Privacy notice within article13 GDPR

Pursuant to art. 13 of EU Regulation no. 2016/679 (hereinafter “GDPR 2016/679”), containing provisions on data protection, we inform you that the personal data you provide will be processed in compliance with the above mentioned legislation and will be based on the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality.

Data Controller

The Data Controller is Galeno Editore srl (VAT number: 13358001009), with registered office in Rome, viale Jonio n. 207. Personal data subject to processing

Personal data, i.e. any information regarding your identification and/or identifiability, are as follows: name, surname, residence address, e-mail address, tax code, VAT number, telephone number.

Purpose and legal basis of the data processing

The personal data, as provided by you, are used for the sale of e-books and the shipping of books in paper format, as well as for the provision of online training courses. The legal basis of the processing falls within the contractual or pre-contractual scope.

Facultative nature of the data transmission

Please note that you are free to provide your personal data. Failure to provide them may only result in the impossibility of obtaining the service/product requested.

 Processing methods and security measures

The processing is carried out in automated and/or manual form, in compliance with the provisions of art. 32 GDPR and is processed lawfully and correctly, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. In particular, by way of example, this website adopts an HTTPS system with SSL certification of the domain.

Scope of communication and dissemination

We also inform you that the data collected will never be communicated without your explicit consent, except for the necessary communications that may involve the transfer of data to public bodies, consultants or other subjects for the fulfilment of legal obligations.

Data retention

The data controller will process your Personal Data for time that is strictly necessary to achieve the purposes indicated in the purposes and for a maximum of ten years, unless extended by law.

Transfer of Personal Data

Your data will not be transferred to third countries outside the European Union, except in case of use of the system of electronic invoicing and digital payment through external providers, which declare to adopt appropriate security measures and to comply with the privacy legislation (or equivalent according to the adequacy decision of the Commission ex art. 45 EU Reg. 679/2016 or other instruments ex art. 49 EU Reg. 679/2016).

Rights of the data subject

At any time, you may exercise, in accordance with articles 15 to 22 of EU Regulation no. 2016/679, the right to:

  1. a) access, requesting confirmation of the existence or not of the processing of your personal data, obtaining information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the period of storage;

(b) rectification and erasure of data;

(c) limitation of processing;

(d) portability of the data, i.e. receiving them from a data controller, in a structured, commonly used and auto-readable format, and transmitting them to another controller without hindrance;

(e) opposition to processing at any time, including processing for direct marketing purposes, as well as automated decision making concerning physical persons, including profiling;

(f) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;

(g) lodge a complaint with a supervisory authority.

To this end, you may exercise your rights by sending a written request to the following e-mail address:

We will reply to your request within one month from the date of receipt of the same; this period may be extended by a further two months in case of particular complexity and number of requests.

In case of non-compliance with the request, you may lodge a complaint with the Control Authority (Privacy Guarantor) pursuant to art. 77 EU Reg. 679/2019 and lodge a judicial appeal pursuant to art. 79 EU Reg. 679/2019.