Q&T S.p.A. recognizes the importance of data protection and undertakes to treat them in compliance with the General Data Protection Regulation (GDPR) EU 679/2016 and applicable regulations for the protection of personal data in all countries where Q&T S.p.A. works.
This Policy Privacy describes the general practices adopted by Q&T S.p.A. concerning privacy, which applies to the personal information we collect, use and share with our customers, business partners, suppliers and other organizations with which Q&T S.p.A. has or plans to have a business relationship.
1. Purposes and treatment method of data collection
Q&T S.p.A. collects the personal information of a data subject for different purposes, including:
a. Access and use of websites or other online services
When the user access on the Q&T S.p.A. website www.qtc.it or using an online service, Q&T S.p.A. records the information necessary to allow the user or interested person to access, operate on the website and to ensure that Q&T S.p.A. is in compliance with legal and security requirements regarding operations on the site, especially in according with the GDPR, such as password, IP address and browser settings. We also collect information about activities after the access on the website, in order to personalize the user’s or interested user’s experience, such as registering preferences and settings, and to collect statistical information that allows us to further improve and develop our websites and services.
b. How we respond to your request for information
When the user contact us (online or offline) requiring information for a service or to have support, we collect the necessary information to fulfill his request, to grant him the access to the product or service, to provide support and to contact him. For example, we collect name and contact information, details about the request and the existing agreements as well as the fulfillment, provision and invoicing of the order. We can also include information from customer satisfaction surveys. Q&T S.p.A. keeps all this information for administrative purposes, for the defense of its rights and within the existing relationship with the user or interested party.
When the user provides the name and contact information for registration to a specific request, such registration could be used to identify the person in question when he/she accesses our websites. The order of most services and products requires registration of a Q&T S.p.A. ID. Registration can also allow customization and control of privacy settings.
Q&T S.p.A. collects information about the user employment of Q&T S.p.A. services, enabling all various functions of the product, improving user experience, customizing the interactions, informing customers about the general use of the services, offering support as well as improving and developing Q&T S.p.A. products and services. For details about the technologies used by Q&T S.p.A., on the personal information we collect, as well as how to check or block traceability or to delete cookies, please contact us at the following address firstname.lastname@example.org.
2. How we contact our customers employees, potential customers, partners and suppliers
In the context of relationships with customers or potential customers, partners and suppliers, they also provide us with business contact information (such as name, business contact details, employees title, contractors, consultants and authorized users) for purposes like: contract management, fulfilment, provision of products and services, provision of support, billing and management of services or relationships.
Most of the information we collect about the user or interested person comes from direct interactions with them. When registering for an event, Q&T S.p.A. can collect information (online or offline) in relation to the organization of the event and during the event itself, such as participation at sessions and survey results. Q&T S.p.A. combines the personal information collected to develop aggregate analysis and business intelligence for the realization of business activities and for marketing purposes. The user or interested person can choose to receive the information by email, telephone or mail about our products and services or to register for subscriptions (paper and online). While browsing our websites or using our services, we can offer personalized information. It will always be possible to decide not to receive personalized communications by sending an email to email@example.com.
Where we claim to use personal information in the context of a request, order, transaction or agreement (or in preparation of such activities), or to provide the required services (such as a website), we do so because it is necessary in relation to the performance of the agreement between Q&T S.p.A. and the user or interested person.
Where we claim to use personal information for marketing purposes, for the improvement or development of our products or services, for security and protection reasons or for regulatory requirements outside the scope of the agreement or request, we do so on the basis of our legitimate interests or those of a third party always with the informed consent of the user or interested data subject.
The collection and use of personal data even if in accordance with the EU regulation on privacy can have consequences for the fundamental rights of the data subject or user or interested, for this reason the present informative undertakes to offer the user all the modalities of cancellation of personal data in the clearest and most explicit way possible.
3. The sharing of personal information
Among the third-party companies with which Q&T S.p.A. entertains business relations, we only grant access to personal information based on needs, exclusively for the purposes for which such access is granted. In some cases, Q&T S.p.A. uses suppliers located in various countries to collect, use, analyze and process personal information on its behalf, in which case it will be imperatively required the consent to the interested data subject, for the specific purpose of the transfer of personal information to third parties.
Where possible, Q&T S.p.A. also shares personal information with selected partners to be able to offer the user or the company for which the user works, the products or services or to fulfill the requests of the user, with the explicit consent of the user. When selecting suppliers and partners, we take into account the data management processes used and the utmost respect for the protection of personal data of the data subject.
If Q&T S.p.A. decides to sell, buy, merge or reorganize with other companies, these transactions may involve the disclosure of personal information to buyers or potential buyers; it is also possible that sellers receive this information. The practice of Q&T S.p.A. provides the request for appropriate protection of personal information in this type of transaction.
In some cases, personal information may be disclosed to government agencies, in accordance with court procedures, court orders or legal proceedings. Q&T S.p.A. may also share personal information to protect the rights or properties of Q&T S.p.A., its business partners, suppliers or customers, and third parties, if Q&T S.p.A. believes that these rights or properties can be affected.
