This policy (hereinafter also “Privacy Policy”) describes, pursuant to and for the purposes of Article 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter GDPR), the ways in which the Data Controller processes the personal data you provide while browsing this website ( also “Website”).

Data Controller

The Data Controller, pursuant to and for the purposes of Articles 4 and 24 GDPR, is Genetica23 S.r.l., with registered office in Via Anacarsi Nardi 12 – 41121 – Modena (MO); e-mail: (hereinafter also only “Genetica” or “Data Controller”).

Data Protection Officer (DPO)

The DPO, designated pursuant to art. 39 GDPR, can be contacted at the e-mail address

Type of data collected

The Data Controller collects the following types of data:

  • Navigation data: the computer systems and software procedures used to operate the Website may acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category of data could include IP addresses or domain names of the devices used, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the Operating System and the User’s IT environment;
  • Identification and contact data: name, surname, e-mail address and possibly telephone number and / or (in case of affiliation request) link to your store;
  • Any personal and particular data contained in spontaneous communications or Curricula Vitae that may be received at the e-mail addresses indicated on the site.

Purpose and legal basis of the processing

The data are processed for the following purposes: 

a) Provide the services and functionalities of the Website; as well as 

b) Ensure the proper functioning of the web pages and their contents: 

Legal basis of the purposes a) and b): 

      • The legitimate interest of the Data Controller (Article 6, letter f, of the GDPR) to be more efficient, to give information on the services offered, as well as to improve and develop new products and services.

c) Respond to any requests from Users received through the forms or addresses e-mails on the site.

Legal basis: 

      • The fulfillment of pre-contractual and / or contractual obligations (Article 6, letter b, of the GDPR);
      • The legitimate interest of the Data Controller (Article 6, letter f, of the GDPR) to be more efficient and to give information on the services offered.

d) Comply with legal obligations to which the Data Controller is subject.

Legal basis:

      • Need to comply with legal obligations (Article 6, letter c, of the GDPR).

e) Manage requests to subscribe to the Newsletter and provide the requested service.

Legal basis:

      • Performance of contractual measures implemented at the request of the User (Article 6, letter b, of the GDPR).

f) Respond to an affiliate request

Legal basis:

      • Performance of contractual measures implemented at the request of the User (Article 6, letter b, of the GDPR).

g) Marketing and commercial promotion, for the purpose of sending, by sms, telephone calls, e-mail and other digital communication services, news about products, services, events and promotions.

Legal basis:

      • Express consent of the User (Article 6, letter a), GDPR).

The provision of personal data

With reference to the personal data acquired through the form, the mandatory or optional nature of the provision is specified – with reference to the individual information requested – by affixing a special symbol (*) to the mandatory information. Any refusal to communicate the data marked as mandatory makes it impossible for the Data Controller to execute the contract or provide the requested services. The provision of further data is, however, optional. It is also understood that failure to provide some personal data (e.g., navigation data) will not allow Genetica23 to guarantee the functionality of the Website and to provide related services and / or provide the requested information / services.

Method and place of processing

The processing of personal data is carried out mainly electronically and telematically, using specifically authorized internal personnel. Appropriate security measures are taken in order to minimize the risks of destruction or loss – even accidental – of data, unauthorized access or processing that is not allowed or does not comply with the purposes of collection. The data are processed at the headquarters of the Data Controller and in any other place where the parties involved in the processing are located, as well as at the host servers.

Retention period

The data are processed for the time necessary to perform the service requested by the User or in general until the achievement of the purposes for which they were collected. With regard to marketing purposes, the related personal data will be used for 24 months from the date of issue of consent, without prejudice to the User’s right to request its revocation at any time.

Dissemination and communication of personal data

The personal data collected will not be disseminated in any way but may be communicated to professionals, collaborators or legal persons who provide out-sourcing services in favor of the Data Controller (e.g., IT services, e-mail marketing services, consultants, etc.). These external subjects will process the data as duly appointed data controllers or data processors. The complete and updated list of data processors is available upon request. The data may also be communicated or made available to subjects who have the right to access them by virtue of provisions of law, regulation or European legislation, within the limits and for the purposes provided for by these rules.

Transfer of personal data

Any transfer of personal data to non-EU countries, which may be necessary to guarantee the services offered by this Website, will be carried out in accordance with articles 44 et seq. of the GDPR, preparing special tools that guarantee adequate guarantees of data protection.

Links to other sites and social networks

This information is provided only for this Website and not for other websites or social networks accessible by the User through links and social buttons, particular buttons on the Website that depict the icons of social networks. For more information on the processing of data operated by these external parties, the user is invited to refer to the respective privacy policies.

Rights of the data subject
At any time, pursuant to Articles. 15 et seq. of EU Regulation 679/2016, the User may exercise the following rights:
a) Access to data;
b) Rectification, deletion of data or limitation of processing;
c) Obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and the retention period;
d) Opposition to processing;
e) Data portability;
f) Withdrawal of consent, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
g) Propose a complaint to the Supervisory Authority for the protection of personal data.

The exercise of rights, with the exception of letter g), may take place by sending a request to thee-mail address

Updates and changes

In the future, the Data Controller may modify or simply update, in whole or in part, this Privacy Policy of the Website, also in consideration of the modification of laws or regulations governing this matter and protecting the rights of the data subject. Changes and updates to the Privacy Policy will be binding as soon as they are published on the Website. We therefore invite the User to regularly access this section to check the publication of the most recent and updated Privacy Policy.

Date of last update: 8 September 2022.