Privacy
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“the Regulation” or “GDPR”), we wish to inform users about the methods and purposes of the processing of personal data of those who interact with our website.
This notice is not to be considered valid for other websites that may be consulted through links present on the internet sites under the domain of the Controllers, who shall not be held in any way responsible for third-party websites.
Data Controllers
The Data Controller of the personal data collected through this website is GC Advisory Srl, with registered office at Via Fatebenefratelli 10, 20121, Milan, VAT number 04365800715, which can be contacted at the following email address: info@gcadvisory.com (hereinafter also “GC”).
Purposes of processing, legal basis, nature of data provision
For the purposes described in this notice, only personal data and special categories of data strictly related to any potential belonging to protected categories willbe processed, where such data is relevant for hiring; therefore, please do NOT include any special category (formerly sensitive) data that is not strictly necessary for the application. Personal data will be processed, in compliancewith the lawful bases under Article 6 of the Regulation, for: allowing navigation on this website and the technical management of connections to it.The IT systems used to operate the website acquire, during their normal operation and only for the duration of the connection, certain personal datawhose transmission is implicit in the use of internet communication protocols.These data are not collected to be associated with identified data subjects but, by their nature, could—through processing and association with data heldby third parties—allow users to be identified. This category of data includes,for example: IP addresses or domain names of the computers used by usersconnecting to the websites, URI (Uniform Resource Identifier) addresses of therequested resources, characteristics of the browser used for browsing, the sizeof the window in which the browser is displayed on the device used, and otherparameters related to the operating system and the user’s IT environment. Thesedata are used solely to obtain anonymous statistical information on the use ofthe sites and to verify their proper functioning, and are deleted immediatelyafter processing. The data may also be used to ascertain liability in the eventof hypothetical computer crimes against the sites.
Legal basis for processing: the legitimate interest of the Controllers (Art. 6 paragraph 1letter f of the GDPR).
The data requested for the purposes indicated are necessary in order to allow navigationon the site,
to respond to requests for information or contact, to download informational material about our products, and other types of requests made by customers/usersregarding the services offered by the Controllers.
The voluntary sending of emails to the email addresses indicated on the websites mentioned above, including through specific data collection forms, results inthe subsequent acquisition of the sender’s email address, which is necessary to respond to the requests, as well as any other personal data included in the communication. This also applies to the handling of complaints submitted by users and the related responses.
Legal basis for processing: performance of a contract to which the data subject is party or of pre-contractual measures adopted at the data subject’s request (Art. 6paragraph 1 letter b of the GDPR) and the legitimate interest of the Controllers (Art. 6 paragraph 1 letter f of the GDPR). The data requested for the purposes indicated are necessary in order to respond to the requests of the data subject. Failure to provide such data will result solely in the impossibility of sending and/or receiving and/or responding to the data subject’s requests.
Direct marketing activities of the Controllers
By voluntarily entering your data in the specific “newsletter” subscription box, you agree to receive newsletters from the Controllers regarding the services they offer.
Legal basis for processing: the user’s consent (Art. 6 paragraph 1 letter a of the GDPR). The data requested for the purposes indicated are necessary in order to send commercial communications and promotional material to the data subject. Failure to provide such data will result solely in the impossibility of sending commercial communications and promotional material.
Publication of images
The images published on this website refer to the data subjects who, during events organized by the Controllers, after receiving the appropriate notice pursuant to Art. 13 of the GDPR, have given specific consent for their publication on this website.
The user is free to provide their personal data. Failure to provide such data may make it impossible to obtain what is requested or to use the web services of the Data Controllers.
Recipients of the data or categories of recipients
For the achievement of the purposes described, or in cases where this is essential or required by legal provisions or by authorities vested with the power to impose it, the Controllers reserve the right to disclose the data to recipients belonging to the following categories:
subjects who perform IT maintenance or similar services;
subjects who provide services for the management of the information system used by the Controllers and telecommunications networks, including email and website management;
Authorities and supervisory and control bodies and, in general, subjects, public or private, with public relevance functions (e.g.: Prefecture, Police Headquarters, Judicial Authority, in any case only within the limits in which the conditions established by applicable legislation apply);
professional firms or companies within the context of assistance and consultancy relationships;
data may also be accessed, in relation to the performance of assigned tasks, by the personnel of the Controllers, including interns, temporary workers, consultants, employees of companies external to the Controllers, all specifically authorized to process data.
