Legal

Privacy Policy

This Privacy Policy describes how Gorilli S.r.l. collects, uses, stores, discloses and protects the personal data of users who visit the website or interact with the services and contact channels made available online.

This Privacy Policy is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the "GDPR") and of Legislative Decree 196/2003, as amended, and applies to the website https://www.gorilli.io, its landing pages and any digital channels used for the collection of data.

This Privacy Policy does not apply to third-party sites, platforms or applications that have their own separate privacy policy, even if accessible through links present on the Site.

Data Controller

The data controller is Gorilli S.r.l., with registered office in Milan (MI), Via Privata Tarvisio 8, ZIP code 20125, Tax ID and VAT No. 13973770962.

For any request relating to the processing of personal data or to exercise the rights provided for by applicable law, you can contact the Data Controller at the certified email (PEC) address: gorilli@pec.it.

Types of data collected

Gorilli may collect and process the following categories of personal data:

  • identification data, such as name, surname and other personal details that the user may provide;
  • contact data, such as email address, telephone number, postal address and the company you belong to, if provided;
  • browsing data, such as IP address, domain names, requested URLs, request time, browser used, operating system and other technical parameters of the device used for the connection;
  • data contained in messages sent voluntarily by the user through contact forms, email or other channels available on the Site.

For processing carried out through cookies or similar tools, please refer to the dedicated Cookie Policy, where available.

Methods of collection

Personal data may be collected directly from the user, for example when filling out a form, requesting information, sending a communication or subscribing to informational or promotional services.

Some data is collected automatically by the IT systems and software procedures responsible for the operation of the Site during normal browsing. This information is used, among other things, to obtain anonymous statistical data on the use of the Site and to verify its proper functioning.

Purposes of processing

Personal data is processed for the following purposes:

  • to enable browsing on the Site and the proper delivery of the technical features available;
  • to respond to requests for contact, information, demos, quotes or assistance sent by the user;
  • to manage service communications, pre-contractual activities and relationships with users, customers or potential customers;
  • to comply with legal obligations, regulations, orders of competent authorities or requests from judicial authorities;
  • to protect the rights of the Data Controller and prevent abuse, fraud or unlawful use of the Site;
  • subject to consent, to send newsletters, commercial communications, informational content, invitations to events, promotional material or other marketing initiatives, including through automated tools such as email, SMS or other means of distance communication;
  • subject to consent, to analyse the user's preferences, interests or behaviour in order to improve the offering of services and personalise commercial communications, within the limits allowed by applicable law.

Legal basis for processing

The processing of personal data is based, depending on the case, on the following legal grounds:

  • performance of pre-contractual measures taken at the request of the data subject;
  • performance of a contract or of activities connected to the provision of requested services;
  • compliance with legal obligations to which the Data Controller is subject;
  • pursuit of the legitimate interest of the Data Controller, for example for security needs, defence of rights, fraud prevention and management of the Site;
  • consent of the data subject, where required, for marketing, newsletter, profiling or other activities not strictly necessary for the provision of the service.

Any refusal to provide the data necessary for contractual, pre-contractual or legal purposes may make it impossible to act on the user's request or to provide the requested service. The lack of consent for marketing or profiling purposes does not, however, affect browsing on the Site or access to the main services.

Disclosure of data

Personal data may be disclosed, for the purposes indicated above and within strictly relevant limits, to third parties such as:

  • providers of IT, cloud, hosting, software and technical maintenance services;
  • providers of communication, marketing, newsletter, analytics or commercial support services;
  • consultants, professionals, collaborators and parties responsible for administrative, legal, tax or organisational activities;
  • parties that carry out archiving or document management services;
  • public authorities, supervisory bodies or parties legally authorised to receive such data.

These parties act, depending on the case, as duly appointed data processors or as independent data controllers.

Transfer of data abroad

Should personal data need to be transferred, for technical or organisational reasons, to countries located outside the European Economic Area, such transfer will take place in compliance with the safeguards provided by the GDPR and any further applicable security measures.

In such cases, Gorilli will adopt, where necessary, instruments such as adequacy decisions, standard contractual clauses or other suitable safeguards to protect the rights of data subjects.

Data retention

Personal data is stored for a period no longer than that necessary to achieve the purposes for which it was collected, except for legal obligations or the need to ascertain, exercise or defend a right in court.

In particular:

  • data processed for contractual, administrative and legal purposes may be retained for the time required by applicable law and, where necessary, for up to 10 years;
  • data processed for marketing and newsletter purposes is retained until consent is withdrawn or the right to object is exercised;
  • technical browsing data is retained for the time strictly necessary to ensure the operation, security and monitoring of the Site, unless otherwise required by law.

Processing methods and security

Data is processed using paper, electronic and telematic tools, according to logic strictly related to the purposes indicated and adopting technical and organisational measures adequate to ensure the security, confidentiality, integrity and availability of the data.

Gorilli adopts appropriate measures to prevent unauthorised access, loss, disclosure, alteration or destruction of personal data. Access to data is granted exclusively to authorised personnel or expressly appointed parties, within the limits of their respective duties.

Rights of the data subject

In the cases provided for by Articles 15-22 of the GDPR, the data subject may exercise the following rights:

  • obtain confirmation as to whether or not personal data concerning them exists and access it;
  • request the rectification of inaccurate data or the integration of incomplete data;
  • request the erasure of personal data, in the cases provided for by law;
  • obtain the restriction of processing in the cases provided for by law;
  • object to processing, in whole or in part, where the conditions are met;
  • receive data in a structured, commonly used and machine-readable format, and transmit it to another controller, where technically possible and applicable;
  • withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, you can write to gorilli@pec.it. The Data Controller may request further information necessary to verify the identity of the requester.

Marketing communications

The user may object at any time to receiving promotional or marketing communications, either in full or only with respect to certain contact channels. This request can be exercised through the unsubscribe links present in electronic communications, where available, or by contacting the Data Controller at the details indicated above.

Complaints

Without prejudice to any other administrative or judicial remedy, should the data subject believe that the processing of personal data takes place in violation of applicable law, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) pursuant to Article 77 of the GDPR.

Further information is available on the Authority's official website: https://www.garanteprivacy.it.

Changes to this Privacy Policy

This Privacy Policy may be subject to updates or changes over time. Users are therefore invited to consult this page periodically to check the current text.