Dear user,

According to the article 13 EU Regulation n. 2016/679 (from now on, “GDPR”), we inform you that the processing of your provided data will be carried out with procedures and policies aimed at ensuring the processing of personal information. It will be done in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and security, personal identity and the right to protection of personal data.

We remind you that treatment means any operation or set of activities, carried out with or without the aid of automated processes, and applied to personal data or sets of personal data. It includes the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction (Article 4 GDPR).

Object of the processing and origin of the data

To attend your information requests, Gek S.r.l. requires the processing of the following data:

  • necessary: ​​name, last name and e-mail address;
  • optional: type of user (if private, doctor, pharmacist or biologist / nutritionist)

Legal basis of the processing

The legal basis for this treatment is the need to process information requests sent spontaneously by the interested party, which falls within the hypotheses envisaged according to art. 6.1, lett. b) of the GDPR.

Purpose of the processing

The personal data and any changes that you will communicate to Gek S.r.l.  are collected and processed solely to verify your information requests.

Processing methods

The treatment is limited to the following operations and in the following ways:

  • Collection of data from the concerned person, by filling in online forms;
  • Registration and processing on computerized support;
  • Organization of the archives in a mainly automated way, through company applications and digital master data;
  • Communication of your data to third parties, duly authorized by the Data Controller.

The data will be processed using instruments that guarantee confidentiality, integrity and availability, in compliance with adequate technical and organizational security measures provided by the GDPR.

The treatment is carried out utilizing information and/or automated systems and will include all the operations or set of activities provided for in art. 4 of the GDPR and necessary for the treatment in question, including the communication to the subjects in charge of the procedure itself.

The data in question will not be disseminated, while they will be or may be communicated to individuals, public or private, operating in the context of the purposes described above.

Data retention

The Data Controller will process your data to fulfil the purposes referred to in point 3 within one year, calculated starting from the execution of the request itself;

Access to treatment

The data will be made accessible, for the purposes of point n. 3:

  • to the employees/collaborators in their capacity as authorized to the treatment, after suitable pronouncement;
  • to third parties, identified as Data Processors by the Data Controller.

Your data will not be disclosed to unauthorized third parties.

Your data will not be distributed in any way. To this end, the processing is conducted with the use of appropriate security measures to prevent unauthorized access to data by third parties and to guarantee confidentiality.

It should be noted that for operational and service needs, access to your request is allowed to the entire area of ​​reference and, therefore, we invite you to refrain from communicating any confidential or strictly personal information that is not strictly necessary or in any way inherent to our services.

Data communication

Your data will not be disclosed to unauthorized third parties. This communication will not be made to unauthorized third parties.

Your data will not be distributed in any way. To this end, the processing is conducted with the use of appropriate security measures to prevent unauthorized access to data by third parties and to guarantee confidentiality.

Data transfer

The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly appointed as Data Processors.

The data will not be transferred outside the European Union.

Nature of data provision and consequences of denial

The provision of data for the purposes referred to in point 3 is mandatory. If absent, it will not be possible to proceed with the information request.

The provision of the data relating to the type of user (whether private, medical, pharmacist or biologist/nutritionist), is merely optional and will therefore not prevent the proceeding of the request.

Rights of the interested party

According to the provisions of the GDPR, the interested party has the following rights towards the Data Controller:

  • obtain confirmation that personal data concerning the interested party are being processed and in this case, to get access to personal data (Right of access Article 15);
  • to obtain the rectification of inaccurate personal data concerning the interested party without unjustified delay (Right to Correct Article 16);
  • obtain the cancellation of personal data concerning the interested party without unjustified delay, and the Data Controller must cancel personal data without unjustified delay if certain conditions exist (Right to oblivion art. 17);
  • obtain the limitation of the processing in specific hypotheses (Right to limitation of processing art. 18);
  • receive in a structured and commonly used format, readable by automatic devices, the personal data concerning the interested party, and has the right to transmit such data to another Data Controller, without hindrance by the Data Controller to whom the interested party supplied them, in some instances (Right to data portability Article 20);
  • oppose at any time, for reasons related to a particular situation, to the processing of personal data concerning the interested party (Opposition right art. 21);
  • receive without unjustified delay communication of the violation of personal data suffered by the Data Controller (Article 34);
  • revoke the express consent at any time (Conditions for consent art. 7).
  • Where applicable, the interested party also has the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.

Procedures to exercise rights

Sending a message to the following dedicated e-mail address of the Data Controller:

Data Controller

The Data Controller is Gek S.r.l., Via G. Frua, 24, 20146 Milan, P.I. 07333890965, Tel. 02 86882477

The list of data processors and authorized personnel are available for consultation at the registered office of the holder mentioned above.

Data Protection Officer

The Data Protection Officer is Frareg S.r.l., p.i. 11157810158, Viale E. Jenner, n. 38, Milan (MI), tel. 02 69010030,

Update of this information

This information may be subject to change. Any substantial updates will be transmitted to the interested parties by notice or publication on the company website.