For theachievement of the purposes described, or in cases where this is essential orrequired by legal provisions or by authorities vested with the power to imposeit, the Controllers reserve the right to disclose the data to recipientsbelonging to the following categories:
Legal basis for processing: the explicit consent of the data subject (Art. 6 paragraph 1letter a of the GDPR).
The data requested for the purposes indicated are optional, and the explicit consent maybe withdrawn at any time by the data subject simply by requesting it from the Controllers via the email contact provided in this notice.
manage the selection process in case of an application and spontaneous submission of the curriculum vitae
The user is also free to provide their personal data and special categories of data (exclusively for the purposes mentioned above), through online forms and contact forms, in order to send their CV or submit specific applications.
Legal basis for processing: the performance of pre-contractual or contractual obligations (Art. 6 paragraph 1 letter b of the GDPR) and consent for special categories of data (Art. 9 letter a of the GDPR).
The data requested for the purposes indicated are necessary to start the personnel selection process. Failure to provide such data will result in the impossibility of including the application in the selection process and,consequently, of evaluating the candidate’s hiring.
Personal data will not be processed using automated decision-making processes referred to in Art. 22 of the GDPR.
Method of data processing
Processing will be carried out using manual, computer and telematic tools in compliance with current regulations and with the principles of fairness, lawfulness, transparency, relevance, completeness and non-excessiveness, accuracy, and with organizational and processing logics strictly related to the purposes pursued and, in any case, in such a way as to ensure the security, integrity and confidentiality of the processed data, in accordance with the organizational, physical and logical measures required by current provisions.
Data retention period
In compliance with Art. 5 paragraph 1 letter e) of EU Reg. 2016/679, the personal data collected will be stored in a form that allows the identification of the data subjects for no longer than is necessary to achieve the purposes for which the personal data are processed. The retention of personal data provided depends on the purpose of the processing:
- navigation on this website, see the cookie policy;
- for contact or information requests, up to 1 year;
- personnel selection, up to 1 year;
- receipt of newsletters or promotional communications in general via email, up to 4 years,
- publication of images, until the consent is withdrawn by the data subject or until the closure of this website, and in any case for no longer than 4 years from publication on the Platform..
Once these periods have expired, the data will be deleted or transformed into anonymous form, unless further retention is necessary to comply with legal obligations or to fulfil orders issued by Public Authorities and/or Supervisory Bodies.
Nature of data provision
The user isfree to provide their personal data. Failure to provide such data may make itimpossible to obtain what is requested or to use the web services of the DataControllers.
Recipientsof the data or categories of recipients
subjectswho perform IT maintenance or similar services;
subjects who provide services for the management of the information system usedby the Controllers and telecommunications networks, including email and websitemanagement;
Authorities and supervisory and control bodies and, in general, subjects,public or private, with public relevance functions (e.g.: Prefecture, PoliceHeadquarters, Judicial Authority, in any case only within the limits in whichthe conditions established by applicable legislation apply);
professional firms or companies within the context of assistance andconsultancy relationships;
data may also be accessed, in relation to the performance of assigned tasks, bythe personnel of the Controllers, including interns, temporary workers,consultants, employees of companies external to the Controllers, allspecifically authorized to process data.
Transfer of data abroad
The user’s data will not be transferred to non-EU countries.
Disclosure of data
The user’s data will not be disclosed.
Use of Social Networks
From the website it is possible to access the company pages on Social Networks through their respective icons (LinkedIn, Facebook, Instagram, Twitter, Pinterest).
As is known, Social Networks autonomously manage their own privacy for those who browse, post and communicate through them, being in such cases the main data controllers.
Users are therefore invited to visit, for more information, the following links (examples):
https://www.facebook.com/privacy/explanation
https://help.instagram.com/519522125107875
https://twitter.com/it/privacy
https://policy.pinterest.com/it/privacy-policy
However, when the user is on the social pages managed by the Controllers and communicates, in various ways, their personal data (e.g., through a private message, commenting on a post, or leaving a review), or when the Social Networks provide certain usage statistics of the pages in a non-anonymized way (and therefore traceable to the activity carried out on the page by the specific person), GC becomes the data controller.
The processing of the data provided occurs exclusively for the ordinary management of the pages (for example, if a comment is posted that insults other users, GC may decide to remove it from the page as it is unlawful) and to respond to the user’s questions (both public and private) about the features of GC’s products.