4. International transfers
The international dimension of Q&T S.p.A. implies a considerable number of transfers of personal information with third-party companies located in countries where Q&T S.p.A. carries out business activities. Some countries have applied restrictions to transfers of personal information, for which Q&T S.p.A. consequently implemented various measures including:
If necessary, Q&T S.p.A. implements the Standard Contractual Clauses approved by the European Commission, or similar contractual clauses in other jurisdictions. Transfers to suppliers or third parties are included taking into consideration every aspect of the GDPR in order to protect the processing of personal data with maximum respect. You can request more information contacting our privacy team on firstname.lastname@example.org
5. Accuracy and security of information
Q&T S.p.A. intends to protect personal informations and maintain their accuracy. Q&T S.p.A. implements technical, administrative and physical security measures to protect personal information from unauthorized access, use and disclosure in according to the GDPR.
6. Data retention
Q&T S.p.A. it will not hold personal information any more than it is necessary to fulfil the purposes for which such information has been processed, including the security of our processing procedure in accordance with regulatory and legal obligations (eg control, accounting and terms of legal retention), the management of disputes and for the determination, practice or defence of legal rights in those countries in which we carry out business activities. Since all circumstances may greatly vary depending on the context and services, we will provide a specific notice if deemed necessary in order to provide more detailed information regarding the applicable retention terms.
7. Place of treatment
The data will be processed by the data controller at its headquarters: Via San Francesco 47 / v, 20090 – Opera (MI) with logic strictly related to the purposes for which the data are collected and, however, in order to ensure the security and confidentiality.
8. How to contact us
For GDPR purposes, the Data Controller of personal information is Q&T S.p.A. who has appointed a specific Data Processor and a Data Protection Officer.
The interested party can contact the company Q&T S.p.A. for more information at the following address: email@example.com.
9. Obligations Duties of Controller
Q&T S.p.A. is responsible for informing the user or interested parties and the Guarantor for Personal Data Protection in case of violation of data pursuant to art. 33 within seventy-two (72) hours, in order to describe the nature of the violation of personal data and communicate the name and contact details of the data protection officer. Q&T S.p.A. as data controller has established the following procedures for the correct processing of personal data in order to adequately comply with the obligations under the legislation:
a. employ appropriate technical and organizational measures to guarantee, from the design phase, the protection of the rights of the interested party (privacy by design);
b. ensure that all persons involved in the processing do not unlawfully process the personal data of an interested party;
c. designation of a controller and a data protection officer who will be responsible for implementing the appropriate technical and organizational measures to ensure a level of security appropriate to the risk;
d. The owner and the manager are required to keep a record of the processing.
10. Rights of the interested data subject
As set out in Article 13.2 of the GDPR. The interested party has the following rights, which he/she can exercise after proof of his / her identity, to the holder of the data processing:
a. Right of access (Article 15 GDPR)
The interested party has the right to request a copy of his personal information at any time. Where there is a clear reason, and if the GDPR allows it, we can reject the request or part of it. If we reject the request or any element of it, we will provide the interested party with our reasons.
b. Right of rectification (Article 16 GDPR)
If the personal informations we hold about the subject are not accurate, expired or incomplete, the data subject has the right to correct, update or complete the data. You can let us know by contacting us at the following address: firstname.lastname@example.org
c. Right to cancel (Article 17 GDPR)
In certain circumstances, the data subject has the right to request the cancellation of the personal information held by Q&T S.p.A., for example if the informations are no longer necessary for the purposes for which they were collected or processed or the processing of the information is not based on the consent of the user or interested party and there are no other legal reasons on which we can process the information.
d. Right to oppose or restrict processing (Article 18 GDPR)
Under certain circumstances, you have the right to object to the processing of your personal information by contacting us at the following address email@example.com. For example, if Q&T S.p.A. processes information on the basis of Q&T S.p.A. legitimate personal interests and there are no legitimate reasons for the processing that prevail over the rights and interests. The data subject also has the right to object to the use of his personal information for direct marketing purposes. The data subject may also have the right to limit the use of his personal information.
e. Data portability right (Article 20 GDPR)
In some cases, you have the right to receive all personal information held about yourself in a structured, commonly used and readable format by a device. The interested party has the right to request the transmission of such information from Q&T S.p.A. directly to a third-party organization. The above right exists only in compliance with the personal information that the person has provided us previously, and is processed by us using automated means. You can exercise any of the above rights by contacting us using one of the methods in the contact section below:
You can withdraw your consent at any time by submitting a complaint directly to the Guarantor for the Protection of Personal Data by:
– A / R registered mail addressed to the Guarantor of Personal Data Protection, Piazza di Monte Citorio, 121 00186 Rome;
– e-mail to: firstname.lastname@example.org, or email@example.com;
– fax to the number: 06 / 69677.3785.
You can withdraw your consent at any time by lodging a compliant directly with the EDPS at the following address:
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Most of the above rights are subject to limitations and exceptions. We will provide all the reasons if we will not be able to satisfy any request for the exercise of your rights.