Privacy Policy

Personal data protection policy (GDPR) and request for consent to processing of personal data collected via the website (hereafter the “Site”).

This Information is given to inform you about the processing of your personal data.


  1. Identity and contact details of Data Controller
  2. Purpose and legal basis of processing
  3. Recipients of personal data
  4. Data subject to processing
  5. Data storage period
  6. Data Subject’s rights
  7. Communication and provision of data
  1. Identity and contact details of Data Controller

The Data Controller is Gruppo Sanitari Italia S.p.A., registered office in S.P. 150 Km 3,125 – 01035 Gallese (Viterbo), email:

  1. Purpose and legal basis of processing

Your personal data will be processed for the following ends:

  1. sending of newsletters;
  2. marketing research for internal use, with the sole aim of improving the service/product offered to you; market research with the aim of involving you in commercial and promotional initiatives in addition to the sending of newsletters on the subject of GSI products, possibly in partnership with third parties, who will only have access to your data with your express consent. The promotional communications we will send to you may include contents relating to market research, and may be via email, social networks and telephone contacts with an operator;
  3. to fulfil our contractual obligations, in particular to allow  you to surf the Site and use the services offered on it, regardless of whether or not you are a registered user;
  4. to provide a response to your requests, possibly using automated means;
  5. to provide you with necessary assistance regarding purchased products and services;

The processing as per letter a) is needed to provide the service requested by you.

  1. Recipients of personal data

In relation to the above-defined ends, your data will not be disclosed to third parties, but will be used solely by Gruppo Sanitari Italia S.p.A.
The processing as per point 2 letter b) may be conducted in partnership with third parties, which will only have access to your data further to your express consent.

  1. Data subject to processing

GSI will process the types of data listed below in relation to your use of the Site and/or your communications, including telephone contacts, with us:

  • Data that you provide to us

    We will process some of your personal data, including your first name and family name, contact details provided by you or that you have used to communicate with us, such as your e-mail address, mail address and telephone number, as well as other information that you may have given us (e.g. profile information given when registering on our site).
  • Browsing data

    IT systems and software procedures used for the functioning of the Site acquire, during normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified persons, but by virtue of its nature may be used to identify users through data processing and associations with data held by third parties. This category of data includes IP addresses or domain names of computers used by users visiting the site, the URI (Uniform Resource Identifier) addresses of requested resources, time of the request, the method used to submit the request to the server, dimension of the response file, numerical code indicating the response status given by the server (completion, error, etc.) and other parameters regarding the user’s operating system and IT environment. These data are used only to obtain anonymous statistics on the use of the Site and to check its correct operation. These data may however be used to ascertain liability in the event of any unlawful act committed to the detriment of the Site
  • Cookies
    Information on cookies used by GSI can be found in the Cookie Policy
  1. Data storage period

Personal data are stored only for as long as they are needed to achieve the specific ends of the processing for which you have given your consent, in particular for the ends specified in letter a) of art. 2 for the time needed to fulfil contractual obligations, and in any case for no longer than 10 years from the time your data are collected to fulfil regulatory obligations, and for no longer than the terms established by law for the prescription of rights.

  1. Data Subject’s rights

You (the user, or Data Subject) may exercise the following rights at any time:

  1. Access to personal data: to obtain confirmation that data concerning you are being processed, and if so access to the following information: purposes of processing, data categories, recipients, storage period, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing, and to object to processing, and the existence of automated decision-making;
  2. A request to rectify or erase processed data or restrictions to the processing of data concerning you; “restriction” is taken to mean the marking of stored personal data with the aim of limiting their processing in the future;
  3. Objection to processing: objecting for reasons relating to your particular situation to the processing of data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  4. Data portability: in the case of processing carried out using automated means, further to consent or enacting a contract, the right to receive in a structured, commonly used and machine-readable format the data concerning you, in particular the data will be provided to you by the Controller in .csv format, or a similar format;
  5. Withdrawal of consent for processing for marketing purposes, both direct and indirect, market researches and profiling; exercising this right shall not affect the lawfulness of processing carried out before its withdrawal;
  6. Right to lodge a complaint in accordance with art. 77 of the GDPR with a competent supervisory authority according to your habitual residence, place of work or place of alleged infringement of your rights; for Italy this authority is the Garante per la protezione dei dati personali, which can be contacted in the ways listed on the website

These rights may be exercised by sending a request to the Data Controller using the contact details given in art. 1 of this policy.

Requests regarding the exercising of your rights will be handled without undue delay and, in any case, within one month of the request being received; only in particularly complex cases and numerous requests may this period be extended by a further 2 (two) months.

  1. Communication and provision of data

You must provide the requested data in order to receive the requested service. Should you refuse to provide such data, we may not be able to provide the service, in that these data are required for such ends.