In such cases, the legal basis for processing is GC’s legitimate interest in presenting to the user and illustrating its products and their characteristics, as well as the need to respond to any possible questions from the user.
The processing of the user’s personal data will be carried out using the tools made available by the Social Networks themselves.
During this simple contact phase, GC will not transfer or disclose the user’s personal data to other parties (except for companies belonging to the same business group).
The user is always free to decide when to remove a like, delete a comment, a review, etc., simply by returning to the relevant Social Network page and proceeding directly with its deletion.
With regard to private messages, these are retained for a maximum of 6 months from the last contact, after which they are deleted.
The user is always free to provide their personal data. Failure to provide such data may make it impossible to obtain what is requested or to use the services of the Controller
Rights of the data subject
Articles 15, 16, 17, 18, 20, 21 of the GDPR grant the data subject the exercise of specific rights which may be exercised with respect to the Data Controllers.
In particular, as a data subject, you may, under the conditions provided by the GDPR, exercise the following rights:
- right of access: the right to obtain confirmation as to whether or not a processing of personal data concerning you is being carried out and, if so, to gain access to your personal data, including a copy thereof;
- right of rectification: the right to obtain the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data;
- right to erasure (right to be forgotten): the right to obtain the deletion of personal data concerning you, if no longer necessary for the purposes pursued by the Controllers, in the event of withdrawal of consent (and no other legal basis for processing exists) or your objection to processing, in the case of unlawful processing, or if there is a legal obligation to delete.
- The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of a right in judicial proceedings; rightto restriction of processing: the right to obtain restriction of processingwhen: a) the data subject contests the accuracy of the personal data; b)processing is unlawful and the data subject opposes the deletion of personaldata and requests instead that their use be restricted; c) personal data arenecessary to the data subject for the establishment, exercise or defense of aright in judicial proceedings; rightto data portability: the right to receive, in a structured, commonly used andmachine-readable format, the personal data concerning you provided to theControllers and the right to transmit them to another controller withouthindrance, where processing is based on consent and carried out by automatedmeans;
- right to object: the right to object at any time to processing where personal data are processed for purposes other than those for which you have consented.
Pursuant to Art. 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you habitually reside, work, or where the alleged infringement occurred.
Furthermore, the GDPR grants you the right to withdraw consent at any time and with the same ease with which it was given.
The exercise of your rights as a data subject is free of charge under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including their repetitiveness, the Controllers may charge a reasonable fee in light of the administrative costs incurred to handle your request, or refuse to comply with your request.
This Notice was drawn up on June 14, 2021.
The Data Controllers
Giovanni Caroli e Gerardo Cavaliere
Cookie Policy
This Cookie Policy is part of the Privacy Policy of the website https://www.gcadvisory.com. For all the information required under Art. 13 of European Regulation 679/16 GDPR click here to view the website privacy policy of the Controllers. In particular, it aims to explain the procedures followed for collecting information via cookies and/or other tracking technologies provided by users when visiting this website at https://www.gcadvisory.com. The Data Controllers of personal data collected through this website are Giovanni Caroli and Gerardo Cavaliere, with registered office at Via Fatebenefratelli 10 20121, Milan, VAT number, respectively, 02358850200, and can be contacted at the following email addresses: giovanni.caroli@gcadvisory.com and gerardo.cavaliere@gcadvisory.com.
General information on cookies and other tracking technologies
We use cookies in some areas of our website. Cookies are files that store information on the hard drive or browser and allow this site to check whether you have already visited the site. Cookies allow us to understand which pages of the site are most visited as they show which pages are visited and for how long. Through these data we can make the site more aligned with your needs and simpler to navigate. For example, cookies allow us to ensure that information present on the site during your future visits reflects your preferences.
The user can manage cookie preferences also through the browser. If you do not know the type and version of browser used, you can click on "Help" in the top browser window and access all necessary information. If you know the browser used, you can access the cookie management page using the links below.
Internet Explorer
http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
Google Chrome
https://support.google.com/accounts/answer/61416?hl=it
Mozilla Firefox
http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
Safari
http://www.apple.com/legal/privacy/
For more information, visit the page http://www.youronlinechoices.com/it/le-tue-scelte. Through it, you can check all profiling cookies installed in your browser and disable all or only those you do not wish. Please note, however, that this site has been structured to use cookies, and any removal may affect site functionality and prevent optimal use of the site.
