR;
• request the updating, rectification, supplementation, deletion, restriction of data processing in the event that one of the conditions provided for in Article 18 of the GDPR is met, transformation into anonymous form or blocking of personal data, processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected and/or subsequently processed;
• oppose, in whole or in part, for legitimate reasons, the processing of data, even if pertinent to the purpose of collection and the processing of personal data provided for the purposes of commercial information or sending advertising material or direct sales or for carrying out market research or commercial communication. Each user also has the right to revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;
• receive their personal data, provided knowingly and actively or through the use of the service, in a structured, commonly used, machine-readable format, and to transmit it to another data controller without hindrance;
• Propose a complaint to the Italian Data Protection Authority.

Please note that if you have any questions or requests regarding your personal information and respect for your privacy, you can write to the dedicated address info@gillalab.it

5. WHERE IS YOUR DATA? SITE HOSTING AND DIGITAL SERVICES

Site hosting and associated services (email, database, and backup) are provided by Aruba SpA, an Italian company headquartered in Italy that operates in compliance with Italian and European laws.
Its cloud computing services comply with the CISPE Code of Conduct.
Aruba SpA complies with the logical, physical, and organizational security standards imposed by ISO 27001 certification, in addition to ISO 9001, ISO 14001, and ANSI/TIA 942-A certifications. For more information: www.aruba.it/gdpr-regolamento-europeo-privacy.aspx

6. HOW AND FOR HOW LONG WILL YOUR DATA BE STORED?

Personal data will be stored in hard copy and/or electronic/informatic form and for the time strictly necessary to fulfill the purposes mentioned in point 1, respecting your privacy and current regulations.

For analysis purposes directed at service development and improvement, the user's personal data may be subject to a retention period of 36 months.

For direct marketing and profiling purposes, we retain your data for a maximum period equal to that stipulated by applicable regulations (equal to 24 and 12 months, respectively).

Invoices, accounting records and transaction data are kept for 11 years in accordance with the law (including tax obligations).

In the case of exercising the right to be forgotten through a request for the express deletion of personal data processed by the owner, please note that such data will be retained, in a protected form and with limited access, solely for the purpose of investigating and prosecuting crimes, for a period not exceeding 12 months from the date of the request, and thereafter will be securely deleted or irreversibly anonymized.

Finally, we remind you that for the same purposes, data related to telematic traffic, excluding in any case the contents of communications, will be kept for a period not exceeding 6 years from the date of communication, in accordance with Article 24 of Law No. 167/2017, which transposed EU Directive 2017/541 on anti-terrorism.

If you do not exercise any active actions (e.g. browsing, searches and/or any other way of using the services) on our site for a period of 27 months, you will be classified as an inactive user and your personal information will be deleted automatically.

7. HOW DO WE ENSURE THE PROTECTION OF YOUR DATA?

The data are collected by the subjects indicated in point 3, according to the indications of the reference legislation, with particular regard to the security measures provided for by the GDPR (art. 32) for their processing by means of computer, manual and automated tools and with logics strictly related to the purposes indicated in point 1 and in any case in such a way as to guarantee the security and confidentiality of the data.

In compliance with applicable regulations, an anti-spam verification system is in place on communications between users. Data entered therein may be verified for the sole purpose of detecting illegal activities or content that does not comply with the General Conditions of Service, but will not be processed or communicated for commercial or promotional purposes.

8. ADDITIONAL INFORMATION

8.1. Location

When you use applications and services from our site with location tracking enabled, we may collect and process information about your current (approximate) location. This data is processed anonymously, in a format that does not personally identify you, and used for the sole purpose of facilitating the use of certain location-based features of the service. You can enable/disable location services at any time by accessing your browser and/or device settings as follows:

• SAFARI
  Desktop or laptop type devices (laptops)
  go to "Preferences" > "Websites" > "Location" and remove our site from the list
  Mobile (smartphones, tablets)
  go to "Preferences" > "Privacy" > "Localization" and turn off localization for Safari
• CHROME
  Desktop or laptop type devices (laptops)
  open Chrome chrome://settings/content/location and remove our site from the list
  Mobile (smartphones, tablets)
  open Chrome and select "Site settings" > "Location" and remove our site from the list
• FIREFOX
  Desktop or laptop (laptops) and mobile (smartphones, tablets) type devices
  open Firefox and go to about:preferences#privacy, search for "Permission" > "Location" > "Settings" and remove our site from the list
• INTERNET EXPLORER
  Desktop or laptop type devices (laptops)
  open Internet Explorer, click on the "gear" icon and select "Internet Options" in the privacy panel, under Location press the "Delete Sites" button

8.2. Search Engines

Information related to articles and/or ads placed on our site will be visible in searches made in the internal search engine and may be made available to third-party search engines as content indexing by third-party engines is permitted. In the event that the page related to the article and/or ad has already been removed from our site, it is possible that the cached copy will remain in the search results for a few days. The search results are not managed by our site, but the user can report the removal of the page and solicit the update of the cache copy directly to the third-party search engine.

9. CAN THE PRIVACY POLICY CHANGE OVER TIME?

This policy may be subject to change. If substantial changes are made to the Owner's use of data about you, the Owner will notify you by prominently posting such changes on its pages or through alternative or similar means.