PRIVACY POLICY
Privacy
EU Regulation No. 679/2016 (GDPR) ensures the protection of individuals and other subjects with regard to the processing of personal data. Processing must follow principles of fairness, lawfulness, and transparency to protect the privacy and rights of individuals.

Data Controller
The data controller is GGallery s.r.l.

Operational headquarters: Piazza Manin, 2b/r – 16122 Genoa
Registered office: Piazza Sicilia 2, 20146 Milan
VAT number: 07050810154
Legal representative: Dr. Paolo Macrì
Email contact: info@ggallery.it – PEC: ggallery@legalmail.it
Tel. +39 010888871

Purposes
The personal data provided will be processed for purposes related to:

– Activities connected to the services requested by the user, particularly registration to the website, portal, or platform, and tracking of activities performed, to monitor or certify attendance, usage, or completion of content (including educational content), use of the help desk, and related support or tutoring services;
– Fulfillment of legal, accounting/administrative obligations, and contract management purposes (provision of products, support services, customer management and administration, orders, shipments, invoices, credit checks, and dispute management);
– Sending communications, notices, or newsletters, including information on new initiatives and/or products and services of the Data Controller, affiliated companies, partners, or clients.

The data will be processed, including through the creation and management of a central archive, using paper, electronic, or telematic means accessible by specialized and authorized personnel.

Mandatory Data Provision
The provision of personal data essential for the provision of requested products/services, for legal compliance, and for the establishment/continuation of the contractual relationship is mandatory, meaning that without it, it will be impossible to establish and/or proceed with such a relationship. These data are specifically marked on registration forms (for example, with an asterisk).

Providing other personal data is optional and generally aimed at providing better service to the customer (e.g., including a phone number can be helpful for assistance or contacting the user if email communication is not possible). Refusal to provide such data will not have negative consequences for the customer.

Data Processing Methods
Personal data are processed (including using automated tools) for the time necessary to achieve the purposes for which they were collected. For example, certain regulations regarding mandatory training for specific professional categories or funded training (ECM, IVASS, Occupational Safety, interprofessional funds, etc.) require data retention for at least 5 years or impose specific obligations regarding reporting to relevant institutions or supervisory authorities.

Specific physical and digital security measures are in place to prevent data loss, illegal or improper use, and unauthorized access.

Data Transfer
Personal data concerning the customer may be disclosed to affiliated companies, entities, or third-party companies for the same purposes mentioned above (e.g., institutions or supervisory authorities for data reporting or other information) or to external parties for specialized services in:

– Software, hardware, telematic, and information system management (e.g., web service and hosting providers, particularly Aruba S.p.A.)
– Payment and accounting services (in the case of paid services/products, particularly PayPal)

Data are not transferred or sold to other subjects or private entities (except for legal obligations or transfers instrumental to the provision of the product/service itself).

Data are not transferred abroad, particularly to non-EU countries.

Analytics, Social Plugins, and Cookies
In the case of web services and the provision of data in such environments, the Data Controller and the Data Processor may use services to analyze online visits and user behavior for statistical purposes and to improve the content/products/services offered.

It is also possible to use social plugins to connect with social media channels such as Facebook or Instagram through specific user actions (e.g., clicking “like” or “share” buttons). In this case, the data processing is managed by the relevant social media platform.

For cookie management, please refer to the specific information available via the link on the site’s homepage.

User Rights
We remind users that they may exercise their rights under the Regulation, in particular:

– Right to be informed: the user has the right to know how their data are collected, processed, stored, and for what purpose, even before collection;
– Right of access to data: after data are collected, the user has the right to access them and know how they are processed and stored and for what purpose;
– Right of rectification: the user has the right to correct data if they are incorrect or incomplete;
– Right to erasure and deletion: the user has the right to permanently delete their personal data (subject to other legal obligations, particularly in the case of reporting to institutions or supervisory authorities);
– Right to restriction: the user can restrict or block the use of their data;
– Right to data portability: the user has the right to move, copy, or transfer their personal data;
– Right to object: the user has the right to prohibit their data from being reprocessed without explicit consent;
– Right to ban automation: the user has the right to prevent decisions about them from being left to algorithms or automation.

To exercise these rights, the user can contact the Data Controller using the contact details provided.

Forms and Email Submission
The optional, explicit, and voluntary submission of emails to the addresses indicated on this site through contact forms or self-service implies the subsequent acquisition of the sender’s address (necessary to respond to requests), as well as any other personal data included in the message.