General information on consent to the use of cookies
Italian legislation (Art. 122 of Legislative Decree 196/03 "Personal Data Protection Code", hereinafter briefly "Code") introduced in our legal system EU Directive 2009/136/EC which requires website operators that use cookies or other tracking technologies to inform users about the types of cookies used on the site.
The Provision of the Italian Data Protection Authority no. 229 of May 8, 2014, published in the Official Gazette no. 126 of June 3, 2014, categorized cookies into two main categories: "technical" cookies and "profiling" cookies.
Technical cookies
Technical cookies are those used solely for the purpose of "transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service"
They are not used for further purposes and are normally installed directly by the owner or manager of the website. They can be divided into navigation or session cookies, which ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, assimilated to technical cookies when used directly by the site manager to collect information, in aggregated form, on the number of users and how they visit the site; functionality cookies, which allow the user to navigate according to a series of selected criteria (for example, language, products selected for purchase) in order to improve the service provided to them.
The installation of such cookies does not require prior consent from users.
Profiling cookies
Profiling cookies are aimed at creating profiles relating to the user and are used in order to send advertising messages in line with the preferences expressed by the user during web browsing. Due to the particular intrusiveness that such devices can have on the private sphere of users, European and Italian legislation provides that the user must be properly informed about their use and must give valid consent.
These are referred to in Art. 122 of the Code, which provides that "the storage of information in the terminal equipment of a subscriber or user or the access to information already stored is allowed only on condition that the subscriber or user has given their consent after being informed in the simplified manner provided for in Article 13, paragraph 3" (Art. 122, paragraph 1, of the Code).
In the same Provision, the Authority also categorized cookies depending on the subject acting as the data controller of the personal data collected by the cookie, distinguishing between first-party and third-party cookies.
First-party cookies
These are cookies managed by the Controllers of the site. For these cookies, the obligation to provide information rests with the Controllers of the site. The Controllers are also responsible for indicating the methods for possibly blocking the cookie.
Third-party cookies
These are cookies managed by a third party other than the Controllers of the site. For these cookies, the obligation to provide information and to indicate methods for possibly blocking the cookie rests with the third party, while the Controllers of the site are required to insert on the site a link to the third party's site where such elements are available.
In both types of cookies (first-party or third-party), the collection of consent, necessary if the cookie is a profiling cookie, takes place through a dedicated banner on the home page of the site.
Characteristics of cookies used by this website
On this site we use cookies in order to (for example):
- Count the number of visitors to the site;
- Check whether you have acted via email or through a link;
- Verify how successful a specific advertising campaign has been;
- Establish particular levels of interest for particular sections or aspects of the site or for particular products and services available on this site;
- Understand how popular a product or service is and the level of variation in interest among the particular products and services of GC
In the next section of this Cookie Policy, the list of all cookies used by this website is provided in detail. In the first group, so-called technical cookies are listed, whose use does not require the user’s consent.
In the second group, profiling cookies are listed.
For both groups, the following information is provided for each type of cookie:
- Cookie name
- Explicit function of the cookie
- Indication of whether the cookie is first-party or third-party
- If the cookie is third-party, indication of the link through which it is possible to access the third party's site where the third party’s information on the processing of personal data collected via the cookie is provided, and where the methods for blocking the cookie are indicated
Types of cookies used by this website
Technical cookies
Cookie name Function Expiration (or session) First or third party For third-party cookies, the link to the third party's cookie policy is provided.
pum-337 Shows a warning popup on the first visit of the session 30 days First
pum-307 Shows a warning popup on the first visit of the session 30 days First
Profiling cookies
Cookie name Function Expiration (or session) First or third party For third-party cookies, the link to the third party's cookie policy is provided.
_fbp Facebook Pixel 90 days Third Privacy and Cookie Policy: https://www.facebook.com/policies/cookies/
fr Facebook tracking code 90 days Third Privacy and Cookie Policy: https://en-gb.facebook.com/policies/cookies/
We do not share cookies with external sites or external data providers.
Links to other websites
This site contains links or references to access other websites (e.g., Facebook, Twitter, YouTube, LinkedIn). The Company does not control the cookies/tracking technologies of other websites to which this Cookie Policy does not apply.